client random values.

handle that properly.

crypto/Makefile and make Makefile.org and fips/Makefile more discreet.

PR: 801
Submitted by: Nils Larsch

PR: 1010
Submitted by: Marc Balmer <mbalmer@openbsd.org>

prematurely by EGD/PRNGD.
PR: 1014
Submitted by: Darren Tucker <dtucker@zip.com.au>

In HEAD this approach was taken one step further. There is linux-generic32
target which is used as unified Linux target for ARM, PA-RISC, SPARCv7, S390...

utilities.

platforms."

and SafeDllSearchMode in Windows.

Remove old FIPS_allow_md5() calls.

Fixes to cipher blocking and enabling code.

Add option -non-fips-allow to 'enc' and update testenc.

unsigned char **, since it points at text.

Thanks to Nils Larsch <nils.larsch@cybertrust.com> for pointing out
the inelegance of our code :-)

Catch attempted use of non FIPS algorithms with HMAC.

Give an assertion error for applications that ignore FIPS digest errors.

Make -non-fips-allow work with dgst and HMAC.

cause a segfault...  This was uncovered because EVP_VerifyInit() may fail
in FIPS mode if the wrong algorithm is chosen...

Non FIPS algorithms are not normally allowed in FIPS mode.

Any attempt to use them via high level functions will return an error.

The low level non-FIPS algorithm functions cannot return errors so they
produce assertion failures. HMAC also has to give an assertion error because
it (erroneously) can't return an error either.

There are exceptions (such as MD5 in TLS and non cryptographic use of
algorithms) and applications can override the blocking and use non FIPS
algorithms anyway.

For low level functions the override is perfomed by prefixing the algorithm
initalization function with "private_" for example private_MD5_Init().

For high level functions an override is performed by setting a flag in
the context.