*) New option -sigopt to dgst utility. Update dgst to use
EVP_Digest{Sign,Verify}*. These two changes make it possible to use
- alternative signing paramaters such as X9.31 or PSS in the dgst
+ alternative signing parameters such as X9.31 or PSS in the dgst
utility.
[Steve Henson]
unofficial, and the ID has long expired.
[Bodo Moeller]
- *) Fix RSA blinding Heisenbug (problems sometimes occured on
+ *) Fix RSA blinding Heisenbug (problems sometimes occurred on
dual-core machines) and other potential thread-safety issues.
[Bodo Moeller]
unofficial, and the ID has long expired.
[Bodo Moeller]
- *) Fix RSA blinding Heisenbug (problems sometimes occured on
+ *) Fix RSA blinding Heisenbug (problems sometimes occurred on
dual-core machines) and other potential thread-safety issues.
[Bodo Moeller]
*) Added support for proxy certificates according to RFC 3820.
Because they may be a security thread to unaware applications,
- they must be explicitely allowed in run-time. See
+ they must be explicitly allowed in run-time. See
docs/HOWTO/proxy_certificates.txt for further information.
[Richard Levitte]
*) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
- verification error occured. (Neither SSLerr() codes nor alerts
+ verification error occurred. (Neither SSLerr() codes nor alerts
are directly visible to potential attackers, but the information
may leak via logfiles.)
*) Bugfix: ssl23_get_client_hello did not work properly when called in
state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
- but a retry condition occured while trying to read the rest.
+ but a retry condition occurred while trying to read the rest.
[Bodo Moeller]
*) The PKCS7_ENC_CONTENT_new() function was setting the content type as
@echo off
rem ========================================================================
-rem Batch file to assist in setting up the necessary enviroment for
+rem Batch file to assist in setting up the necessary environment for
rem building OpenSSL for NetWare.
rem
rem usage:
:info
echo.
-if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
+if "%LIBC_BUILD%" == "Y" echo Environment configured for LibC build
if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..."
-if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
+if "%CLIB_BUILD%" == "Y" echo Environment configured for CLib build
if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..."
goto end
{"debug", OPT_DEBUG, '-'},
{"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-'},
{"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
- {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
+ {"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
{"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
{"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
{"", OPT_DIGEST, '-', "Any supported digest"},
{"CA signature", CERT_PKEY_CA_SIGNATURE},
{"EE key parameters", CERT_PKEY_EE_PARAM},
{"CA key parameters", CERT_PKEY_CA_PARAM},
- {"Explicity sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
+ {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
{"Issuer Name", CERT_PKEY_ISSUER_NAME},
{"Certificate Type", CERT_PKEY_CERT_TYPE},
{NULL}
ldr $rounds,[r0,#240]
mov $i1,r0 @ input
add $i2,r0,$rounds,lsl#4
- mov $key,r1 @ ouput
+ mov $key,r1 @ output
add $tbl,r1,$rounds,lsl#4
str $rounds,[r1,#240]
NOP
BNOP RA,5
-|| MVK -2,RET ; unknown bit lenght
+|| MVK -2,RET ; unknown bit length
|| MVK 0,B0 ; redundant
;;====================================================================
;;====================================================================
/*
* convert content octets into a big endian buffer. Returns the length
- * of buffer or 0 on error: for malformed INTEGER. If output bufer is
+ * of buffer or 0 on error: for malformed INTEGER. If output buffer is
* NULL just return length.
*/
int rv = 1;
/*
- * If data is not deteched or resigning then the output BIO is already
+ * If data is not detached or resigning then the output BIO is already
* set up to finalise when it is written through.
*/
if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
#include <openssl/conf.h>
#include <openssl/x509v3.h>
-/* Multi string module: add table enstries from a given section */
+/* Multi string module: add table entries from a given section */
static int do_tcreate(char *value, char *name);
}
/*
- * This function collects the asn1 data from a constructred string type into
+ * This function collects the asn1 data from a constructed string type into
* a buffer. The values of 'in' and 'len' should refer to the contents of the
* constructed type and 'inf' should be set if it is indefinite length.
*/
memset(&wsa_state, 0, sizeof(wsa_state));
/*
* Not making wsa_state available to the rest of the code is formally
- * wrong. But the structures we use are [beleived to be] invariable
+ * wrong. But the structures we use are [believed to be] invariable
* among Winsock DLLs, while API availability is [expected to be]
* probed at run-time with DSO_global_lookup.
*/
}
/*
- * Adjust socket timeout if next handhake message timer will expire
+ * Adjust socket timeout if next handshake message timer will expire
* earlier.
*/
if ((data->socket_timeout.tv_sec == 0
if ((ret = BIO_new(BIO_s_file())) == NULL)
return (NULL);
- BIO_set_flags(ret, BIO_FLAGS_UPLINK); /* redundant, left for
- * documentation puposes */
+ /* redundant flag, left for documentation purposes */
+ BIO_set_flags(ret, BIO_FLAGS_UPLINK);
BIO_set_fp(ret, stream, close_flag);
return (ret);
}
// scalability. The decision will very likely be reconsidered after the
// benchmark program is profiled. I.e. if perfomance gain on Itanium
// will appear larger than loss on "wider" IA-64, then the loop should
-// be explicitely split and the epilogue compressed.
+// be explicitly split and the epilogue compressed.
.L_bn_sqr_words_ctop:
{ .mfi; (p16) ldf8 f32=[r33],8
(p25) xmpy.lu f42=f41,f41
$hi1="%r2";
$hi0="%r1";
-$xfer=$n0; # accomodates [-16..15] offset in fld[dw]s
+$xfer=$n0; # accommodates [-16..15] offset in fld[dw]s
$fm0="%fr4"; $fti=$fm0;
$fbi="%fr5L";
{ # __rsaz_512_mul
#
# input: %rsi - ap, %rbp - bp
- # ouput:
+ # output:
# clobbers: everything
my ($ap,$bp) = ("%rsi","%rbp");
$code.=<<___;
# __rsaz_512_mulx
#
# input: %rsi - ap, %rbp - bp
- # ouput:
+ # output:
# clobbers: everything
my ($ap,$bp,$zero) = ("%rsi","%rbp","%rdi");
$code.=<<___;
/*
* Binary inversion algorithm; requires odd modulus. This is faster
* than the general algorithm if the modulus is sufficiently small
- * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit
+ * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit
* systems)
*/
int shift;
goto end;
/*
- * Kronecker symbol, imlemented according to Henri Cohen,
+ * Kronecker symbol, implemented according to Henri Cohen,
* "A Course in Computational Algebraic Number Theory"
* (algorithm 1.4.10).
*/
* The fact that the loop is unrolled
* 4-wise is a tribute to Intel. It's
* the one that doesn't have enough
- * registers to accomodate more data.
+ * registers to accommodate more data.
* I'd unroll it 8-wise otherwise:-)
*
* <appro@fy.chalmers.se>
* Here follows specialised variants of bn_add_words() and bn_sub_words().
* They have the property performing operations on arrays of different sizes.
* The sizes of those arrays is expressed through cl, which is the common
- * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta
+ * length ( basically, min(len(a),len(b)) ), and dl, which is the delta
* between the two lengths, calculated as len(a)-len(b). All lengths are the
* number of BN_ULONGs... For the operations that require a result array as
* parameter, it must have the length cl+abs(dl). These functions should
#endif
} else if (carry < 0) {
/*
- * it's a bit more comlicated logic in this case. if bn_add_words
+ * it's a bit more complicated logic in this case. if bn_add_words
* yields no carry, then result has to be adjusted by unconditionally
* *adding* the modulus. but if it does, then result has to be
* compared to the modulus and conditionally adjusted by
for (;;) {
i++;
BN_GENCB_call(cb, 0, i);
- /* NB 27 MR is specificed in X9.31 */
+ /* NB 27 MR is specified in X9.31 */
if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
break;
if (!BN_add_word(pi, 2))
ctx->nlast_block = 0;
return 1;
}
- /* Initialiase context */
+ /* Initialise context */
if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
return 0;
/* Non-NULL key means initialisation complete */
if (ctx->nlast_block == -1)
return 0;
/*
- * The buffer "tbl" containes the last fully encrypted block which is the
+ * The buffer "tbl" contains the last fully encrypted block which is the
* last IV (or all zeroes if no last encrypted block). The last block has
- * not been modified since CMAC_final(). So reinitliasing using the last
+ * not been modified since CMAC_final(). So reinitialising using the last
* decrypted block will allow CMAC to continue after calling
* CMAC_Final().
*/
if (!cms_wrap_init(kari, ec->cipher))
return 0;
/*
- * If no orignator key set up initialise for ephemeral key the public key
+ * If no originator key set up initialise for ephemeral key the public key
* ASN1 structure will set the actual public key value.
*/
if (kari->originator->type == -1) {
ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
if (!pos)
return 0;
- /* If ebmedded content find memory BIO and set content */
+ /* If embedded content find memory BIO and set content */
if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
BIO *mbio;
unsigned char *cont;
return cms_get0_signed(cms);
}
-/* Just initialize SignedData e.g. for certs only structure */
+/* Just initialise SignedData e.g. for certs only structure */
int CMS_SignedData_init(CMS_ContentInfo *cms)
{
goto err;
if (!(flags & CMS_NOATTR)) {
/*
- * Initialialize signed attributes strutucture so other attributes
+ * Initialize signed attributes structure so other attributes
* such as signing time etc are added later even if we add none here.
*/
if (!si->signedAttrs) {
if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
goto err;
- /* Set SignerInfo algortihm details if we used custom parametsr */
+ /* Set SignerInfo algorithm details if we used custom parameter */
if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
goto err;
unsigned int olen, unsigned char *in,
unsigned int ilen);
-/* memory allocations functions for zlib intialization */
+/* memory allocations functions for zlib initialisation */
static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size)
{
void *p;
/*
* The input and output are loaded in multiples of 8 bits. What this means is
- * that if you hame numbits=12 and length=2 the first 12 bits will be
+ * that if you have numbits=12 and length=2 the first 12 bits will be
* retrieved from the first byte and half the second. The second 12 bits
* will come from the 3rd and half the 4th byte.
*/
/*
* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that
* the AlgorithmIdentifier contains the parameters, the private key is
- * explcitly included and the pubkey must be recalculated.
+ * explicitly included and the pubkey must be recalculated.
*/
static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
V_ASN1_UNDEF, NULL);
}
- /* See if custom paraneters set */
+ /* See if custom parameters set */
kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
if (kdf_type <= 0)
goto err;
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx)
-/* Application leve function: read in X9.42 DH parameters into DH structure */
+/* Application public function: read in X9.42 DH parameters into DH structure */
DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length)
{
{
/*
* If a is only one word long and constant time is false, use the faster
- * exponenentiation function.
+ * exponentiation function.
*/
if (bn_get_top(a) == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {
BN_ULONG A = bn_get_words(a)[0];
}
mdsize = EVP_MD_size(evpmd);
- /* If unverificable g generation only don't need seed */
+ /* If unverifiable g generation only don't need seed */
if (!ret->p || !ret->q || idx >= 0) {
if (seed_len == 0)
seed_len = mdsize;
* systems. It is a modified version of the BS2000 table.
*
* Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is
- * bijective - there are no ambigous or duplicate characters.
+ * bijective - there are no ambiguous or duplicate characters.
*/
const unsigned char os_toascii[256] = {
0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */
___
{
-# This function recieves a pointer to an array of four affine points
+# This function receives a pointer to an array of four affine points
# (X, Y, <1>) and rearanges the data for AVX2 execution, while
# converting it to 2^29 radix redundant form
}
{
################################################################################
-# This function recieves a pointer to an array of four AVX2 formatted points
+# This function receives a pointer to an array of four AVX2 formatted points
# (X, Y, Z) convert the data to normal representation, and rearanges the data
my ($D0,$D1,$D2,$D3, $D4,$D5,$D6,$D7, $D8)=map("%ymm$_",(0..8));
V_ASN1_UNDEF, NULL);
}
- /* See if custom paraneters set */
+ /* See if custom parameters set */
kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);
if (kdf_type <= 0)
goto err;
if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
goto err;
} else
- /* Uknown KDF */
+ /* Unknown KDF */
goto err;
if (kdf_md == NULL) {
/* Fixme later for better MD */
if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
ok = 0;
} else
- /* we don't kmow the nid => ERROR */
+ /* we don't know the nid => ERROR */
ok = 0;
} else {
/* use the ECPARAMETERS structure */
if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
/*
- * sorry, but a EC_GROUP-structur is necessary to set the public key
+ * sorry, but a EC_GROUP-structure is necessary to set the public key
*/
ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
return 0;
"NIST/SECG/WTLS curve over a 233 bit binary field"},
#endif
{NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
- "WTLS curvs over a 224 bit prime field"},
+ "WTLS curve over a 224 bit prime field"},
#ifndef OPENSSL_NO_EC2M
/* IPSec curves */
{NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
#include "ec_lcl.h"
/*
- * This file implements the wNAF-based interleaving multi-exponentation method
+ * This file implements the wNAF-based interleaving multi-exponentiation method
* (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>);
* for multiplication with precomputation, we use wNAF splitting
* (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>).
}
/*-
- * point_add calcuates (x1, y1, z1) + (x2, y2, z2)
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
*
* The method is taken from:
* http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
* coordinates */
/*-
- * point_double calcuates 2*(x_in, y_in, z_in)
+ * point_double calculates 2*(x_in, y_in, z_in)
*
* The method is taken from:
* http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
}
/*-
- * point_add calcuates (x1, y1, z1) + (x2, y2, z2)
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
*
* The method is taken from
* http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
* Find the useable ciphers|digests from dev/crypto - this is the first
* thing called by the engine init crud which determines what it
* can use for ciphers from this engine. We want to return
- * only what we can do, anythine else is handled by software.
+ * only what we can do, anything else is handled by software.
*
* If we can't initialize the device to do anything useful for
* any reason, we want to return a NULL array, and 0 length,
* which forces everything to be done is software. By putting
- * the initalization of the device in here, we ensure we can
+ * the initialization of the device in here, we ensure we can
* use this engine as the default, and if for whatever reason
* /dev/crypto won't do what we want it will just be done in
* software
* suck moose gonads - would be nice to be able to decide something
* as reasonable default without having hackery that's card dependent.
* of course, the default should probably be just do everything,
- * with perhaps a sysctl to turn algoritms off (or have them off
+ * with perhaps a sysctl to turn algorithms off (or have them off
* by default) on cards that generally suck like the hifn.
*/
*nids = NULL;
if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
/*
- * XXX need better errror handling this can fail for a number of
+ * XXX need better error handling this can fail for a number of
* different reasons.
*/
return (0);
}
/*
- * free anything we allocated earlier when initting a
+ * free anything we allocated earlier when initing a
* session, and close the session.
*/
static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
return (0);
/*
- * XXX if this ioctl fails, someting's wrong. the invoker may have called
+ * XXX if this ioctl fails, something's wrong. the invoker may have called
* us with a bogus ctx, or we could have a device that for whatever
* reason just doesn't want to play ball - it's not clear what's right
* here - should this be an error? should it just increase a counter,
return e->cmd_defns[idx].cmd_num;
}
/*
- * For the rest of the commands, the 'long' argument must specify a valie
+ * For the rest of the commands, the 'long' argument must specify a valid
* command number - so we need to conduct a search.
*/
if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
static int dynamic_init(ENGINE *e)
{
/*
- * We always return failure - the "dyanamic" engine itself can't be used
+ * We always return failure - the "dynamic" engine itself can't be used
* for anything.
*/
return 0;
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
ret = e->next;
if (ret) {
- /* Return a valid structural refernce to the next ENGINE */
+ /* Return a valid structural reference to the next ENGINE */
ret->struct_ref++;
engine_ref_debug(ret, 0, 1);
}
if (iterator != NULL)
return iterator;
/*
- * Prevent infinite recusrion if we're looking for the dynamic engine.
+ * Prevent infinite recursion if we're looking for the dynamic engine.
*/
if (strcmp(id, "dynamic")) {
# ifdef OPENSSL_SYS_VMS
fnd->funct = NULL;
(void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
}
- /* A registration shouldn't add duplciate entries */
+ /* A registration shouldn't add duplicate entries */
(void)sk_ENGINE_delete_ptr(fnd->sk, e);
/*
* if 'setdefault', this ENGINE goes to the head of the list
* Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
* this context may already have an ENGINE! Try to avoid releasing the
* previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unecessary.
+ * reinitialisation, when it may all be unnecessary.
*/
if (ctx->engine && ctx->digest && (!type ||
(type
* non-key-length specific routines would require conditional branches
* either in inner loops or on subroutines' entries. Former is hardly
* acceptable, while latter means code size increase to size occupied
- * by multiple key-length specfic subroutines, so why fight?
+ * by multiple key-length specific subroutines, so why fight?
*/
void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
size_t len, const AES_KEY *key,
* Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
* this context may already have an ENGINE! Try to avoid releasing the
* previous handle, re-querying for an ENGINE, and having a
- * reinitialisation, when it may all be unecessary.
+ * reinitialisation, when it may all be unnecessary.
*/
if (ctx->engine && ctx->cipher
&& (!cipher || (cipher && (cipher->nid == ctx->cipher->nid))))
/*
* One positive side-effect of US's export control history,
* is that we should at least be able to avoid using US
- * mispellings of "initialisation"?
+ * misspellings of "initialisation"?
*/
EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
return 0;
e = ENGINE_get_pkey_meth_engine(id);
/*
- * If an ENGINE handled this method look it up. Othewise use internal
+ * If an ENGINE handled this method look it up. Otherwise use internal
* tables.
*/
* exdata has a stack of callbacks for each instance.
*/
struct ex_callback_st {
- long argl; /* Arbitary long */
- void *argp; /* Arbitary void * */
+ long argl; /* Arbitrary long */
+ void *argp; /* Arbitrary void * */
CRYPTO_EX_new *new_func;
CRYPTO_EX_free *free_func;
CRYPTO_EX_dup *dup_func;
block128_f block)
{
int n, rem, num;
- unsigned char ovec[16 * 2 + 1]; /* +1 because we dererefence (but don't
+ unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't
* use) one byte off the end */
if (nbits <= 0 || nbits > 128)
* before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes
* that the counter is in the x lower bits of the IV (ivec), and that the
* application has full control over overflow and the rest of the IV. This
- * implementation takes NO responsability for checking that the counter
+ * implementation takes NO responsibility for checking that the counter
* doesn't overflow into the rest of the IV when incremented.
*/
void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
(*func) (in, out, blocks, key, ivec);
/* (*ctr) does not update ivec, caller does: */
PUTU32(ivec + 12, ctr32);
- /* ... overflow was detected, propogate carry. */
+ /* ... overflow was detected, propagate carry. */
if (ctr32 == 0)
ctr96_inc(ivec);
blocks *= 16;
/*-
* The VMS epoch is the astronomical Smithsonian date,
if I remember correctly, which is November 17, 1858.
- Furthermore, time is measure in thenths of microseconds
+ Furthermore, time is measure in tenths of microseconds
and stored in quadwords (64 bit integers). unix_epoch
below is January 1st 1970 expressed as a VMS time. The
following code was used to get this number:
int time_sec, time_year, time_month, time_day;
long time_jd;
- /* Convert time and offset into julian day and seconds */
+ /* Convert time and offset into Julian day and seconds */
if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec))
return 0;
#include "obj_lcl.h"
/*
- * Later versions of DEC C has started to add lnkage information to certain
+ * Later versions of DEC C has started to add linkage information to certain
* functions, which makes it tricky to use them as values to regular function
* pointers. One way is to define a macro that takes care of casting them
* correctly.
*/
/*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * History: This file was transferred to Richard Levitte from CertCo by Kathy
* Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
* patch kit.
*/
}
/*
- * Sign an OCSP request set the requestorName to the subjec name of an
+ * Sign an OCSP request set the requestorName to the subject name of an
* optional signers certificate and include one or more optional certificates
* in the request. Behaves like PKCS7_sign().
*/
}
/*
- * Return number of OCSP_SINGLERESP reponses present in a basic response.
+ * Return number of OCSP_SINGLERESP responses present in a basic response.
*/
int OCSP_resp_count(OCSP_BASICRESP *bs)
*/
/*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * History: This file was transferred to Richard Levitte from CertCo by Kathy
* Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
* patch kit.
*/
/* Nonce handling functions */
/*
- * Add a nonce to an extension stack. A nonce can be specificed or if NULL a
+ * Add a nonce to an extension stack. A nonce can be specified or if NULL a
* random nonce will be generated. Note: OpenSSL 0.9.7d and later create an
* OCTET STRING containing the nonce, previous versions used the raw nonce.
*/
*/
/*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * History: This file was transferred to Richard Levitte from CertCo by Kathy
* Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
* patch kit.
*/
*/
/*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * History: This file was transferred to Richard Levitte from CertCo by Kathy
* Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
* patch kit.
*/
*/
/*
- * History: This file was originally part of ocsp.c and was transfered to
+ * History: This file was originally part of ocsp.c and was transferred to
* Richard Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be
* included in OpenSSL or released as a patch kit.
*/
tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
/* Check to see if IDs match */
if (OCSP_id_issuer_cmp(cid, tmpid)) {
- /* If algoritm mismatch let caller deal with it */
+ /* If algorithm mismatch let caller deal with it */
if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
cid->hashAlgorithm.algorithm))
return 2;
}
{ package register; # pick up registers, which start with %.
sub re {
- my $class = shift; # muliple instances...
+ my $class = shift; # multiple instances...
my $self = {};
local *line = shift;
undef $ret;
# (#) Nth argument, volatile
#
# In Unix terms top of stack is argument transfer area for arguments
-# which could not be accomodated in registers. Or in other words 7th
+# which could not be accommodated in registers. Or in other words 7th
# [integer] argument resides at 8(%rsp) upon function entry point.
# 128 bytes above %rsp constitute a "red zone" which is not touched
# by signal handlers and can be used as temporal storage without
* Parse and decrypt a PKCS#12 structure returning user key, user cert and
* other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it
* should point to a valid STACK structure. pkey and cert can be passed
- * unitialised.
+ * uninitialised.
*/
int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
/*
* Parallel threads may interfere with this, but always each byte
* of the new state is the XOR of some previous value of its and
- * local_md (itermediate values may be lost). Alway using locking
+ * local_md (intermediate values may be lost). Alway using locking
* could hurt performance more than necessary given that
* conflicts occur only when the total seeding is longer than the
* random state.
/*
* Limit the time spent walking through the heap, processes, threads and
- * modules to a maximum of 1000 miliseconds each, unless CryptoGenRandom
+ * modules to a maximum of 1000 milliseconds each, unless CryptoGenRandom
* failed
*/
# define MAXDELAY 1000
/*
* From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
- * then the EVP_MD_CTX is setup and initalised. If it is NULL parameters are
+ * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
* passed to pkctx instead.
*/
BIGNUM *p = NULL, *q = NULL;
/*
- * Make sure BN_mod_inverse in Montgomery intialization uses the
+ * Make sure BN_mod_inverse in Montgomery initialization uses the
* BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
*/
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
jnz .Loop_grande
.Ldone:
- mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
+ mov `$REG_SZ*17`(%rsp),%rax # original %rsp
___
$code.=<<___ if ($win64);
movaps -0xb8(%rax),%xmm6
movdqa K_XX_XX+0x80(%rip),$BSWAP # byte-n-word swap
.Loop_grande_shaext:
- mov $num,`$REG_SZ*17+8`(%rsp) # orignal $num
+ mov $num,`$REG_SZ*17+8`(%rsp) # original $num
xor $num,$num
___
for($i=0;$i<2;$i++) {
jnz .Loop_grande_avx
.Ldone_avx:
- mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
+ mov `$REG_SZ*17`(%rsp),%rax # original %rsp
vzeroupper
___
$code.=<<___ if ($win64);
#jnz .Loop_grande_avx2
.Ldone_avx2:
- mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
+ mov `$REG_SZ*17`(%rsp),%rax # original %rsp
vzeroupper
___
$code.=<<___ if ($win64);
___
}
-$FRAMESIZE=16; # large enough to accomodate NUBI saved registers
+$FRAMESIZE=16; # large enough to accommodate NUBI saved registers
$SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc0fff008 : 0xc0ff0000;
$code=<<___;
jnz .Loop_grande
.Ldone:
- mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
+ mov `$REG_SZ*17`(%rsp),%rax # original %rsp
___
$code.=<<___ if ($win64);
movaps -0xb8(%rax),%xmm6
lea K256_shaext+0x80(%rip),$Tbl
.Loop_grande_shaext:
- mov $num,`$REG_SZ*17+8`(%rsp) # orignal $num
+ mov $num,`$REG_SZ*17+8`(%rsp) # original $num
xor $num,$num
___
for($i=0;$i<2;$i++) {
jnz .Loop_grande_avx
.Ldone_avx:
- mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
+ mov `$REG_SZ*17`(%rsp),%rax # original %rsp
vzeroupper
___
$code.=<<___ if ($win64);
#jnz .Loop_grande_avx2
.Ldone_avx2:
- mov `$REG_SZ*17`(%rsp),%rax # orignal %rsp
+ mov `$REG_SZ*17`(%rsp),%rax # original %rsp
vzeroupper
___
$code.=<<___ if ($win64);
* default: case below covers for it. It's not clear however if it's
* permitted to truncate to amount of bytes not divisible by 4. I bet not,
* but if it is, then default: case shall be extended. For reference.
- * Idea behind separate cases for pre-defined lenghts is to let the
+ * Idea behind separate cases for pre-defined lengths is to let the
* compiler decide if it's appropriate to unroll small loops.
*/
#define HASH_MAKE_STRING(c,s) do { \
# ifndef MD32_XARRAY
/*
* Originally X was an array. As it's automatic it's natural
- * to expect RISC compiler to accomodate at least part of it in
+ * to expect RISC compiler to accommodate at least part of it in
* the register bank, isn't it? Unfortunately not all compilers
* "find" this expectation reasonable:-( On order to make such
* compilers generate better code I replace X[] with a bunch of
# define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)
/*
- * Check if G and N are kwown parameters. The values have been generated
+ * Check if G and N are known parameters. The values have been generated
* from the ietf-tls-srp draft version 8
*/
char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
s->_.string_data.result_maxsize = maxsize;
s->_.string_data.test_buf = test_buf;
ret = sk_UI_STRING_push(ui->strings, s);
- /* sk_push() returns 0 on error. Let's addapt that */
+ /* sk_push() returns 0 on error. Let's adapt that */
if (ret <= 0)
ret--;
} else
s->_.boolean_data.cancel_chars = cancel_chars;
ret = sk_UI_STRING_push(ui->strings, s);
/*
- * sk_push() returns 0 on error. Let's addapt that
+ * sk_push() returns 0 on error. Let's adapt that
*/
if (ret <= 0)
ret--;
* one quadword load. One can argue that that many single-byte loads
* is too excessive, as one could load a quadword and "milk" it for
* eight 8-bit values instead. Well, yes, but in order to do so *and*
- * avoid excessive loads you have to accomodate a handful of 64-bit
+ * avoid excessive loads you have to accommodate a handful of 64-bit
* values in the register bank and issue a bunch of shifts and mask.
* It's a tradeoff: loads vs. shift and mask in big register bank[!].
* On most CPUs eight single-byte loads are faster and I let other
*
* Unlike authors' reference implementation, block processing
* routine whirlpool_block is designed to operate on multi-block
- * input. This is done for perfomance.
+ * input. This is done for performance.
*/
#include "wp_locl.h"
i--;
/*
* If we have LOS error and flags changed then we are signing P-384
- * with P-256. Use more meaninggul error.
+ * with P-256. Use more meaningful error.
*/
if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags)
rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256;
/*
* If we've previously matched a PKIX-?? record, no need to test any
- * furher PKIX-?? records, it remains to just build the PKIX chain.
+ * further PKIX-?? records, it remains to just build the PKIX chain.
* Had the match been a DANE-?? record, we'd be done already.
*/
if (dane->mdpth >= 0)
*
* As soon as we find a match at any given depth, we stop, because either
* we've matched a DANE-?? record and the peer is authenticated, or, after
- * exhausing all DANE-?? records, we've matched a PKIX-?? record, which is
+ * exhausting all DANE-?? records, we've matched a PKIX-?? record, which is
* sufficient for DANE, and what remains to do is ordinary PKIX validation.
*/
recnum = (dane->umask & mask) ? sk_danetls_record_num(dane->trecs) : 0;
return (X509_NAME_get_index_by_OBJ(name, obj, lastpos));
}
-/* NOTE: you should be passsing -1, not 0 as lastpos */
+/* NOTE: you should be passing -1, not 0 as lastpos */
int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos)
{
int n;
* it all strings are converted to UTF8, leading, trailing and multiple
* spaces collapsed, converted to lower case and the leading SEQUENCE header
* removed. In future we could also normalize the UTF8 too. By doing this
- * comparison of Name structures can be rapidly perfomed by just using
+ * comparison of Name structures can be rapidly performed by just using
* memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
* constraints of type dirName can also be checked with a simple memcmp().
*/
/*
* IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
+ * comparison routines are only allowed two arguments.
*/
static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
const IPAddressOrRange *const *b)
/*
* IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
+ * comparison routines are only allowed two arguments.
*/
static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
const IPAddressOrRange *const *b)
}
/*
- * Sort comparision function for a sequence of IPAddressFamily.
+ * Sort comparison function for a sequence of IPAddressFamily.
*
* The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
* the ordering: I can read it as meaning that IPv6 without a SAFI
}
/*
- * Sort comparision function for a sequence of ASIdOrRange elements.
+ * Sort comparison function for a sequence of ASIdOrRange elements.
*/
static int ASIdOrRange_cmp(const ASIdOrRange *const *a_,
const ASIdOrRange *const *b_)
}
/*
- * Test whether a is a subet of b.
+ * Test whether a is a subset of b.
*/
int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
{
const char *emlat = strchr(emlptr, '@');
if (!emlat)
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
- /* Special case: inital '.' is RHS match */
+ /* Special case: initial '.' is RHS match */
if (!baseat && (*baseptr == '.')) {
if (eml->length > base->length) {
emlptr += eml->length - base->length;
if (hostlen == 0)
return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
- /* Special case: inital '.' is RHS match */
+ /* Special case: initial '.' is RHS match */
if (*baseptr == '.') {
if (hostlen > base->length) {
p = hostptr + hostlen - base->length;
-This directory contains examples of how to contruct
+This directory contains examples of how to construct
various X509 structures. Certificates, certificate requests
and CRLs.
a oneline format which is more readable than RFC2253. It is equivalent to
specifying the B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname>
-options. This is the I<default> of no name options are given explicitely.
+options. This is the I<default> of no name options are given explicitly.
=item B<multiline>
=head1 BUGS
-The ambigious return values of ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
+The ambiguous return values of ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
mean these functions should be avoided if possible. They are retained for
-compatibility. Normally the ambigious return values are not legitimate
+compatibility. Normally the ambiguous return values are not legitimate
values for the fields they represent.
=head1 RETURN VALUES
order to reenable pausing. If these functions are called while there is no
currently active job then they have no effect. This functionality can be useful
to avoid deadlock scenarios. For example during the execution of an ASYNC_JOB an
-application aquires a lock. It then calls some cryptographic function which
+application acquires a lock. It then calls some cryptographic function which
invokes ASYNC_pause_job(). This returns control back to the code that created
-the ASYNC_JOB. If that code then attempts to aquire the same lock before
+the ASYNC_JOB. If that code then attempts to acquire the same lock before
resuming the original job then a deadlock can occur. By calling
ASYNC_block_pause() immediately after aquiring the lock and
ASYNC_unblock_pause() immediately before releasing it then this situation cannot
ASYNC_start_job returns one of ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE or
ASYNC_FINISH as described above.
-ASYNC_pause_job returns 0 if an error occured or 1 on success. If called when
+ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when
not within the context of an ASYNC_JOB then this is counted as success so 1 is
returned.
EC_GROUP_method_of obtains the EC_METHOD of B<group>.
-EC_GROUP_set_generator sets curve paramaters that must be agreed by all participants using the curve. These
-paramaters include the B<generator>, the B<order> and the B<cofactor>. The B<generator> is a well defined point on the
+EC_GROUP_set_generator sets curve parameters that must be agreed by all participants using the curve. These
+parameters include the B<generator>, the B<order> and the B<cofactor>. The B<generator> is a well defined point on the
curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and
n-1 where n is the B<order>. The B<order> multiplied by the B<cofactor> gives the number of points on the curve.
OCSP_CERTID_free() does not return a value.
-OCSP_id_get0_info() returns 1 for sucess and 0 for failure.
+OCSP_id_get0_info() returns 1 for success and 0 for failure.
=head1 NOTES
=head1 NOTES
In almost all cases an extension can occur at most once and multiple
-occurences is an error. Therefore the B<idx> parameter is usually B<NULL>.
+occurrences is an error. Therefore the B<idx> parameter is usually B<NULL>.
The B<flags> parameter may be one of the following values.
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;; Note, it could be easy to inherit from the "gnu" style... however,
;; one never knows if that style will change somewhere in the future,
-;; so I've chosen to copy the "gnu" style values explicitely instead
+;; so I've chosen to copy the "gnu" style values explicitly instead
;; and mark them with a comment. // RLevitte 2015-08-31
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
=head1 EXAMPLES
-Set supported signature algoritms to SHA256 with ECDSA and SHA256 with RSA
+Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA
using an array:
const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};
SSL_CTX_set1_sigalgs(ctx, slist, 4);
-Set supported signature algoritms to SHA256 with ECDSA and SHA256 with RSA
+Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA
using a string:
SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");
* 'addr' into 'sz' large caller-provided 'path' and returns the number of
* characters [including trailing zero] written to it. If 'sz' is 0 or
* negative, 'path' is ignored and required amount of charachers [including
- * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then
+ * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then
* pathname of cryptolib itself is returned. Negative or zero return value
* denotes error.
*/
/*-
* Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
* certain global symbols that, with some compilers under VMS, have to be
- * defined and declared explicitely with globaldef and globalref.
- * Definitions of OPENSSL_EXPORT and OPENSSL_EXTERN, to define and declare
+ * defined and declared explicitly with globaldef and globalref.
+ * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
* DLL exports and imports for compilers under Win32. These are a little
* more complicated to use. Basically, for any library that exports some
* global variables, the following code must be present in the header file
*/
/*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * History: This file was transferred to Richard Levitte from CertCo by Kathy
* Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
* patch kit.
*/
added, so the result is *not* a string.
On success, the all return an index of the added information. That index
- is usefull when retrieving results with UI_get0_result(). */
+ is useful when retrieving results with UI_get0_result(). */
int UI_add_input_string(UI *ui, const char *prompt, int flags,
char *result_buf, int minsize, int maxsize);
int UI_dup_input_string(UI *ui, const char *prompt, int flags,
* READ_STATE_POST_PROCESS is an optional step that may occur if some post
* processing activity performed on the message may block.
*
- * Any of the above states could result in an NBIO event occuring in which case
+ * Any of the above states could result in an NBIO event occurring in which case
* control returns to the calling application. When this function is recalled we
* will resume in the same state where we left off.
*/
* WRITE_STATE_TRANSITION transitions the state of the handshake state machine
* WRITE_STATE_PRE_WORK performs any work necessary to prepare the later
- * sending of the message. This could result in an NBIO event occuring in
+ * sending of the message. This could result in an NBIO event occurring in
* which case control returns to the calling application. When this function
* is recalled we will resume in the same state where we left off.
*
projects / oweals / openssl.git / commitdiff