Changes between 0.9.5a and 0.9.6  [xx XXX 2000]

  *) EVP cipher enhancment. Add hooks for extra EVP features. This will allow

     various cipher parameters to be set in the EVP interface. Initially

     support added for variable key length ciphers via the

     EVP_CIPHER_CTX_set_key_length() function. Other cipher specific

     parameters will be added later via the new catchall 'ctrl' function.

     New functionality allows removal of S/MIME code RC2 hack. Still needs

     support in other library functions, also need to add return codes to

     some EVP functions.

     [Steve Henson]

  *) Implement SSL_OP_TLS_ROLLBACK_BUG: In ssl3_get_client_key_exchange, if

     this option is set, tolerate broken clients that send the negotiated

     protocol version number instead of the requested protocol version

  OpenSSL STATUS                           Last modified at

  ______________                           $Date: 2000/04/14 23:35:50 $

  ______________                           $Date: 2000/05/26 23:51:09 $

  DEVELOPMENT STATE

  IN PROGRESS

    o Steve is currently working on (in no particular order):

        EVP cipher enhancement.

        Proper (or at least usable) certificate chain verification.

	Private key, certificate and CRL API and implementation.

	Developing and bugfixing PKCS#7 (S/MIME code).

        Various X509 issues: character sets, certificate request extensions.

	Documentation for the openssl utility.

  NEEDS PATCH

               to date.

               Paul +1

    o The EVP and ASN1 stuff is a mess. Currently you have one EVP_CIPHER

      structure for each cipher. This may make sense for things like DES but

      for variable length ciphers like RC2 and RC4 it is NBG. Need a way to

      use the EVP interface and set up the cipher parameters. The ASN1 stuff

      is also foo wrt ciphers whose AlgorithmIdentifier has more than just

      an IV in it (e.g. RC2, RC5). This also means that EVP_Seal and EVP_Open

      don't work unless the key length matches the fixed value (some vendors

      use a key length decided by the size of the RSA encrypted key and expect

      RC2 to adapt).

  WISHES

    o 

	{

	NID_des_ede_cbc,

	8,16,8,

	EVP_CIPH_CBC_MODE,

	des_cbc_ede_init_key,

	des_cbc_ede_cipher,

	NULL,

		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),

	EVP_CIPHER_set_asn1_iv,

	EVP_CIPHER_get_asn1_iv,

	NULL

	};

static EVP_CIPHER d_cbc_ede_cipher3=

	{

	NID_des_ede3_cbc,

	8,24,8,

	EVP_CIPH_CBC_MODE,

	des_cbc_ede3_init_key,

	des_cbc_ede_cipher,

	NULL,

		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),

	EVP_CIPHER_set_asn1_iv,

	EVP_CIPHER_get_asn1_iv,

	NULL

	};

EVP_CIPHER *EVP_des_ede_cbc(void)

	{

	NID_bf_cbc,

	8,EVP_BLOWFISH_KEY_SIZE,8,

	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,

	bf_cbc_init_key,

	bf_cbc_cipher,

	NULL,

		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),

	EVP_CIPHER_set_asn1_iv,

	EVP_CIPHER_get_asn1_iv,

	NULL

	};

EVP_CIPHER *EVP_bf_cbc(void)

		memcpy(&(ctx->oiv[0]),iv,8);

	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);

	if (key != NULL)

		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);

		BF_set_key(&(ctx->c.bf_ks),EVP_CIPHER_CTX_key_length(ctx),key);

	}

static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

	{

	NID_cast5_cbc,

	8,EVP_CAST5_KEY_SIZE,8,

	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,

	cast_cbc_init_key,

	cast_cbc_cipher,

	NULL,

		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),

	EVP_CIPHER_set_asn1_iv,

	EVP_CIPHER_get_asn1_iv,

	NULL

	};

EVP_CIPHER *EVP_cast5_cbc(void)

		memcpy(&(ctx->oiv[0]),iv,8);

	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);

	if (key != NULL)

		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);

		CAST_set_key(&(ctx->c.cast_ks),EVP_CIPHER_CTX_key_length(ctx),key);

	}

static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,