Implement the ability to convert a PROPERTY_LIST to a string

We have the ability to parse a string into a PROPERTY_LIST already. Now
we have the ability to go the other way.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)

todo: remove TODO(3.0) from the sources.

Almost all were notes about wanting to deprecate CTRLs/utility functions.

Fixes #15325

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15328)

Test d2i_PrivateKey_bio() does not add errors to stack when decoding a X25519 key sucessfully.

This confirms that another merge has addressed this issue.

Fixes #14996

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15303)

Revert "ARM assembly pack: translate bit-sliced AES implementation to AArch64"

This reverts commit da51566b256e0c0536d5b986e676863b0526bf5e.

Fixes #15321

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15364)

Add migration guide for 3.0

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14710)

Update SSL_new_session_ticket() manual for triggered send

Document the recently added functionality.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)

Test new SSL_new_session_ticket() functionality

Now that we can become "in init" directly after the call, test the
various scenarios where explicit SSL_do_handshake() calls can come
into play.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)

Let SSL_new_session_ticket() enter init immediately

The initial implementation always deferred the generation of the
requested ticket(s) until the next application write, but this
is not a great fit for what it actually does, architecturally wise.
A request to send a session ticket means entering back into the
handshake state machine (or "in init", as it's known in the
implementation).  The state machine transition is not something that
only occurs at an application-data write, and in general could occur at
any time.  The only constraint is that we can't enter "init" while in
the middle of writing application data.  In such cases we will need to
wait until the next TLS record boundary to enter the state machine,
as is currently done.

However, there is no reason why we cannot enter the handshake state
machine immediately in SSL_new_session_ticket() if there are no
application writes pending.  Doing so provides a cleaner API surface to
the application, as then calling SSL_do_handshake() suffices to drive
the actual ticket generation.  In the previous state of affairs a dummy
zero-length SSL_write() would be needed to trigger the ticket
generation, which is a logical mismatch in the type of operation being
performed.

This commit should only change whether SSL_do_handshake() vs zero-length
SSL_write() is needed to immediately generate a ticket after the
SSL_new_session_ticket() call -- the default behavior is still to defer
the actual write until there is other application data to write, unless
the application requests otherwise.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14817)

danetest.c: Improve code formatting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

X509_STORE_CTX_get1_issuer(): Simplify code, reducing risk of failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

X509 build_chain(): Fix two potential memory leaks on issuer variable

This also removes an inadequate guard: if (num == ctx->num_untrusted)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

X509 build_chain(): Make the variable 'curr' local to the loop body

This increases readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

X509 build_chain(): Rename variable 'depth' to 'max_depth'

This should increase readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

X509 build_chain(): Restrict scope of 'self_signed' variable

This should increase readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)

Make apps/progs.pl not look at apps/progs.c

apps/progs.pl will have apps/progs.c as output, and on some systems,
the output file of a program is locked against reading.
Unfortunately, apps/progs.c is also part of the sources that make up
apps/openssl, so it's necessary to mark that file in a way that makes
progs.pl skip over it.

Fortunately, this is easily done with a special attribute in
apps/build.info and a simple adaptation of apps/progs.pl.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15332)

build.info: Make it possible to set attributes on SOURCE / SHARED_SOURCE stmts

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15332)

speed: Document the deficiencies of the command

Fixes #7032

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15330)

80-test_cms.t: Disable new tests for binary input in Windows

This is a quick workaround for #15347.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15351)

apps/list: Remove obsolete -missing-help option

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15329)

find-doc-nits -c: Fix handling in case expected helpstr is not found

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15329)

unix-Makefile.tmpl and ci.yml: Merge cmd-nits into doc-nits

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15329)

Add bounds checking to length returned by wcslen in wide_to_asc conversion to resolve integer overflow flaw

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15316)

Make sure to include "crypto/ctype.h" to get ossl_isdigit()

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)

Make sure to include "internal/numbers.h" to get SIZE_MAX

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)

Fix crypto/bio/b_sock.c for VMS

Current VMS C-RTL does not have <sys/select.h>.  <sys/socket.h> is
a good enough replacement to get fd_set.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)

Fix include/internal/sockets.h for VMS

It needs to include <openssl/opensslconf.h>

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)

Fix include/openssl/e_os2.h for VMS

It would try to define OPENSSL_SYS_VMS if that macro is defined.
That's just not right.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15319)

Tweak apps/build.info for VMS

A bit of quoting is all that's needed, and it doesn't hurt other platforms.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)

VMS need to build DSO with name shortening, because of provider code

We have pretty long symbol names, so they need to be shortened to fit
in the linker's 31 character limit on symbols.

Symbol name shortening with the VMS C compiler works in such a way
that a symbol name that's longer than 31 characters is mangled into
its first original 22 characters, followed by a dollar sign and the
32-bit CRC of the original symbol name in hexadecimal.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)

Configurations/descrip.mms.tmpl: Add another inclusion hack

crypto/ec/curve448/ has a series of inclusions that throws VMS C
off, so we compensate for it the same way as we have done before.

Fixes #14247

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)

Configurations/descrip.mms.tmpl: Change strategy for include directories

Instead of what we used to do, put all include directories in a number
of DCL variables and generate the /INCLUDE qualifier value on the
command line, we instead generate VMS C specific header files with
include directory pragmas, to be used with the VMS C's /FIRST_INCLUDE
qualifier.  This also shortens the command line, the size of which is
limited.

VMS C needs to have those include directories specified in a Unix
form, to be able to safely merge #include paths with them when
searching through them.

Fixes #14247

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)

Thrown away all special descrip.mms variables

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)

Fix configdata.pm.in's "use lib" for VMS

`use lib` needs Unix formatted paths.  For VMS, it means that we must
make sure to convert paths, and we may as well generalise it.

In this case, we need to adapt the functions sourcedir() and sourcefile()

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)

Fix The VMS variant of platform->staticname()

It was looking in the wrong place in %unified_info to determine if the
library would be installed or not.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)

Fix OpenSSL::fallback for VMS

VMS unpackers will typically convert any period ('.') in directory
names to underscores, since the period is a path separator on VMS,
just like '/' is a path separator on Unix.  Our fallback mechanism
needs to account for that.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)

Configurations/descrip.mms.tmpl: Diverse updates

Get it back in sync with the other templates, and correct a few syntax
errors that have crept in.

Fixes #14247

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)

Turn off VMS C's info about unsupported pragmas

VMS C can be notoriously informative about certain things, such as
unsupported pragmas.  The case here is that it doesn't support
"#pragma once", and since we use those quite a lot, that's a lot of
repeated information.  We simply turn that warning off.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15317)

Rework how a build file (Makefile, ...) is produced

The memory footprint of how we produced the Makefile was quite...
important, because we have all the processing in one perl snippet, and
generate the details of the build file by appending to the "magic"
variable $OUT.  The result is that this variable gets to hold the
majority of the build file text, and depending on memory reallocation
strategies for strings, the heap may hold multiple (possibly not just
a few) copies of this string, almost all of them "freed" but still
taking up space.  This has resulted in memory exhaustion.

We therefore change strategy, and generate the build file in two
phases, where the first phase generates the full template using small
perl snippets for each detail, and the second phase processes this
template.  This is much kinder to process memory.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15310)

Move some OpenSSL perl utility functions to OpenSSL::Util

quotify1() and quotify_l() were in OpenSSL::Template, but should be
more widely usable.

configdata.pm.in's out_item() is also more widely useful and is
therefore moved to OpenSSL::Util as well, and renamed to dump_data().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15310)

CMS_get0_SignerInfos(): Prevent spurious error on cms_get0_signed() failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)

apps/cms.c: Simplify make_receipt_request() and load_content_info(()

Also improve adherence to code formatting rules.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)

apps/cms.c: Make -sign and -verify handle binary input

Fixes #8940

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)

Make SMIME_read_CMS_ex() and SMIME_read_ASN1_ex() support binary input

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)

bio_lib: Add BIO_get_line, correct doc of BIO_gets

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12959)

fips: remove unnecessary commas to get CI working

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15337)

Avoid failing label removal if label is not there

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)

Separate FIPS checksum and labelling into different workflows

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)

Remove "openssl ifdef" handling

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15311)

Remove '=for openssl ifdef'

No longer needed after rewrite of cmd-nits

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15311)

Better error messages if there are no encoders/decoders/store loaders

If you don't have the base or default providers loaded and therefore there
are no encoders/decoders or store loaders then the error messages can be
cryptic. We provide better hints about how to fix the problem.

Fixes #13798

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15306)

Move ossl_sleep() to e_os.h and use it in apps

Fixes #15304

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15308)

DOC: Fix nits found by improved find-doc-nits -c

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)

ci.yml: Add cmd-nits to the doc-nits CI run

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)

openssl-dsa.pod.in: Fix glitch: pvk-string -> pvk-strong

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)

find-doc-nits: Make -c option (cmd-nits) independent of app build and execution

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)

apps/s_server: Add -proxy and -no_proxy options

Strongly related to feature request #6965

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15245)

apps/ocsp: Add -proxy and -no_proxy options

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15245)

Add -quiet flag to genpkey

Picking up late suggestions to PR #6909 by Philip Prindeville
<philipp@redfish-solutions.com>.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15249)

apps: use else if when checking for headers in the http server code

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

seal: make EVP_SealInit() library context aware

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

hmac: fix coverity 1484888 negative integer to size_t conversion

More theoretical than real but easy and cheap to check for.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

keymgmt: fix coverity 1484886 unchecked return value

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

evp: fix coverity 1484885 negative integer to size_t conversion

Theoretically, the IV length can come back negative which would explode.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

provider: fix coverity 1484884: uninitialised lock use

This actually fixes a more subtle problem that wasn't detected which could
cause memory leaks.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

apps: clean up the http server code

Clean up some of the null checking in the http server code.

This also "fixes" the false positive from coverity CID 1484883.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15300)

test: conditionally exclude unused code for no-tls1.2 build

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15301)

Fix a use-after-free in the child provider code

If the child provider context data gets cleaned up before all usage of
providers has finished then a use-after-free can occur. We change the
priority of this data so that it gets freed later.

Fixes #15284

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15286)

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION

Add -client_renegotiation flag support.  The -client_renegotiation flag is
equivalent to SSL_OP_ALLOW_CLIENT_RENEGOTIATION. Add support to the app,
the config code, and the documentation.

Add SSL_OP_ALLOW_CLIENT_RENEGOTIATION to the SSL tests. We don't need to
always enable it, but there are so many tests so this is the easiest thing
to do.

Add a test where client tries to renegotiate and it fails as expected. Add
a test where server tries to renegotiate and it succeeds. The second test
is supported by a new flag, -immediate_renegotiation, which is ignored on
the client.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15184)

Fix pointer passed to provider_unquery_operation

Walking through the `map` modifies the pointer passed to the `unquery`
operation.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15295)

Add a CHANGES entry for fully pluggable groups

Fixes #12283

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15282)

Add doc for ERR_clear_last_mark().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15258)

Fix OSSL_DECODER_new_for_pkey() selection parameter documentation

Fixes #14518

EVP_PKEY_fromdata() already defines this value so we link to this
documentation, 0 is also added as a possible input value.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15260)

Fix compiler error when using config option 'enable-acvp-tests'

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15264)

Adapt 80-test_cmp_http.t and its data for random accept ports

Fixes #14694

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15281)

APPS: Make the cmp Mock server output the accept address and port

Fixes #14694

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15281)

ci: remove the checksum CI script

This script introduces a security vulnerability where the OpenSSL github
repository can be modified which opens a window for an attacker.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reported-by: Nikita Stupin

Add extensive test coverage for SSL_get_negotiated_group()

This is nearly comprehensive, but we cannot exercise the functionality
for PSK-only TLS 1.3 resumption, since openssl talking to openssl will
always negotiate psk_dhe_ke.

Exercise both the TLS 1.3 and 1.2 cases, for initial handshakes
and resumptions, and for ECDHE and FFDHE.
Since RFC 7919 named groups (for FFDHE) are only supported for TLS 1.3,
the TLS 1.2 versions of those scenarios expect to get NID_undef since
the key exchange was not performed using a named group.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)

move group lists out of test_key_exchange() in preparation for reuse

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)

Extend SSL_get_negotiated_group() tests for TLS 1.2

We don't implement RFC 7919 named groups for TLS 1.2, so we can
only test the ECDHE case for non-TLS-1.3.

Interestingly, though the test_key_exchange() routine claimed to
be exercising ffdhe2048 with TLS 1.2, the configured ciphers were
incompatible with DHE key exchange, so we ended up just using RSA
key transport and not doing an ephemeral key exchange at all.
Reconfigure the tests to actually exercise ephemeral key exchange
for both the EC and FF cases (even though we don't use the named
group information for the finite-field case).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)

Regenerate testsid.pem

Convert this file to the new format, that includes the kex_group
integer value.  This is needed in order for the round-trip conversion
test to return the same value as the initial input.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)

Promote SSL_get_negotiated_group() for non-TLSv1.3

It can be useful to know what group was used for the handshake's
key exchange process even on non-TLS 1.3 connections.  Allow this
API, new in OpenSSL 3.0.0, to be used on other TLS versions as well.
Since pre-TLS-1.3 key exchange occurs only on full handshakes, this
necessitates adding a field to the SSL_SESSION object to carry the
group information across resumptions.  The key exchange group in the
SSL_SESSION can also be relevant in TLS 1.3 when the resumption handshake
uses the "psk_ke" key-exchange mode, so also track whether a fresh key
exchange was done for TLS 1.3.

Since the new field is optional in the ASN.1 sense, there is no need
to increment SSL_SESSION_ASN1_VERSION (which incurs strong incompatibility
churn).

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14750)

ASN1: Fix i2d_provided() return value

i2d_provided() - which is the internal provider data function for
i2d_KeyParams(), i2d_PrivateKey(), i2d_PublicKey() - didn't treat the
returned length from OSSL_ENCODER_to_data() quite as well as it should
have.  A simple added flag that records the state of |*pp| before
calling OSSL_ENCODER_to_data() fixes the problem.

Fixes #14655

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/15277)

Load the default provider into the p_test provider later

Loading it earlier causes some of the later testing to pass when it should
fail and masked a bug.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15270)

Init the child providers immediately on creation of the child libctx

We were deferring the initial creation of the child providers until the
first fetch. This is a carry over from an earlier iteration of the child
lib ctx development and is no longer necessary. In fact we need to init
the child providers immediately otherwise not all providers quite init
correctly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15270)

Add make update-fips-checksums to release.sh script

Fixes #15223

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15271)

doc: document all functions in provider-base(7)

Fixes #13358

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15259)

Fix a memleak on an error path in the pkcs12 test helpers

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15269)

Add OSSL_ prefix to HTTP_DEFAULT_MAX_{LINE_LENGTH,RESP_LEN}

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

http_client.c: Rename internal fields and functions for consistency

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

HTTP client: Allow streaming of response data (with possibly indefinite length)

Also clean up max_resp_len and add OSSL_HTTP_REQ_CTX_get_resp_len().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

HTTP client: Allow streaming of request data (for POST method)

Also clean up OSSL_HTTP_REQ_CTX_nbio() states and make it more efficient.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

HTTP client API: Generalize to arbitrary request and response contents

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

OSSL_HTTP_transfer(): Fix error reporting in case rctx->server is NULL

Also improve doc of OSSL_parse_url() and OSSL_HTTP_parse_url().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

OSSL_HTTP_get(): Do not close connection if redirect to same server

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

HTTP: Implement persistent connections (keep-alive)

Both at API and at CLI level (for the CMP app only, so far)
there is a new parameter/option: keep_alive.
* 0 means HTTP connections are not kept open after
receiving a response, which is the default behavior for HTTP 1.0.
* 1 means that persistent connections are requested.
* 2 means that persistent connections are required, i.e.,
in case the server does not grant them an error occurs.

For the CMP app the default value is 1, which means preferring to keep
the connection open. For all other internal uses of the HTTP client
(fetching an OCSP response, a cert, or a CRL) it does not matter
because these operations just take one round trip.

If the client application requested or required a persistent connection
and this was granted by the server, it can keep the OSSL_HTTP_REQ_CTX *
as long as it wants to send further requests and OSSL_HTTP_is_alive()
returns nonzero,
else it should call OSSL_HTTP_REQ_CTX_free() or OSSL_HTTP_close().
In case the client application keeps the OSSL_HTTP_REQ_CTX *
but the connection then dies for any reason at the server side, it will
notice this obtaining an I/O error when trying to send the next request.

This requires extending the HTTP header parsing and
rearranging the high-level HTTP client API. In particular:
* Split the monolithic OSSL_HTTP_transfer() into OSSL_HTTP_open(),
  OSSL_HTTP_set_request(), a lean OSSL_HTTP_transfer(), and OSSL_HTTP_close().
* Split the timeout functionality accordingly and improve default behavior.
* Extract part of OSSL_HTTP_REQ_CTX_new() to OSSL_HTTP_REQ_CTX_set_expected().
* Extend struct ossl_http_req_ctx_st accordingly.

Use the new feature for the CMP client, which requires extending
related transaction management of CMP client and test server.

Update the documentation and extend the tests accordingly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

OSSL_HTTP_REQ_CTX_add1_headers(): Fix use with host == NULL (relative URLs)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

CMP test server: Extend error reporting on cert rejected for revocation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

HTTP test server: Improve connection management and logging

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

cmp_server.c: Improve transaction management and logging

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)

OSSL_CMP_SRV_process_request(): Log any error queue entries on response

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15053)