Main trunk changes merged into BRANCH_engine. There were no

 Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

  *) Remove lots of duplicated code from the EVP library. For example *every*

     cipher init() function handles the 'iv' in the same way according to the

     cipher mode. They also all do nothing if the 'key' parameter is NULL and

     for CFB and OFB modes they zero ctx->num.

     Most of the routines have the same form and so can be declared in terms

     of macros.

     By shifting this to the top level EVP_CipherInit() it can be removed from

     all individual ciphers. If the cipher wants to handle IVs or keys

     differently it can set the EVP_CIPH_CUSTOM_IV or EVP_CIPH_ALWAYS_CALL_INIT

     flags.

     [Steve Henson]

  *) In ssl/s2_clnt.c and ssl/s3_clnt.c, call ERR_clear_error() when

     the handshake is continued after ssl_verify_cert_chain();

     otherwise, if SSL_VERIFY_NONE is set, remaining error codes

     can lead to 'unexplainable' connection aborts later.

     [Bodo Moeller; problem tracked down by Lutz Jaenicke]

  *) EVP cipher enhancement. Add hooks for extra EVP features. This will allow

     various cipher parameters to be set in the EVP interface. Initially

     support added for variable key length ciphers via the

     EVP_CIPHER_CTX_set_key_length() function. Other cipher specific

     parameters will be added later via the new catchall 'ctrl' function.

     New functionality allows removal of S/MIME code RC2 hack.

     Still needs support in other library functions, and allow parameter

     setting for algorithms like RC2, RC5.

     Change lots of functions like EVP_EncryptUpdate() to now return a

     value: although software versions of the algorithms cannot fail

     any installed hardware versions can.

     [Steve Henson]

  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if

     this option is set, tolerate broken clients that send the negotiated

     protocol version number instead of the requested protocol version

# NCR MP-RAS UNIX ver 02.03.01

"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",

# Linux on ARM

"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::dlfcn",

# UnixWare 2.0

"unixware-2.0","cc:-O -DFILIO_H::(unknown):-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",

"unixware-2.0-pentium","cc:-O -DFILIO_H -Kpentium -Kthread::(unknown):-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",

  OpenSSL STATUS                           Last modified at

  ______________                           $Date: 2000/04/14 23:35:50 $

  ______________                           $Date: 2000/05/30 07:16:55 $

  DEVELOPMENT STATE

  IN PROGRESS

    o Steve is currently working on (in no particular order):

        EVP cipher enhancement.

        Proper (or at least usable) certificate chain verification.

	Private key, certificate and CRL API and implementation.

	Developing and bugfixing PKCS#7 (S/MIME code).

        Various X509 issues: character sets, certificate request extensions.

	Documentation for the openssl utility.

  NEEDS PATCH

               to date.

               Paul +1

    o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER

      structure for each cipher. This may make sense for things like DES but

      for variable length ciphers like RC2 and RC4 it is NBG. Need a way to

      use the EVP interface and set up the cipher parameters. The ASN1 stuff

      is also foo wrt ciphers whose AlgorithmIdentifier has more than just

      an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open

      don't work unless the key length matches the fixed value (some vendors

      use a key length decided by the size of the RSA encrypted key and expect

      RC2 to adapt).

  WISHES

    o 

		}

#undef g2

	return timegm(&tm)-offset*60; /* FIXME: timegm is non-standard,

	                               * typically we only have mktime (which

	                               * interprets the struct tm according to

	                               * the current time zone setting).

	                               * Also time_t is inappropriate for general

	                               * UTC times because it may a 32 bit type. */

	return mktime(&tm)-offset*60;

	}

char *CONF_get_string(LHASH *conf,char *group,char *name);

long CONF_get_number(LHASH *conf,char *group,char *name);

void CONF_free(LHASH *conf);

void CONF_dump(LHASH *conf, BIO *out);

int CONF_dump_fp(LHASH *conf, FILE *out);

int CONF_dump_bio(LHASH *conf, BIO *out);

void ERR_load_CONF_strings(void );