Note: The RSAREF libraries are NOT INCLUDED and you have to
download it from "ftp://ftp.rsa.com/rsaref". You have to
- get the ".tar-Z" file as the ".zip" file dosen't have the
+ get the ".tar-Z" file as the ".zip" file doesn't have the
directory structure stored. You have to extract the file
into the [.RSAREF] directory as that is where the scripts
will look for the files.
can use those macros to simulate older OpenVMS or C library versions,
by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
correct values. In the compilation scripts, I've provided the possibility
-for the user to influense the creation of such macros, through a bunch of
+for the user to influence the creation of such macros, through a bunch of
symbols, all having names starting with USER_. Here's the list of them:
USER_CCFLAGS - Used to give additional qualifiers to the
Heres a few comments about building OpenSSL in Windows environments. Most of
this is tested on Win32 but it may also work in Win 3.1 with some
- modification. See the end of this file for Eric's original comments.
+ modification.
You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
and one of the following C compilers:
$RET=$?;
print "Request (and private key) is in newreq.pem\n";
} elsif (/^-newca$/) {
- # if explictly asked for or it doesn't exist then setup the
+ # if explicitly asked for or it doesn't exist then setup the
# directory structure that Eric likes to manage things
$NEW="1";
if ( "$NEW" || ! -f "${CATOP}/serial" ) {
echo "Request (and private key) is in newreq.pem"
;;
-newca)
- # if explictly asked for or it doesn't exist then setup the directory
+ # if explicitly asked for or it doesn't exist then setup the directory
# structure that Eric likes to manage things
NEW="1"
if [ "$NEW" -o ! -f ${CATOP}/serial ]; then
if (!seeded)
/* If we did not manage to read the seed file,
* we should not write a low-entropy seed file back --
- * it would supress a crucial warning the next time
+ * it would suppress a crucial warning the next time
* we want to use it. */
return 0;
* -i - indent the details by depth
* -offset - where in the file to start
* -length - how many bytes to use
- * -oid file - extra oid decription file
+ * -oid file - extra oid description file
*/
#undef PROG
BIO_printf(bio_err," -out arg output file\n");
BIO_printf(bio_err," -noout arg don't produce any output\n");
BIO_printf(bio_err," -offset arg offset into file\n");
- BIO_printf(bio_err," -length arg lenth of section in file\n");
+ BIO_printf(bio_err," -length arg length of section in file\n");
BIO_printf(bio_err," -i indent entries\n");
BIO_printf(bio_err," -oid file file of extra oid definitions\n");
BIO_printf(bio_err," -strparse offset\n");
}
/*****************************************************************/
- /* we definitly need an public key, so lets get it */
+ /* we definitely need an public key, so lets get it */
if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
section,ENV_PRIVATE_KEY)) == NULL))
if (access(outdir,R_OK|W_OK|X_OK) != 0)
#endif
{
- BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir);
+ BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
perror(outdir);
goto err;
}
TXT_DB_write(out,db);
BIO_printf(bio_err,"%d entries loaded from the database\n",
db->data->num);
- BIO_printf(bio_err,"generating indexs\n");
+ BIO_printf(bio_err,"generating index\n");
}
if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
out=NULL;
if (rename(serialfile,buf[2]) < 0)
{
- BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ BIO_printf(bio_err,"unable to rename %s to %s\n",
serialfile,buf[2]);
perror("reason");
goto err;
}
if (rename(buf[0],serialfile) < 0)
{
- BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ BIO_printf(bio_err,"unable to rename %s to %s\n",
buf[0],serialfile);
perror("reason");
rename(buf[2],serialfile);
if (rename(dbfile,buf[2]) < 0)
{
- BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ BIO_printf(bio_err,"unable to rename %s to %s\n",
dbfile,buf[2]);
perror("reason");
goto err;
}
if (rename(buf[1],dbfile) < 0)
{
- BIO_printf(bio_err,"unabel to rename %s to %s\n",
+ BIO_printf(bio_err,"unable to rename %s to %s\n",
buf[1],dbfile);
perror("reason");
rename(buf[2],dbfile);
}
if (verbose)
- BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
+ BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
row[DB_name]=X509_NAME_oneline(subject,NULL,0);
row[DB_serial]=BN_bn2hex(serial);
goto err;
}
- /* We are now totaly happy, lets make and sign the certificate */
+ /* We are now totally happy, lets make and sign the certificate */
if (verbose)
BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
/* Free the current entries if any, there should not
- * be any I belive */
+ * be any I believe */
if (ci->extensions != NULL)
sk_X509_EXTENSION_pop_free(ci->extensions,
X509_EXTENSION_free);
BN_print(stdout,dh->g);
printf("\n");
if (dh->length != 0)
- printf("recomented private length=%ld\n",dh->length);
+ printf("recommended private length=%ld\n",dh->length);
#endif
}
}
if (!i)
{
- BIO_printf(bio_err,"unable to write DH paramaters\n");
+ BIO_printf(bio_err,"unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (!i)
{
- BIO_printf(bio_err,"unable to write DH paramaters\n");
+ BIO_printf(bio_err,"unable to write DH parameters\n");
ERR_print_errors(bio_err);
goto end;
}
}
if (!i)
{
- BIO_printf(bio_err,"unable to write DSA paramaters\n");
+ BIO_printf(bio_err,"unable to write DSA parameters\n");
ERR_print_errors(bio_err);
goto end;
}
BIO_printf(bio_err,"rc2 :128 bit key RC2 encryption\n");
#endif
#ifndef NO_BF
- BIO_printf(bio_err,"bf :128 bit key BlowFish encryption\n");
+ BIO_printf(bio_err,"bf :128 bit key Blowfish encryption\n");
#endif
#ifndef NO_RC4
BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",
BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
if ((out=BIO_new(BIO_s_file())) == NULL)
{
- BIO_printf(bio_err,"unable to creat BIO for output\n");
+ BIO_printf(bio_err,"unable to create BIO for output\n");
goto err;
}
if (rsa == NULL) goto err;
- /* We need to do the folloing for when the base number size is <
+ /* We need to do the following for when the base number size is <
* long, esp windows 3.1 :-(. */
l=0L;
for (i=0; i<rsa->e->top; i++)
CRYPTO_push_info("verify MAC");
#endif
if (!PKCS12_verify_mac (p12, mpass, -1)) {
- BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
+ BIO_printf (bio_err, "Mac verify error: invalid password?\n");
ERR_print_errors (bio_err);
goto end;
} else BIO_printf (bio_err, "MAC verified OK\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n");
- BIO_printf(bio_err," -cipher - prefered cipher to use, use the 'openssl ciphers'\n");
+ BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n");
BIO_printf(bio_err," command to see what is available\n");
}
if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
if (cipher != NULL)
if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
- BIO_printf(bio_err,"error seting cipher list\n");
+ BIO_printf(bio_err,"error setting cipher list\n");
ERR_print_errors(bio_err);
goto end;
}
if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx)))
{
- /* BIO_printf(bio_err,"error seting default verify locations\n"); */
+ /* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
/* goto end; */
}
#ifndef NO_DH
BIO_printf(bio_err," -no_dhe - Disable ephemeral DH\n");
#endif
- BIO_printf(bio_err," -bugs - Turn on SSL bug compatability\n");
+ BIO_printf(bio_err," -bugs - Turn on SSL bug compatibility\n");
BIO_printf(bio_err," -www - Respond to a 'GET /' with a status page\n");
BIO_printf(bio_err," -WWW - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
}
if (cipher != NULL)
if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
- BIO_printf(bio_err,"error seting cipher list\n");
+ BIO_printf(bio_err,"error setting cipher list\n");
ERR_print_errors(bio_err);
goto end;
}
/* make sure we re-use sessions */
SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
#else
- /* This kills performace */
+ /* This kills performance */
/* SSL_shutdown(con); A shutdown gets sent in the
* BIO_free_all(io) procession */
#endif
file if not specified by this option\n\
-CApath arg - PEM format directory of CA's\n\
-CAfile arg - PEM format file of CA's\n\
--cipher - prefered cipher to use, play with 'openssl ciphers'\n\n";
+-cipher - preferred cipher to use, play with 'openssl ciphers'\n\n";
printf( "usage: s_time <args>\n\n" );
printf("-nbio - Run with non-blocking IO\n");
printf("-ssl2 - Just use SSLv2\n");
printf("-ssl3 - Just use SSLv3\n");
- printf("-bugs - Turn on SSL bug compatability\n");
+ printf("-bugs - Turn on SSL bug compatibility\n");
printf("-new - Just time new connections\n");
printf("-reuse - Just time connection reuse\n");
printf("-www page - Retrieve 'page' from the site\n");
if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(tm_ctx)))
{
- /* BIO_printf(bio_err,"error seting default verify locations\n"); */
+ /* BIO_printf(bio_err,"error setting default verify locations\n"); */
ERR_print_errors(bio_err);
/* goto end; */
}
encerts = sk_X509_new_null();
while (*args) {
if(!(cert = load_cert(*args))) {
- BIO_printf(bio_err, "Can't read recipent certificate file %s\n", *args);
+ BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
goto end;
}
sk_X509_push(encerts, cert);
i = X509_PURPOSE_get_by_sname(*(++argv));
if(i < 0)
{
- BIO_printf(bio_err, "unrecognised purpose\n");
+ BIO_printf(bio_err, "unrecognized purpose\n");
goto end;
}
xptmp = X509_PURPOSE_iget(i);
end:
if (ret == 1) {
BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
- BIO_printf(bio_err,"recognised usages:\n");
+ BIO_printf(bio_err,"recognized usages:\n");
for(i = 0; i < X509_PURPOSE_get_count(); i++) {
X509_PURPOSE *ptmp;
ptmp = X509_PURPOSE_iget(i);
" -in arg - input file - default stdin\n",
" -out arg - output file - default stdout\n",
" -passin arg - private key password\n",
-" -envpassin arg - read private key password from encvironment variable \"arg\"\n",
+" -envpassin arg - read private key password from environment variable \"arg\"\n",
" -serial - print serial number value\n",
" -hash - print hash value\n",
" -subject - print subject DN\n",
" -req - input is a certificate request, sign and output.\n",
" -CA arg - set the CA certificate, must be PEM format.\n",
" -CAkey arg - set the CA key, must be PEM format\n",
-" missing, it is asssumed to be in the CA file.\n",
+" missing, it is assumed to be in the CA file.\n",
" -CAcreateserial - create serial number file if it does not exist\n",
" -CAserial - serial file\n",
" -text - print the certificate in text form\n",
B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
};
-static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c);
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
/* type is a 'bitmap' of acceptable string types.
*/
ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
c.tag=Ptag;
c.xclass=Pclass;
c.max=(length == 0)?0:(p+length);
- if (!asn1_collate_primative(ret,&c))
+ if (!asn1_collate_primitive(ret,&c))
goto err;
else
{
}
-/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapes
- * them into the one struture that is then returned */
+/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
+ * them into the one structure that is then returned */
/* There have been a few bug fixes for this function from
* Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
-static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c)
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
{
ASN1_STRING *os=NULL;
BUF_MEM b;
#include "cryptlib.h"
#include <openssl/asn1.h>
-/* ASN1 functions for NULL type. For compatability with other ASN1 code
+/* ASN1 functions for NULL type. For compatibility with other ASN1 code
* it returns a pointer to an "ASN1_NULL" structure. The new/free functions
* don't need to do any allocating because nothing is stored in a NULL.
*/
if (a == NULL) return;
if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
{
-#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause mempory leaks */
+#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
if (a->sn != NULL) Free((void *)a->sn);
if (a->ln != NULL) Free((void *)a->ln);
#endif
signature->data=buf_out;
buf_out=NULL;
signature->length=outl;
- /* In the interests of compatability, I'll make sure that
+ /* In the interests of compatibility, I'll make sure that
* the bit string has a 'not-used bits' value of 0
*/
signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
#define V_ASN1_PRIMITIVE_TAG 0x1f
#define V_ASN1_PRIMATIVE_TAG 0x1f
-#define V_ASN1_APP_CHOOSE -2 /* let the recipent choose */
+#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */
#define V_ASN1_UNDEF -1
#define V_ASN1_EOC 0
int tag; /* tag from last 'get object' */
int xclass; /* class from last 'get object' */
long slen; /* length of last 'get object' */
- unsigned char *max; /* largest value of p alowed */
+ unsigned char *max; /* largest value of p allowed */
unsigned char *q;/* temporary variable */
unsigned char **pp;/* variable */
int line; /* used in error processing */
}
/* class 0 is constructed
- * constructed == 2 for indefinitle length constructed */
+ * constructed == 2 for indefinite length constructed */
void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
int xclass)
{
if (data != NULL)
{
memcpy(str->data,data,len);
- /* an alowance for strings :-) */
+ /* an allowance for strings :-) */
str->data[len]='\0';
}
return(1);
int keytype;
p = *pp;
/* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
- * by analysing it we can determine the passed structure: this
+ * by analyzing it we can determine the passed structure: this
* assumes the input is surrounded by an ASN1 SEQUENCE.
*/
inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE,
if (!print(bp,"generator:",x->g,m,4)) goto err;
if (x->length != 0)
{
- if (BIO_printf(bp," recomented-private-length: %d bits\n",
+ if (BIO_printf(bp," recommended-private-length: %d bits\n",
(int)x->length) <= 0) goto err;
}
ret=1;
* allow some CA Software to accept the cert request.
* It is not following the PKCS standards ...
* PKCS#10 pg 5
- * attributes [0] IMPLICIT Attibutes
+ * attributes [0] IMPLICIT Attributes
* NOTE: no OPTIONAL ... so it *must* be there
*/
if (a->req_kludge)
/* this is a *nasty* hack reported to be required by some CA's.
* It is not following the PKCS standards ...
* PKCS#10 pg 5
- * attributes [0] IMPLICIT Attibutes
+ * attributes [0] IMPLICIT Attributes
* NOTE: no OPTIONAL ... so it *must* be there
*/
if (a->req_kludge)
* have been reported as requiring it.
* It is not following the PKCS standards ...
* PKCS#10 pg 5
- * attributes [0] IMPLICIT Attibutes
+ * attributes [0] IMPLICIT Attributes
* NOTE: no OPTIONAL ... so it *must* be there
*/
if (asn1_Finish(&c))
*/
/* This module was send to me my Pat Richards <patr@x509.com> who
- * wrote it. It is under my Copyright with his permision
+ * wrote it. It is under my Copyright with his permission
*/
#include <stdio.h>
#include <openssl/opensslv.h>
/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
* CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
*/
-const char *BF_version="BlowFish" OPENSSL_VERSION_PTEXT;
+const char *BF_version="Blowfish" OPENSSL_VERSION_PTEXT;
const char *BF_options(void)
{
#include "bf_locl.h"
/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
* CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
*/
*((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
*((c)++)=(unsigned char)(((l) )&0xff))
-/* This is actually a big endian algorithm, the most significate byte
+/* This is actually a big endian algorithm, the most significant byte
* is used to lookup array 0 */
#if defined(BF_PTR2)
/*
* This is normally very good on RISC platforms where normally you
- * have to explicitely "multiplicate" array index by sizeof(BF_LONG)
- * in order to caclulate the effective address. This implementation
+ * have to explicitly "multiply" array index by sizeof(BF_LONG)
+ * in order to calculate the effective address. This implementation
* excuses CPU from this extra work. Power[PC] uses should have most
* fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
* rlwinm. So let'em double-check if their compiler does it.
}
#ifndef TIMES
- fprintf(stderr,"To get the most acurate results, try to run this\n");
+ fprintf(stderr,"To get the most accurate results, try to run this\n");
fprintf(stderr,"program when this computer is idle.\n");
#endif
#endif
#ifndef TIMES
- printf("To get the most acurate results, try to run this\n");
+ printf("To get the most accurate results, try to run this\n");
printf("program when this computer is idle.\n");
#endif
#define BIO_TYPE_SOCKET (5|0x0400|0x0100)
#define BIO_TYPE_NULL (6|0x0400)
#define BIO_TYPE_SSL (7|0x0200)
-#define BIO_TYPE_MD (8|0x0200) /* pasive filter */
+#define BIO_TYPE_MD (8|0x0200) /* passive filter */
#define BIO_TYPE_BUFFER (9|0x0200) /* filter */
#define BIO_TYPE_CIPHER (10|0x0200) /* filter */
#define BIO_TYPE_BASE64 (11|0x0200) /* filter */
#define BIO_get_retry_flags(b) \
((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
-/* These shouldbe used by the application to tell why we should retry */
+/* These should be used by the application to tell why we should retry */
#define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ)
#define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE)
#define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL)
size_t request; /* valid iff peer != NULL; 0 if len != 0,
* otherwise set by peer to number of bytes
- * it (unsuccesfully) tried to read,
+ * it (unsuccessfully) tried to read,
* never more than buffer space (size-len) warrants. */
};
write_offset -= b->size;
if (write_offset + num > b->size)
/* no ring buffer wrap-around for non-copying interface
- * (to fulfil the promise by BIO_ctrl_get_write_guarantee,
+ * (to fulfill the promise by BIO_ctrl_get_write_guarantee,
* BIO_nwrite may have to be called twice) */
num = b->size - write_offset;
case BIO_C_GET_WRITE_GUARANTEE:
/* How many bytes can the caller feed to the next write
- * withouth having to keep any? */
+ * without having to keep any? */
if (b->peer == NULL || b->closed)
ret = 0;
else
break;
case BIO_C_GET_READ_REQUEST:
- /* If the peer unsuccesfully tried to read, how many bytes
+ /* If the peer unsuccessfully tried to read, how many bytes
* were requested? (As with BIO_CTRL_PENDING, that number
* can usually be treated as boolean.) */
ret = (long) b->request;
}
-/* BIO_nread0/nread/nwrite0/nwrite are availabe only for BIO pairs for now
+/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
* (conceivably some other BIOs could allow non-copying reads and writes too.)
*/
int BIO_nread0(BIO *bio, char **buf)
struct sockaddr_in them;
/* int socket; this will be kept in bio->num so that it is
- * compatable with the bss_sock bio */
+ * compatible with the bss_sock bio */
/* called when the connection is initially made
* callback(BIO,state,ret); The callback should return
- * 'ret'. state is for compatablity with the ssl info_callback */
+ * 'ret'. state is for compatibility with the ssl info_callback */
int (*info_callback)();
} BIO_CONNECT;
*((int *)ptr)=data->port;
}
if ((!b->init) || (ptr == NULL))
- *pptr="not initalised";
+ *pptr="not initialized";
ret=1;
}
break;
if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
ret=inl;
/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
- /* acording to Tim Hudson <tjh@cryptsoft.com>, the commented
+ /* according to Tim Hudson <tjh@cryptsoft.com>, the commented
* out version above can cause 'inl' write calls under
* some stupid stdio implementations (VMS) */
}
* The reason for this flag is that when the particular C compiler
* library routine is used, and the library is linked with a different
* compiler, the library is missing. This mostly happens when the
- * library is built with gcc and then linked using nornal cc. This would
- * be a common occurance because gcc normally produces code that is
+ * library is built with gcc and then linked using normal cc. This would
+ * be a common occurrence because gcc normally produces code that is
* 2 times faster than system compilers for the big number stuff.
* For machines with only one compiler (or shared libraries), this should
* be on. Again this in only really a problem on machines
- * using "long long's", are 32bit, and are not using my assember code. */
+ * using "long long's", are 32bit, and are not using my assembler code. */
#if defined(MSDOS) || defined(WINDOWS) || defined(linux)
#define BN_DIV2W
#endif
/* This is where the long long data type is 64 bits, but long is 32.
* For machines where there are 64bit registers, this is the mode to use.
- * IRIX, on R4000 and above should use this mode, along with the relevent
- * assember code :-). Do NOT define BN_LLONG.
+ * IRIX, on R4000 and above should use this mode, along with the relevant
+ * assembler code :-). Do NOT define BN_LLONG.
*/
#ifdef SIXTY_FOUR_BIT
#undef BN_LLONG
* bits=1 75.4% 79.4%
* bits=2 61.2% 62.4%
* bits=3 61.3% 59.3%
- * The lack of speed improvment is also a function of the pre-calculation
+ * The lack of speed improvement is also a function of the pre-calculation
* which could be removed.
*/
#define EXP2_TABLE_BITS 2 /* 1 2 3 4 5 */
* if A and B happen to share same cache line such code is going to
* cause severe cache trashing. Both factors have severe impact on
* performance of modern CPUs and this is the reason why this
- * particulare piece of code is #ifdefed away and replaced by more
+ * particular piece of code is #ifdefed away and replaced by more
* "friendly" version found in #else section below. This comment
* also applies to BN_copy function.
*
A[0]=B[0];
case 0:
/* I need the 'case 0' entry for utrix cc.
- * If the optimiser is turned on, it does the
+ * If the optimizer is turned on, it does the
* switch table by doing
* a=top&7
* a--;
* n2 must be a power of 2.
* We multiply and return the result.
* t must be 2*n2 words in size
- * We calulate
+ * We calculate
* a[0]*b[0]
* a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
* a[1]*b[1]
goto end;
}
# ifdef BN_RECURSION
- goto symetric;
+ goto symmetric;
# endif
}
#endif
bn_wexpand(b,al);
b->d[bl]=0;
bl++;
- goto symetric;
+ goto symmetric;
}
else if ((i == -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
{
bn_wexpand(a,bl);
a->d[al]=0;
al++;
- goto symetric;
+ goto symmetric;
}
}
#endif
- /* asymetric and >= 4 */
+ /* asymmetric and >= 4 */
if (bn_wexpand(rr,top) == NULL) return(0);
rr->top=top;
bn_mul_normal(rr->d,a->d,al,b->d,bl);
#ifdef BN_RECURSION
if (0)
{
-symetric:
- /* symetric and > 4 */
+symmetric:
+ /* symmetric and > 4 */
/* 16 or larger */
j=BN_num_bits_word((BN_ULONG)al);
j=1<<(j-1);
for (;;)
{
if (verbose)
- printf("timing %s for %d interations\n",p->name,i);
+ printf("timing %s for %d interactions\n",p->name,i);
ms_time_get(start);
p->func(i,p);
}
}
if (verbose)
- printf("using %d interations\n",i);
+ printf("using %d interactions\n",i);
return(i);
}
BN_CTX *ctx = NULL;
BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
BN_MONT_CTX *mont = NULL;
- const BIGNUM *A;
+ const BIGNUM *A = NULL;
if (checks == BN_prime_checks)
checks = BN_prime_checks_for_size(BN_num_bits(a));
d=delta;
delta+=2;
/* perhaps need to check for overflow of
- * delta (but delta can be upto 2^32)
+ * delta (but delta can be up to 2^32)
* 21-May-98 eay - added overflow check */
if (delta < d) goto again;
goto loop;
}
lp--;
/* We now have a series of blocks, BN_DEC_NUM chars
- * in length, where the last one needs trucation.
+ * in length, where the last one needs truncation.
* The blocks need to be reversed in order. */
sprintf(p,BN_DEC_FMT1,*lp);
while (*p) p++;
num=i+neg;
if (bn == NULL) return(num);
- /* a is the start of the hex digets, and it is 'i' long */
+ /* a is the start of the hex digits, and it is 'i' long */
if (*bn == NULL)
{
if ((ret=BN_new()) == NULL) return(0);
/* i is the number of hex digests; */
if (bn_expand(ret,i*4) == NULL) goto err;
- j=i; /* least significate 'hex' */
+ j=i; /* least significant 'hex' */
m=0;
h=0;
while (j > 0)
num=i+neg;
if (bn == NULL) return(num);
- /* a is the start of the digets, and it is 'i' long.
- * We chop it into BN_DEC_NUM digets at a time */
+ /* a is the start of the digits, and it is 'i' long.
+ * We chop it into BN_DEC_NUM digits at a time */
if (*bn == NULL)
{
if ((ret=BN_new()) == NULL) return(0);
* n must be a power of 2.
* We multiply and return the result.
* t must be 2*n words in size
- * We calulate
+ * We calculate
* a[0]*b[0]
* a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
* a[1]*b[1]
#endif
#ifndef TIMES
- printf("To get the most acurate results, try to run this\n");
+ printf("To get the most accurate results, try to run this\n");
printf("program when this computer is idle.\n");
#endif
}
#ifndef TIMES
- fprintf(stderr,"To get the most acurate results, try to run this\n");
+ fprintf(stderr,"To get the most accurate results, try to run this\n");
fprintf(stderr,"program when this computer is idle.\n");
#endif
"des <options> [input-file [output-file]]",
"options:",
"-v : des(1) version number",
-"-e : encrypt using sunOS compatible user key to DES key conversion.",
+"-e : encrypt using SunOS compatible user key to DES key conversion.",
"-E : encrypt ",
-"-d : decrypt using sunOS compatible user key to DES key conversion.",
+"-d : decrypt using SunOS compatible user key to DES key conversion.",
"-D : decrypt ",
-"-c[ckname] : generate a cbc_cksum using sunOS compatible user key to",
+"-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",
" DES key conversion and output to ckname (stdout default,",
" stderr if data being output on stdout). The checksum is",
" generated before encryption and after decryption if used",
" that is used directly as the des key",
"-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
" (uuname is the filename to put in the uuencode header).",
-"-b : encrypt using DES in ecb encryption mode, the defaut is cbc mode.",
-"-3 : encrypt using tripple DES encryption. This uses 2 keys",
+"-b : encrypt using DES in ecb encryption mode, the default is cbc mode.",
+"-3 : encrypt using triple DES encryption. This uses 2 keys",
" generated from the input key. If the input key is less",
-" than 8 characters long, this is equivelent to normal",
+" than 8 characters long, this is equivalent to normal",
" encryption. Default is triple cbc, -b makes it triple ecb.",
NULL
};
#endif
/* The changes to this macro may help or hinder, depending on the
- * compiler and the achitecture. gcc2 always seems to do well :-).
+ * compiler and the architecture. gcc2 always seems to do well :-).
* Inspired by Dana How <how@isl.stanford.edu>
* DO NOT use the alternative version on machines with 8 byte longs.
* It does not seem to work on the Alpha, even when DES_LONG is 4
* bytes, probably an issue of accessing non-word aligned objects :-( */
#ifdef DES_PTR
-/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
+/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
* is no reason to not xor all the sub items together. This potentially
* saves a register since things can be xored directly into L */
}
#ifndef TIMES
- fprintf(stderr,"To get the most acurate results, try to run this\n");
+ fprintf(stderr,"To get the most accurate results, try to run this\n");
fprintf(stderr,"program when this computer is idle.\n");
#endif
for (j=0; j<outnum; j+=i)
{
/* eay 26/08/92 I was not doing writing from where we
- * got upto. */
+ * got up to. */
i=write(fd,(void *)&(outbuf[j]),outnum-j);
if (i == -1)
{
#include <openssl/ebcdic.h>
#endif
-/* This version of crypt has been developed from my MIT compatable
+/* This version of crypt has been developed from my MIT compatible
* DES library.
* The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
* Eric Young (eay@cryptsoft.com)
* I have included directive PARA for shared memory computers.
* I have included a directive LONGCRYPT to using this routine to cipher
* passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
- * definition is the maximum of lenght of password and can changed. I have
+ * definition is the maximum of length of password and can changed. I have
* defined 24.
*/
* returns *\0XXXXXXXXX
* The \0 makes the string look like * so the pwd "*" would
* crypt to "*". This was found when replacing the crypt in
- * our shared libraries. People found that the disbled
- * accounts effectivly had no passwd :-(. */
+ * our shared libraries. People found that the disabled
+ * accounts effectively had no passwd :-(. */
#ifndef CHARSET_EBCDIC
x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
Eswap0=con_salt[x]<<2;
#include <stdio.h>
-/* This version of crypt has been developed from my MIT compatable
+/* This version of crypt has been developed from my MIT compatible
* DES library.
* The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
* Eric Young (eay@cryptsoft.com)
int i;
for (i=0; i<NUM_WEAK_KEY; i++)
- /* Added == 0 to comparision, I obviously don't run
+ /* Added == 0 to comparison, I obviously don't run
* this section very often :-(, thanks to
* engineering@MorningStar.Com for the fix
* eay 93/06/29
#endif
#ifndef TIMES
- printf("To get the most acurate results, try to run this\n");
+ printf("To get the most accurate results, try to run this\n");
printf("program when this computer is idle.\n");
#endif
{ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"},
{ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"},
{ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"},
-{ERR_PACK(ERR_LIB_CONF,0,0) ,"configuation file routines"},
+{ERR_PACK(ERR_LIB_CONF,0,0) ,"configuration file routines"},
{ERR_PACK(ERR_LIB_METH,0,0) ,"X509 lookup 'method' routines"},
{ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"},
{ERR_PACK(ERR_LIB_RSAREF,0,0) ,"RSAref routines"},
#define ERR_GET_REASON(l) (int)((l)&0xfffL)
#define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL)
-/* OS fuctions */
+/* OS functions */
#define SYS_F_FOPEN 1
#define SYS_F_CONNECT 2
#define SYS_F_GETSERVBYNAME 3
and everything was OK. BUT if user types wrong password
BIO_f_cipher outputs only garbage and my function crashes. Yes
I can and I should fix my function, but BIO_f_cipher is
- easy way to add encryption support to many exisiting applications
+ easy way to add encryption support to many existing applications
and it's hard to debug and fix them all.
So I wanted another BIO which would catch the incorrect passwords and
1) you must somehow separate checksum from actual data.
2) you need lot's of memory when reading the file, because you
must read to the end of the file and verify the checksum before
- leting the application to read the data.
+ letting the application to read the data.
BIO_f_reliable tries to solve both problems, so that you can
- read and write arbitraly long streams using only fixed amount
+ read and write arbitrary long streams using only fixed amount
of memory.
BIO_f_reliable splits data stream into blocks. Each block is prefixed
several Kbytes of memory to buffer single block before verifying
it's digest.
- BIO_f_reliable goes futher and adds several important capabilities:
+ BIO_f_reliable goes further and adds several important capabilities:
1) the digest of the block is computed over the whole stream
-- so nobody can rearrange the blocks or remove or replace them.
and then compare the digest output.
Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I
- initialy wrote and tested this code on x86 machine and wrote the
+ initially wrote and tested this code on x86 machine and wrote the
digests out in machine-dependent order :( There are people using
this code and I cannot change this easily without making existing
data files unreadable.
/* Type needs to be a bit field
* Sub-type needs to be for variations on the method, as in, can it do
- * arbitary encryption.... */
+ * arbitrary encryption.... */
typedef struct evp_pkey_st
{
int type;
unsigned char buf[EVP_MAX_IV_LENGTH]; /* saved partial block */
int num; /* used by cfb/ofb mode */
- char *app_data; /* aplication stuff */
+ char *app_data; /* application stuff */
union {
#ifndef NO_RC4
struct
#define EVP_R_INPUT_NOT_INITIALIZED 111
#define EVP_R_IV_TOO_LARGE 102
#define EVP_R_KEYGEN_FAILURE 120
-#define EVP_R_MISSING_PARMATERS 103
+#define EVP_R_MISSING_PARAMETERS 103
#define EVP_R_NO_DSA_PARAMETERS 116
#define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104
#define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105
{EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"},
{EVP_R_IV_TOO_LARGE ,"iv too large"},
{EVP_R_KEYGEN_FAILURE ,"keygen failure"},
-{EVP_R_MISSING_PARMATERS ,"missing parmaters"},
+{EVP_R_MISSING_PARAMETERS ,"missing parameters"},
{EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"},
{EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"},
{EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"},
case EVP_PKEY_DSA:
p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
- /* get paramaters and place in AlgorithmIdentifier */
+ /* get parameters and place in AlgorithmIdentifier */
len = i2d_DSAparams (pkey->pkey.dsa, NULL);
if (!(p = Malloc(len))) {
EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
if (EVP_PKEY_missing_parameters(from))
{
- EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARMATERS);
+ EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
goto err;
}
#ifndef NO_DSA
* [including the GNU Public Licence.]
*/
-/* The new form of this macro (check if the a*b == 0) was sugested by
+/* The new form of this macro (check if the a*b == 0) was suggested by
* Colin Plumb <colin@nyx10.cs.du.edu> */
/* Removal of the inner if from from Wei Dai 24/4/96 */
#define idea_mul(r,a,b,ul) \
#endif
#ifndef TIMES
- printf("To get the most acurate results, try to run this\n");
+ printf("To get the most accurate results, try to run this\n");
printf("program when this computer is idle.\n");
#endif
*
* 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
*
- * 2.0 eay - Fixed a bug that occured when using lh_delete
+ * 2.0 eay - Fixed a bug that occurred when using lh_delete
* from inside lh_doall(). As entries were deleted,
* the 'table' was 'contract()ed', making some entries
* jump from the end of the table to the start, there by
- * skiping the lh_doall() processing. eay - 4/12/95
+ * skipping the lh_doall() processing. eay - 4/12/95
*
* 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
* were not being free()ed. 21/11/95
#define UCHAR unsigned char
-static void md2_block(MD2_CTX *c, unsigned char *d);
+static void md2_block(MD2_CTX *c, const unsigned char *d);
/* The magic S table - I have converted it to hex since it is
- * basicaly just a random byte string. */
+ * basically just a random byte string. */
static MD2_INT S[256]={
0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
c->num=(int)len;
}
-static void md2_block(MD2_CTX *c, unsigned char *d)
+static void md2_block(MD2_CTX *c, const unsigned char *d)
{
register MD2_INT t,*sp1,*sp2;
register int i,j;
/*
* *_block_host_order is expected to handle aligned data while
* *_block_data_order - unaligned. As algorithm and host (x86)
- * are in this case of the same "endianess" these two are
+ * are in this case of the same "endianness" these two are
* otherwise indistinguishable. But normally you don't want to
* call the same function because unaligned access in places
* where alignment is expected is usually a "Bad Thing". Indeed,
* Little-endians (Intel and Alpha) feel better without this.
* It looks like memcpy does better job than generic
* md5_block_data_order on copying-n-aligning input data.
- * But franlky speaking I didn't expect such result on Alpha.
+ * But frankly speaking I didn't expect such result on Alpha.
* On the other hand I've got this with egcs-1.0.2 and if
* program is compiled with another (better?) compiler it
* might turn out other way around.
*/
/* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
- * simplified to the code below. Wei attributes these optimisations
+ * simplified to the code below. Wei attributes these optimizations
* to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
*/
#define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d))
#define OBJ_ripemd160 1L,3L,36L,3L,2L,1L
/* The name should actually be rsaSignatureWithripemd160, but I'm going
- * to contiune using the convention I'm using with the other ciphers */
+ * to continue using the convention I'm using with the other ciphers */
#define SN_ripemd160WithRSA "RSA-RIPEMD160"
#define LN_ripemd160WithRSA "ripemd160WithRSA"
#define NID_ripemd160WithRSA 119
#define NID_ms_efs 138
#define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
-/* Addidional usage: Netscape */
+/* Additional usage: Netscape */
#define SN_ns_sgc "nsSGC"
#define LN_ns_sgc "Netscape Server Gated Crypto"
/* most of the following are used when doing non-blocking IO */
/* reading */
long num_left; /* number of bytes still to read/write in block */
- int depth; /* used with idefinite encoding. */
+ int depth; /* used with indefinite encoding. */
int finished; /* No more read data */
/* writting */
tmpval = BUF_strdup(value);
if(!tmpval) return 0;
} else tmpval = NULL;
- /* Paramter values are case sensitive so leave as is */
+ /* Parameter values are case sensitive so leave as is */
mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM));
if(!mparam) return 0;
mparam->param_name = tmpname;
#define PKCS7_BINARY 0x80
#define PKCS7_NOATTR 0x100
-/* Flags: for compatability with older code */
+/* Flags: for compatibility with older code */
#define SMIME_TEXT PKCS7_TEXT
#define SMIME_NOCERTS PKCS7_NOCERTS
*/
/*
* I have modified the loading of bytes via RAND_seed() mechanism since
- * the origional would have been very very CPU intensive since RAND_seed()
+ * the original would have been very very CPU intensive since RAND_seed()
* does an MD5 per 16 bytes of input. The cost to digest 16 bytes is the same
* as that to digest 56 bytes. So under the old system, a screen of
- * 1024*768*256 would have been CPU cost of approximatly 49,000 56 byte MD5
+ * 1024*768*256 would have been CPU cost of approximately 49,000 56 byte MD5
* digests or digesting 2.7 mbytes. What I have put in place would
- * be 48 16k MD5 digests, or efectivly 48*16+48 MD5 bytes or 816 kbytes
+ * be 48 16k MD5 digests, or effectively 48*16+48 MD5 bytes or 816 kbytes
* or about 3.5 times as much.
* - eric
*/
#endif
#ifndef TIMES
- printf("To get the most acurate results, try to run this\n");
+ printf("To get the most accurate results, try to run this\n");
printf("program when this computer is idle.\n");
#endif
#endif
#ifndef TIMES
- printf("To get the most acurate results, try to run this\n");
+ printf("To get the most accurate results, try to run this\n");
printf("program when this computer is idle.\n");
#endif
#endif
#ifndef TIMES
- printf("To get the most acurate results, try to run this\n");
+ printf("To get the most accurate results, try to run this\n");
printf("program when this computer is idle.\n");
#endif
* to be signed/verified: this allows them to be used. Note: for this to work
* the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
* RSA_sign(), RSA_verify() should be used instead. Note: for backwards
- * compatability this functionality is only enabled if the RSA_FLAG_SIGN_VER
+ * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
* option is set in 'flags'.
*/
int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
goto err;
}
- /* This check was for equallity but PGP does evil things
+ /* This check was for equality but PGP does evil things
* and chops off the top '0' bytes */
if (flen > num)
{
goto err;
}
- /* This check was for equallity but PGP does evil things
+ /* This check was for equality but PGP does evil things
* and chops off the top '0' bytes */
if (flen > num)
{
#ifdef RSA_DEBUG
- /* put a backward compatability flag in EAY */
+ /* put a backward compatibility flag in EAY */
fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
OBJ_nid2ln(dtype));
#endif
/* Code for stacks
* Author - Eric Young v 1.0
* 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the
- * lowest index for the seached item.
+ * lowest index for the searched item.
*
* 1.1 eay - Take from netdb and added to SSLeay
*
/* usage:
* CRYPTO_thread_setup();
- * applicaion code
+ * application code
* CRYPTO_thread_cleanup();
*/
/* The next 2 structures and their 8 routines were sent to me by
* Pat Richard <patr@x509.com> and are used to manipulate
- * Netscapes spki strucutres - usefull if you are writing a CA web page
+ * Netscapes spki structures - useful if you are writing a CA web page
*/
typedef struct Netscape_spkac_st
{
int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req);
int X509_REQ_extension_nid(int nid);
-int * X509_REQ_get_extesion_nids(void);
+int * X509_REQ_get_extension_nids(void);
void X509_REQ_set_extension_nids(int *nids);
STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
char *buf,int len);
/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use
- * lastpos, seach after that position on. */
+ * lastpos, search after that position on. */
int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
int lastpos);
#ifndef NO_MD5
/* I now DER encode the name and hash it. Since I cache the DER encoding,
- * this is reasonably effiecent. */
+ * this is reasonably efficient. */
unsigned long X509_NAME_hash(X509_NAME *x)
{
unsigned long ret=0;
}
}
-int *X509_REQ_get_extesion_nids(void)
+int *X509_REQ_get_extension_nids(void)
{
return ext_nids;
}
static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
{
if(x->aux) return obj_trust(trust->arg1, x, flags);
- /* we don't have any trust settings: for compatability
+ /* we don't have any trust settings: for compatibility
* we return trusted if it is self signed
*/
X509_check_purpose(x, -1, 0);
B<-sign> option. The PKCS#12 file can be imported directly into a browser.
If there is an additional argument on the command line it will be used as the
"friendly name" for the certificate (which is typically displayed in the browser
-list box), otherwise the name "My Certifictate" is used.
+list box), otherwise the name "My Certificate" is used.
=item B<-sign>, B<-signreq>, B<-xsign>
=item B<-v>
-verbose option. List ciphers with a complete decsription of the authentication,
+verbose option. List ciphers with a complete description of the authentication,
key exchange, encryption and mac algorithms used along with any key size
restrictions and whether the algorithm is classed as an "export" cipher.
=item B<ADH>
-anoymous DH cipher suites.
+anonymous DH cipher suites.
=item B<3DES>
=head1 NOTES
-The non ephemeral DH modes are currently unimplimented in OpenSSL
+The non-ephemeral DH modes are currently unimplemented in OpenSSL
because there is no support for DH certificates.
Some compiled versions of OpenSSL may not include all the ciphers
It is possible to escape certain characters by using any kind of quote
or the B<\> character. By making the last character of a line a B<\>
a B<value> string can be spread across multiple lines. In addition
-the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognised.
+the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized.
=head1 NOTES
CN=My Name
OU=My Organization
- emailAddress=someone@somehere.org
+ emailAddress=someone@somewhere.org
This allows external programs (e.g. GUI based) to generate a template file
with all the field names and values and just pass it to B<req>. An example
=item B<-nbio_test>
-tests non blocking I/O
+tests non-blocking I/O
=item B<-nbio>
-turns on non blocking I/O
+turns on non-blocking I/O
=item B<-crlf>
B<-www> nor the B<-WWW> option has been used then normally any data received
from the client is displayed and any key presses will be sent to the client.
-Certain single letter commands are also recognised which perform special
+Certain single letter commands are also recognized which perform special
operations: these are listed below.
=over 4
=item B<-out filename>
-This specifies the output filename to write session information toor standard
+This specifies the output filename to write session information to or standard
output if this option is not specified.
=item B<-text>
See the description of the B<verify> utility for more information on the
meaning of trust settings.
-Future versions of OpenSSL will recognise trust settings on any
+Future versions of OpenSSL will recognize trust settings on any
certificate: not just root CAs.
=head1 DESCRIPTION
-MD2 and MD5 are cryptographic hashs function with a 128 bit output.
+MD2 and MD5 are cryptographic hash functions with a 128 bit output.
MD2() and MD5() compute the MD2 and MD5 message digest of the B<n>
bytes at B<d> and place it in B<md> (which must have space for
*(d++) = v[1];
/* lets populate the random area */
- /* get the chalenge_length */
+ /* get the challenge_length */
i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
memset(d,0,SSL3_RANDOM_SIZE);
memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);
/* ERR_clear_error();*/
/* If we want to cache session-ids in the client
- * and we sucessfully add the session-id to the
+ * and we successfully add the session-id to the
* cache, and there is a callback, then pass it out.
* 26/11/96 - eay - only add if not a re-used session.
*/
*/
#endif
- /* we need to do this incase we were trying to reuse a
+ /* we need to do this in case we were trying to reuse a
* client session but others are already reusing it.
* If this was a new 'blank' session ID, the session-id
* length will still be 0 */
/* In theory we could have ciphers sent back that we
* don't want to use but that does not matter since we
- * will check against the list we origionally sent and
+ * will check against the list we originally sent and
* for performance reasons we should not bother to match
* the two lists up just to check. */
for (i=0; i<sk_SSL_CIPHER_num(cl); i++)
{
/* this is not good. If things have failed it
* means there so something wrong with the key.
- * We will contiune with a 0 length signature
+ * We will continue with a 0 length signature
*/
}
memset(&ctx,0,sizeof(ctx));
s->init_off=0;
}
/* SSL2_ST_SEND_SERVER_HELLO_B */
- /* If we are using TCP/IP, the performace is bad if we do 2
+ /* If we are using TCP/IP, the performance is bad if we do 2
* writes without a read between them. This occurs when
* Session-id reuse is used, so I will put in a buffering module
*/
if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
{
- /* If netscape tollerance is on, ignore errors */
+ /* If netscape tolerance is on, ignore errors */
if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
goto cont;
else
ERR_clear_error();
}
- /* we should setup a certficate to return.... */
+ /* we should setup a certificate to return.... */
s->s3->tmp.cert_req=1;
s->s3->tmp.ctype_num=ctype_num;
if (s->s3->tmp.ca_names != NULL)
case SSL_AD_ACCESS_DENIED: return(SSL3_AD_HANDSHAKE_FAILURE);
case SSL_AD_DECODE_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
case SSL_AD_DECRYPT_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_EXPORT_RESTRICION: return(SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_EXPORT_RESTRICTION: return(SSL3_AD_HANDSHAKE_FAILURE);
case SSL_AD_PROTOCOL_VERSION: return(SSL3_AD_HANDSHAKE_FAILURE);
case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE);
case SSL_AD_INTERNAL_ERROR: return(SSL3_AD_HANDSHAKE_FAILURE);
- case SSL_AD_USER_CANCLED: return(SSL3_AD_HANDSHAKE_FAILURE);
+ case SSL_AD_USER_CANCELLED: return(SSL3_AD_HANDSHAKE_FAILURE);
case SSL_AD_NO_RENEGOTIATION: return(-1); /* Don't send it :-) */
default: return(-1);
}
/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
* rr->length bytes of encrypted compressed stuff. */
- /* check is not needed I belive */
+ /* check is not needed I believe */
if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
{
al=SSL_AD_RECORD_OVERFLOW;
* compression - basically ignored right now
* ssl version is set - sslv3
* s->session - The ssl session has been setup.
- * s->hit - sesson reuse flag
+ * s->hit - session reuse flag
* s->tmp.new_cipher - the new cipher to use.
*/
STACK_OF(SSL_CIPHER) *cipher_list_by_id;
struct x509_store_st /* X509_STORE */ *cert_store;
- struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSION's */
+ struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */
/* Most session-ids that will be cached, default is
* SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
unsigned long session_cache_size;
unsigned long mode; /* API behaviour */
int first_packet;
int client_version; /* what was passed, used for
- * SSLv3/TLS rolback check */
+ * SSLv3/TLS rollback check */
};
#include <openssl/ssl2.h>
#include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */
#include <openssl/ssl23.h>
-/* compatablity */
+/* compatibility */
#define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg))
#define SSL_get_app_data(s) (SSL_get_ex_data(s,0))
#define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a))
#define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
/* The following are the possible values for ssl->state are are
- * used to indicate where we are upto in the SSL connection establishment.
+ * used to indicate where we are up to in the SSL connection establishment.
* The macros that follow are about the only things you should need to use
* and even then, only when using non-blocking IO.
* It can also be useful to work out where you were when the connection
#define SSLeay_add_ssl_algorithms() SSL_library_init()
-/* this is for backward compatablility */
+/* this is for backward compatibility */
#if 0 /* NEW_SSLEAY */
#define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c)
#define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n)
#define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b))
#define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b))
#endif
-/* More backward compatablity */
+/* More backward compatibility */
#define SSL_get_cipher(s) \
SSL_CIPHER_get_name(SSL_get_current_cipher(s))
#define SSL_get_cipher_bits(s,np) \
#define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */
#define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */
#define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR
-#define SSL_AD_EXPORT_RESTRICION TLS1_AD_EXPORT_RESTRICION/* fatal */
+#define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */
#define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */
#define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */
#define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */
-#define SSL_AD_USER_CANCLED TLS1_AD_USER_CANCLED
+#define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED
#define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION
#define SSL_ERROR_NONE 0
#define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050
#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021
#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051
-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICION 1060
+#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060
#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071
#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080
#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100
#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070
#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022
#define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048
-#define SSL_R_TLSV1_ALERT_USER_CANCLED 1090
+#define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090
#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232
#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234
int warn_alert;
int fatal_alert;
- /* we alow one fatal and one warning alert to be outstanding,
+ /* we allow one fatal and one warning alert to be outstanding,
* send close alert via the warning alert */
int alert_dispatch;
unsigned char send_alert[2];
return(0);
/* Note that I cheat in the following 2 assignments. I know
- * that if the ASN1_INTERGER passed to ASN1_INTEGER_set
+ * that if the ASN1_INTEGER passed to ASN1_INTEGER_set
* is > sizeof(long)+1, the buffer will not be re-Malloc()ed.
* This is a bit evil but makes things simple, no dynamic allocation
* to clean up :-) */
{
/*
* We hit something, we cannot deal with,
- * it is no command or seperator nor
+ * it is no command or separator nor
* alphanumeric, so we call this an error.
*/
SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR,
multi=0;
/*
- * Now search for the name in the ca_list. Be carefule
+ * Now search for the name in the ca_list. Be careful
* with the strncmp, because the "buflen" limitation
* will make the rule "ADH:SOME" and the cipher
* "ADH-MY-CIPHER" look like a match for buflen=3.
* There might be two types of entries in the rule_str: 1) names
* of ciphers themselves 2) aliases for groups of ciphers.
* For 1) we need the available ciphers and for 2) the cipher
- * groups of cipher_aliases added togehter in one list (otherwise
+ * groups of cipher_aliases added together in one list (otherwise
* we would be happy with just the cipher_aliases table).
*/
num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
/*
* Now it is getting really strange. If something failed during
- * the previous pointer assignement or if one of the pointers was
+ * the previous pointer assignment or if one of the pointers was
* not requested, the error condition is met. That might be
* discussable. The strange thing is however that in this case
* the memory "ret" pointed to is "free()ed" and hence the pointer
return("(NONE)");
}
-/* number of bits for symetric cipher */
+/* number of bits for symmetric cipher */
int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits)
{
int ret=0;
{SSL_R_TLSV1_ALERT_DECODE_ERROR ,"tlsv1 alert decode error"},
{SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ,"tlsv1 alert decryption failed"},
{SSL_R_TLSV1_ALERT_DECRYPT_ERROR ,"tlsv1 alert decrypt error"},
-{SSL_R_TLSV1_ALERT_EXPORT_RESTRICION ,"tlsv1 alert export restricion"},
+{SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION ,"tlsv1 alert export restriction"},
{SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"},
{SSL_R_TLSV1_ALERT_INTERNAL_ERROR ,"tlsv1 alert internal error"},
{SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ,"tlsv1 alert no renegotiation"},
{SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ,"tlsv1 alert protocol version"},
{SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ,"tlsv1 alert record overflow"},
{SSL_R_TLSV1_ALERT_UNKNOWN_CA ,"tlsv1 alert unknown ca"},
-{SSL_R_TLSV1_ALERT_USER_CANCLED ,"tlsv1 alert user cancled"},
+{SSL_R_TLSV1_ALERT_USER_CANCELLED ,"tlsv1 alert user cancelled"},
{SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"},
{SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"},
{SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"},
* can be publicly accessed.
* Use the according functions for cipher management instead.
*
- * The bit mask hendling in the selection and sorting scheme in
+ * The bit mask handling in the selection and sorting scheme in
* ssl_create_cipher_list() has only limited capabilities, reflecting
- * that the different entities within are mutually exclusiv:
+ * that the different entities within are mutually exclusive:
* ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
*/
#define SSL_MKEY_MASK 0x0000001FL
/* we have used 001fffff - 11 bits left to go */
/*
- * Export and cipher strenght information. For each cipher we have to decide
+ * Export and cipher strength information. For each cipher we have to decide
* whether it is exportable or not. This information is likely to change
* over time, since the export control rules are no static technical issue.
*
* Independent of the export flag the cipher strength is sorted into classes.
* SSL_EXP40 was denoting the 40bit US export limit of past times, which now
* is at 56bit (SSL_EXP56). If the exportable cipher class is going to change
- * againg (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
+ * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more,
* since SSL_EXP64 could be similar to SSL_LOW.
* For this reason SSL_MICRO and SSL_MINI macros are included to widen the
* namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed
/* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff
* It is a bit of a mess of functions, but hell, think of it as
- * an opaque strucute :-) */
+ * an opaque structure :-) */
typedef struct ssl3_enc_method
{
int (*enc)(SSL *, int);
/* Used for holding the relevant compression methods loaded into SSL_CTX */
typedef struct ssl3_comp_st
{
- int comp_id; /* The identifer byte for this compression type */
+ int comp_id; /* The identifier byte for this compression type */
char *name; /* Text name used for the compression type */
COMP_METHOD *method; /* The method :-) */
} SSL3_COMP;
#endif
#if !defined(NO_SSL2) && !defined(NO_SSL3)
-/* SSLv2/v3 compatablitity states */
+/* SSLv2/v3 compatibility states */
/* client */
case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break;
case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break;
#endif
#if !defined(NO_SSL2) && !defined(NO_SSL3)
-/* SSLv2/v3 compatablitity states */
+/* SSLv2/v3 compatibility states */
/* client */
case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break;
case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break;
str="close notify";
break;
case SSL3_AD_UNEXPECTED_MESSAGE:
- str="unexected_message";
+ str="unexpected_message";
break;
case SSL3_AD_BAD_RECORD_MAC:
str="bad record mac";
str="certificate expired";
break;
case SSL3_AD_CERTIFICATE_UNKNOWN:
- str="certifcate unknown";
+ str="certificate unknown";
break;
case SSL3_AD_ILLEGAL_PARAMETER:
str="illegal parameter";
* Useful functions for querying the state of BIO pair endpoints:
*
* BIO_ctrl_pending(bio) number of bytes we can read now
- * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfil
+ * BIO_ctrl_get_read_request(bio) number of bytes needed to fulfill
* other side's read attempt
- * BIO_ctrl_get_write_gurantee(bio) number of bytes we can write now
+ * BIO_ctrl_get_write_guarantee(bio) number of bytes we can write now
*
* ..._read_request is never more than ..._write_guarantee;
* it depends on the application which one you should use.
case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED);
case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR);
case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR);
- case SSL_AD_EXPORT_RESTRICION: return(TLS1_AD_EXPORT_RESTRICION);
+ case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION);
case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION);
case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY);
case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR);
- case SSL_AD_USER_CANCLED: return(TLS1_AD_USER_CANCLED);
+ case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED);
case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION);
default: return(-1);
}
#define TLS1_AD_ACCESS_DENIED 49 /* fatal */
#define TLS1_AD_DECODE_ERROR 50 /* fatal */
#define TLS1_AD_DECRYPT_ERROR 51
-#define TLS1_AD_EXPORT_RESTRICION 60 /* fatal */
+#define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */
#define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */
#define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */
#define TLS1_AD_INTERNAL_ERROR 80 /* fatal */
-#define TLS1_AD_USER_CANCLED 90
+#define TLS1_AD_USER_CANCELLED 90
#define TLS1_AD_NO_RENEGOTIATION 100
#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060
projects / oweals / openssl.git / commitdiff