Set EVP_CIPH_FLAG_FIPS on approved ciphers.

Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.

Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.

Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.

need a whole new PRNG for FIPS).

1. avoid use of ERR_peek().

2. If compiling with FIPS use small FIPS EVP and disable ENGINE

Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.

In other words: it's experimental ATM, OK?

crypto and ENGINE dependencies in RSA library.

routines from bn_lib.c

DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().

Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve

Constify ASN1_STRING_set_default_mask_asc().

NIST PKV tests.

Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.

seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0

Synchronise VMS build with Unixly build.

Fix fault include.
Submitted by Arpadffy Zoltan <Zoltan.Arpadffy@scientificgames.se>

alert.

Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Fix corner cases in RFC3779 code.

must escape the escape character itself (backslash).

Submitted by: Rob Austein <sra@hactrn.net>
Reviewed by: steve

Use OPENSSL_assert() instead of assert().