4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
- warnings. Where gcc or clang is availble you should use the
+ warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
# DEBUG_UNUSED enables __owur (warn unused result) checks.
my $gcc_devteam_warn = "-DDEBUG_UNUSED"
# -DPEDANTIC complements -pedantic and is meant to mask code that
- # is not strictly standard-compliant and/or implementation-specifc,
+ # is not strictly standard-compliant and/or implementation-specific,
# e.g. inline assembly, disregards to alignment requirements, such
# that -pedantic would complain about. Incidentally -DPEDANTIC has
# to be used even in sanitized builds, because sanitizer too is
our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
#
-# API compability name to version number mapping.
+# API compatibility name to version number mapping.
#
my $maxapi = "1.1.0"; # API for "no-deprecated" builds
my $apitable = {
}
unless ($disabled{ubsan}) {
- # -DPEDANTIC or -fnosanitize=aligmnent may also be required on some
+ # -DPEDANTIC or -fnosanitize=alignment may also be required on some
# platforms.
$config{cflags} .= "-fsanitize=undefined -fno-sanitize-recover=all ";
}
on a platform that does not support AFALG.
enable-asan
- Build with the Address sanitser. This is a developer option
+ Build with the Address sanitiser. This is a developer option
only. It may not work on all platforms and should never be
used in production environments. It will only work when used
with gcc or clang and should be used in conjunction with the
"illegal instruction" exception. There might be a way
to enable support in kernel, e.g. FreeBSD kernel can be
compiled with CPU_ENABLE_SSE, and there is a way to
- disengage SSE2 code pathes upon application start-up,
+ disengage SSE2 code paths upon application start-up,
but if you aim for wider "audience" running such kernel,
consider no-sse2. Both the 386 and no-asm options imply
no-sse2.
Don't build Time Stamping Authority support.
enable-ubsan
- Build with the Undefined Behaviour sanitser. This is a
+ Build with the Undefined Behaviour sanitiser. This is a
developer option only. It may not work on all platforms and
should never be used in production environments. It will only
work when used with gcc or clang and should be used in
$ nmake test # Windows
NOTE: you MUST run the tests from an unprivileged account (or
- disable your privileges temporarly if your platform allows it).
+ disable your privileges temporarily if your platform allows it).
If some tests fail, look at the output. There may be reasons for
the failure that isn't a problem in OpenSSL itself (like a
o New STORE structure and library to provide an interface to all
sorts of data repositories. Supports storage of public and
private keys, certificates, CRLs, numbers and arbitrary blobs.
- This library is unfortunately unfinished and unused withing
- OpenSSL.
+ This library is unfortunately unfinished and unused within
+ OpenSSL.
o New control functions for the error stack.
o Changed the PKCS#7 library to support one-pass S/MIME
processing.
o Major overhaul of RC4 performance on Intel P4, IA-64 and
AMD64.
o Changed the Configure script to have some algorithms disabled
- by default. Those can be explicitely enabled with the new
+ by default. Those can be explicitly enabled with the new
argument form 'enable-xxx'.
o Change the default digest in 'openssl' commands from MD5 to
SHA-1.
"Matching Perl" refers to chosen "shell environment", i.e. if built
under MSYS, then Perl compiled for MSYS must be used.
- Alternativelly, one can use MSYS2 from https://msys2.github.io/,
+ Alternatively, one can use MSYS2 from https://msys2.github.io/,
which includes MingW (32-bit and 64-bit).
* It is also possible to cross-compile it on Linux by configuring
In order to avoid spam, this is a moderated mailing list, and it might
take a couple of days for the ticket to show up. (We also scan posts to make
- sure that security disclosures aren't publically posted by mistake.) Mail
+ sure that security disclosures aren't publicly posted by mistake.) Mail
to this address is recorded in the public RT (request tracker) database
(see https://www.openssl.org/community/index.html#bugs for details) and
also forwarded the public openssl-dev mailing list. Confidential mail
}
/*
* Use colon separators for each octet for compatibility as
- * this fuction is used to print out key components.
+ * this function is used to print out key components.
*/
if (BIO_printf(bp, "%02x%s", buf[i],
(i == buflen - 1) ? "" : ":") <= 0)
return 0;
break;
}
- /* fall thru */
+ /* fall through */
case ASN1_ITYPE_MSTRING:
if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx))
return 0;
ao[i]->type = i;
ao[i]->obj = o;
aop = lh_ADDED_OBJ_insert(added, ao[i]);
- /* memory leak, buit should not normally matter */
+ /* memory leak, but should not normally matter */
OPENSSL_free(aop);
}
}
=item L<B<nseq>|nseq(1)>
-Create or examine a netscape certificate sequence
+Create or examine a Netscape certificate sequence
=item L<B<ocsp>|ocsp(1)>
Ensure the output buffer contains 65 bytes of storage for each block, plus an
additional byte for a NUL terminator. EVP_EncodeUpdate() may be called
repeatedly to process large amounts of input data. In the event of an error
-EVP_EncodeUpdate() will set B<*outl> to 0 and return 0. On success 1 wil be
+EVP_EncodeUpdate() will set B<*outl> to 0 and return 0. On success 1 will be
returned.
EVP_EncodeFinal() must be called at the end of an encoding operation. It will
EVP_DecodeBlock() will decode the block of B<n> characters of base 64 data
contained in B<f> and store the result in B<t>. Any leading whitespace will be
trimmed as will any trailing whitespace, newlines, carriage returns or EOF
-characters. After such trimming the length of the data in B<f> must be divisbile
+characters. After such trimming the length of the data in B<f> must be divisible
by 4. For every 4 input bytes exactly 3 output bytes will be produced. The
output will be padded with 0 bits if necessary to ensure that the output is
always 3 bytes for every 4 input bytes. This function will return the length of
int dump);
const char *ASN1_tag2str(int tag);
-/* Used to load and write netscape format cert */
+/* Used to load and write Netscape format cert */
int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
# define SSL_R_NO_RENEGOTIATION 339
# define SSL_R_NO_REQUIRED_DIGEST 324
# define SSL_R_NO_SHARED_CIPHER 193
-# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376
+# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376
# define SSL_R_NO_SRTP_PROFILES 359
# define SSL_R_NO_VALID_SCTS 216
# define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403
/*
* If remaining time is less than 15 ms, set it to 0 to prevent issues
- * because of small devergences with socket timeouts.
+ * because of small divergences with socket timeouts.
*/
if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
memset(timeleft, 0, sizeof(*timeleft));
/*-
* Create HeartBeat message, we just use a sequence number
- * as payload to distuingish different messages and add
+ * as payload to distinguish different messages and add
* some random stuff.
*/
size = HEARTBEAT_SIZE(payload, padding);
#include <openssl/dh.h>
/*
- * structure holding name tables. This is used for pemitted elements in lists
+ * structure holding name tables. This is used for permitted elements in lists
* such as TLSv1.
*/
{ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
{ERR_REASON(SSL_R_NO_REQUIRED_DIGEST), "no required digest"},
{ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
- {ERR_REASON(SSL_R_NO_SHARED_SIGATURE_ALGORITHMS),
- "no shared sigature algorithms"},
+ {ERR_REASON(SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS),
+ "no shared signature algorithms"},
{ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
{ERR_REASON(SSL_R_NO_VALID_SCTS), "no valid scts"},
{ERR_REASON(SSL_R_NO_VERIFY_COOKIE_CALLBACK),
* is indicated to the callback. In this case, the client application has to
* abort the connection or have a default application level protocol. 2) If
* the server supports NPN, but advertises an empty list then the client
- * selects the first protcol in its list, but indicates via the API that this
+ * selects the first protocol in its list, but indicates via the API that this
* fallback case was enacted. 3) Otherwise, the client finds the first
* protocol in the server's list that it supports and selects this protocol.
* This is because it's assumed that the server has better information about
* value is negative.
*
* XXX: One might well argue that the return value of this function is an
- * unforunate design choice. Its job is only to determine the validation
+ * unfortunate design choice. Its job is only to determine the validation
* status of each of the provided SCTs. So long as it correctly separates
* the wheat from the chaff it should return success. Failure in this case
* ought to correspond to an inability to carry out its duties.
goto err;
else
/*
- * make sure it's intialized in case we exit later with an error
+ * make sure it's initialised in case we exit later with an error
*/
EVP_CIPHER_CTX_reset(s->enc_read_ctx);
dd = s->enc_read_ctx;
/* Fatal error is no shared signature algorithms */
if (!s->cert->shared_sigalgs) {
SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS,
- SSL_R_NO_SHARED_SIGATURE_ALGORITHMS);
+ SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS);
al = SSL_AD_ILLEGAL_PARAMETER;
goto err;
}