to 'unsigned long' (ie. odd platforms/compilers), so a pointer-typed
version was added but it required portable code to check *both* modes to
determine equality. This commit maintains the availability of both thread
ID types, but deprecates the type-specific accessor APIs that invoke the
callbacks - instead a single type-independent API is used.  This simplifies
software that calls into this interface, and should also make it less
error-prone - as forgetting to call and compare *both* thread ID accessors
could have led to hard-to-debug/infrequent bugs (that might only affect
certain platforms or thread implementations). As the CHANGES note says,
there were corresponding deprecations and replacements in the
thread-related functions for BN_BLINDING and ERR too.

Initial support for CMS.

Add zlib compression BIO.

Add AES key wrap implementation.

Generalize S/MIME MIME code to support CMS and/or PKCS7.

CRYPTO_get_idptr_callback(), CRYPTO_thread_idptr() for a 'void *' type
thread ID, since the 'unsigned long' type of the existing thread ID
does not always work well.

and response verification.

Submitted by: Zoltan Glozik <zglozik@opentsa.org>
Reviewed by: Ulf Moeller

Submitted by: David Hartman <david_hartman@symantec.com>

first everywhere in crypto and skip stdio.h and string.h [because it
includes them].

at runtime.

Use BUF_strlcat() instead of strcat().
Use BIO_snprintf() instead of sprintf().
In some cases, keep better track of buffer lengths.
This is part of a large change submitted by Markus Friedl <markus@openbsd.org>

Unfortunately, this means that the dynamic ENGINE version just went up, and
isn't backward compatible.
PR: 678

Submitted by: Douglas Stebila <douglas.stebila@sun.com>

getting the bottommost one.  I hope I understood correctly how this
should be done.  It seems to work when running evp_test in an
environment where it can't find openssl.cnf.

    ERR_peek_last_error
    ERR_peek_last_error_line
    ERR_peek_last_error_line_data
(supersedes ERR_peek_top_error).

Rename OPENSSL_NO_OLD_DES_SUPPORT into OPENSSL_DISABLE_OLD_DES_SUPPORT
because OPENSSL_NO_... indicates disabled algorithms (according to
mkdef.pl).

Noticed by Thomas Klausner <wiz@danbala.ifoer.tuwien.ac.at>.

In err.c, flags int_error_hash_set and int_thread_hash_set
appear superfluous since we can just as well initialize
int_error_hash and int_thread_hash to NULL.

Change some of the err.c formatting to conform with the rest of
OpenSSL.

always load its strings because they might have been unloaded
since the 'init' flag was deleted.

But build_SYS_str_reasons() can use an 'init' flag.

"ERR_load_strings" function.

error strings and a hash table storing per-thread error state) go via an
ERR_FNS function table. The first time an ERR operation occurs, the
implementation that will be used (from then on) is set to the internal
"defaults" implementation if it has not already been set. The actual LHASH
tables are only accessed by this implementation.

This is primarily for modules that can be loaded at run-time and bound into
an application (or a shared-library version of OpenSSL). If the module has
its own statically-linked copy of OpenSSL code - this mechanism allows it
to *not* create and use ERR information in its own linked "ERR" code, but
instead to use and interact with the state stored in the loader
(application or shared library). The loader calls ERR_get_implementation()
and the return value is what the module should use when calling its own
copy of ERR_set_implementation().

Add EC vaporware: change relevant Makefiles and add some empty source
files.

"make update".