Branch :
| Author | Commit | Date | CI | Message |
|---|---|---|---|---|
| a11cae13 | 2023-01-07 16:17:29 | Rewrite/simplify BN_free(). ok tb@ | ||
| f949966c | 2023-01-07 16:13:46 | Flip BN_clear_free() and BN_free() All of our BIGNUMs are cleared when we free them - move the code to BN_free() and have BN_clear_free() call BN_free(), rather than the other way around. ok tb@ | ||
| 0d1c5e62 | 2023-01-07 16:09:18 | Use calloc() in BN_new(), rather than malloc() and then manually zeroing. ok tb@ | ||
| 14a120fb | 2023-01-05 04:51:13 | Rewrite BN_rshift() This improves readability and eliminates special handling for various cases, making the code cleaner and closer to constant time. Basic benchmarking shows a performance gain on modern 64 bit architectures, while there is a decrease on legacy 32 bit architectures (i386), particularly for the zero bit shift case (which is now handled in the same code path). ok tb@ | ||
| 033eadae | 2023-01-01 16:58:23 | Add explicit LL suffixes to large constants to appease some compilers on 32-bit platforms; NFCI ok tb@ | ||
| 388ee0bd | 2022-12-28 07:59:13 | succcess -> success | ||
| 53971c37 | 2022-12-26 16:00:36 | Prepare to provide X509_CRL_get0_sigalg() This is an obvious omission from the OpenSSL 1.1 and OpenSSL 3 API which does not provide a way to access the tbs sigalg of a CRL. This is needed in security/pivy. From Alex Wilson ok jsing | ||
| 71743258 | 2022-12-26 07:18:50 | spelling fixes; from paul tagliamonte i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb | ||
| ae3e02d6 | 2022-12-24 07:12:09 | Zap trailing whitespace in license and add some empty lines | ||
| c3b5c70f | 2022-12-23 23:23:02 | Add the missing Copyright and license headers in the libcrypto/comp directory. Requested some time ago by tb@. According to OpenSSL git history, the original version of this code appeared in SSLeay 0.9.1b (July 6, 1998). The LICENSE file in that release states that the Copyright of SSLeay belongs to Eric Young, and we believe that Eric still maintained SSLeay himself at that time. We have seen a small number of examples where Eric credited outside contributors for code that he included in his distribution, including citing Copyright notices and license headers as appropriate. We found no such hints regarding this code, so it is reasonable to assume that he wrote this code himself. Regarding subsequent changes and additions, i inspected the OpenSSL git repository. No code change; only Copyright and license comments are added. | ||
| b76794fb | 2022-12-23 17:52:32 | Document the deprecated wrappers BIO_set_app_data(3) and BIO_get_app_data(3). Some code roams the wild still calling them. | ||
| 62cec4ff | 2022-12-23 17:27:53 | Mark BIO_buffer_get_num_lines(3) as intentionally undocumented. Contrary to what bio.h says, it does not *not* retrieve some "IO type", whatever that is supposed to be, but it is a NOOP, and nothing uses it. Despite its name, it is unrelated to BIO_f_buffer(3), and please be careful to not confuse it with BIO_get_buffer_num_lines(3). | ||
| 9f71e853 | 2022-12-23 16:59:39 | Mark BIO_f_nbio_test(3) as intentionally undocumented. It exposes absurd functionality, and according to codesearch.debian.net, it is unused except in openssl(1) s_client/s_server -nbio_test. | ||
| 33dd5991 | 2022-12-23 15:59:34 | new manual page BIO_s_datagram(3); feedback and OK tb@ | ||
| b0242bda | 2022-12-23 03:15:35 | Simplify BN_cmp() and BN_ucmp(). The only real difference between BN_cmp() and BN_ucmp() is that one has to respect the sign of the BN (although BN_cmp() also gets to deal with some insanity from accepting NULLs). Rewrite/cleanup BN_ucmp() and turn BN_cmp() into code that handles differences in sign, before calling BN_ucmp(). ok tb@ | ||
| bcc93ea7 | 2022-12-23 02:31:56 | Consistently check for NULL early. Also be more consistent with variable naming. ok tb@ | ||
| 7218a23d | 2022-12-23 02:27:47 | Fix an unchecked strdup() in UI_create_method(). ok tb@ | ||
| d533e99e | 2022-12-23 02:26:16 | Make UI_destroy_method() NULL safe. ok tb@ | ||
| 50779922 | 2022-12-23 02:22:58 | Remove unhelpful comment. Remove a comment that tells you not to call a function that internally calls free, with a stack allocated pointer... ok tb@ | ||
| fdc4606f | 2022-12-23 02:20:28 | Remove compatibility "glue" for des_read_pw{_string}() Nothing can be actually using these as the symbols are not exported from libcrypto... hopefully ui_compat.h can also go away entirely. ok tb@ | ||
| 7ee7571b | 2022-12-22 21:05:48 | new manual page BIO_accept(3) | ||
| 4941afce | 2022-12-22 20:13:45 | in case of failure, always report the error with BIOerror(); OK tb@ | ||
| 1678ab6a | 2022-12-22 16:38:45 | Mark BIO_s_log(3) as intentionally undocumented. Ben Laurie invented the system logging BIO in 1999 and yet, nothing whatsoever uses it according to codesearch.debian.net. Besides, it is poorly designed and a crypto library is absolutely not the place for putting a clumsy system logging facility. Not everything needs to be a BIO! | ||
| 1004d7a7 | 2022-12-21 15:08:37 | Mark BIO_nread0(3), BIO_nread(3), BIO_nwrite0(3), and BIO_nwrite(3) as intentionally undocumented. Bodo Moeller invented this "non-copying I/O" API in 1999, but according to codesearch.debian.net, it is still completely unused by anything. On top of that, it appears to be inflexible in so far as it only supports BIO pairs and no other BIO types and fragile in so far as it exposes pointers to internal storage and runs contrary to expectations of how BIO objects are supposed to work. | ||
| ca55e5ba | 2022-12-20 15:34:03 | Mark BIO_dump_cb(3) and BIO_dump_indent_cb(3) as intentionally undocumented. It appears Richard Levitte succumbed to everything-needs-a-callback-paranoia in 2004, but nobody is going to be surprised that nothing whatsoever wants to use this particular callback, according to codesearch.debian.net. | ||
| bbae9136 | 2022-12-20 14:55:45 | document BIO_fd_non_fatal_error(3) and BIO_fd_should_retry(3) | ||
| 375dfd33 | 2022-12-19 14:40:14 | document BIO_copy_next_retry(3) | ||
| e582de33 | 2022-12-18 22:27:10 | document BIO_FLAGS_MEM_RDONLY | ||
| 57ad7d3b | 2022-12-18 21:45:47 | document BIO_set_retry_read(3), BIO_set_retry_write(3), BIO_set_retry_special(3), BIO_clear_retry_flags(3), BIO_get_retry_flags(3), and the BIO_FLAGS_* constants | ||
| 53d779ef | 2022-12-18 19:35:36 | new manual page BIO_dup_chain(3) | ||
| d2abd44c | 2022-12-18 19:15:38 | correct the prototypes of BIO_get_conn_ip(3) and BIO_get_conn_int_port(3); from Richard Levitte via OpenSSL commit 0e474b8b in the 1.1.1 branch, which is still under a freee license | ||
| d6a42141 | 2022-12-18 17:40:55 | document BIO_number_read(3) and BIO_number_written(3) | ||
| 74a4f7c0 | 2022-12-17 22:23:31 | Merge documentation of UI_null() from OpenSSL 1.1 jsing doesn't like it, but it's better than nothing. ok jsing | ||
| a7534870 | 2022-12-17 22:21:24 | Document BIO_set_flags(3), BIO_clear_flags(3), BIO_test_flags(3), and BIO_get_flags(3). | ||
| 0ce8a7ba | 2022-12-17 22:01:29 | Link ui_null.c to build | ||
| a79c076a | 2022-12-17 21:59:39 | Prepare to provide UI_null() xmlsec needs this, nothing else. Our linkers link libxmlsec1-openssl, only warns and since nothing uses this library in ports, this wasn't noticed for a long time. Reported by Thomas Mitterfellner ok jsing | ||
| ce6fd31b | 2022-12-17 15:56:25 | Provide BN_zero()/BN_one() as functions and make BN_zero() always succeed. BN_zero() is currently implemented using BN_set_word(), which means it can fail, however almost nothing ever checks the return value. A long time ago OpenSSL changed BN_zero() to always succeed and return void, however kept BN_zero as a macro that calls a new BN_zero_ex() function, so that it can be switched back to the "can fail" version. Take a simpler approach - change BN_zero()/BN_one() to functions and make BN_zero() always succeed. This will be exposed in the next bump, at which point we can hopefully also remove the BN_zero_ex() function. ok tb@ | ||
| fd234164 | 2022-12-17 12:48:53 | X509_check_purpose.3: incorporate feedback from jsing | ||
| 8c14bd7a | 2022-12-16 23:56:57 | In bio.h rev. 1.54, jsing@ and tb@ provided BIO_callback_fn_ex(3), BIO_set_callback_ex(3), BIO_get_callback_ex(3), and BIO_callback_fn(3). Document them, in part by merging from the OpenSSL 1.1.1 branch, which is still under a free license, but heavily tweaked by me, in particular: * mention that BIO_set_callback_arg(3) is misnamed; * keep our more detailed explanation of the "ret" argument; * make the list of callback invocations more readable; * and update the HISTORY section. | ||
| d5ec6605 | 2022-12-16 18:02:28 | Document extension caching of X509_check_purpose() The overwhelming majority of callers of X509_check_purpose() in our tree pass a purpose of -1. In this case X509_check_purpose() acts as a wrapper of x509v3_cache_extensions() which makes sanity checks like non-negativity of ASN.1 integers or canonicity of RFC 3779 extensions as well as checking uniqueness of extensions. from schwarze who beat an initial diff of mine into shape | ||
| f341e97e | 2022-12-16 16:02:17 | add a CAVEATS section warning the user to not create cycles; OK tb@ | ||
| 39105ab6 | 2022-12-16 13:41:55 | Revert BIO_push(3) cycle prevention (bio_lib.c rev. 1.42). jsing@ worries that cycle prevention might increase risk because software that is not checking return values (and indeed, not checking is likely common in practice) might silently behave incorrectly with cycle prevention whereas without, it will likely either crash right away through infinite recursion or at least hang in an infinite loop when trying to use the cyclic chain, in both cases making it likely that the bug will be found and fixed. Besides, tb@ points out that BIO_set_next(3) ought to behave as similarly as possible to BIO_push(3), but adding cycle prevention to BIO_set_next(3) would be even less convincing because that function does not provide a return value, encouraging users to expect that it will always succeed. While a safe idiom for checking the success of BIO_set_next(3) could easily be designed, let's be realistic: application software would be highly unlikely to pick up such an idiom. | ||
| beb45aa6 | 2022-12-15 17:20:48 | In curve25519.h rev. 1.4 to 1.7, tb@ and jsing@ provided ED25519_keypair(3), ED25519_sign(3), and ED25519_verify(3). Document them. | ||
| 7ad999aa | 2022-12-14 22:37:07 | In evp.h rev. 1.109 and 1.112, jsing@ and tb@ provided EVP_PKEY_new_raw_private_key(3), EVP_PKEY_new_raw_public_key(3), EVP_PKEY_get_raw_private_key(3), and EVP_PKEY_get_raw_public_key(3). Merge the documentation from the OpenSSL 1.1.1 branch, which is still under a free license. I tweaked the text somewhat for conciseness, and argument names for uniformity. | ||
| b03cfb73 | 2022-12-14 20:27:28 | In asn1.h rev. 1.71 and 1.72, jsing@ and tb@ provided ASN1_buf_print(3). Document it. | ||
| ff193b36 | 2022-12-12 14:16:58 | Bump to LibreSSL 3.7.1 | ||
| fada0977 | 2022-12-08 11:33:58 | Fix copy-paste error that left a paragraph ending in a comma | ||
| 2181dbec | 2022-12-07 23:08:47 | Improve the implementation of BIO_push(3) such that it changes nothing and reports failure if a call would result in a cycle. The algorithm used was originally suggested by jsing@. Feedback and OK tb@. | ||
| ded1d43d | 2022-12-07 22:30:15 | Add references to the BIO_{push,pop}(3) example The reader may not know what digest BIOs, Base64 BIOs and file BIOs are and the relevant function names are non-obvious, hence it's not entirely trivial to find the manuals where they are explained. With these references a reader should be able to turn the example into actual code. ok schwarze | ||
| e501d6ba | 2022-12-07 17:17:29 | Fix example string If you want to Base64-encode "Hello World\n" using a BIO, you had better pass "Hello World\n" into it, not something slightly different... While we're touching this, we might as well write it the way K&R did... | ||
| 52d44085 | 2022-12-06 22:22:42 | Zap extra space | ||
| cb8c034d | 2022-12-06 21:13:01 | Major rewrite for accuracy and clarity, and document BIO_set_next(3). Feedback and OK tb@. | ||
| 46665642 | 2022-12-06 17:59:21 | Make sure BIO_push(3) always preserves all invariants of the prev_bio and next_bio fields of all BIO objects in all affected chains, no matter what the arguments are. In particular, if the second argument (the one to be appended) is not at the beginning of its chain, properly detach the beginning of its chain before appending. We have weak indications that this bug might affect real-world code. For example, in FreeRDP, file libfreerdp/crypto/tls.c, function bio_rdp_tls_ctrl(), case BIO_C_SET_SSL, BIO_push(3) is definitely called with a second argument that is *not* at the beginning of its chain. Admittedly, that code is hard to fathom, but it does appear to result in a bogus prev_bio pointer without this patch. The practical impact of this bug in this and other software remains unknown; the consequences might possibly escalate up to use-after-free issues if BIO_pop(3) is afterwards called on corrupted BIO objects. OK tb@ | ||
| 0dc4ae82 | 2022-12-06 16:10:55 | Improve the poorly designed BIO_set_next(3) API to always preserve all invariants of the prev_bio and next_bio fields of all BIO objects in all involved chains, no matter which arguments this function is called with. Both real-world uses of this function (in libssl and freerdp) have been audited to make sure this makes nothing worse. We believe libssl behaves correctly before and after the patch (mostly because the second argument is NULL there), and we believe the code in freerdp behaves incorrectly before and after the patch, leaving a prev_bio pointer in place that is becoming bogus, only in a different object before and after the patch. But after the patch, that bogus pointer is due to a separate bug in BIO_push(3), which we are planning to fix afterwards. Joint work with and OK tb@. | ||
| 6ae54a3b | 2022-12-06 02:12:05 | arithmethic -> arithmetic | ||
| f63f57b6 | 2022-12-02 22:58:56 | Drop 'perhaps a little', plus grammar and spelling nits BIO_push() and BIO_pop() are misnamed. No need to gently and politely suggest that their 'names [...] are perhaps a little misleading'. | ||
| 66c15192 | 2022-12-02 19:44:04 | Revert bio_prev removal As schwarze points out, you can pop any BIO in a chain, not just the first one (bonus points for a great name for this API). The internal doubly linked was used to fix up the BIO chain bio was part of when you BIO_pop() a bio that wasn't in the first position, which is explicitly allowed in our documentation and implied by OpenSSL's. | ||
| 3422461a | 2022-12-01 21:59:54 | Update reference to table generation | ||
| 8a0b2fe2 | 2022-12-01 05:33:55 | Mark the X509_V_FLAG_CB_ISSUER_CHECK flag as deprecated | ||
| 79abbea6 | 2022-12-01 05:27:04 | Annotate X509_V_FLAG_CB_ISSUER_CHECK as deprecated and unused | ||
| 89e62afd | 2022-12-01 05:20:30 | Retire X509_V_FLAG_CB_ISSUER_CHECK This flag has been deprecated in OpenSSL 1.1 and has not had an effect since. This way we can simplify the default check_issued() callback, which helpfully has its arguments reversed compared to the public API X509_check_issued(). ok jsing | ||
| 43f73684 | 2022-12-01 05:16:08 | Getters and setters for the check_issued() callback Open62541 uses X509_STORE_CTX_get_check_issued(), so provide it along with X509_STORE_{get,set}_check_issued(). As you would expect, they all return or take an X509_STORE_CTX_check_issued_fn. The getters aren't const in OpenSSL 1.1, but they now are in OpenSSL 3... These will be made available in the next minor bump and will ship in the stable release of LibreSSL 3.7 Part of OpenSSL commit 1060a50b See also https://github.com/libressl-portable/portable/issues/748 ok beck jsing | ||
| dd1a6ee8 | 2022-12-01 02:58:31 | BN_one() can fail, check its return value. ok tb@ | ||
| dcb8eaa9 | 2022-11-30 03:08:39 | Rewrite bn_correct_top(). bn_correct_top() is currently a macro and far more complex than it needs to be - rewrite it as a function. ok tb@ | ||
| f38a8e3e | 2022-11-30 02:52:25 | Fix return values bug in BN_ucmp(). BN_ucmp() is supposed to return -1/0/1 on a < b, a == b and a > b, however it currently returns other negative and positive values when the top of a and b differ. Correct this. ok tb@ | ||
| 810daf37 | 2022-11-30 01:56:18 | Mostly align BIO_read()/BIO_write() return values with OpenSSL 3.x. For various historical reasons, there are a number of cases where our BIO_read() and BIO_write() return slightly different values to what OpenSSL 3.x does (of course OpenSSL 1.0 differs from OpenSSL 1.1 which differs from OpenSSL 3.x). Mostly align these - some further work will be needed. Issue raised by tb@ who also wrote some test code. | ||
| 2bba32df | 2022-11-30 01:47:19 | Mop up more BN_DEBUG related code. | ||
| 443e243a | 2022-11-29 19:52:48 | Add missing markup to comments and to RFC 3779 error | ||
| 04f2b1b8 | 2022-11-29 12:31:43 | First pass at updating verifier error docs X509_verify_cert_error_string() is now thread safe as it no longer returns a static buffer. Document X509_V_ERR_UNSPECIFIED. Stop asserting that the X509_V_ERR_CERT_CHAIN_TOO_LONG code is unused, the new verifier can set it. Add commented versions of various missing error codes in the proper spots and move X509_V_ERR_UNNESTED_RESOURCE where it belongs. prompted by claudio | ||
| 70df63e9 | 2022-11-29 12:23:43 | Remove a few doubled spaces and wrap an overlong line | ||
| 4558579a | 2022-11-29 07:23:03 | Sort a few outliers by increasing error number to match x509_vfy.h | ||
| 6ff72a0d | 2022-11-29 07:12:17 | Fix includes No need for errno, stdio, time, asn1, buffer, evp, lhash, objects, x509 for a switch containing string constants. We do need x509_vfy instead. | ||
| a7332c80 | 2022-11-29 07:08:41 | Add missing X509_V_ERR_UNSPECIFIED case | ||
| b90d0f4d | 2022-11-29 07:06:12 | Fix some KNF issues Requested by claudio | ||
| b2b9787f | 2022-11-29 07:03:40 | Make X509_verify_cert_error_string() thread safe Stop returning a pointer to a static buffer containing the error code on unknown error. While this might be helpful, it's not going to end well. ok beck claudio jsing | ||
| 6644e3f0 | 2022-11-28 07:50:47 | Garbage collect the unused asn1_add_error() ok jsing | ||
| 45d9c5e8 | 2022-11-28 07:50:00 | Retire prev_bio While BIO chains are doubly linked lists, nothing has ever made use of this fact internally. Even libssl has failed to maintain prev_bio properly in two places for a long time. When BIO was made opaque, the opportunity to fix that was missed. Instead, BIO_set_next() now allows breaking the lists from outside the library, which freerdp has long done. Problem found by schwarze while trying to document BIO_set_next(). schwarze likes the idea ok jsing | ||
| 215e6767 | 2022-11-28 07:22:15 | Fix NULL dereference in x509_constraints_uri_host() When called from v2i, hostpart in x509_constraints_uri_host() is NULL, so add a NULL check before storing the strdup result in it. From Anton Borowka ok jsing miod | ||
| 8cbcfb17 | 2022-11-27 19:11:11 | In bio.h rev. 1.50 and rev. 1.51, tb@ provided BIO_set_retry_reason(3). Merge the documentation from the OpenSSL 1.1.1 branch, which is still under a free license, tweaked by me. | ||
| a9199000 | 2022-11-26 17:23:17 | Make header guards of internal headers consistent Not all of them, only those that didn't leak into a public header... Yes. | ||
| bfe4ff36 | 2022-11-26 16:11:36 | bn_lcl.h wanted special treatment. | ||
| c9675a23 | 2022-11-26 16:08:50 | Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook | ||
| c74511df | 2022-11-26 13:56:33 | Remove BIGNUM consistency macros. Compiling with BN_DEBUG (and if you want to take it further, BN_DEBUG_RAND) supposedly adds consistency checks to the BN code. These are rarely if ever used and introduce a bunch of clutter in the code. Furthermore, there are hacks in place to undo things that the debugging code does. Remove all of this mess and instead rely on always enabled checks, more readable code and proper regress coverage to ensure correct behaviour. "Good riddance." tb@ | ||
| cd854ad7 | 2022-11-26 11:18:49 | cms_lcl.h should not be part of SRCS | ||
| 56fb8cd2 | 2022-11-25 17:44:01 | In bio.h rev. 1.46/1.47 (Oct/Nov 2021), tb@ provided BIO_get_init(3). Document it. | ||
| bc693221 | 2022-11-24 19:06:38 | Major overhaul. Remove many statements that are no longer true after tb@, in July, massively improved the algorithms used by these functions and also did some cleanup of the interface. Instead, explain many aspects that were missing. Also use more descriptive argument names, drop some redundancy, and improve ordering in various respects. Feedback and enthusiastic OK from tb@. | ||
| fd932388 | 2022-11-24 16:35:32 | Merge the second y_bit check into the first one where it belongs suggested by jsing | ||
| 1877f4c7 | 2022-11-24 16:34:13 | Simplify y_bit handling in compressed coordinates If y_bit is set for a zero y, something is wrong and we can error directly. No need to run the non-trivial BN_kronecker() to check if BN_mod_sqrt() lied or not, only to set a more specific error code. ok jsing | ||
| cfeefb57 | 2022-11-24 16:29:09 | Clean up EC_METHOD and EC_GROUP definitions Remove obvious comments, wrap long lines and general KNF cleanup. Format and rephrase the more important comments. Discussed with jsing | ||
| e729bd5a | 2022-11-24 01:30:01 | Change bn_expand()/bn_wexpand() to indicate failure/success via 0/1. Currently bn_expand()/bn_wexpand() return a BIGNUM *, however none of the callers use this (and many already treat it as a true/false value). Change these functions to return 0 on failure and 1 on success, revising callers that test against NULL in the process. ok tb@ | ||
| d357b280 | 2022-11-24 01:24:37 | Call bn_expand() rather than handrolling an equivalent. The current code manually calculates words from bits and then calls bn_wexpand() - call bn_expand() with bits instead. ok tb@ | ||
| e309ac14 | 2022-11-23 07:37:06 | Fix leaks in ecx_set_{priv,pub}_key() When ecx_key_set_{priv,pub}() fails, ecx_key is leaked. CID 377014 From jsing | ||
| ece07459 | 2022-11-23 03:10:10 | Use bn_wexpand() rather than bn_expand() with sizeof(BN_ULONG). This also fixes a bug in BN_MONT_CTX_set(), where the sizeof(BN_ULONG) in the call to bn_expand() was not multiplied by eight (to get bits). ok tb@ | ||
| 3f505316 | 2022-11-23 03:04:52 | Ensure that bn_expand()/bn_wexpand() fail on negative sizes. ok tb@ | ||
| 29e5785c | 2022-11-23 03:00:12 | Turn bn_wexpand() into a function. Any sensible compiler will likely inline this anyway (and even if it does not, one extra function call/return is the least of the performance overhead for this code). ok tb@ | ||
| 31e1f1a5 | 2022-11-23 02:46:09 | Move bn_expand() under bn_expand2(). No functional change. ok tb@ | ||
| 7c8068cb | 2022-11-23 02:44:01 | Remove unused bn_dup_expand(). ok tb@ | ||
| ec9ee43f | 2022-11-23 02:20:27 | Move #ifndef OPENSSL_NO_DEPRECATED. The BN_set_params()/BN_get_params() and associated unused variables are meant to be in this block, not things like BN_new() and BN_free(). ok tb@ | ||
| 2099e032 | 2022-11-23 02:13:24 | Remove bn_* defines/prototypes. These now come directly via bn_lcl.h. ok tb@ | ||
| d0597228 | 2022-11-22 21:54:01 | Fix some whitespace and comment formatting |