*) New option -sigopt to dgst utility. Update dgst to use
EVP_Digest{Sign,Verify}*. These two changes make it possible to use
- alternative signing paramaters such as X9.31 or PSS in the dgst
+ alternative signing parameters such as X9.31 or PSS in the dgst
utility.
[Steve Henson]
*) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
- verification error occured. (Neither SSLerr() codes nor alerts
+ verification error occurred. (Neither SSLerr() codes nor alerts
are directly visible to potential attackers, but the information
may leak via logfiles.)
*) Bugfix: ssl23_get_client_hello did not work properly when called in
state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
- but a retry condition occured while trying to read the rest.
+ but a retry condition occurred while trying to read the rest.
[Bodo Moeller]
*) The PKCS7_ENC_CONTENT_new() function was setting the content type as
other platforms details on the command line without having to patch the
Configure script everytime: One now can use ``perl Configure
<id>:<details>'', i.e. platform ids are allowed to have details appended
- to them (seperated by colons). This is treated as there would be a static
+ to them (separated by colons). This is treated as there would be a static
pre-configured entry in Configure's %table under key <id> with value
<details> and ``perl Configure <id>'' is called. So, when you want to
perform a quick test-compile under FreeBSD 3.1 with pgcc and without
7-Jan-98
- Finally reworked the cipher string to ciphers again, so it
works correctly
- - All the app_data stuff is now ex_data with funcion calls to access.
+ - All the app_data stuff is now ex_data with function calls to access.
The index is supplied by a function and 'methods' can be setup
for the types that are called on XXX_new/XXX_free. This lets
applications get notified on creation and destruction. Some of
certificate, it is my aim to use perl5/Tk but I don't have time to do
this right now. It will generate the certificates but the management
scripts still need to be written. This is not a hard task.
-- Things have been cleaned up alot.
+- Things have been cleaned up a lot.
- Have a look at the enc and dgst programs in the apps directory.
- It supports v3 of x509 certiticates.
# aes-ctr.o is not a real file, only indication that assembler
# module implements AES_ctr32_encrypt...
$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
- # aes-xts.o indicates presense of AES_xts_[en|de]crypt...
+ # aes-xts.o indicates presence of AES_xts_[en|de]crypt...
$cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
$aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
$aes_obj =~ s/\s*(vp|bs)aes-\w*\.o//g if ($fipscanisterinternal eq "y");
If the test program in question fails withs SIGILL, Illegal Instruction
exception, then you more than likely to run SSE2-capable CPU, such as
Intel P4, under control of kernel which does not support SSE2
-instruction extentions. See accompanying INSTALL file and
+instruction extensions. See accompanying INSTALL file and
OPENSSL_ia32cap(3) documentation page for further information.
* Why does compiler fail to compile sha512.c?
compiler flags for any other CPU specific configuration,
e.g. "-m32" to build x86 code on an x64 system.
- no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is
+ no-sse2 Exclude SSE2 code pathes. Normally SSE2 extension is
detected at run-time, but the decision whether or not the
machine code will be executed is taken solely on CPU
capability vector. This means that if you happen to run OS
things. Many of the options operate in an interactive mode requiring the
user to enter data. Because of this, a default screen is created for the
program. However, when running the test script it is not desirable to
-have a seperate screen. Therefore, the build also creates openssl2.nlm.
+have a separate screen. Therefore, the build also creates openssl2.nlm.
Openssl2.nlm is functionally identical but uses the console screen.
Openssl2 can be used when a non-interactive mode is desired.
static LHASH *thread_hash=NULL;
several files have routines with static "init" to track if error strings
- have been loaded ( may not want seperate error strings for each process )
+ have been loaded ( may not want separate error strings for each process )
The "init" variable can't be left "global" because the error has is a ptr
that is malloc'ed. The malloc'ed error has is dependant on the "init"
vars.
static const char *ca_usage[]={
"usage: ca args\n",
"\n",
-" -verbose - Talk alot while doing things\n",
+" -verbose - Talk a lot while doing things\n",
" -config file - A config file\n",
" -name arg - The particular CA definition to use\n",
" -gencrl - Generate a new CRL\n",
" -utf8 - input characters are UTF8 (default ASCII)\n",
" -multivalue-rdn - enable support for multivalued RDNs\n",
" -extensions .. - Extension section (override value in config file)\n",
-" -extfile file - Configuration file with X509v3 extentions to add\n",
+" -extfile file - Configuration file with X509v3 extensions to add\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
#ifndef OPENSSL_NO_ENGINE
" -engine e - use engine e, possibly a hardware device.\n",
}
/*****************************************************************/
- /* Read extentions config file */
+ /* Read extensions config file */
if (extfile)
{
extconf = NCONF_new(NULL);
private_key = $dir.private]cakey.pem# The private key
RANDFILE = $dir.private].rand # private random number file
-x509_extensions = usr_cert # The extentions to add to the cert
+x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
+x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
-x509_extensions = usr_cert # The extentions to add to the cert
+x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
+x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
{
- BIO_printf(bio_err,"TIMEOUT occured\n");
+ BIO_printf(bio_err,"TIMEOUT occurred\n");
}
if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))
if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
{
- BIO_printf(bio_err,"TIMEOUT occured\n");
+ BIO_printf(bio_err,"TIMEOUT occurred\n");
}
if (i <= 0) continue;
static char *srp_usage[]={
"usage: srp [args] [user] \n",
"\n",
-" -verbose Talk alot while doing things\n",
+" -verbose Talk a lot while doing things\n",
" -config file A config file\n",
" -name arg The particular srp definition to use\n",
" -srpvfile arg The srp verifier file name\n",
=====
I have not tested the following but it is reported by holtzman@mit.edu.
-SSLref clients wait to recieve a server-verify before they send a
+SSLref clients wait to receive a server-verify before they send a
client-finished. Besides this not being evident from the examples in
2.2.1, it makes more sense to always send all packets you can before
-reading. SSLeay was waiting in the server to recieve a client-finish
+reading. SSLeay was waiting in the server to receive a client-finish
before sending the server-verify :-). I have changed SSLeay to send a
server-verify before trying to read the client-finished.
#
# Do the Apollo stuff first. Here, we just simply assume
-# that the existance of the /usr/apollo directory is proof
+# that the existence of the /usr/apollo directory is proof
# enough
if [ -d /usr/apollo ]; then
echo "whatever-apollo-whatever"
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac
-# NB: This atalla support has been superceded by the ENGINE support
+# NB: This atalla support has been superseded by the ENGINE support
# That contains its own header and definitions anyway. Support can
# be enabled or disabled on any supported platform without external
# headers, eg. by adding the "hw-atalla" switch to ./config or
/* Do reference counting. The value 'op' decides what to do.
* if it is +1 then the count is incremented. If op is 0 count is
* set to 1. If op is -1 count is decremented and the return value
- * is the current refrence count or 0 if no reference count exists.
+ * is the current reference count or 0 if no reference count exists.
*/
int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
There are 3 versions of assember for the HP PA-RISC.
-pa-risc.s is the origional one which works fine and generated using gcc :-)
+pa-risc.s is the original one which works fine and generated using gcc :-)
pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
by Chris Ruemmler from HP (with some help from the HP C compiler).
*
* Q. 64-bit registers under 32-bit kernels? Didn't you just say it
* doesn't work?
- * A. You can't adress *all* registers as 64-bit wide:-( The catch is
+ * A. You can't address *all* registers as 64-bit wide:-( The catch is
* that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
* preserved if you're in a leaf function, i.e. such never calling
* any other functions. All functions in this module are leaf and
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
# Below substitution makes it possible to compile without demanding
-# VIS extentions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I
+# VIS extensions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I
# dare to do this, because VIS capability is detected at run-time now
# and this routine is not called on CPU not capable to execute it. Do
# note that fzeros is not the only VIS dependency! Another dependency
\f
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis3 {
Cache RECP_CTX values
-make the result argument independant of the inputs.
+make the result argument independent of the inputs.
split up the _exp_ functions
Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
SIGWINCH case put in des_read_passwd() so the function does not
- 'exit' if this function is recieved.
+ 'exit' if this function is received.
Version 3.25 17/07/96
Modified read_pwd.c so that stdin can be read if not a tty.
! other half (use).
!
! In this version we do two rounds in a loop repeated 7 times
-! and two rounds seperately.
+! and two rounds separately.
!
! One half has the bits for the sboxes in the following positions:
!
xor global4, local1, out5 ! iv xor next block
ba .ncbc.enc.next.block_2
- add in1, 8, in1 ! output adress
+ add in1, 8, in1 ! output address
.ncbc.enc.next.block_fp:
#
-# Origional BC Makefile from Teun <Teun.Nijssen@kub.nl>
+# Original BC Makefile from Teun <Teun.Nijssen@kub.nl>
#
#
CC = bcc
/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
- * that the AlgorithmIdentifier contains the paramaters, the private key
+ * that the AlgorithmIdentifier contains the parameters, the private key
* is explcitly included and the pubkey must be recalculated.
*/
-The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
+The original FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
examples. This is an updated version that uses SHA-1 (FIPS 180-1)
supplied to me by Wei Dai
--
/* The function prototype used for method functions (or caller-provided
* callbacks) that transform filenames. They are passed a DSO structure pointer
- * (or NULL if they are to be used independantly of a DSO object) and a
+ * (or NULL if they are to be used independently of a DSO object) and a
* filename to transform. They should either return NULL (if there is an error
* condition) or a newly allocated string containing the transformed form that
* the caller will need to free with OPENSSL_free() when done. */
typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
/* The function prototype used for method functions (or caller-provided
* callbacks) that merge two file specifications. They are passed a
- * DSO structure pointer (or NULL if they are to be used independantly of
+ * DSO structure pointer (or NULL if they are to be used independently of
* a DSO object) and two file specifications to merge. They should
* either return NULL (if there is an error condition) or a newly allocated
* string containing the result of merging that the caller will need
* be used in DSO_load() in place of meth->dso_merger. NB: This
* should normally set using DSO_set_merger(). */
DSO_MERGER_FUNC merger;
- /* This is populated with (a copy of) the platform-independant
+ /* This is populated with (a copy of) the platform-independent
* filename used for this DSO. */
char *filename;
/* This is populated with (a copy of) the translated filename by which
* replaced. Return value is non-zero for success. */
int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
DSO_NAME_CONVERTER_FUNC *oldcb);
-/* These functions can be used to get/set the platform-independant filename
+/* These functions can be used to get/set the platform-independent filename
* used for a DSO. NB: set will fail if the DSO is already loaded. */
const char *DSO_get_filename(DSO *dso);
int DSO_set_filename(DSO *dso, const char *filename);
shl_t ptr = NULL;
/* We don't do any fancy retries or anything, just take the method's
* (or DSO's if it has the callback set) best translation of the
- * platform-independant filename and try once with that. */
+ * platform-independent filename and try once with that. */
char *filename= DSO_convert_filename(dso, NULL);
if(filename == NULL)
* unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the
* same time, there's no great duplicating the code. Figuring out an elegant
* way to share one copy of the code would be more difficult and would not
- * leave the implementations independant. */
+ * leave the implementations independent. */
#if defined(__hpux)
static const char extension[] = ".sl";
#else
* \param order the order of the group generated by the generator.
* \param cofactor the index of the sub-group generated by the generator
* in the group of all points on the elliptic curve.
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
* \param group EC_GROUP object
* \param order BIGNUM to which the order is copied
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
* \param group EC_GROUP object
* \param cofactor BIGNUM to which the cofactor is copied
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
* \param a BIGNUM with parameter a of the equation
* \param b BIGNUM with parameter b of the equation
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
* \param a BIGNUM for parameter a of the equation
* \param b BIGNUM for parameter b of the equation
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
* \param a BIGNUM with parameter a of the equation
* \param b BIGNUM with parameter b of the equation
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
* \param a BIGNUM for parameter a of the equation
* \param b BIGNUM for parameter b of the equation
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
#endif
/** Copies EC_POINT object
* \param dst destination EC_POINT object
* \param src source EC_POINT object
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
/** Sets a point to infinity (neutral element)
* \param group underlying EC_GROUP object
* \param point EC_POINT to set to infinity
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
* \param y BIGNUM with the y-coordinate
* \param z BIGNUM with the z-coordinate
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
* \param y BIGNUM for the y-coordinate
* \param z BIGNUM for the z-coordinate
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
* \param x BIGNUM with the x-coordinate
* \param y BIGNUM with the y-coordinate
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
* \param x BIGNUM for the x-coordinate
* \param y BIGNUM for the y-coordinate
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
* \param x BIGNUM with x-coordinate
* \param y_bit integer with the y-Bit (either 0 or 1)
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, int y_bit, BN_CTX *ctx);
* \param x BIGNUM with the x-coordinate
* \param y BIGNUM with the y-coordinate
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
* \param x BIGNUM for the x-coordinate
* \param y BIGNUM for the y-coordinate
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
* \param x BIGNUM with x-coordinate
* \param y_bit integer with the y-Bit (either 0 or 1)
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, int y_bit, BN_CTX *ctx);
* \param buf memory buffer with the encoded ec point
* \param len length of the encoded ec point
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
const unsigned char *buf, size_t len, BN_CTX *ctx);
* \param a EC_POINT object with the first summand
* \param b EC_POINT object with the second summand
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
* \param r EC_POINT object for the result (r = 2 * a)
* \param a EC_POINT object
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
* \param group underlying EC_GROUP object
* \param a EC_POINT object to be inverted (it's used for the result as well)
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
* \param p array of size num of EC_POINT objects
* \param m array of size num of BIGNUM objects
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
* \param q EC_POINT object with the first factor of the second summand
* \param m BIGNUM with the second factor of the second summand
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
/** Stores multiples of generator for faster point multiplication
* \param group EC_GROUP object
* \param ctx BN_CTX object (optional)
- * \return 1 on success and 0 if an error occured
+ * \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
int EC_KEY_check_key(const EC_KEY *key);
/** Sets a public key from affine coordindates performing
- * neccessary NIST PKV tests.
+ * necessary NIST PKV tests.
* \param key the EC_KEY object
* \param x public key x coordinate
* \param y public key y coordinate
ENGINE_TABLE essentially provide linker-separation of the classes so that even
if ENGINEs implement *all* possible algorithms, an application using only
EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
-ENGINE code that is independant of class, and of course the ENGINE
+ENGINE code that is independent of class, and of course the ENGINE
implementation that the application loaded. It will *not* however link any
class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
other APIs, such as the RSA/DSA/etc library code.
static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
{
int n;
- /* Iterate the 'c->sk' stack removing any occurance of 'e' */
+ /* Iterate the 'c->sk' stack removing any occurrence of 'e' */
while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
{
(void)sk_ENGINE_delete(pile->sk, n);
ERR_STATE_free(ret); /* could not insert it */
return(&fallback);
}
- /* If a race occured in this function and we came second, tmpp
+ /* If a race occurred in this function and we came second, tmpp
* is the first one that we just replaced. */
if (tmpp)
ERR_STATE_free(tmpp);
/* We parse the input data */
for (i=0; i<inl; i++)
{
- /* If the current line is > 80 characters, scream alot */
+ /* If the current line is > 80 characters, scream a lot */
if (ln >= 80) { rv= -1; goto end; }
/* Get char and put it into the buffer */
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {
\f
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis3 {
static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ)
/* The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting
- * to use freed up OIDs. If neccessary the actual freeing up of OIDs is
+ * to use freed up OIDs. If necessary the actual freeing up of OIDs is
* delayed.
*/
The perl scripts in this directory are my 'hack' to generate
-multiple different assembler formats via the one origional script.
+multiple different assembler formats via the one original script.
The way to use this library is to start with adding the path to this directory
and then include it.
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {
# .rva .LSEH_end_function
# .rva function_unwind_info
#
-# Reference to functon_unwind_info from .xdata segment is the anchor.
+# Reference to function_unwind_info from .xdata segment is the anchor.
# In case you wonder why references are 32-bit .rvas and not 64-bit
# .quads. References put into these two segments are required to be
# *relative* to the base address of the current binary module, a.k.a.
int depth; /* used with indefinite encoding. */
int finished; /* No more read data */
- /* writting */
+ /* writing */
char *w_addr;
int w_offset;
int w_left;
c.p=ASN1_STRING_data(s);
c.max=c.p+ASN1_STRING_length(s);
if (!asn1_GetSequence(&c,&length)) goto err;
- /* Length is the length of the seqence */
+ /* Length is the length of the sequence */
c.q=c.p;
if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)
c.p=ASN1_STRING_data(s);
c.max=c.p+ASN1_STRING_length(s);
if (!asn1_GetSequence(&c,&length)) goto err;
- /* Length is the length of the seqence */
+ /* Length is the length of the sequence */
c.q=c.p;
if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)
if (pcert == NULL)
{
/* Always attempt to decrypt all rinfo even
- * after sucess as a defence against MMA timing
+ * after success as a defence against MMA timing
* attacks.
*/
for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
* of entropy bytes are requested. The connection is left open until the
* query is competed.
* RAND_query_egd_bytes() returns with
- * -1 if an error occured during connection or communication.
+ * -1 if an error occurred during connection or communication.
* num the number of bytes read from the EGD socket. This number is either
* the number of bytes requested or smaller, if the EGD pool is
* drained and the daemon signals that the pool is empty.
* RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
* Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
* seed status so that the return value can reflect the seed state:
- * -1 if an error occured during connection or communication _or_
+ * -1 if an error occurred during connection or communication _or_
* if the PRNG has still not received the required seeding.
* num the number of bytes read from the EGD socket. This number is either
* the number of bytes requested or smaller, if the EGD pool is
* ThreadSwitchWithDelay() will introduce additional variability into
* the data returned by rdtsc.
*
- * Applications can agument the seed material by adding additional
+ * Applications can argument the seed material by adding additional
* stuff with RAND_add() and should probably do so.
*/
l = GetProcessSwitchCount();
1.1 23/08/96 - eay
Changed RC2_set_key() so it now takes another argument. Many
thanks to Peter Gutmann <pgut01@cs.auckland.ac.nz> for the
- clarification and origional specification of RC2. BSAFE uses
+ clarification and original specification of RC2. BSAFE uses
this last parameter, 'bits'. It the key is 128 bits, BSAFE
also sets this parameter to 128. The old behaviour can be
duplicated by setting this parameter to 1024.
to remove my 'copy X array onto stack' until inside the RIP1() finctions the
first time round. To do this I need another register and will only have one
temporary one. A bit tricky.... I can also cleanup the saving of the 5 words
-after the first half of the calculation. I should read the origional
+after the first half of the calculation. I should read the original
value, add then write. Currently I just save the new and read the origioal.
I then read both at the end. Bad.
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {
#endif
/* Initialize policy tree. Return values:
- * 0 Some internal error occured.
+ * 0 Some internal error occurred.
* -1 Inconsistent or invalid extensions in certificates.
* 1 Tree initialized OK.
* 2 Policy tree is empty.
# Don't prompt for fields: use those in section directly
prompt = no
distinguished_name = req_distinguished_name
-x509_extensions = v3_ca # The extentions to add to the self signed cert
+x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
# Don't prompt for fields: use those in section directly
prompt = no
distinguished_name = req_distinguished_name
-x509_extensions = v3_ca # The extentions to add to the self signed cert
+x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
/* loop finishes as soon as we detect that one side closed;
* when all (program and OS) buffers have enough space,
- * the data from the last succesful read in each direction is transferred
+ * the data from the last successful read in each direction is transferred
* before close */
do {
int clear_read_select = 0, clear_write_select = 0,
/* key : rc4 key data */
/* index_1 : value of index x from RC4 key structure */
/* index_2 : value of index y from RC4 key structure */
-/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
+/* Be careful : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
unsigned char *index_1, unsigned char *index_2, int mode ) ;
/* key_3 : des third key data */
/* iv : initial vector */
/* mode : xdes mode (encrypt or decrypt) */
-/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
+/* Be careful : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,
const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;
=item L<B<genrsa>|genrsa(1)>
-Generation of RSA Private Key. Superceded by L<B<genpkey>|genpkey(1)>.
+Generation of RSA Private Key. Superseded by L<B<genpkey>|genpkey(1)>.
=item L<B<nseq>|nseq(1)>
the algorithm is determined by the parameters. B<algname:file> use algorithm
B<algname> and parameter file B<file>: the two algorithms must match or an
error occurs. B<algname> just uses algorithm B<algname>, and parameters,
-if neccessary should be specified via B<-pkeyopt> parameter.
+if necessary should be specified via B<-pkeyopt> parameter.
B<dsa:filename> generates a DSA key using the parameters
in the file B<filename>. B<ec:filename> generates EC key (usable both with
The value of B<dirName> should point to a section containing the distinguished
name to use as a set of name value pairs. Multi values AVAs can be formed by
-preceeding the name with a B<+> character.
+preceding the name with a B<+> character.
otherName can include arbitrary data associated with an OID: the value
should be the OID followed by a semicolon and the content in standard
=item B<INTEGER>, B<INT>
Encodes an ASN1 B<INTEGER> type. The B<value> string represents
-the value of the integer, it can be preceeded by a minus sign and
+the value of the integer, it can be preceded by a minus sign and
is normally interpreted as a decimal value unless the prefix B<0x>
is included.
BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(),
BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on
-success and 0 if an error occured.
+success and 0 if an error occurred.
BN_BLINDING_thread_id() returns a pointer to the thread id object
within a B<BN_BLINDING> object.
EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
-changed to return truely const EVP_MD * in OpenSSL 0.9.7.
+changed to return truly const EVP_MD * in OpenSSL 0.9.7.
The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
later, so now EVP_sha1() can be used with RSA and DSA, there is no need to
The function EVP_PKEY_copy_parameters() copies the parameters from key
B<from> to key B<to>.
-The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys
+The function EVP_PKEY_cmp_parameters() compares the parameters of keys
B<a> and B<b>.
-The funcion EVP_PKEY_cmp() compares the public key components and paramters
+The function EVP_PKEY_cmp() compares the public key components and paramters
(if present) of keys B<a> and B<b>.
=head1 NOTES
=head1 NOTES
The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
-is strongly recommened for the B<type> parameter. This allows the
+is strongly recommend for the B<type> parameter. This allows the
internal code to correctly determine the type of the field and to
apply length checks according to the relevant standards. This is
done using ASN1_STRING_set_by_NID().
X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a
non-negative integer representing where in the certificate chain the error
-occurred. If it is zero it occured in the end entity certificate, one if
+occurred. If it is zero it occurred in the end entity certificate, one if
it is the certificate which signed the end entity certificate and so on.
X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
=item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
-A name constraint violation occured in the permitted subtrees.
+A name constraint violation occurred in the permitted subtrees.
=item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
-A name constraint violation occured in the excluded subtrees.
+A name constraint violation occurred in the excluded subtrees.
=item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported>
=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
-An error occured when attempting to verify the CRL path. This error can only
+An error occurred when attempting to verify the CRL path. This error can only
happen if extended CRL checking is enabled.
=item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>
default implementations is by using the ENGINE API functions. The default
B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
RAND_get_rand_method(), is only used if no ENGINE has been set as the default
-"rand" implementation. Hence, these two functions are no longer the recommened
+"rand" implementation. Hence, these two functions are no longer the recommend
way to control defaults.
If an alternative B<RAND_METHOD> implementation is being used (either set
The applications
Ok, where to begin....
-In the begining, when SSLeay was small (April 1995), there
+In the beginning, when SSLeay was small (April 1995), there
were but few applications, they did happily cohabit in
the one bin directory. Then over time, they did multiply and grow,
and they started to look like microsoft software; 500k to print 'hello world'.
A new approach was needed. They were coalessed into one 'Monolithic'
application, ssleay. This one program is composed of many programs that
-can all be compiled independantly.
+can all be compiled independently.
ssleay has 3 modes of operation.
1) If the ssleay binary has the name of one of its component programs, it
int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
Multiply a by a and return the result in 'r'. 'r' must not be
- 'a'. This function is alot faster than BN_mul(r,a,a). This is r=a*a.
+ 'a'. This function is a lot faster than BN_mul(r,a,a). This is r=a*a.
int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
Divide 'm' by 'd' and return the result in 'dv' and the remainder
Inside the USA there is also the unresolved issue of RC4/RC2 which were
made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2). I have
-copies of the origional postings if people are interested. RSA I believe
+copies of the original postings if people are interested. RSA I believe
claim that they were 'trade-secrets' and that some-one broke an NDA in
revealing them. Other claim they reverse engineered the algorithms from
compiled binaries. If the algorithms were reverse engineered, I believe
If it is not defined, they are #defined to malloc(), free() and realloc().
the CRYPTO_malloc() routines by default just call the underlying library
-functons.
+functions.
If CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) is called, memory leak detection is
turned on. CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) turns it off.
./ca -help
- -verbose - Talk alot while doing things
+ -verbose - Talk a lot while doing things
-config file - A config file. If you don't want to use the
default config file
-name arg - The particular CA definition to use
2.) The practical usage
-----------------------
-Unfortunatly since CAPI is a system API you can't access its functions from
+Unfortunately since CAPI is a system API you can't access its functions from
HTML code directly. For this purpose Microsoft provides a wrapper called
certenr3.dll. This DLL accesses the CAPI functions and provides an interface
usable from Visual Basic Script. One needs to install that library on the
CRL's and CA certs are not required simply just the client cert. (It seems to
me that both are not even checked somehow.) The only format of the base64
-encoded object I succesfully used was all characters in a very long string
+encoded object I successfully used was all characters in a very long string
without line feeds or carriage returns. (Hey, it doesn't matter, only a
computer reads it!)
site. Grab it from http://www.easterngraphics.com/certs/IX9704/postit2.c. You
need utils.c from there too.
-2nd note: I'm note quite sure wether the gawk script really handles all
+2nd note: I'm note quite sure whether the gawk script really handles all
possible inputs for the request right! Today I don't use this construction
anymore myself.
meeting some standard (SSLv2, perhaps S/MIME), it would probably be advisable
to stick to IDEA, or for the paranoid, Tripple DES.
-Mind you, having said all that, I should mention that I just read alot and
+Mind you, having said all that, I should mention that I just read a lot and
implement ciphers, I'm a 'babe in the woods' when it comes to evaluating
ciphers :-).
as possible. So you should not think of this library as an SSL
implemtation, but rather as a library of cryptographic functions
that also contains SSL. I refer to each of these function groupings as
-libraries since they are often capable of functioning as independant
+libraries since they are often capable of functioning as independent
libraries
First up, the general ciphers and message digests supported by the library.
to using numbers suplied by others. I conform to the PKCS#3
standard where required.
-You may have noticed the preceeding section mentions the 'generation' of
+You may have noticed the preceding section mentions the 'generation' of
prime numbers. Now this requries the use of 'random numbers'.
RAND This psuedo-random number library is based on MD5 at it's core
If you need to add something todo with a particular environment,
add it to this file. It is worth remembering that quite a few libraries,
like lhash, des, md, sha etc etc do not include crypto/cryptlib.h. This
-is because these libraries should be 'independantly compilable' and so I
+is because these libraries should be 'independently compilable' and so I
try to keep them this way.
e_os.h is not so much a part of SSLeay, as the placing in one spot all the
evil OS dependant muck.
make links re-generates the symbolic links that are used. The reason why
I keep everything in its own directory, and don't put all the
test programs and header files in 'test' and 'include' is because I want
-to keep the 'sub-libraries' independant. I still 'pull' out
+to keep the 'sub-libraries' independent. I still 'pull' out
indervidual libraries for use in specific projects where the code is
required. I have used the 'lhash' library in just about every software
project I have worked on :-).
#define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
#endif
#ifndef DEVRANDOM_EGD
-/* set this to a comma-seperated list of 'egd' sockets to try out. These
+/* set this to a comma-separated list of 'egd' sockets to try out. These
* sockets will be tried in the order listed in case accessing the device files
* listed in DEVRANDOM did not return enough entropy. */
#define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"
openssl dgst -mac gost-mac -macopt key:<32 bytes of key> datafile
- Note absense of an option that specifies digest algorithm. gost-mac
+ Note absence of an option that specifies digest algorithm. gost-mac
algorithm supports only one digest (which is actually part of
implementation of this mac) and OpenSSL is clever enough to find out
this.
if (pkey == NULL)
{
ret = 1;
- /* Well actually sucess as we've set ret to 1 */
+ /* Well actually success as we've set ret to 1 */
goto error;
}
if (!FIPS_digestinit(&mctx, digest))
- Make sure symlinks are created by using -f flag to ln.
Otherwise some .so libraries are copied rather than
linked in the resulting binary RPM. This causes the package
- to be larger than neccessary and makes ldconfig complain.
+ to be larger than necessary and makes ldconfig complain.
* Fri Oct 13 2000 Horms <horms@vergenet.net>
- Make defattr is set for files in all packages so packages built as
non-root will still be installed with files owned by root.
* short etc).
* 1: if the record's padding is valid / the encryption was successful.
* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- * an internal error occured. */
+ * an internal error occurred. */
int dtls1_enc(SSL *s, int send)
{
SSL3_RECORD *rec;
* md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
* md_out_size: if non-NULL, the number of output bytes is written here.
* header: the 13-byte, TLS record header.
- * data: the record data itself, less any preceeding explicit IV.
+ * data: the record data itself, less any preceding explicit IV.
* data_plus_mac_size: the secret, reported length of the data and MAC
* once the padding has been removed.
* data_plus_mac_plus_padding_size: the public length of the whole
* and the ECParameters in this case is just three bytes.
*/
param_len=3;
- /* Check curve is one of our prefrences, if not server has
+ /* Check curve is one of our preferences, if not server has
* sent an invalid curve.
*/
if (!tls1_check_curve(s, p, param_len))
* short etc).
* 1: if the record's padding is valid / the encryption was successful.
* -1: if the record's padding is invalid or, if sending, an internal error
- * occured.
+ * occurred.
*/
int ssl3_enc(SSL *s, int send)
{
/* A separate 'decryption_failed' alert was introduced with TLS 1.0,
* SSL 3.0 only has 'bad_record_mac'. But unless a decryption
* failure is directly visible from the ciphertext anyway,
- * we should not reveal which kind of error occured -- this
+ * we should not reveal which kind of error occurred -- this
* might become visible to an attacker (e.g. via a logfile) */
al=SSL_AD_BAD_RECORD_MAC;
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
* short etc).
* 1: if the record's padding is valid / the encryption was successful.
* -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- * an internal error occured.
+ * an internal error occurred.
*/
int tls1_enc(SSL *s, int send)
{
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
-x509_extensions = v3_ca # The extentions to add to the cert
+x509_extensions = v3_ca # The extensions to add to the cert
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
encrypt_rsa_key = no
prompt = no
# attributes = req_attributes
-x509_extensions = v3_ca # The extentions to add to the self signed cert
+x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = nombstr
projects / oweals / openssl.git / commitdiff