*) Add X25519 support.
Add ASN.1 and EVP_PKEY methods for X25519. This includes support
for public and private key encoding using the format documented in
- draft-ietf-curdle-pkix-02. The coresponding EVP_PKEY method supports
+ draft-ietf-curdle-pkix-02. The corresponding EVP_PKEY method supports
key generation and key derivation.
TLS support complies with draft-ietf-tls-rfc4492bis-08 and uses
# On non-platforms, we just use file_name_is_absolute().
return file_name_is_absolute($file) unless $^O eq "VMS";
- # If the file spec includes a device or a directpry spec,
+ # If the file spec includes a device or a directory spec,
# file_name_is_absolute() is perfectly safe.
return file_name_is_absolute($file) if $file =~ m|[:\[]|;
OPTIONS passwd_options[] = {
{"help", OPT_HELP, '-', "Display this summary"},
- {"in", OPT_IN, '<', "Pead passwords from file"},
+ {"in", OPT_IN, '<', "Read passwords from file"},
{"noverify", OPT_NOVERIFY, '-',
"Never verify when reading password from terminal"},
{"quiet", OPT_QUIET, '-', "No warnings"},
$r++; unshift(@rndkey,pop(@rndkey));
};
-sub Xupdate_ssse3_16_31() # recall that $Xi starts wtih 4
+sub Xupdate_ssse3_16_31() # recall that $Xi starts with 4
{ use integer;
my $body = shift;
my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
$r++; unshift(@rndkey,pop(@rndkey));
};
-sub Xupdate_avx_16_31() # recall that $Xi starts wtih 4
+sub Xupdate_avx_16_31() # recall that $Xi starts with 4
{ use integer;
my $body = shift;
my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
* it was errno. To minimize mixup add 1000. Underlying
* reason for this is that hstrerror is declared obsolete,
* not to mention that a) h_errno is not always guaranteed
- * to be meanigless; b) hstrerror can reside in yet another
+ * to be meaningless; b) hstrerror can reside in yet another
* library, linking for sake of hstrerror is an overkill;
* c) this path is not executed on contemporary systems
* anyway [above getaddrinfo/gai_strerror is]. We just let
# instructions...
# (*) Engine accessing the driver in question is on my TODO list.
-# For reference, acceleator is estimated to give 6 to 10 times
+# For reference, accelerator is estimated to give 6 to 10 times
# improvement on single-threaded RSA sign. It should be noted
# that 6-10x improvement coefficient does not actually mean
# something extraordinary in terms of absolute [single-threaded]
dsize = 0;
goto err;
}
- /* dzise + 8 bytes are needed */
+ /* dsize + 8 bytes are needed */
/* actually it needs the cipher block size extra... */
data = OPENSSL_malloc((unsigned int)dsize + 20);
if (data == NULL) {
&jmp (&label("loop"));
######################################################################
-# SSE instruction sequence is first broken to groups of indepentent
+# SSE instruction sequence is first broken to groups of independent
# instructions, independent in respect to their inputs and shifter
# (not all architectures have more than one). Then IALU instructions
# are "knitted in" between the SSE groups. Distance is maintained for
#
# Temporary registers usage. X[2] is volatile at the entry and at the
# end is restored from backtrace ring buffer. X[3] is expected to
-# contain current K_XX_XX constant and is used to caclulate X[-1]+K
+# contain current K_XX_XX constant and is used to calculate X[-1]+K
# from previous round, it becomes volatile the moment the value is
# saved to stack for transfer to IALU. X[4] becomes volatile whenever
# X[-4] is accumulated and offloaded to backtrace ring buffer, at the
# end it is loaded with next K_XX_XX [which becomes X[3] in next
# round]...
#
-sub Xupdate_ssse3_16_31() # recall that $Xi starts wtih 4
+sub Xupdate_ssse3_16_31() # recall that $Xi starts with 4
{ use integer;
my $body = shift;
my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
&and (@T[0],@T[1]);
&jmp (&label("loop"));
-sub Xupdate_avx_16_31() # recall that $Xi starts wtih 4
+sub Xupdate_avx_16_31() # recall that $Xi starts with 4
{ use integer;
my $body = shift;
my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
$code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
}
-sub Xupdate_ssse3_16_31() # recall that $Xi starts wtih 4
+sub Xupdate_ssse3_16_31() # recall that $Xi starts with 4
{ use integer;
my $body = shift;
my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
jmp .Loop_avx
___
-sub Xupdate_avx_16_31() # recall that $Xi starts wtih 4
+sub Xupdate_avx_16_31() # recall that $Xi starts with 4
{ use integer;
my $body = shift;
my @insns = (&$body,&$body,&$body,&$body); # 40 instructions
)
}
-sub Xupdate_avx2_16_31() # recall that $Xi starts wtih 4
+sub Xupdate_avx2_16_31() # recall that $Xi starts with 4
{ use integer;
my $body = shift;
my @insns = (&$body,&$body,&$body,&$body,&$body); # 35 instructions
&set_label("spin");
&lea ("ebx",&DWP(0,"eax","ecx"));
&nop ();
- &data_word(0x1ab10ff0); # lock; cmpxchg %ebx,(%edx) # %eax is envolved and is always reloaded
+ &data_word(0x1ab10ff0); # lock; cmpxchg %ebx,(%edx) # %eax is involved and is always reloaded
&jne (&label("spin"));
&mov ("eax","ebx"); # OpenSSL expects the new value
&pop ("ebx");
README This file
fingerprints.txt
- PGP fingerprints of authoried release signers
+ PGP fingerprints of authorised release signers
standards.txt
Moved to the web, https://www.openssl.org/docs/standards.html
BN_rand() generates a cryptographically strong pseudo-random number of
B<bits> in length and stores it in B<rnd>.
If B<bits> is less than zero, or too small to
-accomodate the requirements specified by the B<top> and B<bottom>
+accommodate the requirements specified by the B<top> and B<bottom>
parameters, an error is returned.
The B<top> parameters specifies
requirements on the most significant bit of the generated number.
SCT_set_log_entry_type() returns 1 if the specified log entry type is supported, 0 otherwise.
SCT_set0_log_id() and B<SCT_set1_log_id> return 1 if the specified LogID is a
-valid SHA-256 hash, 0 otherwise. Aditionally, B<SCT_set1_log_id> returns 0 if
+valid SHA-256 hash, 0 otherwise. Additionally, B<SCT_set1_log_id> returns 0 if
malloc fails.
B<SCT_set_signature_nid> returns 1 if the specified NID is supported, 0 otherwise.
=head1 INHERITANCE FLAGS
-These flags spevify how parameters are "inherited" from one structure to
+These flags specify how parameters are "inherited" from one structure to
another.
If B<X509_VP_FLAG_ONCE> is set then the current setting is zeroed
=head1 RETURN VALUES
SSL_SESSION_get0_peer() returns a pointer to the peer certificate or NULL if
-no peer certificat is available.
+no peer certificate is available.
=head1 SEE ALSO
=item *
If the rbio and wbio parameters are different and the rbio is the same as the
-previously set value then one reference is consumbed for the wbio and no
+previously set value then one reference is consumed for the wbio and no
references are consumed for the rbio.
=item *
* This function writes null-terminated pathname of DSO module containing
* 'addr' into 'sz' large caller-provided 'path' and returns the number of
* characters [including trailing zero] written to it. If 'sz' is 0 or
- * negative, 'path' is ignored and required amount of charachers [including
+ * negative, 'path' is ignored and required amount of characters [including
* trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then
* pathname of cryptolib itself is returned. Negative or zero return value
* denotes error.
/*
* This is used with memory BIOs:
* BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way;
- * BIO_FLAGS_NONCLEAR_RST means we should't clear data on reset.
+ * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset.
*/
# define BIO_FLAGS_MEM_RDONLY 0x200
# define BIO_FLAGS_NONCLEAR_RST 0x400
* const void *a_;
* const nid_triple const *a = a_;
*
- * The assignement discards a const because what you really want is:
+ * The assignment discards a const because what you really want is:
*
* const int const * const *a = a_;
*
* which breaks comparison functions.
*
* Thus we end up having to cast, sadly, or unpack the
- * declarations. Or, as I finally did in this case, delcare nid_triple
+ * declarations. Or, as I finally did in this case, declare nid_triple
* to be a struct, which it should have been in the first place.
*
* Ben, August 2008.
/*
* This one is only used so that a binary form can output, as in
- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
+ * i2d_X509_NAME(X509_get_X509_PUBKEY(x), &buf)
*/
X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
}
/*
- * retrieve a buffered record that belongs to the current epoch, ie,
- * processed
+ * Retrieve a buffered record that belongs to the current epoch, i.e. processed
*/
#define dtls1_get_processed_record(s) \
dtls1_retrieve_buffered_record((s), \
{
/*
* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
- * we can "construct" a session to give us the desired check - ie. to
+ * we can "construct" a session to give us the desired check - i.e. to
* find if there's a session in the hash table that would conflict with
* any new session built out of this id/id_len and the ssl_version in use
* by this SSL.
}
/*
- * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from
- * |ssl|. On return it sets |*data| to point to |*len| bytes of protocol name
+ * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
+ * On return it sets |*data| to point to |*len| bytes of protocol name
* (not including the leading length-prefix byte). If the server didn't
* respond with a negotiated protocol then |*len| will be zero.
*/
/*
* Allocates new EVP_MD_CTX and sets pointer to it into given pointer
* variable, freeing EVP_MD_CTX previously stored in that variable, if any.
- * If EVP_MD pointer is passed, initializes ctx with this md Returns newly
- * allocated ctx;
+ * If EVP_MD pointer is passed, initializes ctx with this |md|.
+ * Returns the newly allocated ctx;
*/
EVP_MD_CTX *ssl_replace_hash(EVP_MD_CTX **hash, const EVP_MD *md)
goto err;
}
- /* test non-zero pupkey */
+ /* test non-zero pubkey */
if (BN_is_zero(bnpub_key)) {
*al = SSL_AD_DECODE_ERROR;
SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_BAD_DH_VALUE);
case TLS_ST_SW_SRVR_HELLO:
if (SSL_IS_DTLS(s)) {
/*
- * Messages we write from now on should be bufferred and
+ * Messages we write from now on should be buffered and
* retransmitted if necessary, so we need to use the timer now
*/
st->use_timer = 1;
* attempting to use them.
*/
-/* Flags which need to be set for a certificate when stict mode not set */
+/* Flags which need to be set for a certificate when strict mode not set */
#define CERT_PKEY_VALID_FLAGS \
(CERT_PKEY_EE_SIGNATURE|CERT_PKEY_EE_PARAM)
tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);
}
-/* User level utiity function to check a chain is suitable */
+/* User level utility function to check a chain is suitable */
int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
{
return tls1_check_chain(s, x, pk, chain, -1);
}
/*
- * Check security of a chain, if sk includes the end entity certificate then
- * x is NULL. If vfy is 1 then we are verifying a peer chain and not sending
+ * Check security of a chain, if |sk| includes the end entity certificate then
+ * |x| is NULL. If |vfy| is 1 then we are verifying a peer chain and not sending
* one to the peer. Return values: 1 if ok otherwise error code to use
*/
$proxy->start();
ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test");
-#Unregcognised record type tests
+#Unrecognised record type tests
#Test 10: Sending an unrecognised record type in TLS1.2 should fail
$proxy->clear();
int certlen;
if (certbio == NULL) {
- printf("Can't load the certficate file\n");
+ printf("Can't load the certificate file\n");
goto end;
}
chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
* We assume the supplied certificate is big enough so that if we add
* NUM_EXTRA_CERTS it will make the overall message large enough. The
* default buffer size is requested to be 16k, but due to the way BUF_MEM
- * works, it ends up allocing a little over 21k (16 * 4/3). So, in this test
+ * works, it ends up allocating a little over 21k (16 * 4/3). So, in this test
* we need to have a message larger than that.
*/
certlen = i2d_X509(chaincert, NULL);
/*
* We'll just use any old cert for this test - it doesn't have to be an OCSP
- * specifc one. We'll use the server cert.
+ * specific one. We'll use the server cert.
*/
certbio = BIO_new_file(cert, "r");
if (certbio == NULL) {
- printf("Can't load the certficate file\n");
+ printf("Can't load the certificate file\n");
goto end;
}
id = OCSP_RESPID_new();
/*
* We want to maintain our own refs to these BIO, so do an up ref for each
- * BIO that will have ownersip transferred in the SSL_set_bio() call
+ * BIO that will have ownership transferred in the SSL_set_bio() call
*/
if (irbio != NULL)
BIO_up_ref(irbio);
*/
BIO_push(sslbio, membio1);
- /* Verify chaning the rbio/wbio directly does not cause leaks */
+ /* Verify changing the rbio/wbio directly does not cause leaks */
if (fix.change_bio != NO_BIO_CHANGE) {
membio2 = BIO_new(BIO_s_mem());
if (membio2 == NULL) {
* next_protos_parse parses a comma separated list of strings into a string
* in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
* outlen: (output) set to the length of the resulting buffer on success.
- * err: (maybe NULL) on failure, an error message line is written to this BIO.
* in: a NUL terminated string like "abc,def,ghi"
*
* returns: a malloced buffer or NULL on failure.
goto err;
}
if (SSL_version(c_ssl) != version) {
- BIO_printf(bio_err, "Unxpected version negotiated. "
+ BIO_printf(bio_err, "Unexpected version negotiated. "
"Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
ret = 1;
goto err;
# Make sure to quotify the program file on platforms that may
# have spaces or similar in their path name.
# To our knowledge, VMS is the exception where quotifying should
- # never happem.
+ # never happen.
($prog) = quotify($prog) unless $^O eq "VMS";
return $prefix.$prog;
}
projects / openssl.git / commitdiff