Fixed in 5b8fa431

[ci skip]
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3924)

Also fix a RANDerr call.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3947)

Standardized the -rand flag and added a new one:
    -rand file...
            Always reads the specified files
    -writerand file
            Always writes to the file on exit

For apps that use a config file, the RANDFILE config parameter reads
the file at startup (to seed the RNG) and write to it on exit if
the -writerand flag isn't used.

Ensured that every app that took -rand also took -writerand, and
made sure all of that agreed with all the documentation.

Fix error reporting in write_file and -rand
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3862)

New register usage pattern allows to achieve sligtly better
performance. Not as much as I hoped for. Performance is believed
to be limited by irreconcilable write-back conflicts, rather than
lack of computational resources or data dependencies.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This gives much more freedom to rearrange instructions. This is
unoptimized version, provided for reference. Basically you need
to compare it to initial 29724d0e
to figure out the key difference.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3907)

If we have a local file with a name starting with 'file:', we don't
want to check if the part after 'file:' is absolute.  Instead, mark
each possibility for absolute check if needed, and perform the
absolute check later on, when checking each actual path.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3907)

To handle paths that contain devices (for example, C:/foo/bar.pem on
Windows), try to "open" the URI using the file scheme loader first,
and failing that, check if the device is really a scheme we know.

The "file" scheme does the same kind of thing to pick out the path
part of the URI.

An exception to this special treatment is if the URI has an authority
part (something that starts with "//" directly after what looks like a
scheme).  Such URIs will never be treated as plain file paths.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3907)

Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3907)

Remove unused rand_hw_xor, MD/EVP indirection
Make rand_pseudo same as rand.
Cleanup formatting and ifdef control
Rename some things:
    - rand_meth to openssl_rand_meth; make it global
    - source file
    - lock/init functions, start per-thread state
    - ossl_meth_init to ossl_rand_init
Put state into RAND_STATE structure
And put OSSL_RAND_STATE into ossl_typ.h
Use "randomness" instead of "entropy"
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3758)

This allows for better flexibility with mixed /M compiler flags
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3930)

With added commenting to describe the individual decoders a little
more.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3930)

Unsigned overflow.  Thanks to Brian Carpenter for reporting this.
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3887)

Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3912)

Reviewed-by: NAndy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3912)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3858)

CLA: trivial
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3913)

Use stdio and its buffering.
Limit to 255 bytes (could remove that if neceessary).
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3888)

Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3896)

Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3896)

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Bounds checking strpy, strcat and sprintf.
These are the remaining easy ones to cover a recently removed commit.
Some are trivial, some have been modified and a couple left as they are because the reverted change didn't bounds check properly.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3871)

Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NBernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/3861)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3878)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3878)

Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3875)

Add length limits to avoid problems with sprintf, strcpy and strcat.  This replaces recently removed code but also guards some previously missing function calls (for DOS & Windows).

Reworked the BIO_dump_indent_cb code to reduce temporary storage.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3870)

Document an internal assumption that these are only for use with files,
and return an error if not. That made the code much simpler.
Leave it as writing 1024 bytes, even though we don't need more than 256
from a security perspective.  But the amount isn't specified, now, so we
can change it later if we want.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3864)

Check that sprint, strcpy don't overflow.

Avoid some strlen operations when the previous sprintf return value can be used.

Also fix the undefined behaviour `*(long *)x = y` when x isn't a long or character pointer.
ISO/IEC 9899:1999 6.5/7 for the details.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3869)

Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3865)

[extended tests]
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)

Original text:
    Clarify use of |$end0| in stitched x86-64 AES-GCM code.

    There was some uncertainty about what the code is doing with |$end0|
    and whether it was necessary for |$len| to be a multiple of 16 or 96.
    Hopefully these added comments make it clear that the code is correct
    except for the caveat regarding low memory addresses.

    Change-Id: Iea546a59dc7aeb400f50ac5d2d7b9cb88ace9027
    Reviewed-on: https://boringssl-review.googlesource.com/7194Reviewed-by: NAdam Langley <agl@google.com>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)

Comment in the commit:
    /* Ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)

Original text:
    Check if a random "file" is really a device file, and treat it
    specially if it is.
    Add a few OpenBSD-specific cases.
    This is part of a large change submitted by Markus Friedl <markus@openbsd.or
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)

Original text:
    Fix Perl problems on sparc64.
    This is part of a large change submitted by Markus Friedl
    <markus@openbsd.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3700)

The way try_decode_params works in raw more, it would take the first ASN1
that could decode and return a STORE_INFO with the resulting EVP_PKEY.
This change has it go through all the matching ASN1 methods and properly
check if there's more than one match, i.e. an ambiguity.
Reviewed-by: NBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3863)

- in EVP_read_pw_string_min(), the return value from UI_add_* wasn't
  properly checked
- in UI_process(), |state| was never made NULL, which means an error
  when closing the session wouldn't be accurately reported.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3849)

When tree_calculate_user_set() fails, a jump to error failed to
deallocate a possibly allocated |auth_nodes|.
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3850)

[extended tests]

Original text:
    Use BUF_strlcpy() instead of strcpy().
    Use BUF_strlcat() instead of strcat().
    Use BIO_snprintf() instead of sprintf().
    In some cases, keep better track of buffer lengths.
    This is part of a large change submitted by Markus Friedl <markus@openbsd.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>
Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3701)