invocation field.

Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.

into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0".

This makes the OpenSSL_1_0_1-stable and HEAD versions of this file
consistent with each other (the HEAD version has the additional 1.1.0
section, but doesn't otherwise differ).

	http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.

Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.

the FIPS capable OpenSSL.

algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.

signature algorithms extension and correct signature format for
server key exchange.

All ciphersuites should now work on the server but no client support and
no client certificate support yet.

checking added, SHA256 PRF support added.

At present only RSA key exchange ciphersuites work with TLS v1.2 as the
new signature format is not yet implemented.

OPENSSL_NO_SSL_INTERN all ssl related structures are opaque
and internals cannot be directly accessed. Many applications
will need some modification to support this and most likely some
additional functions added to OpenSSL.

The advantage of this option is that any application supporting
it will still be binary compatible if SSL structures change.

callback.

Handle case where no multiple of the block size is in the interval
[min_len, max_len].

allow status of POST to be monitored and/or failures induced.

now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.

Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".

used by applications directly and the X9.31 PRNG is deprecated by new
FIPS140-2 rules anyway.

Fix warnings.

Instantiate DRBGs at maximum strength.

not working, incomplete and unused SP800-90 DRBGs for CTR and Hash modes.

Did I say this was untested?

Fixups under fips/ to make symbol renaming work.

of algorithm test program.

associated utilities. This functionality will be used by the validated
tarball.

(CVE-2011-0014 OCSP stapling fix has been applied to HEAD as well.)