Building: Fix the library file names for MSVC builds to include multilib

In OpenSSL 1.1.1, VC-WIN64I and VC-WIN64A have a 'multilib' attribute
set, which affect the names of the produced libcrypto and libssl DLLs.
This restores that for OpenSSL 3.0.

Fixes #13659

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13670)

DOCS: Improve documentation of the EVP_PKEY type

This type was previously described in a note, which is hard to find
unless you already know where to look.

This change makes the description more prominent, and allows indexing
by adding it in the NAMES section.

The EVP_PKEY description is altered to conceptually allow an EVP_PKEY
to contain a private key without a corresponding public key.  This is
related to an OTC vote:

https://mta.openssl.org/pipermail/openssl-project/2020-December/002474.html

The description of EVP_PKEY for MAC purposes is amended to fit.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13629)

params: add integer conversion test cases.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13663)

params: allow more variations in integer conversions.

Allow any sized integer to be converted to any other size integer via the
helpers.

Support for converting reals to/from integers remains restricted.

Fixes: #13429
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13663)

DOCS: Update OSSL_DECODER_CTX_new_by_EVP_PKEY.pod to match declarations

Fixes #13441

We're also starting on a glossary, doc/man7/openssl-glossary.pod,
where terms we use should be explained.  There's no need to explain
terms as essays, but at least a few quick lines, and possibly a
reference to some external documentation.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13581)

Fix some typos in EVP_PKEY-DH.pod

A missing newline messes up how the code sample is rendered. Also a few
miscellaneous typos are fixed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13643)

Skip cms tests using RC2 if no legacy provider

Fixes #12510

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)

Don't run a legacy specific PKCS12 test if no legacy provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)

Don't use the legacy provider in test_store if its not available

If we don't have the legacy provider then we avoid having to use it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)

Don't load the legacy provider in test_evp_libctx unnecessarily

We don't need the legacy provider, so don't load it. This avoids
problems in a no-legacy build

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)

Don't load the legacy provider if not available in test_enc_more

If the legacy provider isn't available then we shouldn't attempt to
load or use it.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)

Skip testing ciphers in the legacy provider if no legacy

test_enc should not test ciphers that are not available due to a lack
of the legacy provider

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)

Don't load the legacy provider in endecoder_legacy_test

In spite of the name the endecoder_legacy_test does not need the
legacy provider. Therefore we avoid loading it so that no-legacy
builds still run the test successfully.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)

Don't use legacy provider if not available in test_ssl_old

If we've been configured with no-legacy then we should not attempt to
load the legacy provider.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)

Fix sslapitest.c if built with no-legacy

We skip a test that uses the no-legacy option. Unfortuantely there is
no OPENSSL_NO_LEGACY to test, so we just check whether we were successful
in loading the legacy provider - and if not we skip the test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)

Skip evp_test cases where we need the legacy prov and its not available

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13595)

Don't use no-asm in the Github CIs

no-asm has proven to be too slow, therefore we don't use it in the Github
CI builds and instead rely on it being covered by run-checker.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13607)

Add fips self tests for all included kdf

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13480)

Add validate method to ECX keymanager

Fixes #11619

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13459)

apps/{ca,req,x509}.c: Improve diag and doc mostly on X.509 extensions, fix multiple instances

This includes a general correction in the code (now using the X509V3_CTX_REPLACE flag)
and adding a prominent clarification in the documentation:

    If multiple entries are processed for the same extension name,
    later entries override earlier ones with the same name.

This is due to an RFC 5280 requirement - the intro of its section 4.2 says:

    A certificate MUST NOT include more than one instance of a particular extension.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)

openssl_hexstr2buf_sep(): Prevent misleading 'malloc failure' errors on short input

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)

v2i_AUTHORITY_KEYID(): Correct out-of-memory behavior and avoid mem leaks

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)

X509V3_EXT_add_nconf_sk(): Improve description and use of 'sk' arg, which may be NULL

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)

openssl-ca.pod.in: Clarify the -extensions/-crlexts options vs. x509_extensions/crl_extensions

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)

apps/x509.c: Factor out common aspects of X509 signing

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)

apps/{req,x509,ca}.c: Cleanup: move shared X509{,_REQ,_CRL} code to apps/lib/apps.c

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)

apps/{req,x509,ca}.c: Clean up code setting X.509 cert version v3

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)

x509v3_config.pod: Clarify semantics of subjectKeyIdentifier and authorityKeyIdentifier

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)

apps/req.c: Improve diagnostics on multiple/overriding X.509 extensions defined via -reqext option

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13614)

Use adapted test_get_libctx() for simpler test setup and better error reporting

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13001)

Read MIDR_EL1 system register on aarch64

MIDR_EL1 system register exposes microarchitecture information so that
people can make micro-arch related optimization such as exposing as
much instruction level parallelism as possible.

MIDR_EL1 register can be read only if HWCAP_CPUID feature is supported.

Change-Id: Iabb8a36c5d31b184dba6399f378598058d394d4e

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11744)

Test that we can negotiate TLSv1.3 if we have an SNI callback

If an SNI callback has been set then we may have no certificuates suitable
for TLSv1.3 use configured for the current SSL_CTX. This should not prevent
us from negotiating TLSv1.3, since we may change the SSL_CTX by the time we
need a suitable certificate.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13304)

Modify is_tls13_capable() to take account of the servername cb

A servername cb may change the available certificates, so if we have one
set then we cannot rely on the configured certificates to determine if we
are capable of negotiating TLSv1.3 or not.

Fixes #13291

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13304)

v3nametest: Make the gennames structure static

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13635)

Fix typo in OPENSSL_malloc.pod

CLA: trivial

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13632)

rand: allow seed-src to be missing

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13640)

rand: don't leak memory

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13640)

rand seed: include lock and unlock functions.

This satisfies EVP's RAND layer.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13640)

Fix error clash in build

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13640)

rand: add a provider side seed source.

This allows the operating system sources that OpenSSL supports to be
used directly as RNGs.  It also allows DRBG seeding to be explicitly
specified rather than being left to a fall back case.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13455)

TLS: Use EVP_PKEY_get_group_name() to get the group name

For the moment, we translate the result to a NID, because that's still
used in several locations in libssl.  Future development should change
all the internals to be name based instead.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13436)

EVP: Add EVP_PKEY_get_group_name() to extract the group name of a pkey

This replaces the internal evp_pkey_get_EC_KEY_curve_nid()

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13436)

EVP: constify the EVP_PKEY_get_*_param() argument |pkey|

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13436)

Add MAP_CONCEAL from OpenBSD which has similar purpose but on mmap
call level.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13394)

CRYPTO_secure_malloc_init: Add FreeBSD support for secure-malloc dont-dump-region.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13394)

STORE: clear err after ossl_store_get0_loader_int

This commit clears the error that might have been set when
ossl_store_get0_loader_int has been called as it will try to retrieve
a loader for the scheme on an empty store, which will cause the error
OSSL_STORE_R_UNREGISTERED_SCHEME to be set.

The motivation for this after returning from
ossl_store_get0_loader_int, OSSL_STORE_attach will continue and try to
fetch a OSSL_STORE_LOADER from the provider.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12901)

Fix no-err

The ERR_load_*_strings() functions were not being defined in a no-err
build. This is an API break since in 1.1.1 they were still present in a
no-err build, but were no-ops. This was also causing a failure in
test_symbol_presence. We revert to the way things were done in 1.1.1,
i.e. in a no-err build the functions are still present but are no-ops.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13598)

Fix a compilation failure with no-tls_1_2

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13596)

Fix a test failure with no-tls1_3

If we're using TLSv1.2 then the test_sigalgs_available test needs to be
careful which ciphersuite is selected in order for the test to behave
correctly.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13596)

providers/common/der/build.info: Improve checks of disabled algos

This protects us from unwanted GENERATE statements in particular.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13626)

Update CHANGES and NEWS for new release

Reviewed-by: Richard Levitte <levitte@openssl.org>

Add a test for encoding/decoding using an invalid ASN.1 Template

If you have a CHOICE type that it must use explicit tagging - otherwise
the template is invalid. We add tests for this.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>

Add a test for GENERAL_NAME_cmp

Based on a boringssl test contributed by David Benjamin

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>

Complain if we are attempting to encode with an invalid ASN.1 template

It never makes sense for multi-string or CHOICE types to have implicit
tagging. If we have a template that uses the in this way then we
should immediately fail.

Thanks to David Benjamin from Google for reporting this issue.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>

Check that multi-strings/CHOICE types don't use implicit tagging

It never makes sense for multi-string or CHOICE types to use implicit
tagging since the content would be ambiguous. It is an error in the
template if this ever happens. If we detect it we should stop parsing.

Thanks to David Benjamin from Google for reporting this issue.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>

Correctly compare EdiPartyName in GENERAL_NAME_cmp()

If a GENERAL_NAME field contained EdiPartyName data then it was
incorrectly being handled as type "other". This could lead to a
segmentation fault.

Many thanks to David Benjamin from Google for reporting this issue.

CVE-2020-1971

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>

DirectoryString is a CHOICE type and therefore uses explicit tagging

EDIPartyName has 2 fields that use a DirectoryString. However they were
marked as implicit tagging - which is not correct for a CHOICE type.

Additionally the partyName field was marked as Optional when, according to
RFC5280 it is not.

Many thanks to github user @filipnavara for reporting this issue. Also to
David Benjamin from Google who independently identified and reported it.

Fixes #6859

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>

Deprecate EC_POINT_bn2point and EC_POINT_point2bn.

Fixes #10366

The one place that actually used was in the legacy printing of ecparams.
This has been replaced by the pointtobuf variant.

The ecparam app was using one of these functions - this line has just been
removed as another PR will remove all the code generated lines..

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13294)

Change OPENSSL_hexstr2buf_ex() & OPENSSL_buf2hexstr_ex() to pass the separator

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13294)

openssl.pod: Carve out Trusted Certificate, Pass Phrase, Name Format, and Format Options

Move detailed doc to specific new files in doc/man1/openssl-*-options.pod

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13315)

openssl.pod: Move verification doc to new doc/man1/openssl-verification-options.pod

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13315)

find-doc-nits: fix regexp and point out that CA.pl and tsget.pod are special

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13315)

PEM: Add a more generic way to implement PEM _ex functions for libctx

This also adds the following functions, for completeness:

PEM_write_PrivateKey_ex(), PEM_write_bio_PrivateKey_ex(),
PEM_write_PUBKEY_ex, PEM_write_bio_PUBKEY_ex

Fixes #13542

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13547)

EVP: Adjust EVP_PKEY_size(), EVP_PKEY_bits() and EVP_PKEY_security_bits()

These functions are documented to return 0 if the size they are
supposed to return 0 if the size isn't available.  They needed a bit
of adjustment to actually do so, since the backend functions they call
might return negative numbers in that case.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13611)

DSA: Make DSA_bits() and DSA_size() check that there are key parameters

Without these check, a DSA structure without key parameters will cause
these functions to crash.  This is also the case in pre-3.0 OpenSSL,
but since we now extract these data early, to cache them in the
EVP_PKEY structure, the same crash happens earlier and much more
internally.

The added checks are of the same kind as DSA_security_bits() already
does.

Fixes #13610

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13611)

Switch deprecation method for X.509

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for Whirlpool

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for OSSL_STORE

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for SSL

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for SRP

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for SHA

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for SEED

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for RIPEMD

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for RC5

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for RC4

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for RC2

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for RAND

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for PKCS#12

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for MDC2

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for MD5

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for MD4

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for MD2

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for IDEA

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for HMAC

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for EVP

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for ERR

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for ENGINE

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for DES

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for CRYPTO

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for CONF

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for CMAC

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for CAST

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for Camellia

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for BIGNUM

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for Blowfish

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for BIO

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for ASN.1

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

Switch deprecation method for AES

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13460)

test/certs/setup.sh: Fix two glitches

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13606)

x509_vfy.c: Improve comments (correcting typos etc.)

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13606)