Added functions:

evp_signature_fetch_from_prov(), evp_asym_cipher_fetch_from_prov(),
evp_keyexch_fetch_from_prov(), evp_kem_fetch_from_prov()

These are all like the public conterparts, except they all take a
provider instead of a library context as first argument.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)

In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.

This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.

The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.

This change reverses the logic of the code to be closer to the intended
design.

There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application).  Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.

Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).

Fixes #16614
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)

This is an internal function to fetch a keymgmt method from a specific
provider.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)

This function leverages the generic possibility to fetch EVP methods
from a specific provider.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)

This makes it possible to limit the search of methods to that
particular provider.  This uses already available possibilities in
ossl_algorithm_do_all().
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)

In openssl-3.0.0 and system provided, it is not reasonable to
check null pointer after use. The order was accidentally reversed.
Therefore, it is better to correct it.

CLA: trivial
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16915)

Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16917)

In the openssl-3.0.0 and system provided, the variable 'sctx' is unused in test_509_dup_cert.
Therefore, it might be better to remove the definition and operation of it.

CLA: trivial
Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16916)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16911)

If asked to encode an EC_KEY public key, but no public key value is present
in the structure, we should fail rather than crash.

Fixes the crash seen here:
https://mta.openssl.org/pipermail/openssl-users/2021-October/014479.htmlReviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16911)

EVP_PKEY_CTX_new_from_pkey() and EVP_CIPHER_CTX_new().
Otherwise may result in memory errors.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16892)

For machines where sizeof(size_t) == sizeof(int) there is a possible overflow
which could cause a crash.

For machines where sizeof(size_t) > sizeof(int), the existing checks adequately
detect the situation.

Fixes #16899
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16904)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16885)

Reviewed-by: NPaul Dale <pauli@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16897)

The test-rand RNG was returning success when it had some but insufficient data.
Now, it returns failure and doesn't advance the data pointer.

The test-rand RNG was failing when a parent was specified.  This case is now
ignored.

Fixes #16785
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16905)

The exclusion of SHA1 for X509 signatures is not obvious as the "intuative"
idea is that SHA1 should have 80 security bits. However the security bits
of SHA1 are explicitly set to 63 to avoid the it being strong enough for
security level 1. x509_set.c has the comment:

    /*
     * SHA1 and MD5 are known to be broken. Reduce security bits so that
     * they're no longer accepted at security level 1.
     * The real values don't really matter as long as they're lower than 80,
     * which is our security level 1.
     */
Signed-off-by: NArne Schwabe <arne@rfc2549.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16895)

Fixes #16817
Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16879)

This prevents a compile-time warning on newer gcc.

Also fix the related warning message.

Fixes #16814
Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16821)

We try EVP_PKEY_dup() and if it fails we re-decode it using the
legacy method as provided keys should be duplicable.
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16648)

The EVP_PKEY will be recreated from scratch which is OK.

Fixes #16606
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16648)

Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16648)

Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: NPaul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16894)

Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/16886)

Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16874)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16888)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16888)

Also add digest parameter documentation for add_sigid and
permit NULL as digest name in the provider upcall.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16770)

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16877)

Commit 0007ff25 added a protocol version check to psk_server_cb but
failed to take account of DTLS causing DTLS based psk connections to
fail.

Fixes #16707
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16838)

Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16316)

Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16767)

Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16794)

Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16843)

Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NShane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16869)

Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)

Ensure we set the size of the signature buffer before we call
EVP_DigestSign()
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)

Make sure we correctly pass through the size of the buffer to
EVP_DigestSignFinal
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)

When calling EVP_PKEY_sign(), the size of the signature buffer must
be passed in *siglen.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)

Clarify what happens if it fails. Make it clear that you can pass a NULL
"sig" buffer to get the "siglen".
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)

Test that calling EVP_DigestSign(), EVP_DigestSignFinal(),
EVP_PKEY_sign(), EVP_PKEY_get_raw_private_key(), or
EVP_PKEY_get_raw_public_key() with a short output buffer results in a
failure.
Reviewed-by: NTomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)