* Added X509_STORE_get1_objects to avoid issues with the existing
X509_STORE_get0_objects API in multi-threaded applications.
- * Support for using certificate profiles and extened delayed delivery in CMP
+ * Support for using certificate profiles and extended delayed delivery in CMP
This release incorporates the following potentially significant or incompatible
changes:
SET_EXPECT1(pparams, OSSL_STORE_INFO_PARAMS);
SET_EXPECT1(pcert, OSSL_STORE_INFO_CERT);
/*
- * Up to here, the follwing holds.
+ * Up to here, the following holds.
* If just one of the ppkey, ppubkey, pparams, and pcert function parameters
* is nonzero, expect > 0 indicates which type of credential is expected.
* If expect == 0, more than one of them is nonzero (multiple types expected).
}
/*
- * Try explicitly fetching the signature algoritm implementation to
+ * Try explicitly fetching the signature algorithm implementation to
* use in case the algorithm does not support EVP_PKEY_sign_init
*/
ERR_set_mark();
}
if (EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len, md, md_len) <= 0) {
BIO_printf(bio_err,
- "Error while obtaining signature bufffer length for %s.\n",
+ "Error while obtaining signature buffer length for %s.\n",
sig_name);
goto sig_err_break;
}
/* get outstanding bytes of the digest */
sub x8,x5,x2
- /* substract loaded bytes */
+ /* subtract loaded bytes */
sub x5,x5,64
/*
* main combined loop CBC
rev32 v28.16b,v28.16b /* endian swap w2 */
rev32 v29.16b,v29.16b /* endian swap w3 */
- /* substract loaded bytes */
+ /* subtract loaded bytes */
sub x5,x5,64
/*
* now we can do the loop prolog, 1st sha1 block
ld1 {v29.16b},[x3],16 /* next w3 */
sha1p q24,s22,v23.4s
- /* substract loaded bytes */
+ /* subtract loaded bytes */
sub x5,x5,64
/*
* aes_blocks_left := number after the main (sha) block is done.
add v25.4s,v25.4s,v21.4s
/* save aes res, bump aes_out_ptr */
st1 {v3.16b},[x1],16
- /* substract loaded bytes */
+ /* subtract loaded bytes */
sub x5,x5,64
/* loop if more to do */
cbnz x15,.Ldec_main_loop
/* get outstanding bytes of the digest */
sub x12,x5,x2
- /* substract loaded bytes */
+ /* subtract loaded bytes */
sub x5,x5,64
/*
rev32 v28.16b,v28.16b /* endian swap w2 */
rev32 v29.16b,v29.16b /* endian swap w3 */
- /* substract loaded bytes */
+ /* subtract loaded bytes */
sub x5,x5,64
/*
* now we can do the loop prolog, 1st sha256 block
sha256h q22, q23, v7.4s
sha256h2 q23, q21, v7.4s
- /* substract loaded bytes */
+ /* subtract loaded bytes */
sub x5,x5,64
/*
add v25.4s,v25.4s,v23.4s /* EFGH += working copy */
/* save aes res, bump aes_out_ptr */
st1 {v3.16b},[x1],16
- /* substract loaded bytes */
+ /* subtract loaded bytes */
sub x5,x5,64
cbnz x15,.Ldec_main_loop /* loop if more to do */
/*
vpxorq %zmm6,%zmm5,%zmm5{%k2}
vpxord %zmm5,%zmm7,%zmm10
- # Make next 8 tweek values by all x 2^8
+ # Make next 8 tweak values by all x 2^8
vpsrldq \$0xf,%zmm9,%zmm13
vpclmulqdq \$0x0,%zmm25,%zmm13,%zmm14
vpslldq \$0x1,%zmm9,%zmm11
jmp .L_do_n_blocks_${rndsuffix}
.L_start_by8_${rndsuffix}:
- # Make first 7 tweek values
+ # Make first 7 tweak values
vbroadcasti32x4 ($TW),%zmm0
vbroadcasti32x4 shufb_15_7(%rip),%zmm8
mov \$0xaa,$tmp1
OPENSSL_ia32cap_P[index + 1] = (unsigned int)(vecx >> 32);
}
}
- /* skip delimeter */
+ /* skip delimiter */
if ((env = ossl_strchr(env, ':')) != NULL)
env++;
} else { /* zeroize the next two indexes */
* function to put it to good use, or maybe affect it.
*
* NOTE: even though EVP_PKEY_CTX_ctrl return value is documented
- * as return positive on Success and 0 or negative on falure. There
+ * as return positive on Success and 0 or negative on failure. There
* maybe parameters (e.g. ecdh_cofactor), which actually return 0
* as success value. That is why we do POST_PARAMS_TO_CTRL for 0
* value as well
if (*p != '\r' && *p != '\n')
break;
}
- if (*p != '\0') /* not end of headers or not end of error reponse content */
+ if (*p != '\0') /* not end of headers or not end of error response content */
goto next_line;
/* Found blank line(s) indicating end of headers */
{
uint16_t sum = 0;
uint16_t i;
- /* Largest size is 8 * 32 / 1 = 256 (which doesnt quite fit into 8 bits) */
+ /* Largest size is 8 * 32 / 1 = 256 (which doesn't quite fit into 8 bits) */
uint16_t bytes = (8 * params->n / params->w);
uint16_t end = (1 << params->w) - 1;
* that returns a non finalized value of H(I || q)
* @param sig An LM_OTS_SIG object that contains C and y
* @param pub The public key LM_OTS_PARAMS
- * @param Id A 16 byte indentifier (I) associated with a LMS tree
+ * @param Id A 16 byte identifier (I) associated with a LMS tree
* @param q The leaf index of the LMS tree.
* @param msg A message to verify
* @param msglen The size of |msg|
/*
* Calculate the public key Tc using the path
- * The root hash is the hash of its 2 childrens Hash values.
+ * The root hash is the hash of its 2 children's Hash values.
* A child hash for each level is passed in by paths, and we have
* a leaf value that can be used with the path to calculate the parent
* hash.
/*
* Return whether a value that can only be 0 or 1 is non-zero, in constant time
* in practice! The return value is a mask that is all ones if true, and all
- * zeros otherwise (twos-complement arithmentic assumed for unsigned values).
+ * zeros otherwise (twos-complement arithmetic assumed for unsigned values).
*
* Although this is used in constant-time selects, we omit a value barrier
* here. Value barriers impede auto-vectorization (likely because it forces
}
/*-
- * FIPS 203, Section 4.3, Algoritm 9: "NTT".
+ * FIPS 203, Section 4.3, Algorithm 9: "NTT".
* In-place number theoretic transform of a given scalar. Note that ML-KEM's
* kPrime 3329 does not have a 512th root of unity, so this transform leaves
* off the last iteration of the usual FFT code, with the 128 relevant roots of
}
/*-
- * FIPS 203, Section 4.3, Algoritm 10: "NTT^(-1)".
+ * FIPS 203, Section 4.3, Algorithm 10: "NTT^(-1)".
* In-place inverse number theoretic transform of a given scalar, with pairs of
* entries of s->v being interpreted as elements of GF(3329^2). Just as with
* the number theoretic transform, this leaves off the first step of the normal
* GF(3329)[X]/(X^2 - 17^(2*bitreverse(i)+1)).
*
* The value of 17^(2*bitreverse(i)+1) mod 3329 is stored in the precomputed
- * ModRoots table. Note that our Barrett transform only allows us to multipy
+ * ModRoots table. Note that our Barrett transform only allows us to multiply
* two reduced numbers together, so we need some intermediate reduction steps,
* even if an uint64_t could hold 3 multiplied numbers.
*/
$code .= <<___;
vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]}
vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs
- vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduct
+ vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduction
___
}
$code .= <<___;
vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]}
vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs
- vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduct
+ vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduction
___
}
#ifndef FIPS_MODULE
OSSL_TRACE_BEGIN(PROVIDER) {
BIO_printf(trc_out,
- "(provider %s) initalizing\n", prov->name);
+ "(provider %s) initializing\n", prov->name);
} OSSL_TRACE_END(PROVIDER);
#endif
* Likely it would be good if build_chain() sets |check_signing_allowed|.
* Yet if |sk| is a list of trusted certs, as with X509_STORE_CTX_set0_trusted_stack(),
* better not set |check_signing_allowed|.
- * Maybe not touch X509_STORE_CTX_get1_issuer(), for API backward compatiblity.
+ * Maybe not touch X509_STORE_CTX_get1_issuer(), for API backward compatibility.
*/
static X509 *get0_best_issuer_sk(X509_STORE_CTX *ctx, int check_signing_allowed,
int no_dup, STACK_OF(X509) *sk, X509 *x)
* This is a simple non-blocking QUIC HTTP/1.0 server application.
* Server accepts QUIC connections. It then accepts bi-directional
* stream from client and reads request. By default it sends
- * 12345 bytes back as HHTTP/1.0 response to any GET request.
+ * 12345 bytes back as HTTP/1.0 response to any GET request.
* If GET request comes with URL for example as follows:
* /foo/bar/file_65535.txt
* then the server sends 64kB of data in HTTP/1.0 response.
* Members in poll manager deserve some explanation:
* - pm_head, holds a list of poll_event structures (connections and
* streams)
- * - pm_event_count number of events to montior in SSL_poll(3ossl)
+ * - pm_event_count number of events to monitor in SSL_poll(3ossl)
* - pm_poll_set array of events to poll on
* - pm_poll_set_sz number of slots (space) available in pm_poll_set
* - pm_need_rebuild whenever list of events to monitor in a list changes
Since the private key includes the public key as one of its components, the matrix
is also pre-computed and stored with the private key, and then need not be
regenerated during decapsulation.
-During encapsulation (typically peformed by servers), it is in principle
+During encapsulation (typically performed by servers), it is in principle
possible to save space and compute the matrix elements *just-in-time*, as each
matrix element is used exactly once.
This is not currently implemented, and the matrix is pre-computed in full.
An explicit seed can be specified by setting the key generation
**OSSL_PKEY_PARAM_ML_KEM_SEED** parameter to a 64-byte octet-string
-(concatentation of the **d** and **z** values (32-bytes each) in that order).
+(concatenation of the **d** and **z** values (32-bytes each) in that order).
KEM API
-------
Some more recent verification algorithms need to obtain the signature
before processing the data.
This is particularly important for streaming modes of operation.
-This design proposes a mechanism to accomodate these algorithms
+This design proposes a mechanism to accommodate these algorithms
and modes of operation.
New public API - API Reference
OpenSSL command line support
----------------------------
-For backwards compatability reasons `EVP_DigestSignInit_ex()`,
+For backwards compatibility reasons `EVP_DigestSignInit_ex()`,
`EVP_DigestSign()`, `EVP_DigestVerifyInit_ex()` and `EVP_DigestVerify()` may
also be used, but the digest passed in `mdname` must be NULL (i.e. it
effectively behaves the same as above).
/*
* Returns the number of bytes a receiving pipe currently has waiting to be
* read. The returned value may increase over time asynchronously but will only
- * decreate in response to an ossl_cml_read call.
+ * decrease in response to an ossl_cml_read call.
*/
size_t ossl_cml_read_available(QUIC_CML *cml, QUIC_CML_PIPE pipe_handle);
* this, applications must still ensure no events in an SSL_POLL_EVENT
* structure recorded from a previous call to this function are left over, which
* may still reference that poll descriptor. Therefore, applications must still
- * excercise caution when freeing resources which are registered, or which were
+ * exercise caution when freeing resources which are registered, or which were
* previously registered in a poll group.
*/
#define SSL_POLL_FLAG_NO_HANDLE_EVENTS (1U << 0)
for (i = 0; i < nevents; ++i) {
process_event(&events[i]); /* do something in application */
- /* We have processed the event so now reenable it. */
+ /* We have processed the event so now re-enable it. */
SSL_POLL_CHANGE_chflag(chg++, events[i].desc, events[i].instance,
SSL_POLL_EVENT_FLAG_DISABLE, 0);
++nchanges;
}
- /* Reenable any event we processed and go to sleep again. */
+ /* Re-enable any event we processed and go to sleep again. */
if (!SSL_POLL_GROUP_change_poll(pg, changes, nchanges, sizeof(changes[0]),
events, OSSL_NELEM(events), sizeof(events[0]),
NULL, 0, &nevents))
Firstly, the `SSL_POLL_METHOD` object is defined abstractly as follows:
```c
-/* API (Psuedocode) */
+/* API (Pseudocode) */
#define SSL_POLL_METHOD_CAP_IMMEDIATE (1U << 0) /* supports immediate mode */
#define SSL_POLL_METHOD_CAP_RETAINED (1U << 1) /* supports retained mode */
the *mainstream* attribute types are already listed in
`crypto/objects/objects.txt` and should be already supported:
-| Atribute Name | OID | Reference |
+| Attribute Name | OID | Reference |
|---|---|---|
| uid | 0.9.2342.19200300.100.1.1 | [RFC4519] |
| userId | 0.9.2342.19200300.100.1.1 | [RFC4519] |
EVP_SKEY_export() and EVP_SKEY_get0_raw_key() return 1 for success and 0 on failure.
EVP_SKEY_get0_skeymgmt_name() and EVP_SKEY_get0_provider_name() return the
-names of the associated EVP_SKEYMGMT object and its provider correspondigly.
+names of the associated EVP_SKEYMGMT object and its provider correspondingly.
EVP_SKEY_is_a() returns 1 if I<skey> has the key type I<name>,
otherwise 0.
will call the callback I<cb> and supply a set of L<OSSL_PARAM(3)>s describing the
capability. It will also pass back the argument I<arg>. For more details about
capabilities and what they can be used for please see
-L<provider-base(7)/CAPABILTIIES>.
+L<provider-base(7)/CAPABILITIES>.
=head1 RETURN VALUES
=item B<LEGACY_GOST_PKCS12>
=for comment
-https://tc26.ru/standarts/metodicheskie-rekomendatsii/transportnyy-klyuchevoy-konteyner.html section 5.1
+https://tc26.ru/standards/metodicheskie-rekomendatsii/transportnyy-klyuchevoy-konteyner.html section 5.1
https://tc26.ru/standard/rs/%D0%A0%2050.1.112-2016.pdf section 5
https://meganorm.ru/mega_doc/norm/prikaz/25/r_1323565_1_041-2022_rekomendatsii_po_standartizatsii.html section 7.1
If this environment variable is set, MAC generation that utilises
GOST R 34.11-94 or GOST 34.11-2012 hashing algorithms is performed the usual
way and not in accordance with the specification provided in the methodical
-recommendation MP 26.2.002-2012 (or in its later versions, standartisation
+recommendation MP 26.2.002-2012 (or in its later versions, standardisation
recommendation P 50.1.112-2016 or P 1323565.1.041-2022)
of Technical Committee 26, that specifies that the key used for MAC
generation should be the last 32 bytes of the 96-byte sequence generated
=item B<SSL_DOMAIN_FLAG_MULTI_THREAD>
-Speciyfing this flag configures the Contentive Concurrency Model (CCM) (unless
+Specifying this flag configures the Contentive Concurrency Model (CCM) (unless
B<SSL_DOMAIN_FLAG_THREAD_ASSISTED> is also specified).
If OpenSSL was built without thread support, this is identical to
int rounds:4;
int dgst:1; /* n/a in C3 */
int align:1; /* n/a in C3 */
- int ciphr:1; /* n/a in C3 */
+ int cipher:1; /* n/a in C3 */
unsigned int keygen:1;
- int interm:1;
+ int intern:1;
unsigned int encdec:1;
int ksize:2;
} b;
return -1;
/*
* Get the first byte of the buffer to tell us what operation
- * to preform
+ * to perform
*/
buffer_cursor = consume_uint8t(buf, &len, &operation);
if (buffer_cursor == NULL)
/*
* the context_string parameter can be no more than 255 bytes, so if
* our random input buffer is greater than that, we expect failure above,
- * which we check for. In that event, theres nothing more we can do here
+ * which we check for. In that event, there's nothing more we can do here
* so bail out
*/
if (expect_init_rc == 0)
* EVP_PKEY returns:
* 1 if the keys are equivalent
* 0 if the keys are not equivalent
- * -1 if the key types are differnt
+ * -1 if the key types are different
* -2 if the operation is not supported
*/
OPENSSL_assert(EVP_PKEY_eq(alice, new) == 1);
return -1;
/*
* Get the first byte of the buffer to tell us what operation
- * to preform
+ * to perform
*/
buffer_cursor = consume_uint8t(buf, &len, &operation);
if (buffer_cursor == NULL)
int security_category;
} ML_KEM_VINFO;
-/* Retrive global variant-specific parameters */
+/* Retrieve global variant-specific parameters */
const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int evp_type);
/* Known as ML_KEM_KEY via crypto/types.h */
/*
* Formats are case-insensitive, separated by spaces, tabs or commas.
- * Duplicate formats are allowed, the first occurence determines the order.
+ * Duplicate formats are allowed, the first occurrence determines the order.
*/
do {
if (*(fmt += strspn(fmt, sep)) == '\0')
if (!ossl_ml_dsa_pk_decode(ret, pk, (size_t) pk_len)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
- "errror parsing %s public key from input SPKI",
+ "error parsing %s public key from input SPKI",
params->alg);
ossl_ml_dsa_key_free(ret);
return NULL;
if (!ossl_ml_kem_parse_public_key(pubenc, (size_t) publen, ret)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
- "errror parsing %s public key from input SPKI",
+ "error parsing %s public key from input SPKI",
v->algorithm_name);
ossl_ml_kem_key_free(ret);
return NULL;
/*
* If outlen is specified, then it must report the length
* of the out buffer on input so that we can confirm
- * its size is sufficent for encapsulation
+ * its size is sufficient for encapsulation
*/
if (outlen != NULL && *outlen < nlen) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
/**
* rsasve_recover - Recovers a secret value from ciphertext using an RSA
* private key. Once, recovered, the secret value is considered to be a
- * shared secret. Algorithm is preformed as per
+ * shared secret. Algorithm is performed as per
* NIST SP 800-56B Rev 2
* 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER).
*
return BLAKE2_FINAL(out, &macctx->ctx);
}
-/* See blake2.h for parameter defintion */
+/* See blake2.h for parameter definition */
static const OSSL_PARAM *blake2_gettable_ctx_params(ossl_unused void *ctx,
ossl_unused void *provctx)
{
unsigned int mgf1_md_set : 1;
/*
* Flags to say what are the possible next external calls in what
- * consitutes the life cycle of an algorithm. The relevant calls are:
+ * constitutes the life cycle of an algorithm. The relevant calls are:
* - init
* - update
* - final
while (PACKET_remaining(&vpkt) > 0) {
/*
* We only support quic version 1 at the moment, so
- * look to see if thats offered
+ * look to see if that's offered
*/
if (!PACKET_get_net_4(&vpkt, &supported_ver))
return;
/*
* Creating a a new channel is made a bit tricky here as there is a
- * bit of a circular dependency. Initalizing a channel requires that
+ * bit of a circular dependency. Initializing a channel requires that
* the ch->tls and optionally the qlog_title be configured prior to
- * initalization, but we need the channel at least partially configured
+ * initialization, but we need the channel at least partially configured
* to create the new handshake layer, so we have to do this in a few steps.
*/
/**
* @brief Parses contents of a buffer into a validation token.
*
- * VALIDATION_TOKEN should already be initalized. Does some basic sanity checks.
+ * VALIDATION_TOKEN should already be initialized. Does some basic sanity checks.
*
* @param token Validation token to fill data in.
* @param buf Buffer of previously marshaled validation token.
}
/**
- * @brief defintions of token lifetimes
+ * @brief definitions of token lifetimes
*
* RETRY tokens are only valid for 10 seconds
* NEW_TOKEN tokens have a lifetime of 3600 sec (1 hour)
* at least 8 bytes. It means that the length of destination connection ID
* may be less than the minimum length for HKDF required by FIPS provider.
*
- * Therefore, we need to set `key-check` to zero to allow using destionation
+ * Therefore, we need to set `key-check` to zero to allow using destination
* connection ID as IKM.
*/
*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_FIPS_KEY_CHECK, &key_check);
/*
* Its also possible that someone is building a binary on a newer windows
* SDK, but running it on a runtime that doesn't support inheritance
- * supression. In that case the above will return INVALID_SOCKET, and
+ * suppression. In that case the above will return INVALID_SOCKET, and
* our response for those older platforms is to try the call again
* without the flag
*/
*
* Win32 does not support socketpair(2), and Win32 pipes are not compatible with
* Winsock select(2). This means our only means of making select(2) wakeable is
- * to artifically create a loopback TCP connection and send bytes to it.
+ * to artificially create a loopback TCP connection and send bytes to it.
*/
int ossl_rio_notifier_init(RIO_NOTIFIER *nfy)
{
/*
* Note we _dont_ take the keylog_lock here
* This is intentional, because we only free the keylog lock
- * During SSL_CTX_free, in which we already posess the lock, so
- * Theres no need to grab it again here
+ * During SSL_CTX_free, in which we already possess the lock, so
+ * There's no need to grab it again here
*/
if (oper == BIO_CB_FREE)
keylog_bio = NULL;
/* Make sure we have a global lock allocated */
if (!RUN_ONCE(&ssl_keylog_once, ssl_keylog_init)) {
/* use a trace message as a warning */
- OSSL_TRACE(TLS, "Unable to initalize keylog data\n");
+ OSSL_TRACE(TLS, "Unable to initialize keylog data\n");
goto out;
}
goto end;
/*
- * We now have the folowing lists available to make a decision for
+ * We now have the following lists available to make a decision for
* which group the server should use for key exchange :
* From client: clntgroups[clnt_num_groups],
* keyshares_arr[keyshares_cnt], encoded_pubkey_arr[keyshares_cnt]
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
(void *)seed5, (size_t)seed5_len);
/*
- * If we have a propery query string, the kdf needs to know about it in the event
+ * If we have a property query string, the kdf needs to know about it in the event
* the specific kdf in use allocated a digest as part of its implementation
*/
if (SSL_CONNECTION_GET_CTX(s)->propq != NULL)
/*
* Set groups and prepare generation of keyshares based on a string of groupnames,
* names separated by the group or the tuple delimiter, with per-group prefixes to
- * (1) add a key share for this group, (2) ignore the group if unkown to the current
+ * (1) add a key share for this group, (2) ignore the group if unknown to the current
* context, (3) delete a previous occurrence of the group in the current tuple.
*
- * The list parsing is done in two hierachical steps: The top-level step extracts the
+ * The list parsing is done in two hierarchical steps: The top-level step extracts the
* string of a tuple using tuple_cb, while the next lower step uses gid_cb to
* parse and process the groups inside a tuple
*/
}
/*
- * We check whether a tuple was completly emptied by using "-" prefix
+ * We check whether a tuple was completely emptied by using "-" prefix
* excessively, in which case we remove the tuple
*/
for (i = j = 0; j < gcb.tplcnt; j++) {
/*
* tuple_cb and gid_cb combo ensures there are no duplicates or unknown groups so we
- * can just go ahead and set the results (after diposing the existing)
+ * can just go ahead and set the results (after disposing the existing)
*/
OPENSSL_free(*grpext);
*grpext = gcb.gid_arr;
x = NULL;
}
if (x == NULL)
- BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n");
+ BIO_puts(bio, "<UNPARSABLE CERTIFICATE>\n");
else {
BIO_puts(bio, "\n------details-----\n");
X509_print_ex(bio, x, XN_FLAG_ONELINE, 0);
p = msg;
nm = d2i_X509_NAME(NULL, &p, (long)dlen);
if (!nm) {
- BIO_puts(bio, "<UNPARSEABLE DN>\n");
+ BIO_puts(bio, "<UNPARSABLE DN>\n");
} else {
X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE);
BIO_puts(bio, "\n");
--- /dev/null
+#!/bin/sh
+
+# Run codespell and apply fixes to the OpenSSL tree.
+# If you get a false positive here, the usual fix is to
+# add it to the end of the -L list of ignored words, below.
+
+codespell -w --ignore-regex '\b[a-zA-Z][a-zA-Z]\b' \
+ -L 'ADDAD, addin, adin, allws, alo, Alo, alow, anS, Buda, buildd, bve, cann, CANN, ciph, Collison, consumation, DELET, dota, Durin, ect, ede, endianess, endin, engineerr, ENGINEerr, FILETEST, filetests, htmp, inbrace, ine, informat, ISCONNECTION, isnt, KEYPAIR, keyserver, larg, LOd, Manger, Merget, nclusion, NOo, OPTIO, outin, passin, poping, pris, rewinded, shouldnot, SHS, Sorce, sover, succes, testss, Thi, tmplate, tne, uis, usign, vew, Widgits, aas, Aas, AAS, abd, ABD, accreting, AFAIR, afile, afterAll, AfterAll, Ake, ALine, allEdges, alloced, alloco, ALS, alsptd, ang, ans, ANS, aNULL, archType, arithmetics, assertIn, atLeast, AtLeast, atMost, bootup, BRE, CAF, cant, Chang, checkin, childs, circularly, Circularly, claus, Claus, clen, CLOS, Collet, compilability, compileTime, CompileTime, complies, COMPLIES, configury, co-ordinate, co-ordinates, crasher, crashers, crate, Crate, CRATE, creat, CREAT, CrOS, crypted, CRYPTED, currentY, DAA, datas, debbugs, Debbugs, dependancies, dependancy, dependant, deque, Deque, doubleclick, doubleClick, DoubleClick, dout, Dout, DOUT, dum, dur, Dur, ECT, EDE, FileTest, flate, Flate, FLATE, fpr, FPR, FPT, gord, gost, Gost, GOST, Hart, hasTable, hel, hist, HIST, HSI, ifset, iif, IIF, implementor, Implementor, implementors, Implementors, inactivate, indention, indx, inh, inout, inOut, InOut, INOUT, ist, IST, keep-alives, keypair, keyPair, Keypair, KeyPair, keypairs, keyPairs, Keypairs, KeyPairs, LAMDA, leapYear, LOD, Maked, Manuel, ment, minimise, mis, Mis, MIS, mitre, Mitre, MITRE, mmaped, msdos, MSDOS, nam, Nam, NAM, Ned, nin, Nin, nmake, NMake, NMAKE, notin, Notin, NotIn, numer, OCE, offsetp, ois, onText, OnText, openin, OptIn, origN, paeth, Paeth, PAETH, parm, pARM, Parm, PARM, parms, pARMS, Parms, PARMs, PARMS, pass-thru, pres, Pres, prevEnd, PullRequest, que, readd, Readd, readded, Readded, regArg, regArgs, requestor, Requestor, requestors, re-usable, Re-usable, re-use, Re-use, re-used, Re-used, re-uses, Re-uses, re-using, Re-using, sav, SEH, ser, Ser, SER, servent, shouldBe, siz, SIZ, SME, SOM, splitted, statics, Statics, strRange, technics, therefor, Therefor, therefrom, thirdparty, thirdParty, Thirdparty, ThirdParty, THIRDPARTY, thru, Thur, THUR, tolen, tthe, UIs, upto, upTo, uptodate, upToDate, UpToDate, useable, Useable, userA, UserA, varN, vertexes, vor, WAN, Wirth, wont, WRONLY, WTH, roperties, igest, equest, equests, ategory, couldn, wasn, ture, biom, bion, sHolder' \
+ -S '*codespell-check.sh, */LICENSE, */test/danetest.in, */test/data2.bin, */test/recipes/30-test_evp_data/evppkey_kas.txt, */test/recipes/30-test_evp_data/evppkey.txt, */3rd*[pP]arty/*, */aspell/*, */charsets/*, */chrtrans/*, */codepage/*, */data/*, */deps/*, */dict/*, */dictionaries/*, */doc*/[a-df-z][a-z]/*, */doc*/[a-z][a-z][_-][a-zA-Z][a-zA-Z]/*, */doc*/e[a-mo-z]/*, */[eE]ncode/*, */[eE]ncodings/*, */extern/*, */external/*, */externals/*, */help/[a-df-z][a-z]/*, */help/[a-z][a-z]_[A-Z][A-Z]/*, */help/es/*, */i18n/*, */icu/*, */info/[a-df-z][a-z]/*, */info/[a-z][a-z]_[A-Z][A-Z]/*, */info/es/*, */intl/*, */l10n/*, */langmap/*, */langs/*, */[lL]ang/*, */[lL]anguage/*, */[lL]anguages/*, */*[lL]ocal[ei]*/*, */man*/[a-df-z][a-z]/*, */man*/[a-z][a-z][_-][a-zA-Z][a-zA-Z]/*, */man*/e[a-mo-z]/*, */messages[_./][a-df-z][a-z][_./]*, */messages[_./][a-z][a-z]_[A-Z][A-Z][_./]*, */messages[_./]es[_./]*, */[mM]ath[jJ]ax/*, */runtime/*, */[tT]hird*[pP]arty/*, */[tT]ranslation/*, */[tT]ranslations/*, */unicode/*, */Unicode/*, */unicore/*, */vendor/*, */vendors/*, */.versions/*, *_8h.html, *_8h_source.html, *.asc, */AUTHORS*, CONTRIBUTORS*, *.crt, *.css.map, */*.desktop, */*.desktop.in, *.eps, /fonts/*, *.fr.utf-8, *.git, *__*__*.html, *.html.de, *.html.es, *.html.fr, *.html.ko.euc-kr, *.html.pt-br, *.info_[0-9], *.ipynb, *.ja.utf8, *.js.map, */[lL]ocale, localization*-[a-z][a-z].*, localization*-[a-z][a-z]_[a-zA-Z][a-zA-Z].*, *lorem-ipsum*, */.mailmap, *.min.js, *.pdf, *.pem, *.po, *.ppm, *.ps, */rfc[1-9]*.txt, *.rtf, */searchindex.js, *.sum, *.svg, *.svn, THANKS*, *.tr.utf8, *.xpm, */yarn.lock, *.zh-cn.utf8, *.zlib, ABOUT-NLS, authors.xml, CREDITS, CREDITS.TXT, DONATIONS, jquery.js, jquery.min.map, MAINTAINERS, NormalizationTest.txt, package-lock.json, UnicodeData.txt, */*[^a/]test/*, */*[^a/]tests/*, */test*/*, [cC]hange.[lL]og*, [cC]hange[lL]og*, *[._-][cC]hanges, [cC]hanges[._-]*, CHANGE.log*, CHANGELOG*, *[._-]CHANGES, CHANGES[._-]*, [cC]hanges, CHANGES, *man[12345657]/*'
'OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING' => "block_padding",
'OSSL_LIBSSL_RECORD_LAYER_PARAM_HS_PADDING' => "hs_padding",
-# Symmetric Key parametes
+# Symmetric Key parameters
'OSSL_SKEY_PARAM_RAW_BYTES' => "raw-bytes",
'OSSL_SKEY_PARAM_KEY_LENGTH' => "key-length",
);
my $test_client_port;
# Sometimes, our random selection of client ports gets unlucky
- # And we randomly select a port thats already in use. This causes
+ # And we randomly select a port that's already in use. This causes
# this test to fail, so lets harden ourselves against that by doing
# a test bind to the randomly selected port, and only continue once we
- # find a port thats available.
+ # find a port that's available.
my $test_client_addr = $have_IPv6 ? "[::1]" : "127.0.0.1";
my $found_port = 0;
for (my $i = 0; $i <= 10; $i++) {
projects / thirdparty / openssl.git / commitdiff
