possible to have different stores per SSL structure or one store in
the parent SSL_CTX. Include distinct stores for certificate chain
verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
- to build and store a certificate chain in CERT structure: returing
+ to build and store a certificate chain in CERT structure: returning
an error if the chain cannot be built: this will allow applications
to test if a chain is correctly configured.
3. Check DSA/ECDSA signatures use DER.
- Reencode DSA/ECDSA signatures and compare with the original received
+ Re-encode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.
This will reject various cases including garbage after signature
*) Add additional DigestInfo checks.
- Reencode DigestInto in DER and check against the original when
+ Re-encode DigestInto in DER and check against the original when
verifying RSA signature: this will reject any improperly encoded
DigestInfo structures.
*) An attacker can force an error condition which causes openssl to crash
whilst processing DTLS packets due to memory being freed twice. This
can be exploited through a Denial of Service attack.
- Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
+ Thanks to Adam Langley and Wan-The Chang for discovering and researching
this issue.
(CVE-2014-3505)
[Adam Langley]
in CMS and PKCS7 code. When RSA decryption fails use a random key for
content decryption and always return the same error. Note: this attack
needs on average 2^20 messages so it only affects automated senders. The
- old behaviour can be reenabled in the CMS code by setting the
+ old behaviour can be re-enabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
an MMA defence is not necessary.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
as part of the CRL checking and indicate a new error "CRL path validation
error" in this case. Applications wanting additional details can use
the verify callback and check the new "parent" field. If this is not
- NULL CRL path validation is taking place. Existing applications wont
+ NULL CRL path validation is taking place. Existing applications won't
see this because it requires extended CRL support which is off by
default.
This work was sponsored by Logica.
[Steve Henson]
- *) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
+ *) Fix bug in X509_ATTRIBUTE creation: don't set attribute using
ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
- attribute creation routines such as certifcate requests and PKCS#12
+ attribute creation routines such as certificate requests and PKCS#12
files.
[Steve Henson]
[Ian Lister (tweaked by Geoff Thorpe)]
*) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
- implemention in the following ways:
+ implementation in the following ways:
Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
hard coded.
implementation in BN_mod_exp_mont_consttime().) The old name
remains as a deprecated alias.
- Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
+ Similarly, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
constant-time implementations for more than just exponentiation.
Here too the old name is kept as a deprecated alias.
*) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
and DH_METHOD (eg. by ENGINE implementations) to override the normal
software implementations. For DSA and DH, parameter generation can
- also be overriden by providing the appropriate method callbacks.
+ also be overridden by providing the appropriate method callbacks.
[Geoff Thorpe]
*) Change the "progress" mechanism used in key-generation and
the "shared" options was given to ./Configure or ./config.
Otherwise, they are inserted in libcrypto.a.
/usr/local/ssl/engines is the default directory for dynamic
- engines, but that can be overriden at configure time through
+ engines, but that can be overridden at configure time through
the usual use of --prefix and/or --openssldir, and at run
time with the environment variable OPENSSL_ENGINES.
[Geoff Thorpe and Richard Levitte]
[Steve Henson]
*) Perform some character comparisons of different types in X509_NAME_cmp:
- this is needed for some certificates that reencode DNs into UTF8Strings
- (in violation of RFC3280) and can't or wont issue name rollover
+ this is needed for some certificates that re-encode DNs into UTF8Strings
+ (in violation of RFC3280) and can't or won't issue name rollover
certificates.
[Steve Henson]
const ASN1_ITEM *it = &ASN1_INTEGER_it;
- wont compile. This is used by the any applications that need to
+ won't compile. This is used by the any applications that need to
declare their own ASN1 modules. This was fixed by adding the option
EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
needed for static libraries under Win32.
entropy, EGD style sockets (served by EGD or PRNGD) will automatically
be queried.
The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
- /etc/entropy will be queried once each in this sequence, quering stops
+ /etc/entropy will be queried once each in this sequence, querying stops
when enough entropy was collected without querying more sockets.
[Lutz Jaenicke]
information from an OCSP_CERTID structure (which will be created
when the request structure is built). These are built from lower
level functions which work on OCSP_SINGLERESP structures but
- wont normally be used unless the application wishes to examine
+ won't normally be used unless the application wishes to examine
extensions in the OCSP response for example.
Replace nonce routines with a pair of functions.
*) New function X509V3_add1_i2d(). This automatically encodes and
adds an extension. Its behaviour can be customised with various
flags to append, replace or delete. Various wrappers added for
- certifcates and CRLs.
+ certificates and CRLs.
[Steve Henson]
*) Fix to avoid calling the underlying ASN1 print routine when
[Nils Larsch <nla@trustcenter.de>]
*) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
- an end-of-file condition would erronously be flagged, when the CRLF
+ an end-of-file condition would erroneously be flagged, when the CRLF
was just at the end of a processed block. The bug was discovered when
processing data through a buffering memory BIO handing the data to a
BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
[Steve Henson]
*) When a certificate request is read in keep a copy of the
- original encoding of the signed data and use it when outputing
+ original encoding of the signed data and use it when outputting
again. Signatures then use the original encoding rather than
a decoded, encoded version which may cause problems if the
request is improperly encoded.
echo "/* haha */" > haha.h
ENDRAW[Makefile(unix)]
-The word withing square brackets is the build_file configuration item
+The word within square brackets is the build_file configuration item
or the build_file configuration item followed by the second word in the
build_scheme configuration item for the configured target within
parenthesis as shown above. For example, with the following relevant
};
/*
- * This comand is so complex, special help is needed.
+ * This command is so complex, special help is needed.
*/
static char* opt_helplist[] = {
"Typical uses:",
// 'and' which in turn can be assigned to M-port [there're double as
// much M-ports as there're I-ports on Itanium 2]. By sacrificing few
// registers for small constants (255, 24 and 16) to be used with
-// 'shr' and 'and' instructions I can achieve better ILP, Intruction
+// 'shr' and 'and' instructions I can achieve better ILP, Instruction
// Level Parallelism, and performance. This code outperforms GCC 3.3
// generated code by over factor of 2 (two), GCC 3.4 - by 70% and
// HP C - by 40%. Measured best-case scenario, i.e. aligned
# February 2010
#
# Rescheduling instructions to favour Power6 pipeline gave 10%
-# performance improvement on the platfrom in question (and marginal
+# performance improvement on the platform in question (and marginal
# improvement even on others). It should be noted that Power6 fails
# to process byte in 18 cycles, only in 23, because it fails to issue
# 4 load instructions in two cycles, only in 3. As result non-compact
# Skylake 2.62/3.14/3.62+7.70 8.10 +27%/34%/40%
# Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58%
#
-# (*) there are XOP, AVX1 and AVX2 code pathes, meaning that
+# (*) there are XOP, AVX1 and AVX2 code paths, meaning that
# Westmere is omitted from loop, this is because gain was not
# estimated high enough to justify the effort;
# (**) these are EVP-free results, results obtained with 'speed
# Vinodh Gopal <vinodh.gopal@intel.com>
# Kahraman Akdemir
#
-# Agressively optimized in respect to aeskeygenassist's critical path
+# Aggressively optimized in respect to aeskeygenassist's critical path
# and is contained in %xmm0-5 to meet Win64 ABI requirement.
#
# int ${PREFIX}_set_encrypt_key(const unsigned char *inp,
|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
/*
* Clear context cache for type OTHER because the auto clear when we
- * have a exact match wont work
+ * have a exact match won't work
*/
if (utype == V_ASN1_OTHER) {
asn1_tlc_clear(ctx);
asn1_enc_free(pval, it);
/*
* If we free up as normal we will invalidate any ANY DEFINED BY
- * field and we wont be able to determine the type of the field it
+ * field and we won't be able to determine the type of the field it
* defines. So free up in reverse order.
*/
tt = it->templates + it->tcount;
*
* options holds BIO socket options that can be used
* You should call this for every address returned by BIO_lookup
- * until the connection is succesful.
+ * until the connection is successful.
*
* Returns 1 on success or 0 on failure. On failure errno is set
* and an error status is added to the OpenSSL error stack.
* fail. We can't tell the difference between already listening ourself to
* it and someone else listening to it when failing and errno is EADDRINUSE, so
* it's recommended to not give an error in that case if the first call was
- * succesful.
+ * successful.
*
* When restarting the program it could be that the port is still in use. If
* you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway.
b->max = sz;
*bb->readp = *bb->buf;
ret->flags |= BIO_FLAGS_MEM_RDONLY;
- /* Since this is static data retrying wont help */
+ /* Since this is static data retrying won't help */
ret->num = 0;
return ret;
}
// ports is the same, i.e. 2, while I need 4. In other words, to this
// module Itanium2 remains effectively as "wide" as Itanium. Yet it's
// essentially different in respect to this module, and a re-tune was
-// required. Well, because some intruction latencies has changed. Most
+// required. Well, because some instruction latencies has changed. Most
// noticeably those intensively used:
//
// Itanium Itanium2
// The loop therefore spins at the latency of xma minus 1, or in other
// words at 6*(n+4) ticks:-( Compare to the "production" loop above
// that runs in 2*(n+11) where the low latency problem is worked around
-// by moving the dependency to one-tick latent interger ALU. Note that
+// by moving the dependency to one-tick latent integer ALU. Note that
// "distance" between ldf8 and xma is not latency of ldf8, but the
// *difference* between xma and ldf8 latencies.
.L_bn_mul_words_ctop:
// version was performing *all* additions in IALU and was starving
// for those even on Itanium 2. In this version one addition is
// moved to FPU and is folded with multiplication. This is at cost
-// of propogating the result from previous call to this subroutine
+// of propagating the result from previous call to this subroutine
// to L2 cache... In other words negligible even for shorter keys.
// *Overall* performance improvement [over previous version] varies
// from 11 to 22 percent depending on key length.
# This is drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c.
#
# The module is designed to work with either of the "new" MIPS ABI(5),
-# namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
+# namely N32 or N64, offered by IRIX 6.x. It's not meant to work under
# IRIX 5.x not only because it doesn't support new ABIs but also
# because 5.x kernels put R4x00 CPU into 32-bit mode and all those
# 64-bit instructions (daddu, dmultu, etc.) found below gonna only
# r9,r10, r11 are the equivalents of c1,c2, c3.
#
# Possible optimization of loading all 8 longs of a into registers
-# doesnt provide any speedup
+# doesn't provide any speedup
#
xor r0,r0,r0 #set r0 = 0.Used in addze
$UMULL r8,r6,r7
$UMULH r9,r6,r7
addc r11,r11,r8
- addze r12,r9 # since we didnt set r12 to zero before.
+ addze r12,r9 # since we didn't set r12 to zero before.
addze r10,r0
#mul_add_c(a[1],b[0],c2,c3,c1);
$LD r6,`1*$BNSZ`(r4)
* # cd ../..
* # make; make test
*
- * Q. V8plus achitecture? What kind of beast is that?
+ * Q. V8plus architecture? What kind of beast is that?
* A. Well, it's rather a programming model than an architecture...
* It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under
* special conditions, namely when kernel doesn't preserve upper
# for undertaken effort are multiple. First of all, UltraSPARC is not
# the whole SPARCv9 universe and other VIS-free implementations deserve
# optimized code as much. Secondly, newly introduced UltraSPARC T1,
-# a.k.a. Niagara, has shared FPU and concurrent FPU-intensive pathes,
+# a.k.a. Niagara, has shared FPU and concurrent FPU-intensive paths,
# such as sparcv9a-mont, will simply sink it. Yes, T1 is equipped with
# several integrated RSA/DSA accelerator circuits accessible through
# kernel driver [only(*)], but having decent user-land software
#
# Modulo-scheduled inner loops allow to interleave floating point and
# integer instructions and minimize Read-After-Write penalties. This
-# results in *further* 20-50% perfromance improvement [depending on
+# results in *further* 20-50% performance improvement [depending on
# key length, more for longer keys] on USI&II cores and 30-80% - on
# USIII&IV.
&xor ("eax","eax"); # signal "not fast enough [yet]"
&jmp (&label("just_leave"));
# While the below code provides competitive performance for
- # all key lengthes on modern Intel cores, it's still more
+ # all key lengths on modern Intel cores, it's still more
# than 10% slower for 4096-bit key elsewhere:-( "Competitive"
# means compared to the original integer-only assembler.
# 512-bit RSA sign is better by ~40%, but that's about all
ldrb @t[1],[r12],#1 @ read input
subs @t[3],@t[3],#1
eor @t[0],@t[0],@t[1]
- strb @t[0],[r14],#1 @ store ouput
+ strb @t[0],[r14],#1 @ store output
bne .Loop_tail_neon
.Ldone_neon:
mov $ff,$a0,lsl#31 @ place least significant bit to most
@ significant position, now arithmetic
@ right shift by 31 will produce -1 or
- @ 0, while logical rigth shift 1 or 0,
+ @ 0, while logical right shift 1 or 0,
@ this is how modulus is conditionally
@ synthesized in this case...
ldr $a3,[$a_ptr,#12]
/*
* OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below
- * are those ommitted from crypto.h because they are "reserved for internal
+ * are those omitted from crypto.h because they are "reserved for internal
* use".
*/
# define OPENSSL_INIT_ZLIB 0x00010000L
# where Tproc is time required for Karatsuba pre- and post-processing,
# is more realistic estimate. In this case it gives ... 1.91 cycles.
# Or in other words, depending on how well we can interleave reduction
-# and one of the two multiplications the performance should be betwen
+# and one of the two multiplications the performance should be between
# 1.91 and 2.16. As already mentioned, this implementation processes
# one byte out of 8KB buffer in 2.10 cycles, while x86_64 counterpart
# - in 2.02. x86_64 performance is better, because larger register
&pxor ($red[1],$red[1]);
&pxor ($red[2],$red[2]);
- # Just like in "May" verson modulo-schedule for critical path in
+ # Just like in "May" version modulo-schedule for critical path in
# 'Z.hi ^= rem_8bit[Z.lo&0xff^((u8)H[nhi]<<4)]<<48'. Final 'pxor'
# is scheduled so late that rem_8bit[] has to be shifted *right*
# by 16, which is why last argument to pinsrw is 2, which
&movdqu (&QWP(0,$Xip),$Xi);
&function_end("gcm_ghash_clmul");
\f
-} else { # Algorith 5. Kept for reference purposes.
+} else { # Algorithm 5. Kept for reference purposes.
sub reduction_alg5 { # 19/16 times faster than Intel version
my ($Xhi,$Xi)=@_;
/*
* Check validity of thisUpdate and nextUpdate fields. It is possible that
- * the request will take a few seconds to process and/or the time wont be
+ * the request will take a few seconds to process and/or the time won't be
* totally accurate. Therefore to avoid rejecting otherwise valid time we
* allow the times to be within 'nsec' of the current time. Also to avoid
* accepting very old responses without a nextUpdate field an optional maxage
slen = pem_check_suffix(nm, "PRIVATE KEY");
if (slen > 0) {
/*
- * NB: ENGINE implementations wont contain a deprecated old
+ * NB: ENGINE implementations won't contain a deprecated old
* private key decode function so don't look for them.
*/
ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
$PUSH ="stw";
} else { die "nonsense $flavour"; }
-# Define endianess based on flavour
+# Define endianness based on flavour
# i.e.: linux64le
$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
* the number of bytes requested or smaller, if the EGD pool is
* drained and the daemon signals that the pool is empty.
*
- * RAND_egd(path) will query 255 bytes and use the bytes retreived to seed
+ * RAND_egd(path) will query 255 bytes and use the bytes retrieved to seed
* the PRNG.
* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
*/
&movd ($i>0?"mm1":"mm2",&DWP(0,$dat,$ty,4));
# (*) This is the key to Core2 and Westmere performance.
- # Whithout movz out-of-order execution logic confuses
+ # Without movz out-of-order execution logic confuses
# itself and fails to reorder loads and stores. Problem
# appears to be fixed in Sandy Bridge...
}
# As was shown by Zou Nanhai loop unrolling can improve Intel EM64T
# performance by >30% [unlike P4 32-bit case that is]. But this is
# provided that loads are reordered even more aggressively! Both code
-# pathes, AMD64 and EM64T, reorder loads in essentially same manner
+# paths, AMD64 and EM64T, reorder loads in essentially same manner
# as my IA-64 implementation. On Opteron this resulted in modest 5%
# improvement [I had to test it], while final Intel P4 performance
# achieves respectful 432MBps on 2.8GHz processor now. For reference.
$PUSH ="stw";
} else { die "nonsense $flavour"; }
-# Define endianess based on flavour
+# Define endianness based on flavour
# i.e.: linux64le
$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;
# level parallelism, on a given CPU implementation in this case.
#
# Special note on Intel EM64T. While Opteron CPU exhibits perfect
-# perfromance ratio of 1.5 between 64- and 32-bit flavors [see above],
+# performance ratio of 1.5 between 64- and 32-bit flavors [see above],
# [currently available] EM64T CPUs apparently are far from it. On the
# contrary, 64-bit version, sha512_block, is ~30% *slower* than 32-bit
# sha256_block:-( This is presumably because 64-bit shifts/rotates
sub %o3,%o2,%o2
sub %o4,%o3,%o3
- ! find minumum value
+ ! find minimum value
cmp %o0,%o1
.word 0x38680002 !bgu,a %xcc,.+8
mov %o1,%o0
crl = NULL;
dcrl = NULL;
/*
- * If reasons not updated we wont get anywhere by another iteration,
+ * If reasons not updated we won't get anywhere by another iteration,
* so exit loop.
*/
if (last_reasons == ctx->current_reasons) {
/*
* The X509_CRL_INFO structure needs a bit of customisation. Since we cache
- * the original encoding the signature wont be affected by reordering of the
+ * the original encoding the signature won't be affected by reordering of the
* revoked field.
*/
static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
* decremented for every non-self-issued certificate in the path, but may
* be further reduced by policy constraints in a non-leaf certificate.
*
- * The ultimate policy set is the interesection of all the policies along
+ * The ultimate policy set is the intersection of all the policies along
* the path, if we hit a certificate with an empty policy set, and explicit
* policy is required we're done.
*/
achieve the correct format.
The supplied message to be signed or encrypted must include the
-necessary MIME headers or many S/MIME clients wont display it
+necessary MIME headers or many S/MIME clients won't display it
properly (if at all). You can use the B<-text> option to automatically
add plain text headers.
=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
These options make B<s_client> use DTLS protocols instead of TLS.
-With B<-dtls>, B<s_client> will negotiate any supported DTLS protcol version,
+With B<-dtls>, B<s_client> will negotiate any supported DTLS protocol version,
whilst B<-dtls1> and B<-dtls1_2> will only support DTLS1.0 and DTLS1.2
respectively.
=item B<-context ID>
this option can set the session id so the output session information uses the
-supplied ID. The ID can be any string of characters. This option wont normally
+supplied ID. The ID can be any string of characters. This option won't normally
be used.
=back
achieve the correct format.
The supplied message to be signed or encrypted must include the
-necessary MIME headers or many S/MIME clients wont display it
+necessary MIME headers or many S/MIME clients won't display it
properly (if at all). You can use the B<-text> option to automatically
add plain text headers.
pausing. The block will remain in place until a subsequent call to
ASYNC_unblock_pause(). These functions can be nested, e.g. if you call
ASYNC_block_pause() twice then you must call ASYNC_unblock_pause() twice in
-order to reenable pausing. If these functions are called while there is no
+order to re-enable pausing. If these functions are called while there is no
currently active job then they have no effect. This functionality can be useful
to avoid deadlock scenarios. For example during the execution of an ASYNC_JOB an
application acquires a lock. It then calls some cryptographic function which
EVP_CIPHER_CTX_free(ctx);
/* Need binary mode for fopen because encrypted data is
* binary data. Also cannot use strlen() on it because
- * it wont be null terminated and may contain embedded
+ * it won't be null terminated and may contain embedded
* nulls.
*/
out = fopen(outfile, "wb");
return 1 on success or 0 on failure (almost
always because allocations have already happened).
-CRYPTO_mem_ctrl() returns -1 if an error occured, otherwise the
+CRYPTO_mem_ctrl() returns -1 if an error occurred, otherwise the
previous value of the mode.
OPENSSL_mem_debug_push() and OPENSSL_mem_debug_pop()
X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(),
X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(),
X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls()
-and X509_STORE_CTX_get_cleanup() were addded in OpenSSL 1.1.0.
+and X509_STORE_CTX_get_cleanup() were added in OpenSSL 1.1.0.
=head1 COPYRIGHT
X509_STORE_set_check_policy(), X509_STORE_get_check_policy(),
X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(),
X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(),
-X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were addded in
+X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were added in
OpenSSL 1.1.0.
=head1 COPYRIGHT
certificates as such, as OpenSSL only detects RFC3820 compliant ones.
X509_get_proxy_pathlen() returns the proxy certificate path length for the
-given certificate B<x> if it is a proxy certicate.
+given certificate B<x> if it is a proxy certificate.
=head1 NOTES
# if OPENSSL_API_COMPAT < 0x00908000L
/* deprecated name for the flag */
# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
-# define BN_FLG_FREE 0x8000 /* used for debuging */
+# define BN_FLG_FREE 0x8000 /* used for debugging */
# endif
void BN_set_flags(BIGNUM *b, int n);
} dynamic_MEM_fns;
/*
* FIXME: Perhaps the memory and locking code (crypto.h) should declare and
- * use these types so we (and any other dependant code) can simplify a bit??
+ * use these types so we (and any other dependent code) can simplify a bit??
*/
/* The top-level structure */
typedef struct st_dynamic_fns {
unsigned char *ctypes;
size_t ctype_num;
/*
- * suppported signature algorithms. When set on a client this is sent in
+ * supported signature algorithms. When set on a client this is sent in
* the client hello as the supported signature algorithms extension. For
* servers it represents the signature algorithms we are willing to use.
*/
s->init_num = 0;
goto redo;
- } else { /* Incorrectly formated Hello request */
+ } else { /* Incorrectly formatted Hello request */
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,
/*-
* we now have the following setup.
* client_random
- * cipher_list - our prefered list of ciphers
- * ciphers - the clients prefered list of ciphers
+ * cipher_list - our preferred list of ciphers
+ * ciphers - the clients preferred list of ciphers
* compression - basically ignored right now
* ssl version is set - sslv3
* s->session - The ssl session has been setup.
unsigned char hash[EVP_MAX_MD_SIZE * 2];
int hashlen;
/* Digest cached records keeping record buffer (if present):
- * this wont affect client auth because we're freezing the buffer
+ * this won't affect client auth because we're freezing the buffer
* at the same point (after client key exchange and before certificate
* verify)
*/
};
# ifdef SCREW_THE_PARITY
-# error "SCREW_THE_PARITY is not ment to be defined."
+# error "SCREW_THE_PARITY is not meant to be defined."
# error "Original vectors are preserved for reference only."
static unsigned char cbc2_key[8] =
{ 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 };
}
/*
- * create and verify a ecdsa signature with every availble curve (with )
+ * create and verify a ecdsa signature with every available curve (with )
*/
BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
"with some internal curves:\n");
plan tests => $testcount * 2;
note
- "NOTE: developper test! It's possible that it won't run on your\n",
+ "NOTE: developer test! It's possible that it won't run on your\n",
"platform, and that's perfectly fine. This is mainly for developers\n",
"on Unix to check that our shared libraries are consistent with the\n",
"ordinals (util/*.num in the source tree), something that should be\n",
srctop_file('test','d2i-tests','high_tag.der')])),
"Running d2i_test high_tag.der");
-# Above test data but interpeted as ASN.1 INTEGER: this will be rejected
+# Above test data but interpreted as ASN.1 INTEGER: this will be rejected
# because the tag is invalid.
ok(run(test(["d2i_test", "ASN1_INTEGER", "decode",
srctop_file('test','d2i-tests','high_tag.der')])),
#);
#push @{$proxy->record_list}, $record;
- # Now add the alert level (Fatal) as a seperate record
+ # Now add the alert level (Fatal) as a separate record
$byte = pack('C', TLSProxy::Message::AL_LEVEL_FATAL);
my $record = TLSProxy::Record->new(
0,
# Don't prompt for fields: use those in section directly
prompt = no
distinguished_name = req_distinguished_name
-x509_extensions = v3_ca # The extentions to add to the self signed cert
+x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
projects / openssl.git / commitdiff