an induced error checking function.

Submitted by: Emilia Kasper (Google)

Also, use the common Configure mechanism for enabling/disabling the 64-bit ECC code.

NIST-P521. (Now -DEC_NISTP_64_GCC_128 enables all three of these;
-DEC_NISTP224_64_GCC_128 no longer works.)

Submitted by: Google Inc.

Submitted by: Bob Buckholz <bbuckholz@google.com>

Add explanatory comments to health check code.

One demand health check function.

Perform generation test in fips_test_suite.

Option to skip dh test if fips_test_suite.

for all DRBG combinations.

tests and POST code.

produce an error (CVE-2011-3207)

Submitted by: Adam Langley

Modify fips_dssvs to support appropriate file format.

using OBJ xref utilities instead of string comparison with OID name.

This removes the arbitrary restriction on using SHA1 only with some ECC
ciphersuites.

invocation field.

Add complete support for AES GCM ciphersuites including all those in
RFC5288 and RFC5289.

into 1.0.1 should not be listed as "changes between 1.0.1 and 1.0.0".

This makes the OpenSSL_1_0_1-stable and HEAD versions of this file
consistent with each other (the HEAD version has the additional 1.1.0
section, but doesn't otherwise differ).

	http://eprint.iacr.org/2011/232.pdf

Thanks to the original authors Billy Bob Brumley and Nicola Tuveri for
bringing this to our attention.

Submitted by: Alexei Khlebnikov <alexei.khlebnikov@opera.com>
Reviewed by: steve

OOM checking. Leak in OOM fix. Fall-through comment. Duplicate code
elimination.

Parse certificate request message and set digests appropriately.

Generate new TLS v1.2 format certificate verify message.

Keep handshake caches around for longer as they are needed for client auth.

the FIPS capable OpenSSL.

algorithms extension (including everything we support). Swicth to new
signature format where needed and relax ECC restrictions.

Not TLS v1.2 client certifcate support yet but client will handle case
where a certificate is requested and we don't have one.