on OpenSSL locking code. Use API in some internal FIPS files.

Remove redundant ENGINE defines from fips.h

redirect locking to minimal FIPS_lock() function where required.

need to inspect error queue.

Use EVP macros.

Use tiny EVP in FIPS mode.

library dependencies.

Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.

Key size restrictions.

Check for selftest failures.

Pairwise consistency test for RSA key generation.

Use some EVP macros instead of EVP functions.

Use minimal FIPS EVP where needed.

Set EVP_CIPH_FLAG_FIPS on approved ciphers.

Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.

Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.

Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.

need a whole new PRNG for FIPS).

1. avoid use of ERR_peek().

2. If compiling with FIPS use small FIPS EVP and disable ENGINE

Initial FIPS 140-2 code ported to HEAD. Doesn't even compile yet, may have
missing files, extraneous files and other nastiness.

In other words: it's experimental ATM, OK?

crypto and ENGINE dependencies in RSA library.

routines from bn_lib.c

DSA_SIG_new() and DSA_SIG_free() to remove ASN1 dependencies from DSA_do_sign()
and DSA_do_verify().

Submitted by: Chris Wilson <chris@qwirx.com>
Reviewed by: steve

Constify ASN1_STRING_set_default_mask_asc().

NIST PKV tests.

Submitted by: Robert Jackson <robert@rjsweb.net>
Reviewed by: steve

Fix EC_POINT_cmp function for case where b but not a is the point at infinity.

seed to: this doesn't introduce any binary compatibility issues as the
function is only used internally.

The seed output is needed for FIPS 140-2 algorithm testing: the functionality
used to be in DSA_generate_parameters_ex() but was removed in OpenSSL 1.0.0