Submitted by: Peter Sylvester

Submitted by: Nils Larsch

I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

I've covered all the memset()s I felt safe modifying, but may have missed some.

des_old.h redefines crypt:
#define crypt(b,s)\
        DES_crypt((b),(s))

This scheme leads to failure, if header files with the OS's true definition
of crypt() are processed _after_ des_old.h was processed. This is e.g. the
case on HP-UX with unistd.h.
As evp.h now again includes des.h (which includes des_old.h), this problem
only came up after this modification.
Solution: move header files (indirectly) including e_os.h before the header
files (indirectly) including evp.h.
Submitted by:
Reviewed by:
PR:

(but noone uses it anyway)

fix t1_enc.c: use OPENSSL_NO_RC4, not NO_RC4

vulnerability workaround (included in SSL_OP_ALL).

PR: #90

Fix length checks in ssl3_get_client_hello().

Use s->s3->in_read_app_data differently to fix ssl3_read_internal().

to digests to retain compatibility.

Retain compatibility of EVP_DigestInit() and EVP_DigestFinal()
with existing code.

Modify library to use digest *_ex() functions.

reveal whether illegal block cipher padding was found or a MAC
verification error occured.

In ssl/s2_pkt.c, verify that the purported number of padding bytes is in
the legal range.

Change all calls to low level digest routines in the library and
applications to use EVP. Add missing calls to HMAC_cleanup() and
don't assume HMAC_CTX can be copied using memcpy().

Note: this is almost identical to the patch submitted to openssl-dev
by Verdon Walker <VWalker@novell.com> except some redundant
EVP_add_digest_()/EVP_cleanup() calls were removed and some changes
made to avoid compiler warnings.

Spotted by Nalin Dahyabhai <nalin@redhat.com>

Protect against future mistakes with an assert().

compiler bug reported in <01032110293775.22278@weba3.iname.net>
(the '++seq[i]' condition is evaluated as 256 rather than 0
when the previous value is 255).

like Malloc, Realloc and especially Free conflict with already existing names
on some operating systems or other packages.  That is reason enough to change
the names of the OpenSSL memory allocation macros to something that has a
better chance of being unique, like prepending them with OPENSSL_.

This change includes all the name changes needed throughout all C files.

the old functionality.

Various warning fixes.

Initial EVP symmetric cipher docs.

if anyone had actually ever needed that they should have fixed this typo)

Submitted by: Martin Kraemer <Martin.Kraemer@MchP.Siemens.De>

Submitted by:
Reviewed by:
PR:

     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Fix so that the version number in the master secret, when passed
     via RSA, checks that if TLS was proposed, but we roll back to SSLv3
     (because the server will not accept higher), that the version number
     is 0x03,0x01, not 0x03,0x00
     [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

Submitted by:
Reviewed by:
PR: