Add test for provider gettables

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15970)

Avoid "excessive message size" for session tickets

We received a report of an "excessive message size" for a received
session ticket. Our maximum size was significantly less than the theoretical
maximum. The server may put any data it likes in the session ticket
including (for example) the full certificate chain so we should be able to
handle longer tickets. Update the value to the maximum allowed by the spec.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15877)

update fips checksums

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)

fips module header inclusion fine-tunning

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15974)

bn: Make fixed-length Montgomery Multiplication conditional on PPC64

This code is currently unconditional even though build.info has:

  $BNASM_ppc64=$BNASM_ppc32 ppc64-mont-fixed.s

This causes a build failure on 32-bit systems.

Fixes #15923

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)

bn: Fix .size directive

This requires the text address.

Fixes #15923

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)

bn: Use a basic branch-if-not-zero

Ancient toolchains fail the build because they don't like the hints,
newer ISAs recommend not using the hints and relying on dynamic branch
prediction.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15971)

rsa_cms_verify: Avoid negative return with missing pss parameters

Fixes #15984

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15985)

Coverity #1486687: fix potential dereference of NULL keymgmt

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15986)

doc: include PBKDF1 documentation in build.info

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15967)

doc: add PBKDF1 provider documentation

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15967)

provider: use #define for PBKDF1 algorithm name

This seems to be standard practice so bringing PBKDF1 into line.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15967)

PROV & STORE: Make the 'file:' store loader understand more binary formats

The 'file:' store loader only understood DER natively.  With all the
whatever to key decoders gone, direct support for other binary file
formats are gone, and we need to recreate them for this store loader.

With these changes, it now also understands MSBLOB and PVK files.

As a consequence, any store loader that handles some form of open file
data (such as a PEM object) can now simply pass that data back via
OSSL_FUNC_store_load()'s object callback.  As long as libcrypto has
access to a decoder that can understand the data, the appropriate
OpenSSL object will be generated for it, even if the store loader sits
in a different provider than any decoder or keymgmt.
For example, an LDAP store loader, which typically finds diverse PEM
formatted blobs in the database, can simply pass those back via the
object callback, and let libcrypto do the rest of the work.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15981)

PROV & STORE: Don't decode keys in the 'file:' store loader

This makes the 'file:' store loader only read the file, and only decode
down to a base level binary format, and simply pass that blob of data
back to the OSSL_FUNC_store_load() object callback.

This offloads the decoding into specific OpenSSL types to libcrypto,
which takes away the issue of origins, which provider is it that holds
the key (or other future types of objects).

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15981)

TEST: Add testing of PVK and MSBLOB files to test_store

The PVK and MSBLOB files were generated using openssl 1.1.1, using
test/testrsa.pem as source:

    openssl rsa -in test/testrsa.pem \
                -out test/recipes/90-test_store_data/testrsa.msb \
                -outform msb
    openssl rsa -in test/testrsa.pem \
                -out test/recipes/90-test_store_data/testrsa.pvk \
                -outform pvk \
                -passout pass:password

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15980)

Work around a 32-bit mingw failure

Passing the return value from gmtime() directly to mktime() was producing
incorrect results under windows (but not under wine) when built with mingw
32-bit (but not VC-WIN32). We implement a workaround for this.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15939)

Use TEST_time_t_* functions in cmp_hrd_test.c

This gives better diagnostic output

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15939)

Avoid some MinGW test failures

There were 4 classes of failure:

- line ending problems;
- unicode problems;
- file path munging problems; and
- a "hang" in test_cmp_http.

The unicode problems appear to be somewhere between wine or msys - they
don't actually appear to be a problem with the built binaries. We just skip
those tests for now.

Fixes #13558

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15939)

Fix memory leak in i2d_ASN1_bio_stream

When creating a signed S/MIME message using SMIME_write_CMS()
if the reading from the bio fails, the state is therefore
still ASN1_STATE_START when BIO_flush() is called by i2d_ASN1_bio_stream().
This results in calling asn1_bio_flush_ex cleanup but will only
reset retry flags as the state is not ASN1_STATE_POST_COPY.
Therefore 48 bytes (Linux x86_64) leaked since the
ndef_prefix_free / ndef_suffix_free callbacks are not executed
and the ndef_aux structure is not freed.

By always calling free function callback in asn1_bio_free() the
memory leak is fixed.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14844)

PEM_read_...: document that garbage and other PEM data is skipped

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)

load_key_certs_crls: Avoid reporting any spurious errors

When there is other PEM data in between certs the OSSL_STORE_load
returns NULL and reports error. Avoid printing that error unless
there was nothing read at all.

Fixes #15945

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)

test_pem_reading: Test loading a key from a file with multiple PEM data

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)

load_pkey_pem: Check for spurious errors when loading

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)

pem_read_bio_key: Add passphrase caching to avoid asking for password twice

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)

pem_read_bio_key_decoder: Avoid spurious error on unknown PEM data

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15949)

Fix compile errors when building with --api=1.1.0 no-deprecated.

Fixes #15963

INSTALL.md uses these exact options as an example so it should work.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15965)

update pyca-cryptography regression test suite

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15962)

Defined out MUTEX attributes not available on NonStop SPT Threads.

Standard Posix Threads (SPT) Threads are an older separate branch of
pthreads that do not support some of the capabilities in the current
Posix User Threads (PUT).

The change also includes a rename of the close field of OSSL_STORE_LOADER
which was causing preprocessor conflicts.

Fixes #15885

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15886)

doc: Mention the update of der data pointers in d2i/i2d

Fixes #15958

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15959)

DOC: clarify OPENSSL_API_COMPAT

Fixes #15928

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15956)

ci: add a memory sanitiser test run

This omission noted in #15950

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15952)

afalg: add some memory initialisation calls to pacify memory sanitisation.

The engine is modifying memory without the sanitiser realising.  By pre-
initialising this memory, the sanitiser now thinks that read accesses are okay.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15952)

Document cross-compile considerations for NonStop x86 builds.

Fixes #15919

Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15948)

Fix use of uninitialized memory in test_rsa_oaep

48f1739600f33c92387debce2002acec6e365f1d did not convert the RSA OAEP
tests correctly. The corrupted ciphertext and truncation tests were
really decrypting uninitialized memory, rather than the sample
ciphertext. This results in an error in tools like MSan.

The test is somewhat roundabout. In the original version, before the
conversion, ctext_ex was an OAEP test vector from key1(), etc.,
functions. The test would:

1. Encrypt ptext_ex as ctext.
2. Decrypt ctext and check it gives ptext_ex.
3. Decrypt ctext_ex and check it gives ptext_ex.
4. Try corrupted and truncated versions of ctext.

48f1739600f33c92387debce2002acec6e365f1d then moved steps 1 and 2 into
test_rsa_simple, which meant ctext is no longer available for step 4. It
then mistakenly left the variable around, but uninitialized, so the test
wasn't testing anything. (Confusingly, test_rsa_simple outputs ctext_ex
to the caller, but doesn't do anything with it. The ctext_ex output is
also only usable for OAEP, not PKCS#1 v1.5.)

It doesn't really matter whether we use ctext or ctext_ex for step 4, so
this PR fixes it by using ctext_ex instead.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15950)

OSSL_CRMF_{CERTTEMPLATE,CERTID}_get0_serialNumber(): Make result const for consistency

Also make doc/man3/OSSL_CRMF_MSG_get0_tmpl.pod consistent with crmf.h.in regarding const results

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)

cmp_mock_srv.c: Add missing OldCertID check for 'kur' cert update requests

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)

CMP: Add missing getter functions to CRMF API and CMP API

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15790)

test: fix test ordering in threads test

Fixes #15953

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15954)

evp: fix coverity 1473380 Copy into fixed size buffer (STRING_OVERFLOW)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)

dh_test: fix coverity 1473239 Argument cannot be negative (NEGATIVE_RETURNS)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)

s_time: avoid unlikely division by zero

Fixing coverity 966560 Division or modulo by zero (DIVIDE_BY_ZERO)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)

bio: check for valid socket when closing

Fixes coverity 271258 Improper use of negative value (NEGATIVE_RETURNS)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)

test: fix coverity 1469427 Improper use of negative value (NEGATIVE_RETURNS)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15943)

x509: improve error reporting

Distinguish between not being able to extract a public key versus not knowing
the key's type.

Alternative to #15921

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15944)

Missing link to fips_config documentation

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15940)

coverity #1486532: fix potential NULL dereference in test_mk_file_path()

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15942)

coverity #1486531: return error properly from x509_pubkey_ex_new_ex()

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15942)

EVP: Have EVP_PKCS82PKEY_ex() pass a correct selection to OSSL_DECODER

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)

DECODER & ENCODER: Make sure to pass around the original selection bits

When decoding a key and asking the keymgmt to import the key data, it
was told that the key data includes everything.  This may not be true,
since the user may have specified a different selection, and some
keymgmts may want to be informed.

Our key decoders' export function, on the other hand, didn't care
either, and simply export anything they could, regardless.

In both cases, the selection that was specified by the user is now
passed all the way.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15934)

ossl_cmp_error_new(): Fix Coverity issue 1486534, and consequently also issues 1486536 and 1486533

The issues are due to an integer overflow that may happen on '(ERR_SYSTEM_FLAG << 1)'.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15938)

doc: make error checking in ticket handling code explicit

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15918)

darwin platform replacing getentropy usage by platform api instead.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15924)

OSSL_STORE: Fix crash when tracing STORE

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15931)

ENCODER & DECODER: Make a tighter coupling between en/decoders and keymgmt

If there are keymgmts and en/decoders from the same provider, try to
combine them first.

This avoids unnecessary export/import dances, and also tries to avoid
issues where the keymgmt doesn't fully support exporting and importing,
which we can assume will be the case for HSM protected keys.

Fixes #15932

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15933)

PROV: Have our PEM->DER decoder only recognise our PEM names

This is to avoid creating confusion where other PEM decoder
implementations may know better what PEM names that are unknown to us
actually mean.

Fixes #15929

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15930)

Ensure ordinals are created during release process

We introduce a new makefile target "make release-update" that forces
ordinal file renumbering, and also does the fips checksum updates. We
then call that  from the release script.

Fixes #15806

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15901)

Update config.pm

Missing '(' added into a PowerPC-specific command

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15911)

evp_test: use correct size in memory clear

Fixes #15917

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15920)

DOC: Clarify the role of EKUs including defaults for TLS client and server use

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14199)

Fix 'openssl req' to correctly use the algorithm from '-newkey algo:nnnn'

We used the original string, which meant fetching for, for example,
'rsa:2048'.  That was, of course, doomed to fail.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15912)

ENCODER & DECODER: Allow en/decoders to have multiple names

We had prepared for this a little bit, but apparently not completed it.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15904)

doc: update up call documentation

Some of the BIO functions weren't included in the provider-base documentation.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15909)

test/recipes/90-test_includes_data/vms-includes.cnf: correct the directory

... to mimic includes.cnf

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)

apps/CA.pl.in: restore the quotes around -CAfile, they were there for a reason

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)

test/recipes/80-test_ca.t: Don't force quotes around the config file in $cnf

However, when passing it through the OPENSSL_CONFIG environment
variable, we still need the quotes, just to make sure.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)

test/recipes/66-test_ossl_store.t: ensure native paths

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)

testutil: teach test_mk_file_path() how to merge VMS file specs

This isn't a full solution, it only handles current use cases.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)

test/ossl_store_test.c: Adapt the use of datadir for VMS paths

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)

UTF-8 not easily supported on VMS command line yet

Some tests are designed to test UTF-8 on the command line.
We simply disable those on VMS.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)

Fix test_errstr for VMS

Occasionally, we get an error code on VMS that doesn't translate
into POSIX, and the error string reflects that

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15823)

Fix segfault in openssl x509 -modulus

The command ``openssl x509 -noout -modulus -in cert.pem`` used to segfaults
sometimes because an uninitialized variable was passed to
``BN_lebin2bn``. The bug triggered an assertion in bn_expand_internal().

Fixes: https://github.com/openssl/openssl/issues/15899
Signed-off-by: Christian Heimes <christian@python.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15900)

Add wrap.pl to .gitignore

This file is now auto-generated from a template (wrap.pl.in). Therefore
it should be ignored by git.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15895)

Fix two typos in OSSL_trace_enabled.pod

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15894)

test: check for NULL returns better

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)

test: avoid memory leaks on errors

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)

evp_test: address NULL pointer dereference and return failure better

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)

ui: address potential memory leak

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)

apps: address potential memory leaks

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)

x509: address NULL dereference and memory leaks

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15910)

apps: properly initialise arguments to EVP_PKEY_get_bn_param()

This avoids use of uninitialised memory.

Follow on to #15900

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15908)

Update fips sources and checksums

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15903)

Only the fips module dependencies are relevant for fips.module.sources

Fixes #15639

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15903)

Fix file_name_check() in storemgmt/file_store.c and e_loader_attic.c

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15892)

enable getauxval on android 10

Fixes #9498

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15870)

(cherry picked from commit b2dea4d5f22ec146373324c282fb1bcecd5a7d90)

ppccap.c: Split out algorithm-specific functions

Fixes #13336

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15828)

CMP: Improve reporting of error codes and related strings via 'error' msg

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15879)

ossl_sk_ASN1_UTF8STRING2text(): Minor generalization and refactoring for readability

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15879)

CMP: Clean up internal message creation API and its documentation

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15879)

test: add EVP_Q_mac tests to evp_test

Fixes #15837

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15888)

test: add EVP_Q_digest tests to evp_test

Fixes #15837

Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/15888)

OpenSSL::Util::fixup_cmd_elements(): Include '!' among the VMS chars to process

! is the DCL character that starts a comment, and therefore acts as a
cut-off if not quoted.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15889)

BIO_new_from_core_bio: Fix heap-use-after-free after attach

The providers have to call up_ref to keep the cbio pointer, just like
the internal bio_prov.c does.

OSSL_STORE_attach passes a cbio pointer to the provider and then calls
ossl_core_bio_free(cbio). If up_ref is not called, the cbio gets
freed way too early.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15163)

trace: Do not produce dead code calling BIO_printf if disabled

Fixes #15880

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15882)

Fix a race in ossl_provider_add_to_store()

If two threads both attempt to load the same provider at the same time,
they will first both check to see if the provider already exists. If it
doesn't then they will both then create new provider objects and call the
init function. However only one of the threads will be successful in adding
the provider to the store. For the "losing" thread we should still return
"success", but we should deinitialise and free the no longer required
provider object, and return the object that exists in the store.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

Move OPENSSL_add_builtin back into provider.c

An earlier stage of the refactor in the last few commits moved this
function out of provider.c because it needed access to the provider
structure internals. The final version however no longer needs this so
it is moved back again.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

Update documentation following updates to the provider code

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

make struct provider_info_st a full type

Create the OSSL_PROVIDER_INFO to replace struct provider_info_st.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

Don't skip the current provider in ossl_provider_register_child_cb

This restriction was in place to avoid problems with recursive attempts
to aquire the flag lock/store lock from within a provider's init function.
Since those locks are no longer held when calling the init function there
is no reason for the restriction any more.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

Add a test to check that RAND_bytes_ex() works with a child lib ctx

Previously, when locks were held while calling a provider init function,
then RAND_bytes_ex() would fail if called from the init function and
used in conjunction with a child lib ctx. We add an explicit test of that.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

Don't hold any locks while calling the provider init function

Previously providers were added to the store first, and then subsequently
initialised. This meant that during initialisation the provider object
could be shared between multiple threads and hence the locks needed to be
held. However this causes problems because the provider init function is
essentially a user callback and could do virtually anything. There are
many API calls that could be invoked that could subsequently attempt to
acquire the locks. This will fail because the locks are already held.

However, now we have refactored things so that the provider is created and
initialised before being added to the store. Therefore at the point of
initialisation the provider object is not shared with other threads and so
no locks need to be held.

Fixes #15793
Fixes #15712

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)