Typos in doc/man* will be fixed in a different commit.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20910)
* Alternate chains certificate forgery
- During certificate verfification, OpenSSL will attempt to find an
+ During certificate verification, OpenSSL will attempt to find an
alternative certificate chain if the first attempt to build such a chain
fails. An error in the implementation of this logic can mean that an
attacker could cause certain checks on untrusted certificates to be
3. Check DSA/ECDSA signatures use DER.
- Reencode DSA/ECDSA signatures and compare with the original received
+ Re-encode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.
This will reject various cases including garbage after signature
* Add additional DigestInfo checks.
- Reencode DigestInto in DER and check against the original when
+ Re-encode DigestInto in DER and check against the original when
verifying RSA signature: this will reject any improperly encoded
DigestInfo structures.
done
# Developer targets (note: these are only available on Unix) #########
-##@ Code maintenence
+##@ Code maintenance
# It's important that generate_buildinfo comes after ordinals, as ordinals
# is sensitive to build.info changes.
PERL
The name of the Perl executable to use when building OpenSSL.
- Only needed if builing should use a different Perl executable
+ Only needed if building should use a different Perl executable
than what is used to run the Configure script.
RANLIB
* Overhauled Win32 builds
* Cleanups and fixes to the Big Number (BN) library
* Support for ASN.1 GeneralizedTime
- * Splitted ASN.1 SETs from SEQUENCEs
+ * Split ASN.1 SETs from SEQUENCEs
* ASN1 and PEM support for Netscape Certificate Sequences
* Overhauled Perl interface
* Lots of source tree cleanups.
if (isquic) {
sbio = BIO_new_dgram(sock, BIO_NOCLOSE);
if (!SSL_set_initial_peer_addr(con, peer_addr)) {
- BIO_printf(bio_err, "Failed to set the inital peer address\n");
+ BIO_printf(bio_err, "Failed to set the initial peer address\n");
goto shut;
}
} else
&& user_data->buf[user_data->bufoff] == '\n') {
/*
* This command was the only thing on the whole line. We
- * supress the final `\n`
+ * suppress the final `\n`
*/
user_data->bufoff = 0;
user_data->buflen = 0;
/*
* To avoid more recent compilers (specifically clang-14) from treating this
- * code as a violation of the strict aliasing conditions and omiting it, this
+ * code as a violation of the strict aliasing conditions and omitting it, this
* cannot be declared as a function. Moreover, the dst parameter cannot be
* cached in a local since this no longer references the union and again falls
* foul of the strict aliasing criteria. Refer to #18225 for the initial
* out The returned Octet String
* num The input Integer
* rlen The required size of the returned Octet String in bytes
- * Returns: 1 if successful, or 0 otherwis
+ * Returns: 1 if successful, or 0 otherwise.
*/
static int int2octets(unsigned char *out, const BIGNUM *num, int rlen)
{
* equation of the form y^2 + x*y = x^3 + a*x^2 + b.
*/
BIGNUM *a, *b;
- /* enable optimized point arithmetics for special case */
+ /* enable optimized point arithmetic for special case */
int a_is_minus3;
/* method-specific (e.g., Montgomery structure) */
void *field_data1;
BIGNUM *Y;
BIGNUM *Z; /* Jacobian projective coordinates: * (X, Y,
* Z) represents (X/Z^2, Y/Z^3) if Z != 0 */
- int Z_is_one; /* enable optimized point arithmetics for
+ int Z_is_one; /* enable optimized point arithmetic for
* special case */
};
PEM_R_UNSUPPORTED_KEY_COMPONENTS:126:unsupported key components
PEM_R_UNSUPPORTED_PUBLIC_KEY_TYPE:110:unsupported public key type
PKCS12_R_CALLBACK_FAILED:115:callback failed
-PKCS12_R_CANT_PACK_STRUCTURE:100:cant pack structure
+PKCS12_R_CANT_PACK_STRUCTURE:100:can't pack structure
PKCS12_R_CONTENT_TYPE_NOT_DATA:121:content type not data
PKCS12_R_DECODE_ERROR:101:decode error
PKCS12_R_ENCODE_ERROR:102:encode error
X509_R_BAD_SELECTOR:133:bad selector
X509_R_BAD_X509_FILETYPE:100:bad x509 filetype
X509_R_BASE64_DECODE_ERROR:118:base64 decode error
-X509_R_CANT_CHECK_DH_KEY:114:cant check dh key
+X509_R_CANT_CHECK_DH_KEY:114:can't check dh key
X509_R_CERTIFICATE_VERIFICATION_FAILED:139:certificate verification failed
X509_R_CERT_ALREADY_IN_HASH_TABLE:101:cert already in hash table
X509_R_CRL_ALREADY_DELTA:127:crl already delta
* @brief call the underlying KEM to encap
* @param ctx is the OSSL_HPKE_CTX
* @param enc is a buffer for the sender's ephemeral public value
- * @param enclen is the size of enc on input, number of octets used on ouptut
+ * @param enclen is the size of enc on input, number of octets used on output
* @param pub is the recipient's public value
* @param publen is the length of pub
* @return 1 for success, 0 for error
* others above.
*
* The function to use these is ossl_hpke_str2suite() further down
- * this file and shouln't need modification so long as the table
+ * this file and shouldn't need modification so long as the table
* sizes (i.e. allow exactly 4 synonyms) don't change.
*/
static const synonymttab_t kemstrtab[] = {
ins $acc_m.d[0], $h78k.d[1] @ GHASH final-7 block - mid
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-7 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor3 $res1b, $ctr_t1b, $ctr1b, $t1.16b @ AES final-6 block - result
pmull $rk3q1, $res0.1d, $h7.1d @ GHASH final-6 block - low
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-6 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull $rk4v.1q, $rk4v.1d, $h78k.1d @ GHASH final-6 block - mid
pmull2 $rk2q1, $res0.2d, $h7.2d @ GHASH final-6 block - high
eor3 $res1b, $ctr_t1b, $ctr3b, $t1.16b @ AES final-4 block - result
pmull $rk3q1, $res0.1d, $h6.1d @ GHASH final-5 block - low
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull2 $rk4v.1q, $rk4v.2d, $h56k.2d @ GHASH final-5 block - mid
eor $acc_lb, $acc_lb, $rk3 @ GHASH final-5 block - low
eor $res0b, $res0b, $t0.16b @ feed in partial tag
ins $rk4v.d[0], $res0.d[1] @ GHASH final-4 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull2 $rk2q1, $res0.2d, $h5.2d @ GHASH final-4 block - high
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-4 block - mid
rev64 $res0b, $res1b @ GHASH final-3 block
eor $res0b, $res0b, $t0.16b @ feed in partial tag
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
ins $rk4v.d[0], $res0.d[1] @ GHASH final-3 block - mid
ldr $h34kq, [$current_tag, #96] @ load h4k | h3k
ins $rk4v.d[0], $res0.d[1] @ GHASH final-2 block - mid
ldr $h3q, [$current_tag, #80] @ load h3l | h3h
ext $h3.16b, $h3.16b, $h3.16b, #8
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-2 block - mid
eor3 $res1b, $ctr_t1b, $ctr6b, $t1.16b @ AES final-1 block - result
eor $res0b, $res0b, $t0.16b @ feed in partial tag
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
ins $rk4v.d[0], $res0.d[1] @ GHASH final-1 block - mid
eor3 $res1b, $ctr_t1b, $ctr7b, $t1.16b @ AES final block - result
pmull $acc_l.1q, $res0.1d, $h8.1d @ GHASH final-7 block - low
ins $rk4v.d[0], $res0.d[1] @ GHASH final-7 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
ldr $res1q, [$input_ptr], #16 @ AES final-6 block - load ciphertext
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-7 block - mid
pmull $rk3q1, $res0.1d, $h7.1d @ GHASH final-6 block - low
ldr $res1q, [$input_ptr], #16 @ AES final-5 block - load ciphertext
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull $rk4v.1q, $rk4v.1d, $h78k.1d @ GHASH final-6 block - mid
st1 { $res4b}, [$output_ptr], #16 @ AES final-6 block - store result
ins $rk4v.d[1], $rk4v.d[0] @ GHASH final-5 block - mid
pmull $rk3q1, $res0.1d, $h6.1d @ GHASH final-5 block - low
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull2 $rk4v.1q, $rk4v.2d, $h56k.2d @ GHASH final-5 block - mid
pmull2 $rk2q1, $res0.2d, $h6.2d @ GHASH final-5 block - high
ldr $res1q, [$input_ptr], #16 @ AES final-3 block - load ciphertext
ins $rk4v.d[0], $res0.d[1] @ GHASH final-4 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull2 $rk2q1, $res0.2d, $h5.2d @ GHASH final-4 block - high
pmull $rk3q1, $res0.1d, $h5.1d @ GHASH final-4 block - low
pmull $rk3q1, $res0.1d, $h4.1d @ GHASH final-3 block - low
pmull2 $rk2q1, $res0.2d, $h4.2d @ GHASH final-3 block - high
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor3 $res4b, $res1b, $ctr5b, $t1.16b @ AES final-2 block - result
eor $acc_lb, $acc_lb, $rk3 @ GHASH final-3 block - low
eor $res0b, $res0b, $t0.16b @ feed in partial tag
ldr $h3q, [$current_tag, #80] @ load h3l | h3h
ext $h3.16b, $h3.16b, $h3.16b, #8
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
ins $rk4v.d[0], $res0.d[1] @ GHASH final-2 block - mid
eor $res0b, $res0b, $t0.16b @ feed in partial tag
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
ins $rk4v.d[0], $res0.d[1] @ GHASH final-1 block - mid
ldr $ctr_t1q, [$input_ptr], #16 @ AES final-6 block - load plaintext
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-7 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull $acc_l.1q, $res0.1d, $h8.1d @ GHASH final-7 block - low
pmull2 $acc_h.1q, $res0.2d, $h8.2d @ GHASH final-7 block - high
pmull $rk3q1, $res0.1d, $h7.1d @ GHASH final-6 block - low
eor3 $res1b, $ctr_t1b, $ctr2b, $t1.16b @ AES final-5 block - result
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull2 $rk2q1, $res0.2d, $h7.2d @ GHASH final-6 block - high
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-6 block - mid
pmull2 $rk4v.1q, $rk4v.2d, $h56k.2d @ GHASH final-5 block - mid
eor3 $res1b, $ctr_t1b, $ctr3b, $t1.16b @ AES final-4 block - result
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-5 block - mid
.L192_enc_blocks_more_than_4: @ blocks left > 4
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-4 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor $acc_lb, $acc_lb, $rk3 @ GHASH final-4 block - low
pmull $rk4v.1q, $rk4v.1d, $h56k.1d @ GHASH final-4 block - mid
rev64 $res0b, $res1b @ GHASH final-3 block
eor $res0b, $res0b, $t0.16b @ feed in partial tag
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
ldr $ctr_t1q, [$input_ptr], #16 @ AES final-2 block - load plaintext
ldr $h4q, [$current_tag, #112] @ load h4l | h4h
pmull $rk3q1, $res0.1d, $h3.1d @ GHASH final-2 block - low
pmull2 $rk2q1, $res0.2d, $h3.2d @ GHASH final-2 block - high
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull $rk4v.1q, $rk4v.1d, $h34k.1d @ GHASH final-2 block - mid
eor3 $res1b, $ctr_t1b, $ctr7b, $t1.16b @ AES final block - result
pmull2 $rk4v.1q, $rk4v.2d, $h12k.2d @ GHASH final-1 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-1 block - mid
eor $acc_hb, $acc_hb, $rk2 @ GHASH final-1 block - high
eor3 $res4b, $res1b, $ctr1b, $t1.16b @ AES final-6 block - result
pmull $acc_m.1q, $rk4v.1d, $acc_m.1d @ GHASH final-7 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
.L192_dec_blocks_more_than_6: @ blocks left > 6
rev64 $res0b, $res1b @ GHASH final-6 block
ins $rk4v.d[0], $res0.d[1] @ GHASH final-6 block - mid
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-6 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull2 $rk2q1, $res0.2d, $h7.2d @ GHASH final-6 block - high
st1 { $res4b}, [$output_ptr], #16 @ AES final-6 block - store result
pmull2 $rk4v.1q, $rk4v.2d, $h56k.2d @ GHASH final-5 block - mid
eor $acc_lb, $acc_lb, $rk3 @ GHASH final-5 block - low
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
st1 { $res4b}, [$output_ptr], #16 @ AES final-5 block - store result
eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-5 block - mid
rev64 $res0b, $res1b @ GHASH final-4 block
eor $res0b, $res0b, $t0.16b @ feed in partial tag
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
ldr $res1q, [$input_ptr], #16 @ AES final-3 block - load ciphertext
ins $rk4v.d[0], $res0.d[1] @ GHASH final-4 block - mid
pmull2 $rk2q1, $res0.2d, $h4.2d @ GHASH final-3 block - high
eor $acc_hb, $acc_hb, $rk2 @ GHASH final-3 block - high
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull $rk3q1, $res0.1d, $h4.1d @ GHASH final-3 block - low
st1 { $res4b}, [$output_ptr], #16 @ AES final-3 block - store result
pmull $rk3q1, $res0.1d, $h3.1d @ GHASH final-2 block - low
pmull $rk4v.1q, $rk4v.1d, $h34k.1d @ GHASH final-2 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor $acc_lb, $acc_lb, $rk3 @ GHASH final-2 block - low
st1 { $res4b}, [$output_ptr], #16 @ AES final-2 block - store result
ext $h2.16b, $h2.16b, $h2.16b, #8
eor $res0b, $res0b, $t0.16b @ feed in partial tag
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
ldr $h12kq, [$current_tag, #48] @ load h2k | h1k
pmull $rk3q1, $res0.1d, $h2.1d @ GHASH final-1 block - low
ins $rk4v.d[0], $res0.d[1] @ GHASH final-7 block - mid
ins $acc_m.d[0], $h78k.d[1] @ GHASH final-7 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-7 block - mid
eor3 $res1b, $ctr_t1b, $ctr1b, $t1.16b @ AES final-6 block - result
pmull $rk4v.1q, $rk4v.1d, $h78k.1d @ GHASH final-6 block - mid
eor3 $res1b, $ctr_t1b, $ctr2b, $t1.16b @ AES final-5 block - result
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-6 block - mid
eor $acc_hb, $acc_hb, $rk2 @ GHASH final-6 block - high
pmull $rk3q1, $res0.1d, $h6.1d @ GHASH final-5 block - low
pmull2 $rk4v.1q, $rk4v.2d, $h56k.2d @ GHASH final-5 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor $acc_lb, $acc_lb, $rk3 @ GHASH final-5 block - low
eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-5 block - mid
pmull $rk4v.1q, $rk4v.1d, $h56k.1d @ GHASH final-4 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-4 block - mid
eor $acc_hb, $acc_hb, $rk2 @ GHASH final-4 block - high
pmull $rk3q1, $res0.1d, $h4.1d @ GHASH final-3 block - low
eor3 $res1b, $ctr_t1b, $ctr5b, $t1.16b @ AES final-2 block - result
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-3 block - mid
eor $acc_lb, $acc_lb, $rk3 @ GHASH final-3 block - low
ins $rk4v.d[0], $res0.d[1] @ GHASH final-2 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull2 $rk2q1, $res0.2d, $h3.2d @ GHASH final-2 block - high
eor3 $res1b, $ctr_t1b, $ctr6b, $t1.16b @ AES final-1 block - result
ldr $ctr_t1q, [$input_ptr], #16 @ AES final block - load plaintext
eor $res0b, $res0b, $t0.16b @ feed in partial tag
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
ins $rk4v.d[0], $res0.d[1] @ GHASH final-1 block - mid
pmull2 $rk2q1, $res0.2d, $h2.2d @ GHASH final-1 block - high
pmull2 $acc_h.1q, $res0.2d, $h8.2d @ GHASH final-7 block - high
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-7 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull $acc_l.1q, $res0.1d, $h8.1d @ GHASH final-7 block - low
pmull $acc_m.1q, $rk4v.1d, $acc_m.1d @ GHASH final-7 block - mid
eor $res0b, $res0b, $t0.16b @ feed in partial tag
ldr $res1q, [$input_ptr], #16 @ AES final-5 block - load ciphertext
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
ins $rk4v.d[0], $res0.d[1] @ GHASH final-6 block - mid
st1 { $res4b}, [$output_ptr], #16 @ AES final-6 block - store result
eor $acc_lb, $acc_lb, $rk3 @ GHASH final-5 block - low
eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-5 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
.L256_dec_blocks_more_than_4: @ blocks left > 4
rev64 $res0b, $res1b @ GHASH final-4 block
ins $rk4v.d[0], $res0.d[1] @ GHASH final-4 block - mid
ldr $res1q, [$input_ptr], #16 @ AES final-3 block - load ciphertext
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull $rk3q1, $res0.1d, $h5.1d @ GHASH final-4 block - low
pmull2 $rk2q1, $res0.2d, $h5.2d @ GHASH final-4 block - high
pmull $rk3q1, $res0.1d, $h4.1d @ GHASH final-3 block - low
pmull2 $rk2q1, $res0.2d, $h4.2d @ GHASH final-3 block - high
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull2 $rk4v.1q, $rk4v.2d, $h34k.2d @ GHASH final-3 block - mid
eor $acc_lb, $acc_lb, $rk3 @ GHASH final-3 block - low
eor $rk4v.8b, $rk4v.8b, $res0.8b @ GHASH final-2 block - mid
eor $acc_lb, $acc_lb, $rk3 @ GHASH final-2 block - low
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
pmull $rk4v.1q, $rk4v.1d, $h34k.1d @ GHASH final-2 block - mid
pmull2 $rk2q1, $res0.2d, $h3.2d @ GHASH final-2 block - high
pmull2 $rk4v.1q, $rk4v.2d, $h12k.2d @ GHASH final-1 block - mid
- movi $t0.8b, #0 @ supress further partial tag feed in
+ movi $t0.8b, #0 @ suppress further partial tag feed in
eor $acc_hb, $acc_hb, $rk2 @ GHASH final-1 block - high
eor $acc_mb, $acc_mb, $rk4v.16b @ GHASH final-1 block - mid
# ;; To compute GH = GH*HashKey mod poly, give HK = HashKey<<1 mod poly as input
# ;; GH = GH * HK * x mod poly which is equivalent to GH*HashKey mod poly.
# ;;
-# ;; Refer to [3] for more detals.
+# ;; Refer to [3] for more details.
# ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
sub GHASH_MUL {
my $GH = $_[0]; #; [in/out] xmm/ymm/zmm with multiply operand(s) (128-bits)
# input: Xi: current hash value
# Htable: copy of H
# inp: pointer to input data
-# len: length of input data in bytes (mutiple of block size)
+# len: length of input data in bytes (multiple of block size)
# output: Xi: Xi+1 (next hash value Xi)
{
my ($Xi,$Htable,$inp,$len,$x0,$x1,$y0,$y1) = ("a0","a1","a2","a3","a4","a5","a6","a7");
/*-
*
- * NOTE: TABLE_BITS and all non-4bit implmentations have been removed in 3.1.
+ * NOTE: TABLE_BITS and all non-4bit implementations have been removed in 3.1.
*
* Even though permitted values for TABLE_BITS are 8, 4 and 1, it should
* never be set to 8. 8 is effectively reserved for testing purposes.
union {
/*
* These fields are never directly addressed, but their sizes are
- * imporant so that all native types can be copied here without overrun.
+ * important so that all native types can be copied here without overrun.
*/
ossl_intmax_t i;
ossl_uintmax_t u;
static const ERR_STRING_DATA PKCS12_str_reasons[] = {
{ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CALLBACK_FAILED), "callback failed"},
{ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CANT_PACK_STRUCTURE),
- "cant pack structure"},
+ "can't pack structure"},
{ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_CONTENT_TYPE_NOT_DATA),
"content type not data"},
{ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR), "decode error"},
# Presumably it has everything to do with AMD cache architecture and
# RAW or whatever penalties. Once again! The module *requires* config
# line *without* RC4_CHAR! As for coding "secret," I bet on partial
-# register arithmetics. For example instead of 'inc %r8; and $255,%r8'
+# register arithmetic. For example instead of 'inc %r8; and $255,%r8'
# I simply 'inc %r8b'. Even though optimization manual discourages
# to operate on partial registers, it turned out to be the best bet.
# At least for AMD... How IA32E would perform remains to be seen...
* different hash doesn't provide a Bleichenbacher oracle:
* if the attacker can see that different versions return different
* messages for the same ciphertext, they'll know that the message is
- * syntethically generated, which means that the padding check failed
+ * synthetically generated, which means that the padding check failed
*/
md = EVP_MD_fetch(rsa->libctx, "sha256", NULL);
if (md == NULL) {
* different hash doesn't provide a Bleichenbacher oracle:
* if the attacker can see that different versions return different
* messages for the same ciphertext, they'll know that the message is
- * syntethically generated, which means that the padding check failed
+ * synthetically generated, which means that the padding check failed
*/
md = EVP_MD_fetch(ctx, "sha256", NULL);
if (md == NULL) {
int num, unsigned char *kdk)
{
/*
- * We need to generate a random length for the synthethic message, to avoid
+ * We need to generate a random length for the synthetic message, to avoid
* bias towards zero and avoid non-constant timeness of DIV, we prepare
* 128 values to check if they are not too large for the used key size,
* and use 0 in case none of them are small enough, as 2^-128 is a good enough
*/
#define MAX_LEN_GEN_TRIES 128
unsigned char *synthetic = NULL;
- int synthethic_length;
+ int synthetic_length;
uint16_t len_candidate;
unsigned char candidate_lengths[MAX_LEN_GEN_TRIES * sizeof(len_candidate)];
uint16_t len_mask;
len_mask |= len_mask >> 4;
len_mask |= len_mask >> 8;
- synthethic_length = 0;
+ synthetic_length = 0;
for (i = 0; i < MAX_LEN_GEN_TRIES * (int)sizeof(len_candidate);
i += sizeof(len_candidate)) {
len_candidate = (candidate_lengths[i] << 8) | candidate_lengths[i + 1];
len_candidate &= len_mask;
- synthethic_length = constant_time_select_int(
+ synthetic_length = constant_time_select_int(
constant_time_lt(len_candidate, max_sep_offset),
- len_candidate, synthethic_length);
+ len_candidate, synthetic_length);
}
- synth_msg_index = flen - synthethic_length;
+ synth_msg_index = flen - synthetic_length;
/* we have alternative message ready, check the real one */
good = constant_time_is_zero(from[0]);
/*
* old code returned an error in case the decrypted message wouldn't fit
- * into the |to|, since that would leak information, return the synthethic
+ * into the |to|, since that would leak information, return the synthetic
* message instead
*/
good &= constant_time_ge(tlen, num - msg_index);
cmp $remain,0
b.eq .return${std}
-// This brance calculates the last two tweaks,
+// This branch calculates the last two tweaks,
// while the encryption/decryption length is larger than 32
.last_2blks_tweak${std}:
ld1 {@tweak[0].4s},[$ivp]
b .check_dec${std}
-// This brance calculates the last two tweaks,
+// This branch calculates the last two tweaks,
// while the encryption/decryption length is equal to 32, who only need two tweaks
.only_2blks_tweak${std}:
mov @tweak[1].16b,@tweak[0].16b
cmp $remain,0
b.eq .return${std}
-// This brance calculates the last two tweaks,
+// This branch calculates the last two tweaks,
// while the encryption/decryption length is larger than 32
.last_2blks_tweak${std}:
___
b .check_dec${std}
-// This brance calculates the last two tweaks,
+// This branch calculates the last two tweaks,
// while the encryption/decryption length is equal to 32, who only need two tweaks
.only_2blks_tweak${std}:
mov @tweak[1].16b,@tweak[0].16b
/*
* GetExitCodeThread call followed by this check is to make sure that
- * the thread exitted properly. In particular, thread_retval may be
- * non-zero when exitted via explicit ExitThread/TerminateThread or
+ * the thread exited properly. In particular, thread_retval may be
+ * non-zero when exited via explicit ExitThread/TerminateThread or
* if the thread is still active (returns STILL_ACTIVE (259)).
*/
if (thread_retval != 0)
{ERR_PACK(ERR_LIB_X509, 0, X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
{ERR_PACK(ERR_LIB_X509, 0, X509_R_BASE64_DECODE_ERROR),
"base64 decode error"},
- {ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
+ {ERR_PACK(ERR_LIB_X509, 0, X509_R_CANT_CHECK_DH_KEY), "can't check dh key"},
{ERR_PACK(ERR_LIB_X509, 0, X509_R_CERTIFICATE_VERIFICATION_FAILED),
"certificate verification failed"},
{ERR_PACK(ERR_LIB_X509, 0, X509_R_CERT_ALREADY_IN_HASH_TABLE),
-Auxillary files for dev/release.sh
-===================================
+Auxiliary files for dev/release.sh
+==================================
- release-state-fn.sh
contain two separate implementations of their APIs internally, or at least a
substantial chunk of their code (e.g. libuv, nanomsg). It turns out to be easier
just to write a poll-based implementation of an I/O reactor and an IOCP-based
-implementation than try to overcome the impedence discontinuities.
+implementation than try to overcome the impedance discontinuities.
The difference between polling and IOCPs is that polling reports *readiness*
whereas IOCPs report *completion of an operation*. For example, in the IOCP
synchronisation.
Congestion controllers may vary their state with respect to time. This is
-faciliated via the `get_wakeup_deadline` method and the `now` argument to the
+facilitated via the `get_wakeup_deadline` method and the `now` argument to the
`new` method, which provides access to a clock. While no current congestion
controller makes use of this facility, it can be used by future congestion
controllers to implement packet pacing.
per connection. This may change in future.
While the congestion control API is roughly based around the arrangement of
-functions as described by the congestion control psuedocode in RFC 9002, there
+functions as described by the congestion control pseudocode in RFC 9002, there
are some deliberate changes in order to obtain cleaner separation between the
loss detection and congestion control functions. Where a literal option of RFC
-9002 psuedocode would require a congestion controller to access the ACK
+9002 pseudocode would require a congestion controller to access the ACK
manager's internal state directly, the interface between the two has been
changed to avoid this. This involves some small amounts of functionality which
RFC 9002 considers part of the congestion controller being part of the ACK
The motivation for this is that these functions are intended to support
concurrent use on the same BIO. If they read or modify BIO state, they would
- need to be sychronised with a lock, undermining performance on what (for
+ need to be synchronised with a lock, undermining performance on what (for
`BIO_dgram`) would otherwise be a straight system call.
- We do not support iovecs. The motivations for this are:
`sendmsg`/`recvmsg`. This again adds burdens on the code using
BIO_dgram, but it seems the only way to avoid the surprising performance
pitfall of buffer copying to emulate iovec support. There is a fair risk
- of code being written which accidentially works on one platform but not
+ of code being written which accidentally works on one platform but not
another, because the author didn't realise the iovec limit is 1 on some
platforms. Possibly we could have an “iovec limit” variable in the
BIO_dgram which is 1 by default, which can be increased by a call to a
of the RFC.
The returrn value of this function transitions from 1 to 0 for a given PN once
-that PN is passed to ossl_ackm_on_rx_packet, thus this functiion must be used
+that PN is passed to ossl_ackm_on_rx_packet, thus this function must be used
before calling `ossl_ackm_on_rx_packet`.
```c
a more test friendly API to test authors.
This API will primarily take the form of a set of event listener callbacks. A
-test will be able to "listen" for a specifc event occuring and be informed about
+test will be able to "listen" for a specific event occurring and be informed about
it when it does. Examples of events might include:
- An EncryptedExtensions handshake message being sent
int ossl_quic_fault_resize_handshake(OSSL_QUIC_FAULT *fault, size_t newlen);
/*
- * TODO(QUIC): Add listeners for specifc types of frame here. E.g. we might
+ * TODO(QUIC): Add listeners for specific types of frame here. E.g. we might
* expect to see an "ACK" frame listener which will be passed pre-parsed ack
* data that can be modified as required.
*/
size_t *extlen);
/*
- * TODO(QUIC): Add additional helper functions for quering extensions here (e.g.
+ * TODO(QUIC): Add additional helper functions for querying extensions here (e.g.
* finding or adding them). We could also provide a "listener" API for listening
* for specific extension types
*/
* TODO(QUIC): We should expect an error on the queue after this - but we
* don't have it yet.
* Note, just raising the error in the obvious place causes SSL_tick() to
- * succeed, but leave a suprious error on the stack. We need to either
+ * succeed, but leave a spurious error on the stack. We need to either
* allow SSL_tick() to fail, or somehow delay the raising of the error
* until the SSL_read() call.
*/
An OTC document provided the following analysis.
-There are differents types of application that we need to cater for:
+There are different types of application that we need to cater for:
* Simple clients that just do basic SSL_read/SSL_write or BIO_read/BIO_write
interactions. We want to be able to enable them to transfer to using single
*/
/*
- * An OSSL_RECORD_METHOD is a protcol specific method which provides the
+ * An OSSL_RECORD_METHOD is a protocol specific method which provides the
* functions for reading and writing records for that protocol. Which
* OSSL_RECORD_METHOD to use for a given protocol is defined by the SSL_METHOD.
*/
int (*processed_read_pending)(OSSL_RECORD_LAYER *rl);
/*
- * The amount of processed app data that is internally bufferred and
+ * The amount of processed app data that is internally buffered and
* available to read
*/
size_t (*app_data_pending)(OSSL_RECORD_LAYER *rl);
=item context
-A reference to user supplied contextual informaton. The event queue passes
+A reference to user supplied contextual information. The event queue passes
this to callbacks and never dereferences the pointer.
=item payload, payload_size
/*
* SHA-1 low level APIs are deprecated for public use, but still ok for
* internal use. Note, that due to symbols not being exported, only the
- * #defines and strucures can be accessed, in this case SHA_CBLOCK and
+ * #defines and structures can be accessed, in this case SHA_CBLOCK and
* sizeof(SHA_CTX).
*/
#include "internal/deprecated.h"
* Linux pre-4.14)
*
* OSSL_TFO_DO_NOT_CONNECT
- * Defined to skip calling conect() when creating a
+ * Defined to skip calling connect() when creating a
* client socket (macOS, FreeBSD, Linux pre-4.14)
*/
# pragma once
/*
- * IS_LITTLE_ENDIAN and IS_BIG_ENDIAN can be used to detect the endiannes
+ * IS_LITTLE_ENDIAN and IS_BIG_ENDIAN can be used to detect the endianness
* at compile time. To use it, DECLARE_IS_ENDIAN must be used to declare
* a variable.
*
*
* The event parameters are taken from the function arguments.
*
- * The function reutrns NULL on failure and the added event on success.
+ * The function returns NULL on failure and the added event on success.
*/
OSSL_EVENT *ossl_event_queue_add_new(OSSL_EVENT_QUEUE *queue,
uint32_t type, uint32_t priority,
*
* The event parameters are taken from the function arguments.
*
- * The function reutrns 0 on failure and 1 on success.
+ * The function returns 0 on failure and 1 on success.
*/
int ossl_event_queue_add(OSSL_EVENT_QUEUE *queue, OSSL_EVENT *event,
uint32_t type, uint32_t priority,
/*
* Starts a QUIC sub-packet headed by a QUIC variable-length integer. max_len
* specifies the upper bound for the sub-packet size at the time the sub-packet
- * is closed, which determines the encoding size for tthe variable-length
+ * is closed, which determines the encoding size for the variable-length
* integer header. max_len can be a precise figure or a worst-case bound
* if a precise figure is not available.
*/
*
* This interface is broadly based on the design described in RFC 9002. However,
* the demarcation between the ACKM and the congestion controller does not
- * exactly match that delineated in the RFC 9002 psuedocode. Where aspects of
+ * exactly match that delineated in the RFC 9002 pseudocode. Where aspects of
* the demarcation involve the congestion controller accessing internal state of
* the ACKM, the interface has been revised where possible to provide the
* information needed by the congestion controller and avoid needing to give the
*/
/*
- * An OSSL_RECORD_METHOD is a protcol specific method which provides the
+ * An OSSL_RECORD_METHOD is a protocol specific method which provides the
* functions for reading and writing records for that protocol. Which
* OSSL_RECORD_METHOD to use for a given protocol is defined by the SSL_METHOD.
*/
int (*processed_read_pending)(OSSL_RECORD_LAYER *rl);
/*
- * The amount of processed app data that is internally bufferred and
+ * The amount of processed app data that is internally buffered and
* available to read
*/
size_t (*app_data_pending)(OSSL_RECORD_LAYER *rl);
OSSL_DEPRECATEDIN_3_0 EC_KEY *EC_KEY_new_method(ENGINE *engine);
/** The old name for ecdh_KDF_X9_63
- * The ECDH KDF specification has been mistakingly attributed to ANSI X9.62,
+ * The ECDH KDF specification has been mistakenly attributed to ANSI X9.62,
* it is actually specified in ANSI X9.63.
* This identifier is retained for backwards compatibility
*/
ossl_gcm_init_4bit(Htable, (u64*)tmp);
}
-/* Implmentation of POLYVAL via existing GHASH implementation */
+/* Implementation of POLYVAL via existing GHASH implementation */
void ossl_polyval_ghash_hash(const u128 Htable[16], uint8_t *tag, const uint8_t *inp, size_t len)
{
uint64_t out[2];
if ((bytes % 15) == 0 && bytes > 0) {
if (BIO_printf(out, ":\n%s", spaces) <= 0)
goto err;
- use_sep = 0; /* The first byte on the next line doesnt have a : */
+ use_sep = 0; /* The first byte on the next line doesn't have a : */
}
if (BIO_printf(out, "%s%c%c", use_sep ? ":" : "",
tolower(p[0]), tolower(p[1])) <= 0)
ctx->md = EVP_MD_fetch(ctx->libctx, "blake2b512", ctx->propq);
if (ctx->md == NULL) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST,
- "canot fetch blake2b512");
+ "cannot fetch blake2b512");
return 0;
}
/* Add the carry to the top of the dst if inlen is not the same size */
for (i = drbg->seedlen - inlen; i > 0; --i, d--) {
*d += 1; /* Carry can only be 1 */
- if (*d != 0) /* exit if carry doesnt propagate to the next byte */
+ if (*d != 0) /* exit if carry doesn't propagate to the next byte */
break;
}
}
* n) will no longer be processed. Although datagrams may be reordered in the
* network, a PN we receive can only become provably ACKed after our own
* subsequently generated ACK frame is sent in a future TX packet, and then we
- * receive another RX PN acknowleding that TX packet. This means that a given RX
+ * receive another RX PN acknowledging that TX packet. This means that a given RX
* PN can only become provably ACKed at least 1 RTT after it is received; it is
* unlikely that any reordered datagrams will still be "in the network" (and not
* lost) by this time. If this does occur for whatever reason and a late PN is
* we use to keep track of which PNs we have received but which have not yet
* been provably ACKed, and thus will later need to generate an ACK frame for.
*
- * The correspondance with the logical states discussed above is as follows. A
+ * The correspondence with the logical states discussed above is as follows. A
* PN is in state (C) if it is below the watermark; otherwise it is in state (B)
* if it is in the logical set of PNs, and in state (A) otherwise.
*
}
/*
- * Bump watermark to cover all PNs we removed to avoid accidential
+ * Bump watermark to cover all PNs we removed to avoid accidental
* reprocessing of packets.
*/
if (highest != QUIC_PN_INVALID)
case QUIC_CHANNEL_STATE_TERMINATING_DRAINING:
/*
* Other than in the force-immediate case, we remain here until the
- * timout expires.
+ * timeout expires.
*/
if (force_immediate)
ch_on_terminating_timeout(ch);
* QUIC channel internals. It is intended that only the QUIC_CHANNEL
* implementation and the RX depacketiser be allowed to access this structure
* directly. As the RX depacketiser has no state of its own and computes over a
- * QUIC_CHANNEL structure, it can be viewed as an extention of the QUIC_CHANNEL
+ * QUIC_CHANNEL structure, it can be viewed as an extension of the QUIC_CHANNEL
* implementation. While the RX depacketiser could be provided with adequate
* accessors to do what it needs, this would weaken the abstraction provided by
* the QUIC_CHANNEL to other components; moreover the coupling of the RX
/* each decoded record goes in here */
TLS_RL_RECORD rrec[SSL_MAX_PIPELINES];
- /* How many records have we got available in the rrec bufer */
+ /* How many records have we got available in the rrec buffer */
size_t num_recs;
/* The record number in the rrec buffer that can be read next */
*/
unsigned int max_frag_len;
- /* The maxium amount of early data we can receive/send */
+ /* The maximum amount of early data we can receive/send */
uint32_t max_early_data;
/* The amount of early data that we have sent/received */
DTLS_BITMAP next_bitmap;
/*
- * Whether we are currently in a hanshake or not. Only maintained for DTLS
+ * Whether we are currently in a handshake or not. Only maintained for DTLS
*/
int in_init;
&& !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md))
return OSSL_RECORD_RETURN_FATAL;
- /* Calculate the explict IV length */
+ /* Calculate the explicit IV length */
if (RLAYER_USE_EXPLICIT_IV(rl)) {
int mode = EVP_CIPHER_CTX_get_mode(ciph_ctx);
int eivlen = 0;
if (SSL_CONNECTION_IS_TLS13(sc)) {
/*
- * Only send extensions relevent to raw public keys. Until such
+ * Only send extensions relevant to raw public keys. Until such
* extensions are defined, this will be an empty set of extensions.
* |x509| may be NULL, which raw public-key extensions need to handle.
*/
}
/*
- * Used to determine if we shoud send a CompressedCertificate message
+ * Used to determine if we should send a CompressedCertificate message
*
* Returns the algorithm to use, TLSEXT_comp_cert_none means no compression
*/
&res, NULL)))
goto err;
- /* Provided seed doesnt produce a valid prime q */
+ /* Provided seed doesn't produce a valid prime q */
ossl_ffc_params_set_validate_params(¶ms, dsa_2048_224_sha224_bad_seed,
sizeof(dsa_2048_224_sha224_bad_seed),
dsa_2048_224_sha224_counter);
QUIC_PKT_HDR pplainhdr;
/* iovec for the plaintext packet data buffer */
OSSL_QTX_IOVEC pplainio;
- /* Allocted size of the plaintext packet data buffer */
+ /* Allocated size of the plaintext packet data buffer */
size_t pplainbuf_alloc;
qtest_fault_on_packet_plain_cb pplaincb;
void *pplaincbarg;
/*
* We're cheating. We don't take any notice of SSL_get_tick_timeout()
- * and tick everytime around the loop anyway. This is inefficient. We
+ * and tick every time around the loop anyway. This is inefficient. We
* can get away with it in test code because we control both ends of
* the communications and don't expect network delays. This shouldn't
* be done in a real application.
int qtest_fault_resize_handshake(QTEST_FAULT *fault, size_t newlen);
/*
- * TODO(QUIC): Add listeners for specifc types of frame here. E.g. we might
+ * TODO(QUIC): Add listeners for specific types of frame here. E.g. we might
* expect to see an "ACK" frame listener which will be passed pre-parsed ack
* data that can be modified as required.
*/
if (!TEST_ptr(rbio))
goto err;
- /* Seeting the EOF return value on a non datagram mem BIO should be fine */
+ /* Setting the EOF return value on a non datagram mem BIO should be fine */
if (!TEST_int_gt(BIO_set_mem_eof_return(rbio, 0), 0))
goto err;
* TODO(QUIC): We should expect an error on the queue after this - but we
* don't have it yet.
* Note, just raising the error in the obvious place causes
- * SSL_handle_events() to succeed, but leave a suprious error on the stack.
+ * SSL_handle_events() to succeed, but leave a spurious error on the stack.
* We need to either allow SSL_handle_events() to fail, or somehow delay the
* raising of the error until the SSL_read() call.
*/
Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
Output = "lorem ipsum"
-# positive that generates a 0 byte long synthethic message internally
+# positive that generates a 0 byte long synthetic message internally
Decrypt = RSA-2048-2
Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0
Output = "lorem ipsum"
-# positive that generates a 245 byte long synthethic message internally
+# positive that generates a 245 byte long synthetic message internally
Decrypt = RSA-2048-2
Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50
Output = "lorem ipsum"
# The old FIPS provider doesn't include the workaround (#13817)
FIPSversion = >=3.2.0
# an invalid ciphertext, with a zero byte in first byte of
-# ciphertext, decrypts to a random 11 byte long synthethic
+# ciphertext, decrypts to a random 11 byte long synthetic
# plaintext
Decrypt = RSA-2048-2
Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576
# The old FIPS provider doesn't include the workaround (#13817)
FIPSversion = >=3.2.0
# an invalid ciphertext, with a zero byte removed from first byte of
-# ciphertext, decrypts to a random 11 byte long synthethic
+# ciphertext, decrypts to a random 11 byte long synthetic
# plaintext
Decrypt = RSA-2048-2
Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3fa2162131d859cd9da5a0c8a42281d9a63e5f353971b72e36b5722e4ac444d77f892a5443deb3dca49fa732fe855727196e23c26eeac55eeced8267a209ebc0f92f4656d64a6c13f7f7ce544ebeb0f668fe3a6c0f189e4bcd5ea12b73cf63e0c8350ee130dd62f01e5c97a1e13f52fde96a9a1bc9936ce734fdd61f27b18216f1d6de87f49cf4f2ea821fb8efd1f92cdad529baf7e31aff9bff4074f2cad2b4243dd15a711adcf7de900851fbd6bcb53dac399d7c880531d06f25f7002e1aaf1722765865d2c2b902c7736acd27bc6cbd3e38b560e2eecf7d4b576
# The old FIPS provider doesn't include the workaround (#13817)
FIPSversion = >=3.2.0
# an invalid ciphertext, with two zero bytes in first bytes of
-# ciphertext, decrypts to a random 11 byte long synthethic
+# ciphertext, decrypts to a random 11 byte long synthetic
# plaintext
Decrypt = RSA-2048-2
Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645
# The old FIPS provider doesn't include the workaround (#13817)
FIPSversion = >=3.2.0
# an invalid ciphertext, with two zero bytes removed from first bytes of
-# ciphertext, decrypts to a random 11 byte long synthethic
+# ciphertext, decrypts to a random 11 byte long synthetic
# plaintext
Decrypt = RSA-2048-2
Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c26e88ea9f6519e86a542cec96aad1e5e9013c3cc203b6de15a69183050813af5c9ad79703136d4b92f50ce171eefc6aa7988ecf02f319ffc5eafd6ee7a137f8fce64b255bb1b8dd19cfe767d64fdb468b9b2e9e7a0c24dae03239c8c714d3f40b7ee9c4e59ac15b17e4d328f1100756bce17133e8e7493b54e5006c3cbcdacd134130c5132a1edebdbd01a0c41452d16ed7a0788003c34730d0808e7e14c797a21f2b45a8aa1644357fd5e988f99b017d9df37563a354c788dc0e2f9466045622fa3f3e17db63414d27761f57392623a2bef6467501c63e8d645
# The old FIPS provider doesn't include the workaround (#13817)
FIPSversion = >=3.2.0
# and invalid ciphertext, otherwise valid but starting with 000002, decrypts
-# to random 11 byte long synthethic plaintext
+# to random 11 byte long synthetic plaintext
Decrypt = RSA-2048-2
Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802f8e9a17c4cb3cd3a84041891471b10ca1fcfb5d041d34c82e6d0011cf4dc76b90e9c2e0743590579d55bcd7857057152c4a8040361343d1d22ba677d62b011407c652e234b1d663af25e2386251d7409190f19fc8ec3f9374fdf1254633874ce2ec2bff40ad0cb473f9761ec7b68da45a4bd5e33f5d7dac9b9a20821df9406b653f78a95a6c0ea0a4d57f867e4db22c17bf9a12c150f809a7b72b6db86c22a8732241ebf3c6a4f2cf82671d917aba8bc61052b40ccddd743a94ea9b538175106201971cca9d136d25081739aaf6cd18b2aecf9ad320ea3f89502f955
Output = 3d4a054d9358209e9cbbb9
# The old FIPS provider doesn't include the workaround (#13817)
FIPSversion = >=3.2.0
-# a random invalid ciphertext that generates an empty synthethic one
+# a random invalid ciphertext that generates an empty synthetic one
Decrypt = RSA-3072
Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59
Output =
# The old FIPS provider doesn't include the workaround (#13817)
FIPSversion = >=3.2.0
-# a random invalid that generates a synthethic of maximum size
+# a random invalid that generates a synthetic of maximum size
Decrypt = RSA-3072
Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6
Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04
status = create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE);
if (fips_ems_check) {
if (status == 1) {
- printf("When FIPS uses the EMS check a connection that doesnt use EMS should fail\n");
+ printf("When FIPS uses the EMS check a connection that doesn't use EMS should fail\n");
goto end;
}
} else {
* EncryptedPrivateKeyInfo structure (defined by PKCS#8). They require
* that there's an intent to encrypt, anything else is an error.
*
- * key_to_pki_* primarly produce encoded output with the private key data
+ * key_to_pki_* primarily produce encoded output with the private key data
* in a PrivateKeyInfo structure (also defined by PKCS#8). However, if
* there is an intent to encrypt the data, the corresponding key_to_epki_*
* function is used instead.
projects / openssl.git / commitdiff