broken and subject to change.

the NULL value for the input buffer is sufficient to notice this case.

cipher handles all cipher symantics itself.

that use it.

crypto.h if needed.

Modify source tree to handle change.

to EVP any more.

Move locking #define into fips.h.

Set FIPS locking callbacks at same time as OpenSSL locking callbacks.

Set EVP_CIPH_FLAG_FIPS on approved ciphers.

Support "default ASN1" flag which avoids need for ASN1 dependencies in FIPS
code.

Include some defines to redirect operations to a "tiny EVP" implementation
in some FIPS source files.

Change m_sha1.c to use EVP_PKEY_NULL_method: the EVP_MD sign/verify functions
are not used in OpenSSL 1.0 and later for SHA1 and SHA2 ciphers: the EVP_PKEY
API is used instead.

Submitted by: Stefan Birrer <stefan.birrer@adnovum.ch>
Reviewed by: steve

Zero key->pkey.ptr after it is freed so the structure can be reused.

EVP_MD_CTX was much larger: it isn't needed anymore.

we should use its method instead of any generic one.

Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.

AES_ctr32_encrypt to aes-s390x.pl.

Submitted By: Ger Hobbelt <ger@hobbelt.com>

Base64 BIO fixes:

Use OPENSSL_assert() instead of assert().
Use memmove() as buffers overlap.
Fix write retry logic.

Submitted By: "PMHager" <hager@dortmund.net>

Initialise pkey callback to 0.

Submitted by: David Woodhouse <dwmw2@infradead.org>

Pass passphrase minimum length down to UI.

found in an ENGINE.

warnings hard to fix without major surgery).

CFB mode does *not* have to be a multiple of the block length and several
other specifications (e.g. PKCS#11) do not require this.

should be the number of feedback bits expressed in bytes. For CFB1 mode set
this to 1 by rounding up to the nearest multiple of 8.