PR: 3002

Add code to support GCM an CCM modes in evp_test. On encrypt this
will compare the expected ciphertext and tag. On decrypt it will
compare the expected plaintext: tag comparison is done internally.

Add a simple CCM test case and convert all tests from crypto/modes/gcm128.c

It also ensures that valgring is happy.

(cherry picked from commit 529d27ea472fc2c7ba9190a15a58cb84012d4ec6)

Address CBC decrypt timing issues and reenable the AESNI+SHA1 stitch.
(cherry picked from commit 125093b59f3c2a2d33785b5563d929d0472f1721)

This patch makes the decoding of SSLv3 and TLS CBC records constant
time. Without this, a timing side-channel can be used to build a padding
oracle and mount Vaudenay's attack.

This patch also disables the stitched AESNI+SHA mode pending a similar
fix to that code.

In order to be easy to backport, this change is implemented in ssl/,
rather than as a generic AEAD mode. In the future this should be changed
around so that HMAC isn't in ssl/, but crypto/ as FIPS expects.
(cherry picked from commit e130841bccfc0bb9da254dc84e23bc6a1c78a64e)

leave comment about CTR mode.

Submitted by: David Miller

Submitted by: David Miller

PR: 2874
Submitted by: Tomas Mraz

Reported by: David McCullough <david_mccullough@mcafee.com>

Restore fips configuration module from 0.9.8.

PR: 2792

e_aes_cbc_hmac_sha1.c (mostly for aesthetic reasons).

PR: 2792

countermeasure.

PR: 2778

RFC5114 parameters and X9.42 DH public and private keys.

aspirational __owur annotations.

return value after custom flag was rightly reverted.