return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
}
- /* Set close-on-exec (not really neede here) */
+ /* Set close-on-exec (not really needed here) */
if (fcntl(cfd, F_SETFD, 1) == -1) {
gnutls_assert();
return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
* server. Therefore the correct cert type needs to be retrieved to be
* used for the _gnutls_get_auth_info_pcert call. If this
* function is to be called on the server side in the future, extra
- * checks need to be build in order to retrieve te correct
+ * checks need to be build in order to retrieve the correct
* certificate type.
*/
int
session->key.key.size);
/* After this point, any conditional on failure that cause differences
* in execution may create a timing or cache access pattern side
- * channel that can be used as an oracle, so tread very carefully */
+ * channel that can be used as an oracle, so treat very carefully */
/* Error handling logic:
* In case decryption fails then don't inform the peer. Just use the
* random key previously generated. (in order to avoid attack against
- * pkcs-1 formating).
+ * pkcs-1 formatting).
*
* If we get version mismatches no error is returned either. We
* proceed normally. This is to defend against the attack described
if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) {
/* In case decryption fails then don't inform
* the peer. Just use a random key. (in order to avoid
- * attack against pkcs-1 formating).
+ * attack against pkcs-1 formatting).
*/
gnutls_assert();
_gnutls_debug_log
pad = data[data_size - 1]; /* pad */
- /* Check the pading bytes (TLS 1.x).
+ /* Check the padding bytes (TLS 1.x).
* Note that we access all 256 bytes of ciphertext for padding check
* because there is a timing channel in that memory access (in certain CPUs).
*/
gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
}
- /* The server picked one of the offered cert types iff he supports
+ /* The server picked one of the offered cert types if he supports
* at least one of them and decided to do a client certificate
* request. If both parties play by the rules then we may only
* receive a cert type that we offered, i.e. one that we support.
gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
}
- /* The server picked one of the offered cert types iff he supports
+ /* The server picked one of the offered cert types if he supports
* at least one of them. If both parties play by the rules then we
* may only receive a cert type that we offered, i.e. one that we
* support. Because the world isn't as beautiful as it may seem,
/**
* hex_decode - Unpack a hex string.
- * @str: the hexidecimal string
+ * @str: the hexadecimal string
* @slen: the length of @str
* @buf: the buffer to write the data into
* @bufsize: the length of @buf
/* removed const from node_asn* to
* prevent warnings, since libtasn1 doesn't
- * use the const keywork in its functions.
+ * use the const keyword in its functions.
*/
#define _gnutls_get_gnutls_asn() ((ASN1_TYPE) _gnutls_gnutls_asn)
#define _gnutls_get_pkix() ((ASN1_TYPE) _gnutls_pkix1_asn)
bool invalid_connection; /* true or FALSE - if this session is valid */
- bool may_not_read; /* if it's 0 then we can read/write, otherwise it's forbiden to read/write
+ bool may_not_read; /* if it's 0 then we can read/write, otherwise it's forbidden to read/write
*/
bool may_not_write;
bool read_eof; /* non-zero if we have received a closure alert. */
*/
bool ignore_rdn_sequence;
- /* This is used to set an arbitary version in the RSA
+ /* This is used to set an arbitrary version in the RSA
* PMS secret. Can be used by clients to test whether the
* server checks that version. (** only used in gnutls-cli-debug)
*/
default:
gnutls_assert();
/* we shouldn't actually arrive here in any case .
- * unexpected messages should be catched after _gnutls_handshake_io_recv_int()
+ * unexpected messages should be caught after _gnutls_handshake_io_recv_int()
*/
ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
goto cleanup;
*/
#define GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO (1<<2)
/* Should return the number of bits of the public key algorithm (required for RSA-PSS)
- * It is the value that should be retuned by gnutls_pubkey_get_pk_algorithm() */
+ * It is the value that should be returned by gnutls_pubkey_get_pk_algorithm() */
#define GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS (1<<3)
/* returns information on the public key associated with userdata */
/* gnutls_connection_end_t was made redundant in 2.99.0 */
typedef unsigned int gnutls_connection_end_t _GNUTLS_GCC_ATTR_DEPRECATED;
-/* Stuff deprected in 2.x */
+/* Stuff deprecated in 2.x */
typedef gnutls_cipher_algorithm_t gnutls_cipher_algorithm
_GNUTLS_GCC_ATTR_DEPRECATED;
typedef gnutls_kx_algorithm_t gnutls_kx_algorithm
#ifdef ENABLE_ALIGN16
# define ALIGN_SIZE 16
-/* Allocate a 16-byte alligned buffer segment. The segment is not initially "owned" by
+/* Allocate a 16-byte aligned buffer segment. The segment is not initially "owned" by
* any buffer.
*
* maximum_size: Amount of data that this segment can contain.
{
/* The prime p. */
struct ecc_modulo p;
- /* Group order. FIXME: Currently, many fucntions rely on q.size ==
+ /* Group order. FIXME: Currently, many functions rely on q.size ==
p.size. This has to change for radix-51 implementation of
curve25519 mod p arithmetic. */
struct ecc_modulo q;
/* Converts a point P in jacobian coordinates into a point R in affine
coordinates. If op == 1, produce x coordinate only. If op == 2,
- produce the x coordiante only, and in also it modulo q. FIXME: For
+ produce the x coordinate only, and in also it modulo q. FIXME: For
the public interface, have separate for the three cases, and use
this flag argument only for the internal ecc->h_to_a function. */
void
if (_gnutls_fips_mode_enabled() != 0) {
cert->seed_length = 2 * (q_bits / 8) + 1;
- FIPS_RULE(cert->seed_length != seed_size, 0, "unsupported DSA seed length (is %d, shoudl be %d)\n", seed_size, cert->seed_length);
+ FIPS_RULE(cert->seed_length != seed_size, 0, "unsupported DSA seed length (is %d, should be %d)\n", seed_size, cert->seed_length);
} else {
cert->seed_length = seed_size;
}
goto cleanup;
}
- /* Done! Almost, we must compute the auxillary private values. */
+ /* Done! Almost, we must compute the auxiliary private values. */
/* a = d % (p-1) */
mpz_fdiv_r(key->a, key->d, p1);
/* A pcert struct holds a raw copy of the certificate data.
* Therefore we convert our gnutls_pubkey_t to its raw DER
* representation and copy it into our pcert. It is this raw data
- * that will be transfered to the peer via a Certificate msg.
+ * that will be transferred to the peer via a Certificate msg.
* According to the spec (RFC7250) a DER representation must be used.
*/
ret = gnutls_pubkey_export2(pubkey, GNUTLS_X509_FMT_DER, &pcert->cert);
pcert->pubkey->key_usage = key_usage;
/* A pcert struct holds a raw copy of the certificate data.
- * It is this raw data that will be transfered to the peer via a
+ * It is this raw data that will be transferred to the peer via a
* Certificate message. According to the spec (RFC7250) a DER
* representation must be used. Therefore we check the format and
* convert if necessary.
* replaced by the actual size of parameters)
*
* This function will export the PKCS11 object data. It is normal for
- * data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST
+ * data to be inaccessible and in that case %GNUTLS_E_INVALID_REQUEST
* will be returned.
*
* If the buffer provided is not long enough to hold the output, then
* @out: will contain the object data
*
* This function will export the PKCS11 object data. It is normal for
- * data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST
+ * data to be inaccessible and in that case %GNUTLS_E_INVALID_REQUEST
* will be returned.
*
* The output buffer is allocated using gnutls_malloc().
* @fmt: The format of the exported data
*
* This function will export the PKCS11 object data. It is normal for
- * data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST
+ * data to be inaccessible and in that case %GNUTLS_E_INVALID_REQUEST
* will be returned.
*
* The output buffer is allocated using gnutls_malloc().
*
* This function will return the issuer of a given certificate, if it
* is stored in the token. By default only marked as trusted issuers
- * are retuned. If any issuer should be returned specify
+ * are returned. If any issuer should be returned specify
* %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY in @flags.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
*
* This function will return the certificate with the given DN, if it
* is stored in the token. By default only marked as trusted issuers
- * are retuned. If any issuer should be returned specify
+ * are returned. If any issuer should be returned specify
* %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY in @flags.
*
* The name of the function includes issuer because it can
*
* This function will return the certificate with the given DN and @spki, if it
* is stored in the token. By default only marked as trusted issuers
- * are retuned. If any issuer should be returned specify
+ * are returned. If any issuer should be returned specify
* %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY in @flags.
*
* The name of the function includes issuer because it can
goto cleanup;
} else {
/* if the alert is FATAL or WARNING
- * return the apropriate message
+ * return the appropriate message
*/
gnutls_assert();
ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
/* IDN2_NONTRANSITIONAL automatically converts to lowercase
* IDN2_NFC_INPUT converts to NFC before toASCII conversion
*
- * Since IDN2_NONTRANSITIONAL implicitely does NFC conversion, we don't need
+ * Since IDN2_NONTRANSITIONAL implicitly does NFC conversion, we don't need
* the additional IDN2_NFC_INPUT. But just for the unlikely case that the linked
* library is not matching the headers when building and it doesn't support TR46,
* we provide IDN2_NFC_INPUT. */
str->data += req_size;
str->length -= req_size;
- /* if string becomes empty start from begining */
+ /* if string becomes empty start from beginning */
if (str->length == 0) {
str->data = str->allocd;
}
}
/* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2.
- * Returns the used signature algorihm, or a negative error code.
+ * Returns the used signature algorithm, or a negative error code.
*/
static int
_gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session,
* For TLS1.x, x<2 returns negative for failure and zero or unspecified for success.
* For TLS1.2 returns the signature algorithm used on success, or a negative error code;
*
- * Returns the used signature algorihm, or a negative error code.
+ * Returns the used signature algorithm, or a negative error code.
*/
int
_gnutls_handshake_sign_crt_vrfy(gnutls_session_t session,
goto cleanup;
}
- /* Move to the attibute type and values
+ /* Move to the attribute type and values
*/
/* Read the OID
*/
goto cleanup;
}
- do { /* Move to the attibute type and values
+ do { /* Move to the attribute type and values
*/
k2++;
k2 = 0;
- do { /* Move to the attibute type and values
+ do { /* Move to the attribute type and values
*/
k2++;
k2 = 0;
- do { /* Move to the attibute type and values
+ do { /* Move to the attribute type and values
*/
k2++;
* The @ip version must match the @cidr version (v4/v6),
* (this is not checked).
*
- * Returns: 1 if @ip lies withing @cidr, 0 otherwise
+ * Returns: 1 if @ip lies within @cidr, 0 otherwise
-*/
static unsigned ip_in_cidr(const gnutls_datum_t *ip, const gnutls_datum_t *cidr)
{
}
/* this function reads a (small) unsigned integer
- * from asn1 structs. Combines the read and the convertion
+ * from asn1 structs. Combines the read and the conversion
* steps.
*/
int
* @_nc_excluded: Corresponding excluded name constraints list
*
* This function finds the intersection of @_nc and @_nc2. The result is placed in @_nc,
- * the original @_nc is deallocated. @_nc2 is not chenged. If necessary, a universal
+ * the original @_nc is deallocated. @_nc2 is not changed. If necessary, a universal
* excluded name constraint node of the right type is added to the list provided
* in @_nc_excluded.
*
now = gnutls_time(0);
if (ntime == -1) {
- /* This is a problematic case, and there is no concensus on how
+ /* This is a problematic case, and there is no consensus on how
* to treat these responses. It doesn't contain the time after which
* the response is invalid, thus it is an OCSP response effectively
* valid forever defeating the purpose of OCSP. We set here the same
asn1_delete_structure(&safe_cont);
- /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12
+ /* Step 5. Re-encode and copy the AuthenticatedSafe into the pkcs12
* structure.
*/
result =
#include <common.h>
/* TIME functions
- * Convertions between generalized or UTC time to time_t
+ * Conversions between generalized or UTC time to time_t
*
*/
/*
** Given a struct tm representing a calendar time in UTC, convert it to
** seconds since epoch. Returns (time_t) -1 if the time is not
- ** convertable. Note that this function does not canonicalize the provided
+ ** convertible. Note that this function does not canonicalize the provided
** struct tm, nor does it allow out of range values or years before 1970.
*/
static time_t mktime_utc(const struct fake_tm *tm)
/* This macro is introduced to detect a verification output
* which indicates an unknown signer, or a signer which uses
* an insecure algorithm (e.g., sha1), something that indicates
- * a superceded signer */
+ * a superseded signer */
#define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || (output & GNUTLS_CERT_INSECURE_ALGORITHM))
#define SIGNER_WAS_KNOWN(output) (!(output & GNUTLS_CERT_SIGNER_NOT_FOUND))
* trusted CAs.
*
* Returns only 0 or 1. If 1 it means that the certificate
- * was successfuly verified.
+ * was successfully verified.
*
* 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
*
*
* This function will convert the provided name constraints type to a
* DER-encoded PKIX NameConstraints (2.5.29.30) extension. The output data in
- * @ext will be allocated usin gnutls_malloc().
+ * @ext will be allocated using gnutls_malloc().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
*
*
* This function will convert the key purposes type to a
* DER-encoded PKIX ExtKeyUsageSyntax (2.5.29.37) extension. The output data in
- * @ext will be allocated usin gnutls_malloc().
+ * @ext will be allocated using gnutls_malloc().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
*
size_t * nr_size,
uint8_t * extnValue, int extnValueLen);
int
-_gnutls_x509_ext_gen_number(const uint8_t * nuber, size_t nr_size,
+_gnutls_x509_ext_gen_number(const uint8_t * number, size_t nr_size,
gnutls_datum_t * der_ext);
projects / thirdparty / gnutls.git / commitdiff
