dhtest: Add testcase for EVP_PKEY_CTX_set_dh_nid

And a negative testcase for EVP_PKEY_CTX_set_dhx_rfc5114

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

Do not call ossl_ffc_name_to_dh_named_group with NULL argument

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

Properly return error on EVP_PKEY_CTX_set_dh_nid and EVP_PKEY_CTX_set_dhx_rfc5114

Fixes #17485

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17498)

Fix typo in SSL_CTX_set_dh_auto

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17499)

ssl/t1_enc: Fix kTLS RX offload path

During counting of the unprocessed records, return code is treated in a
wrong way. This forces kTLS RX path to be skipped in case of presence
of unprocessed records.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17492)

property: reduce memory consumption when OPENSSL_SMALL_FOOTPRINT is defined.

This takes out the lock step stacks that allow a fast property to name
resolution.  Follow on from #17325.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17388)

Fix malloc failure handling of X509_ALGOR_set0()

Also update and slightly extend the respective documentation and simplify some code.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16251)

EVP: fix evp_keymgmt_util_match so that it actually tries cross export the other way if the first attempt fails

Fixes #17482

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17487)

SM3 acceleration with SM3 hardware instruction on aarch64

SM3 hardware instruction is optional feature of crypto extension for
aarch64. This implementation accelerates SM3 via SM3 instructions. For
the platform not supporting SM3 instruction, the original C
implementation still works. Thanks to AliBaba for testing and reporting
the following perf numbers for Yitian710:

Benchmark on T-Head Yitian-710 2.75GHz:

Before:
type  16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes   16384 bytes
sm3   49297.82k   121062.63k   223106.05k   283371.52k   307574.10k   309400.92k

After (33% - 74% faster):
type  16 bytes     64 bytes    256 bytes    1024 bytes   8192 bytes   16384 bytes
sm3   65640.01k   179121.79k   359854.59k   481448.96k   534055.59k   538274.47k

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17454)

Add a comment to indicate ineffective macro

EVP_MD_CTX_FLAG_NON_FIPS_ALLOW macro is obsolete and unused from
openssl-3.0 onwards

CLA: trivial

Signed-off-by: Shreenidhi Shedi <sshedi@vmware.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17484)

coverity 1497107: dereference after null check

Add null checks to avoid dereferencing a pointer that could be null.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17488)

Cleansing all the temporary data for s390x

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17486)

test_gendhparam: Drop expected error output

Otherwise it sometimes confuses the TAP parser.

Fixes #17480

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17481)

Clear md_data only when necessary

PR #17255 fixed a bug in EVP_DigestInit_ex(). While backporting the PR
to 1.1.1 (see #17472) I spotted an error in the original patch. This fixes
it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17473)

threadstest: use locking for tsan operations if required

Not all platforms support tsan operations, those that don't need to have an
alternative locking path.

Fixes #17447

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

drbg: add handling for cases where TSAN isn't available

Most of the DRGB code is run under lock from the EVP layer.  This is relied
on to make the majority of TSAN operations safe.  However, it is still necessary
to enable locking for all DRBGs created.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

lhash: use lock when TSAN not available for statistics gathering

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

mem: do not produce usage counts when tsan is unavailable.

Doing the tsan operations under lock would be difficult to arrange here (locks
require memory allocation).

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

object: use updated tsan lock detection capabilities

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

core namemap: use updated tsan lock detection capabilities

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

tsan: make detecting the need for locking when using tsan easier

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

threadstest: add write check to lock checking

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17479)

Avoid using a macro expansion in a macro when statically initialising

Circumvents a problem with ancient PA-RISC compilers on HP/UX.

Fixes #17477

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17478)

drop unused callback variable

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17471)

EVP_DigestSignFinal: *siglen should not be read if sigret == NULL

This fixes small regression from #16962.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17460)

param dup: add errors to failure returns

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

param build set: add errors to failure returns

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

param build: add errors to failure returns

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

test: check for properly raised errors during param conversion

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

params: add error messages for built in param conversions

Specifically:
* out of range
* unsigned negatives
* inexact reals
* bad param types
* buffers that are too small
* null function arguments
* unknown sizes of real

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

err: add additional errors

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17440)

pkeyutl: Fix regression with -kdflen option

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17461)

Ensure we test fetching encoder/decoder/store loader with a query string

Although we had a test for fetching an encoder/decoder/store loader it
did not use a query string. The issue highlighted by #17456 only occurs
if a query string is used.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)

Fix Decoder, Encoder and Store loader fetching

Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give the
provider when calling ossl_method_store_cache_set()

Fixes #17456

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)

Clarify the int param getter documentation

OSSL_PARAMs that are of type OSSL_PARAM_INTEGER or
OSSL_PARAM_UNSIGNED_INTEGER can be obtained using any of the functions
EVP_PKEY_get_int_param(), EVP_PKEY_get_size_t_param() or
EVP_PKEY_get_bn_param(). The former two will fail if the parameter is too
large to fit into the C variable. We clarify this in the documentation.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17445)

Don't run TLSFuzzer tests when it is not properly set

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17448)

APPS: Add check for multiple 'unknown' options

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)

PKCS12 app: Improve readability w.r.t. enc_flag, renamed to enc_name

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16416)

Statically link the legacy provider to endecode_test

We already statically link libcrypto to endecode_test even in a "shared"
build. This can cause problems on some platforms with tests that load the
legacy provider which is dynamically linked to libcrypto. Two versions of
libcrypto are then linked to the same executable which can lead to crashes.

Fixes #17059

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17345)

Add a test for a custom digest created via EVP_MD_meth_new()

We check that the init and cleanup functions for the custom method are
called as expected.

Based on an original reproducer by Dmitry Belyavsky from issue #17149.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

Fix a leak in EVP_DigestInit_ex()

If an EVP_MD_CTX is reused then memory allocated and stored in md_data
can be leaked unless the EVP_MD's cleanup function is called.

Fixes #17149

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

Ensure that MDs created via EVP_MD_meth_new() go down the legacy route

MDs created via EVP_MD_meth_new() are inherently legacy and therefore
need to go down the legacy route when they are used.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/17255)

EVP_PKEY_derive_set_peer_ex: Export the peer key to proper keymgmt

The peer key has to be exported to the operation's keymgmt
not the ctx->pkey's keymgmt.

Fixes #17424

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17425)

crypto/bio: fix build on UEFI

When compiling openssl for tianocore compiling abs_val() and pow_10()
fails with the following error because SSE support is disabled:

   crypto/bio/bio_print.c:587:46: error: SSE register return with SSE disabled

Fix that by using EFIAPI calling convention when compiling for UEFI.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17442)

Don't use __ARMEL__/__ARMEB__ in aarch64 assembly

GCC's __ARMEL__ and __ARMEB__ defines denote little- and big-endian arm,
respectively. They are not defined on aarch64, which instead use
__AARCH64EL__ and __AARCH64EB__.

However, OpenSSL's assembly originally used the 32-bit defines on both
platforms and even define __ARMEL__ and __ARMEB__ in arm_arch.h. This is
less portable and can even interfere with other headers, which use
__ARMEL__ to detect little-endian arm.

Over time, the aarch64 assembly has switched to the correct defines,
such as in 32bbb62ea634239e7cb91d6450ba23517082bab6. This commit
finishes the job: poly1305-armv8.pl needed a fix and the dual-arch
armx.pl files get one more transform to convert from 32-bit to 64-bit.

(There is an even more official endianness detector, __ARM_BIG_ENDIAN in
the Arm C Language Extensions. But I've stuck with the GCC ones here as
that would be a larger change.)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/17373)

check-format.pl: Fix report on space before ';' and allow it after ')'

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

check-format.pl: Fix report on missing space before +/-: allow, e.g., '1e-6'

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

check-format.pl: Fix report on constant on LHS of comparison/assignment

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

check_format.pl: Add checks for blank lines within/after local decls

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17434)

Delete unused param about get_construct_message_f

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17385)

Add a test case for the short password

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17441)

Update alert to common protocol

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17161)

apps.c: fix various coding style nits found by check-format.pl

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17435)

Fix: some patches related to error exiting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17417)

providers/implementations/keymgmt/rsa_kmgmt.c: refactor gen_init

There is risk to pass the gctx with NULL value to rsa_gen_set_params
which dereference gctx directly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17429)

v2i_AUTHORITY_KEYID(): Improve error reporting on parsing config values/options

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16345)

apps/cmp.c: fix coding style nits reported by check-format.pl

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)

asn1/x_algor.c: add internal ossl_X509_ALGOR_from_nid() simplifying code

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17363)

APPS load_key_certs_crls(): Make file access errors much more readable

This reverts part of commit ef0449135c4e4e7f using a less invasive suppression.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)

OSSL_STORE_open_ex(): Prevent spurious error: unregistered scheme=file

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16452)

Test importing EC key parameters with a bad curve

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)

EVP_PKEY_fromdata(): Do not return newly allocated pkey on failure

Fixes #17407

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17411)

fix the return check of EVP_PKEY_CTX_ctrl() in 5 spots

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17413)

properly free the resource from EVP_MD_CTX_new() at ssl3_record.c:1413

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17415)

properly free the resource from CRYPTO_malloc

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17412)

Fix copyright year issues

Fixes: #13765
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17427)

OSSL_STORE: Prevent spurious error during loading private keys

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15283)

Fix typos

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)

Run TLSfuzzer tests for CI

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)

TLS Fuzzer: initial test infrastructure

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)

TLSfuzzer: submodules

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)

check the return value of OSSL_PARAM_BLD_new in dsa_kmgmt.c:195

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17155)

sm2: fix {i2d,d2i}_PublicKey EC_KEY is EVP_PKEY_SM2

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17389)

apps/passwd.c: free before error exiting

use goto instead of returning directly while error handling

Signed-off-by: Peiwei Hu <jlu.hpw@foxmail.com>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17404)

fix building failure when using -Wconditional-uninitialized

Use clang -Wconditional-uninitialized to build, the error "initialize
the variable 'buffer_size' to silence this warning" will be reported.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17375)

trace.c: Add missing trace category entry

Fixes #17397

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17399)

CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert()

Fixes #16041

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)

X509_cmp.pod: Point out that the X509_NAME_cmp() arguments may be NULL

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)

app_http_tls_cb: Fix double-free in case TLS not used

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17400)

check-format.pl: Fix report on constant on LHS of comparison or assignment

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17396)

HTTP client: Work around HTTPS proxy use bug due to callback design flaw

See discussion in #17088, where the real solution was postponed to 4.0.

This preliminarily fixes the issue that the HTTP(S) proxy environment vars
were neglected when determining whether a proxy should be used for HTTPS.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17310)

Fix compile error when building with no-asm

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17376)

check the return value of EVP_MD_fetch in ecdh_exch.c:285 & dh_exch.c:347

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17153)

Use USE_SWAPCONTEXT on IA64.

On IA64 the use of setjmp()/ longjmp() does not properly save the
state of the register stack engine (RSE) and requires extra care.
The use of it in the async interface led to a failure in the
test_async.t test since its introduction in 1.1.0 series.

Instead of properly adding the needed assembly bits here use the
swapcontext() function which properly saves the whole context.

Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17370)

Validate the category in OSSL_trace_end()

OSSL_trace_end() should validate that the category it has been passed
by the caler is valid, and return immediately if not.

Fixes #17353

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17371)

Update troublesome copyright years of auto-generated files to 2022

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17398)

X509V3_set_ctx(): Improve documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17358)

ec.h: Explain use of strstr() for EVP_EC_gen() and add #include <string.h>

Fixes #17362

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17380)

Check the return value of ossl_bio_new_from_core_bio()

There are missing checks of its return value in 8 different spots.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17154)

close_console: Always unlock as the lock is always held

Fixes #17364

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17365)

try_pkcs12(): cleanse passphrase so it is not left on the stack

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)

try_pkcs12(): Correct handling of NUL termination of passphrases

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)

Test that PEM_BUFSIZE is passed into pem_password_cb

When pem_password_cb is used from SSL_CTX, its size
parameter should be equal to PEM_BUFSIZE.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)

pem_password_cb: Clarify the documentation on passphrases

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)

Compensate for UI method always adding NUL termination

The UI method always adds NUL termination and we need to
compensate for that when using it from a pem_password_cb
because the buffer used in pem_password_cb does not account
for that and the returned password should be able fill the
whole buffer.

Fixes #16601

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/17320)

test: add some unit tests for the property to string functions

That is: ossl_property_name_str and ossl_property_value_str.

These only have high level tests during the creation of child library
contexts.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17325)

property: use a stack to efficiently convert index to string

The existing code does this conversion by searching the hash table for the
appropriate index which is slow and expensive.

Fixes #15867

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17325)

Fix the symbol_presence test with a shlib_variant

If a shlib_variant is used then the dynamic version information for
symbols will be different from what the symbol presence test was
expecting. We just make it more liberal about what it accepts as dynamic
version information.

Fixes #17366

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17372)

APPS/cmp: improve diagnostics for presence of TLS options

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16747)

OSSL_CMP_CTX: rename get/set function for trustedStore

This makes the naming more consistent, in a backward-compatible way

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17277)