Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6314)

Per SEC 1, the curve coefficients must be padded up to size. See C.2's
definition of Curve, C.1's definition of FieldElement, and 2.3.5's definition
of how to encode the field elements in http://www.secg.org/sec1-v2.pdf.

This comes up for P-521, where b needs a leading zero.
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6314)

Reviewed-by: NPaul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5110)

Similar to commit 17b60280(
"Remove extra `the` in SSL_SESSION_set1_id.pod"), this commit removes
typos where additional 'the' have been added.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4999)

Since return is inconsistent, I removed unnecessary parentheses and
unified them.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4541)

Removed e_os.h from all bar three headers (apps/apps.h crypto/bio/bio_lcl.h and
ssl/ssl_locl.h).

Added e_os.h into the files that need it now.

Directly reference internal/nelem.h when required.
Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NRichard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4188)

Fixes #3191
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3199)

Replace all remaining uses of LONG and ZLONG with INT32 / ZINT32.
Reviewed-by: NMatt Caswell <matt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)

Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2689)

Prevent that memory beyond the last element is accessed if every element
of group->poly[] is non-zero
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2689)

The variable 'buffer', allocated by EC_POINT_point2buf(), isn't
free'd on the success path.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Deprecate the function ASN1_STRING_data() and replace with a new function
ASN1_STRING_get0_data() which returns a constant pointer. Update library
to use new function.
Reviewed-by: NRich Salz <rsalz@openssl.org>

To avoid having to immediately free up r/s when setting them
don't allocate them automatically in DSA_SIG_new() and ECDSA_SIG_new().

RT#4590
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reorder arguments to follow convention.

Also allow r/s to be NULL in DSA_SIG_get0, similarly to ECDSA_SIG_get0.

This complements GH1193 which adds non-const setters.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)

per review comments.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)

SSH2 implementations which use DSA_do_verify() and ECDSA_do_verify() are given
the R and S values, and the data to be signed, by the client.  Thus in order
to validate these signatures, SSH2 implementations will digest and sign
the data -- and then pass in properly provisioned DSA_SIG and ECDSA_SIG objects.

Unfortunately, the existing OpenSSL-1.1.0 APIs do not allow for directly setting
those R and S values in these objects, which makes using OpenSSL for such
SSH2 implementations much more difficult.
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1193)

Reviewed-by: NRichard Levitte <levitte@openssl.org>

PR#4436
Reviewed-by: NRichard Levitte <levitte@openssl.org>
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>

Instead of overriding a default operation move default operation to a
separate function which is then explicitly included in any EC_METHOD
that uses it.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Extract compression form in EC_KEY_oct2key() instead of manually in the
ASN.1 code. For custom curves do not assume the initial octet is the
compression form: it isn't for X25519 et al.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Add support for optional overrides of various private key operations
in EC_METHOD.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NEmilia Käsper <emilia@openssl.org>

Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>

Reviewed-by: NTim Hudson <tjh@openssl.org>

Add new function EC_KEY_priv2buf() to allocated and encode private
key octet in one call. Update and simplify ASN.1 and print routines.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Update EC ASN.1 and print routines to use EC_KEY_oct2priv and
EC_KEY_priv2oct.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

New functions to return internal pointer for order and cofactor. This
avoids the need to allocate a new BIGNUM which to copy the value to.
Simplify code to use new functions.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This was done by the following
        find . -name '*.[ch]' | /tmp/pl
where /tmp/pl is the following three-line script:
        print unless $. == 1 && m@/\* .*\.[ch] \*/@;
        close ARGV if eof; # Close file to reset $.

And then some hand-editing of other files.
Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

New functions EC_POINT_point2buf and EC_KEY_key2buf which encode
a point and allocate a buffer in one call.

New function EC_KEY_oct2key() which sets public key in an EC_KEY
structure from an encoded point.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Continuing from previous commit ensure our style is consistent for malloc
return checks.
Reviewed-by: NKurt Roeckx <kurt@openssl.org>

Reviewed-by: NDr. Stephen Henson <steve@openssl.org>
MR #1005

-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).
Reviewed-by: NRich Salz <rsalz@openssl.org>

Add secure heap for storage of private keys (when possible).
Add BIO_s_secmem(), CBIGNUM, etc.
Add BIO_CTX_secure_new so all BIGNUM's in the context are secure.
Contributed by Akamai Technologies under the Corporate CLA.
Reviewed-by: NRichard Levitte <levitte@openssl.org>