Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
configure option. `--enable-fips=ready`. It will treat FIPS
Ready as the next kind of FIPS release. FIPS Ready will be
treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
checks for not version 2, with respect to ECC Timing Resistance
and FIPS builds.
3f6861ee82