bn: Add fixed length (n=6), unrolled PPC Montgomery Multiplication

Overall improvement for p384 of ~18% on Power 9, compared to existing
Power assembling code.  See comment in code for more details.

Multiple unrolled versions could be generated for values other than
6.  However, for TLS 1.3 the only other ECC algorithms that might use
Montgomery Multiplication are p256 and p521, but these have custom
algorithms that don't use Montgomery Multiplication.  Non-ECC
algorithms are likely to use larger key lengths that won't fit into
the n <= 10 length limitation of this code.

Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>
Signed-off-by: Alastair D'Silva <alastair@d-silva.org>
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15175)

BIO_printf.pod: Clarify that output is always null terminated.

The original text was ambiguous about termination for errors other
than insufficient space.  See issue #14772.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15000)

FIPS checksum update

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15042)

provider: use a read lock when looking for a provider

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15042)

doc: document the new ossl_provider_clear_all_operation_bits() function

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15042)

test: add a provider load/unload cache flush test.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15042)

provider: flush the store cache when providers are loaded/unloaded.

When the providers change, the method cache needs to be flushed.  This also
impacts the cache is full partial flushes and the algorithm flushing by ID.

A new function is introduced to clear all of the operation bits in all
providers in a library context.

Fixes #15032

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15042)

Updated gost-engine to latest commit from master branch

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15180)

Unify parameter types in documentation

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15178)

Fixes #14662. Return all EC parameters even for named curves

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15060)

Fixes #15070. Allow custom algorithm ID ASN.1 encoding for provided ciphers

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15130)

make update

The impact on the FIPS checksum files is pretty significant

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15171)

Drop libimplementations.a

libimplementations.a was a nice idea, but had a few flaws:

1.  The idea to have common code in libimplementations.a and FIPS
    sensitive helper functions in libfips.a / libnonfips.a didn't
    catch on, and we saw full implementation ending up in them instead
    and not appearing in libimplementations.a at all.

2.  Because more or less ALL algorithm implementations were included
    in libimplementations.a (the idea being that the appropriate
    objects from it would be selected automatically by the linker when
    building the shared libraries), it's very hard to find only the
    implementation source that should go into the FIPS module, with
    the result that the FIPS checksum mechanism include source files
    that it shouldn't

To mitigate, we drop libimplementations.a, but retain the idea of
collecting implementations in static libraries.  With that, we not
have:

libfips.a

    Includes all implementations that should become part of the FIPS
    provider.

liblegacy.a

    Includes all implementations that should become part of the legacy
    provider.

libdefault.a

    Includes all implementations that should become part of the
    default and base providers.

With this, libnonfips.a becomes irrelevant and is dropped.
libcommon.a is retained to include common provider code that can be
used uniformly by all providers.

Fixes #15157

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15171)

Rename files in providers/implementations/signatures

It was discovered that eddsa.c exist in two places, here and in
crypto/ec/curve448/, which would result in a file name clash if they
ever end up in the same library.

To mitigate, we rename the copy in providers/implementations/signatures
to have '_sig' in the file name, and do the same with all other source
files in this directory, for consistency.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15171)

changes: add note about application output formatting differences.

Fixes #13220

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15168)

Avoid sending alerts after shutdown

Fixes #11388

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15159)

Fix NULL dereference when ENCODER does not implement IMPORT_OBJECT

External ENCODER may not implement OSSL_FUNC_ENCODER_IMPORT_OBJECT,
so a check for NULL is needed.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14919)

evp_extra_test: Avoid potential double free of params

Fixes #14916

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15135)

Clarify where dispatch functions/ids are defined

When reading the comment for ossl_dispatch_st it seems to indicate that
the function_id numbers are defined further down in the same file. But I
was not able to find them there, but instead in core_dispatch.h.

This commit suggests updating the comment to point to core_dispatch.h

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15156)

Clarify two comments (typos) in fipsprov.c

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15150)

Prepare for 3.0 alpha 17

Reviewed-by: Tomas Mraz <tomas@openssl.org>

Prepare for release of 3.0 alpha 16

Reviewed-by: Tomas Mraz <tomas@openssl.org>

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15181)

Update the FIPS checksums

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15177)

Add some tests for -inform/keyform enforcement

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)

Document the behavior of the -inform and related options

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)

provider-storemgmt: Document the input-type and properties parameters.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)

Update gost-engine to make it compatible with the added params

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)

Make the -inform option to be respected if possible

Add OSSL_STORE_PARAM_INPUT_TYPE and make it possible to be
set when OSSL_STORE_open_ex() or OSSL_STORE_attach() is called.

The input type format is enforced only in case the file
type file store is used.

By default we use FORMAT_UNDEF meaning the input type
is not enforced.

Fixes #14569

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15100)

try to document changes in salt handling for the 'enc' command

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4486)

change salt handling, way 1

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4486)

coverity: fix 1478169: dereference after NULL check

The code path shouldn't occur in our code but could in an application.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15128)

Remove all trace of FIPS_mode functions

Removed error codes, and the mention of the functions.
This removal is already documented in the CHANGES doc.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15140)

Deprecate X509{,_CRL}_http_nbio() and simplify their definition

This is done by making use of OCSP_REQ_CTX_nbio_d2i().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15131)

APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)

APPS: Slightly extend and improve documentation of the opt_ API

Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)

adapt tests to SSL_OP_LEGACY_SERVER_CONNECT change

The "bad DTLS" tests run into trouble due to the special behavior
for that "bad" version, and the SSL record tests need to set the
-legacy_server_connect flag to allow an SSLv2 ClientHello to work
against any TLS server (since SSLv2 ClientHello messages cannot
carry extensions as would be needed in order to negotiate the use
of the renegitiation_info extension).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)

Correct ssl_conf logic for "legacy_server_connect"

This option is only useful for the client, but it was previously
marked as only being applicable for servers.

Correct the entry to properly mark it as client-only, and update the
s_server/s_client manuals accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)

Enforce secure renegotiation support by default

Previously we would set SSL_OP_LEGACY_SERVER_CONNECT by default in
SSL_CTX_new(), to allow connections to legacy servers that did not
implement RFC 5746.

It has been more than a decade since RFC 5746 was published, so
there has been plenty of time for implmentation support to roll out.

Change the default behavior to be to require peers to support
secure renegotiation.  Existing applications that already cleared
SSL_OP_LEGACY_SERVER_CONNECT will see no behavior change, as
re-clearing the flag is just a little bit of redundant work.
The old behavior is still available by explicitly setting the flag
in the application.

Also remove SSL_OP_LEGACY_SERVER_CONNECT from SSL_OP_ALL, for
similar reasons.

Document the behavior change in CHANGES.md, and update the
SSL_CTX_set_options() and SSL_CONF_cmd manuals to reflect the change
in default behavior.

Fixes: 14848
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15127)

Fix missing symbols in no-cms and no-ts build

Fixes #15137

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15138)

mac: add EVP_MAC_finalXOF() function

Fixes #14140
Fixes #13232

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)

mac: allow XOF MACs to be specified either via control or via the dedicated function

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)

mac: update life-cycle description and diagrams to include finalXOF

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)

doc: document EVP_MAC_finalXOF()

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15061)

Add .includedir pragma

Also add a negative test, and fix typo's.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15090)

Allow absolute paths to be set

It was a mistake to allow relative paths for include files (just
like root shouldn't have "." in its PATH), but we probably can't
change it now. Add a new pragma "abspath" that someone can put
in the system-wide config file to require absolute paths.

Also update the config documentation to better explain how file
inclusion works.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15090)

Note that dhparam does support X9.42

Fix other wording, too.

Fixes: #13151
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15038)

cleanup where purpose is not needed in 25-test_verify.t

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14413)

test/certs/setup.sh: Fix two glitches

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14413)

update test/certs/ee-pathlen.pem to contain SKID and AKID

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14413)

test/certs/setup.sh: structural cleanup

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14413)

Fetch cipher-wrap after loading providers.

Use official (first) names for wrapping algorithms.

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14182)

Fix KMAC bounds checks.

Setting an output length higher than 8191 was causing a buffer overflow.
This was reported by Acumen (FIPS lab).

The max output size has increased to ~2M and it now checks this during set_parameters.

The encoder related functions now pass in the maximum size of the output buffer so they
can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in
order to calculate and check the length before encoding.

Note that right_encode() is currently only used in one place but this
may change if other algorithms are supported (such as TupleHash).

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15106)

Bump HMAC_MAX_MD_CBLOCK to 200 due to SHA-3

The maximum (theoretical) block size of SHA3 is 200 bytes.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15125)

DOCS: Mention that libcrypto has helper functions for OSSL_PARAMs

Fixes #11165

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15073)

HTTP client: Correct the use of optional proxy URL and its documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15104)

testutil/load.c: Add checks for file(name) == NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15120)

BIO_eof() and OSSL_STORE_eof(): Make sure to return 1 on error; improve related doc

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)

OSSL_DECODER_from_bio() Prevent spurious decoding error at EOF

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)

APPS load_key_certs_crls(): Correct the 'expect' arg calculation for OSSL_STORE_expect()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)

OSSL_STORE_expect(): Improve error handling and documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15029)

OCSP: Minor improvements of documentation and header file

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15103)

fips-checksums: The define for fips module is FIPS_MODULE

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15132)

Document the new core BIO public API support

Fixes #14409

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15072)

Add a test for the public core bio API

Check that reading/writing to a core bio via BIO_new_from_core_bio()
works as expected.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15072)

Create libcrypto support for BIO_new_from_core_bio()

Previously the concept of wrapping an OSSL_CORE_BIO in a real BIO was an
internal only concept for our own providers. Since this is likely to be
generally useful, we make it a part of the public API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15072)

Run coveralls daily and not exactly at midnight

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15121)

coveralls: Enable fips as it is disabled by default

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15121)

apps: Switch to X509_REQ_verify_ex

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15118)

test: fix failure with FIPS and no-des configured.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15105)

APPS: Add passphrase handling in the "rsa" and "dsa" commands

They completely ignored any passphrase related setting.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15119)

APPS: Set a default passphrase UI for the "ec" command

Fixes #15114

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15119)

[TEMPORARY] make 'make update' verbose in ci.yml

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)

GitHub CI: ensure that unifdef is installed

This is required for 'make update' and fips checksums

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)

FIPS module checksums: add scripts and Makefile rule

This adds the following scripts:

util/lang-compress.pl:

Compress source code, which language is determined by the first argument.
For the moment, we know 'perl' (perlasm source code), 'C' (C source code)
and 'S' (Assembler with C preprocessor directives).
This removes comments and empty lines, and compresses series of horizontal
spaces to one single space in the languages where that's appropriate.

util/fips-checksums.sh:

Takes source file names as arguments, pushes them through
util/lang-compress.pl and unifdef with FIPS_MODE defined, and calculates
the checksum on the result.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)

Unix build file: Add a target to create providers/fips.module.sources

This file will be the basis for the FIPS module checksum calculation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)

Add OpenSSL::Config::Query and use it in configdata.pm

OpenSSL::Config::Query is a configuration querying tool that's meant
to make it easier to query the diverse configuration data for info.
That's much easier than to dig through all the parts of %unified_info.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)

Windows build file: add forgotten quotes on POD->html command line

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15084)

OpenSSL::Test: When prefixing command with $^X on Windows, fix it up!

The perl interpreter name itself might contain spaces and need quoting.
__fixup_prg() does this for us.

Fixes #14256

Co-authored-by: Tomáš Mráz <tomas@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15084)

acvp-test: disable the ACVP testing code by default

It's only useful for the FIPS lab and shouldn't be in production.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15092)

ssl:  fix possible ref counting fields use before init.

`strdup(propq)` failure is doing a `goto err;` from where `SSL_CTX_free` is called.
The possible call is made before reference and lock fields setup.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15052)

man: s_server: fix text repetition in -alpn description

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15099)

APPS: Document the core of the opt_ API

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14995)

Use OCSP-specific error code for clarity

Fixes #12735

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/xxxxx)

Simplify AppVeyor configuration

Adjust the stuff we are building and testing in various
configurations to trim the run time a little bit.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15087)

Add -latomic to threads enabled 32bit linux builds

It might not be necessary with the most recent toolchain versions
but apparently many 32bit linux architectures and commonly used
toolchain versions require this.

It is also harmless to include even on architectures that do not
need it.

Fixes #14083

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15086)

Fix no-fips-securitychecks test failure

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15091)

apps/ca,req,x509: Switch to EVP_DigestSignInit_ex

Switch lib/apps.c do_sign_init() to use EVP_DigestSignInit_ex, so it
works with external providers.
Since EVP_DigestSignInit_ex requires a digest name instead of
an EVP_MD pointer, the apps using do_sign_init() had to be modified
to pass char* instead of EVP_MD*.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15014)

Fix typo in OSSL_DECODER_CTX_set_input_structure

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15085)

STORE: Fix the repeated prompting of passphrase

OSSL_STORE's loading function could prompt repeatedly for the same
passphrase.  It turns out that OSSL_STORE_load() wasn't caching the
passphrase properly.  Fixed in this change.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15064)

SM2 signatures work correctly only with SM3 digests

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15074)

sm2: Cleanup handling of DIGEST and DIGEST_SIZE parameters

Fixes #14873

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15074)

CORE: Rework the pre-population of the namemap

The pre-population of names has become more thorough.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15066)

STORE: Use the 'expect' param to limit the amount of decoders used

In the provider file: scheme loader implementation, the OSSL_DECODER_CTX
was set up with all sorts of implementations, even if the caller has
declared a limited expectation on what should be loaded, which means
that even though a certificate is expected, all the diverse decoders
to produce an EVP_PKEY are added to the decoding change.

This optimization looks more closely at the expected type, and only
adds the EVP_PKEY related decoder implementations to the chain if
there is no expectation, or if the expectation is one of
OSSL_STORE_INFO_PARAMS, OSSL_STORE_INFO_PUBKEY, OSSL_STORE_INFO_PKEY.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15066)

acvp: fix the no-acvp_test build

A pair of the disabled string checks were incorrect.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15082)

Update OSSL_STORE_attach() documentation to indicate it increases the ref_count of the passed in bio

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15058)

Fix memory leak in load_key_certs_crls() when using stdin.

A newly created BIO object within this function calls
OSSL_STORE_attach() which increases the ref count to 2.
OSSL_STORE_close() then decrements the ref count by 1, so the BIO still
remains.

The following new test was picking up this leak using..
> valgrind openssl crl -hash -noout < test/testcrl.pem

Not quite sure why the existing tests were not picking this up
since they appear to run through a similiar path.. such as
> valgrind openssl pkey < test-runs/test_rsa/rsa-pkcs8-ff.dd

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15058)

Fix CRL app so that stdin works.

Fixes #15031

The maybe_stdin needed to be passed to load_key_certs_crls().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15058)

Document the API breaking constification changes

The EVP_PKEY_asn1_set_public and EVP_PKEY_meth_set_copy have
some API breaking constification changes in 3.0.

Fixes #9296

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15068)

Remove dated term and fixed typo anther

Just something I noticed while reading this code.
This was probably committed a very long time ago.
Fixed typo anther -> another.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15078)