Submitted by: Goetz Babin-Ebell <babin-ebell@trustcenter.de>

PR: #766

Submitted by: Tim Rice <tim@multitalents.net>

PR: #735, #765

so don't run them if BN_DEBUG_RAND is defined.

Also, fix another small bug.

Submitted by: Nils Larsch

Keep it as is to avoid an API change, but check for negativ values.

Submitted by: Nils Larsch

generally a more efficient comparison than comparing two integers, and the
first of these two loops was off-by-one (copying one too many values). This
change also removes a superfluous assignment that would set an unused word
to zero (and potentially allow an overrun in some cases).

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

(where it was impossible to create an EC certificate with a compressed
public key), and has some style improvements based on some comments from
Steve Henson about use of the ASN1 macros.

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

Submitted by: Nils Larsch
Reviewed by: Geoff Thorpe

bn_correct_top(), previously only bn_check_top() did this.

before.

constant BIGNUMs. It turns out that this trips up different but equally
useful compiler warnings to -Wcast-qual, and so wasn't worth the ugliness
it created. (Thanks to Ulf for the forehead-slap.)

is itself experimental, and in addition may cause execution to break on
existing openssl "bugs" that previously were harmless or at least
invisible.

Submitted by: Nils Larsch

and structures as constant without having to cast away const at any point.
There is still plenty of other code that makes gcc's "-Wcast-qual" unhappy,
but crypto/bn/ is now ok. Purists are welcome to suggest alternatives.

rather than OPENSSLDIR.

constructing BIGNUM structures with pointers offset into other bignums
(among other things). This corrects some of it that is too plainly insane,
and tries to ensure that bignums are normalised when passed to other
functions.

left in an inconsistent state when they are released for later reuse. This
change resets the BIGNUMs when they are released back to the context.

input to a function.

Obtained from: Stephen Henson <steve@openssl.org>

callback structure just before it is needed.

requires -DPEDANTIC and was hidden at the bottom of the file. This moves it
to the top and removes the redundant declaration.

Obtained from: Andy Polyakov <appro@openssl.org>

structures being passed in to or out of API functions, and this corrects a
couple of cases found so far.

Also, lop off a couple of bytes of white-space.

I have tried to convert 'len' type variable declarations to unsigned as a
means to address these warnings when appropriate, but when in doubt I have
used casts in the comparisons instead. The better solution (that would get
us all lynched by API users) would be to go through and convert all the
function prototypes and structure definitions to use unsigned variables
except when signed is necessary. The proliferation of (signed) "int" for
strictly non-negative uses is unfortunate.

except internally to the allocator BN_CTX_new(), as such this deprecates
the use of BN_CTX_init() in the API. Moreover, the structure definition of
BN_CTX is taken out of bn_lcl.h and moved into bn_ctx.c itself.

NDEBUG should probably only be "forced" in the top-level configuration, but
until it is I will avoid removing it from bn_ctx.c which might surprise
people with massive slow-downs in their keygens. So I've left it in
bn_ctx.c but tidied up the preprocessor logic a touch and made it more
tolerant of debugging efforts.

be the same.  Therefore, the removed memcpy()s need to be restored.

confusion. Also silence a couple of signed/unsigned warnings.

choice but to have to cast away "const" qualifiers from their prototypes.
This does not remove constification restrictions from hash/compare
callbacks, but allows destructor commands to be run over a tables' elements
without bad casts.