Add FIPS support.

[pvital]

Would be interesting to enable the openssl/ibmca/libica stack for openssl running in FIPS mode.

The libica has a built time option for FIPS mode. If FIPS mode is built-in, libica will activate FIPS mode if the kernel FIPS flag is set and try to set openssl to FIPS mode. Openssl with active FIPS mode (if triggered by libica or from somewhere else) will only use algorithms that have the corresponding FIPS flags set.

As for ibmca this would require to:

• Set the correspodning FIPS flags for all algorithms, that ibmca implements.
• Read openssl FIPS status. Set libica to FIPS mode if needed (and if its possible), otherwise fail. This requires either an ibmca built option (since libica FIPS API has 2 additional functions) or enable libica to report this via the function list.

[ifranzki]

Engines are not used when running in FIPS mode. So this does not make much sense for the Engine. The provider has some kind of an FIPS mode, but since the provider itself is not FIPS certified, and also libica can not be FIPS certified once a crypto adapter is used, this all makes not much sense. One should not use the IBMCA engine nor the IBMCA provider if FIPS mode is required.