[Chosen plaintext attack: R. Merkle, M. Hellman: "On the Security of
Multiple Encryption", CACM 24 (1981) pp. 465-467, p. 776.
Known plaintext angriff: P.C. van Oorschot, M. Wiener: "A
known-plaintext attack on two-key triple encryption", EUROCRYPT '90.]
libdes (which is still used out there) or other des implementations,
the OpenSSL DES functions are renamed to begin with DES_ instead of
des_. Compatibility routines are provided and declared by including
openssl/des_old.h. Those declarations are the same as were in des.h
when the OpenSSL project started, which is exactly how libdes looked
at that time, and hopefully still looks today.
The compatibility functions will be removed in some future release, at
the latest in version 1.0.
Bleichenbacher's DSA attack. With this implementation, the expected
number of iterations never exceeds 2.
New semantics for BN_rand_range():
BN_rand_range(r, min, range) now generates r such that
min <= r < min+range.
(Previously, BN_rand_range(r, min, max) generated r such that
min <= r < max.
It is more convenient to have the range; also the previous
prototype was misleading because max was larger than
the actual maximum.)
* Correct some prototypes and macros with respect to "const"ness.
* Add the extra macros and examples due to the lh_doall[_arg] modifications
made recently. The existing example is also reworked for consistency.
* Rewrite, tweak, and supplement bits of the existing comments that seemed
(IMHO) to be a little convoluted and misleading.
* Add a NOTE section that explains the use of macros and avoiding function
casts (ie. generate a wrapper as with the macros, or prototype any
callback functions exactly to not require casting). Also, explain the
"const" approach taken in LHASH for the purposes of API comprehensibility
and also application code auditing.
