spelling fixes, just comments and readme.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1413)
This commit is contained in:
klemens 2016-08-05 19:56:58 +02:00 committed by Rich Salz
parent 1ccbe6b32c
commit 6025001707
56 changed files with 82 additions and 82 deletions

40
CHANGES
View file

@ -1822,7 +1822,7 @@
possible to have different stores per SSL structure or one store in
the parent SSL_CTX. Include distinct stores for certificate chain
verification and chain building. New ctrl SSL_CTRL_BUILD_CERT_CHAIN
to build and store a certificate chain in CERT structure: returing
to build and store a certificate chain in CERT structure: returning
an error if the chain cannot be built: this will allow applications
to test if a chain is correctly configured.
@ -2065,7 +2065,7 @@
3. Check DSA/ECDSA signatures use DER.
Reencode DSA/ECDSA signatures and compare with the original received
Re-encode DSA/ECDSA signatures and compare with the original received
signature. Return an error if there is a mismatch.
This will reject various cases including garbage after signature
@ -2155,7 +2155,7 @@
*) Add additional DigestInfo checks.
Reencode DigestInto in DER and check against the original when
Re-encode DigestInto in DER and check against the original when
verifying RSA signature: this will reject any improperly encoded
DigestInfo structures.
@ -2211,7 +2211,7 @@
*) An attacker can force an error condition which causes openssl to crash
whilst processing DTLS packets due to memory being freed twice. This
can be exploited through a Denial of Service attack.
Thanks to Adam Langley and Wan-Teh Chang for discovering and researching
Thanks to Adam Langley and Wan-The Chang for discovering and researching
this issue.
(CVE-2014-3505)
[Adam Langley]
@ -2752,7 +2752,7 @@
in CMS and PKCS7 code. When RSA decryption fails use a random key for
content decryption and always return the same error. Note: this attack
needs on average 2^20 messages so it only affects automated senders. The
old behaviour can be reenabled in the CMS code by setting the
old behaviour can be re-enabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag: this is useful for debugging and testing where
an MMA defence is not necessary.
Thanks to Ivan Nestlerode <inestlerode@us.ibm.com> for discovering
@ -3048,7 +3048,7 @@
as part of the CRL checking and indicate a new error "CRL path validation
error" in this case. Applications wanting additional details can use
the verify callback and check the new "parent" field. If this is not
NULL CRL path validation is taking place. Existing applications wont
NULL CRL path validation is taking place. Existing applications won't
see this because it requires extended CRL support which is off by
default.
@ -4061,9 +4061,9 @@
This work was sponsored by Logica.
[Steve Henson]
*) Fix bug in X509_ATTRIBUTE creation: dont set attribute using
*) Fix bug in X509_ATTRIBUTE creation: don't set attribute using
ASN1_TYPE_set1 if MBSTRING flag set. This bug would crash certain
attribute creation routines such as certifcate requests and PKCS#12
attribute creation routines such as certificate requests and PKCS#12
files.
[Steve Henson]
@ -4138,7 +4138,7 @@
[Ian Lister (tweaked by Geoff Thorpe)]
*) Backport of CMS code to OpenSSL 0.9.8. This differs from the 0.9.9
implemention in the following ways:
implementation in the following ways:
Lack of EVP_PKEY_ASN1_METHOD means algorithm parameters have to be
hard coded.
@ -4336,7 +4336,7 @@
implementation in BN_mod_exp_mont_consttime().) The old name
remains as a deprecated alias.
Similary, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
Similarly, RSA_FLAG_NO_EXP_CONSTTIME is replaced by a more general
RSA_FLAG_NO_CONSTTIME flag since the RSA implementation now uses
constant-time implementations for more than just exponentiation.
Here too the old name is kept as a deprecated alias.
@ -5040,7 +5040,7 @@
*) Key-generation can now be implemented in RSA_METHOD, DSA_METHOD
and DH_METHOD (eg. by ENGINE implementations) to override the normal
software implementations. For DSA and DH, parameter generation can
also be overriden by providing the appropriate method callbacks.
also be overridden by providing the appropriate method callbacks.
[Geoff Thorpe]
*) Change the "progress" mechanism used in key-generation and
@ -5123,7 +5123,7 @@
the "shared" options was given to ./Configure or ./config.
Otherwise, they are inserted in libcrypto.a.
/usr/local/ssl/engines is the default directory for dynamic
engines, but that can be overriden at configure time through
engines, but that can be overridden at configure time through
the usual use of --prefix and/or --openssldir, and at run
time with the environment variable OPENSSL_ENGINES.
[Geoff Thorpe and Richard Levitte]
@ -5658,8 +5658,8 @@
[Steve Henson]
*) Perform some character comparisons of different types in X509_NAME_cmp:
this is needed for some certificates that reencode DNs into UTF8Strings
(in violation of RFC3280) and can't or wont issue name rollover
this is needed for some certificates that re-encode DNs into UTF8Strings
(in violation of RFC3280) and can't or won't issue name rollover
certificates.
[Steve Henson]
@ -6717,7 +6717,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
const ASN1_ITEM *it = &ASN1_INTEGER_it;
wont compile. This is used by the any applications that need to
won't compile. This is used by the any applications that need to
declare their own ASN1 modules. This was fixed by adding the option
EXPORT_VAR_AS_FN to all Win32 platforms, although this isn't strictly
needed for static libraries under Win32.
@ -7318,7 +7318,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
entropy, EGD style sockets (served by EGD or PRNGD) will automatically
be queried.
The locations /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool, and
/etc/entropy will be queried once each in this sequence, quering stops
/etc/entropy will be queried once each in this sequence, querying stops
when enough entropy was collected without querying more sockets.
[Lutz Jaenicke]
@ -7346,7 +7346,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
information from an OCSP_CERTID structure (which will be created
when the request structure is built). These are built from lower
level functions which work on OCSP_SINGLERESP structures but
wont normally be used unless the application wishes to examine
won't normally be used unless the application wishes to examine
extensions in the OCSP response for example.
Replace nonce routines with a pair of functions.
@ -7422,7 +7422,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) New function X509V3_add1_i2d(). This automatically encodes and
adds an extension. Its behaviour can be customised with various
flags to append, replace or delete. Various wrappers added for
certifcates and CRLs.
certificates and CRLs.
[Steve Henson]
*) Fix to avoid calling the underlying ASN1 print routine when
@ -7967,7 +7967,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Nils Larsch <nla@trustcenter.de>]
*) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
an end-of-file condition would erronously be flagged, when the CRLF
an end-of-file condition would erroneously be flagged, when the CRLF
was just at the end of a processed block. The bug was discovered when
processing data through a buffering memory BIO handing the data to a
BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
@ -8897,7 +8897,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
[Steve Henson]
*) When a certificate request is read in keep a copy of the
original encoding of the signed data and use it when outputing
original encoding of the signed data and use it when outputting
again. Signatures then use the original encoding rather than
a decoded, encoded version which may cause problems if the
request is improperly encoded.

View file

@ -401,7 +401,7 @@ BEGINRAW and ENDRAW lines as follows:
echo "/* haha */" > haha.h
ENDRAW[Makefile(unix)]
The word withing square brackets is the build_file configuration item
The word within square brackets is the build_file configuration item
or the build_file configuration item followed by the second word in the
build_scheme configuration item for the configured target within
parenthesis as shown above. For example, with the following relevant

View file

@ -124,7 +124,7 @@ OPTIONS ts_options[] = {
};
/*
* This comand is so complex, special help is needed.
* This command is so complex, special help is needed.
*/
static char* opt_helplist[] = {
"Typical uses:",

View file

@ -17,7 +17,7 @@
// 'and' which in turn can be assigned to M-port [there're double as
// much M-ports as there're I-ports on Itanium 2]. By sacrificing few
// registers for small constants (255, 24 and 16) to be used with
// 'shr' and 'and' instructions I can achieve better ILP, Intruction
// 'shr' and 'and' instructions I can achieve better ILP, Instruction
// Level Parallelism, and performance. This code outperforms GCC 3.3
// generated code by over factor of 2 (two), GCC 3.4 - by 70% and
// HP C - by 40%. Measured best-case scenario, i.e. aligned

View file

@ -26,7 +26,7 @@
# February 2010
#
# Rescheduling instructions to favour Power6 pipeline gave 10%
# performance improvement on the platfrom in question (and marginal
# performance improvement on the platform in question (and marginal
# improvement even on others). It should be noted that Power6 fails
# to process byte in 18 cycles, only in 23, because it fails to issue
# 4 load instructions in two cycles, only in 3. As result non-compact

View file

@ -35,7 +35,7 @@
# Skylake 2.62/3.14/3.62+7.70 8.10 +27%/34%/40%
# Bulldozer 5.77/6.89/8.00+13.7 13.7 +42%/50%/58%
#
# (*) there are XOP, AVX1 and AVX2 code pathes, meaning that
# (*) there are XOP, AVX1 and AVX2 code paths, meaning that
# Westmere is omitted from loop, this is because gain was not
# estimated high enough to justify the effort;
# (**) these are EVP-free results, results obtained with 'speed

View file

@ -4239,7 +4239,7 @@ ___
# Vinodh Gopal <vinodh.gopal@intel.com>
# Kahraman Akdemir
#
# Agressively optimized in respect to aeskeygenassist's critical path
# Aggressively optimized in respect to aeskeygenassist's critical path
# and is contained in %xmm0-5 to meet Win64 ABI requirement.
#
# int ${PREFIX}_set_encrypt_key(const unsigned char *inp,

View file

@ -683,7 +683,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
/*
* Clear context cache for type OTHER because the auto clear when we
* have a exact match wont work
* have a exact match won't work
*/
if (utype == V_ASN1_OTHER) {
asn1_tlc_clear(ctx);

View file

@ -99,7 +99,7 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
asn1_enc_free(pval, it);
/*
* If we free up as normal we will invalidate any ANY DEFINED BY
* field and we wont be able to determine the type of the field it
* field and we won't be able to determine the type of the field it
* defines. So free up in reverse order.
*/
tt = it->templates + it->tcount;

View file

@ -69,7 +69,7 @@ int BIO_socket(int domain, int socktype, int protocol, int options)
*
* options holds BIO socket options that can be used
* You should call this for every address returned by BIO_lookup
* until the connection is succesful.
* until the connection is successful.
*
* Returns 1 on success or 0 on failure. On failure errno is set
* and an error status is added to the OpenSSL error stack.
@ -144,7 +144,7 @@ int BIO_connect(int sock, const BIO_ADDR *addr, int options)
* fail. We can't tell the difference between already listening ourself to
* it and someone else listening to it when failing and errno is EADDRINUSE, so
* it's recommended to not give an error in that case if the first call was
* succesful.
* successful.
*
* When restarting the program it could be that the port is still in use. If
* you set to BIO_SOCK_REUSEADDR option it will try to reuse the port anyway.

View file

@ -92,7 +92,7 @@ BIO *BIO_new_mem_buf(const void *buf, int len)
b->max = sz;
*bb->readp = *bb->buf;
ret->flags |= BIO_FLAGS_MEM_RDONLY;
/* Since this is static data retrying wont help */
/* Since this is static data retrying won't help */
ret->num = 0;
return ret;
}

View file

@ -29,7 +29,7 @@
// ports is the same, i.e. 2, while I need 4. In other words, to this
// module Itanium2 remains effectively as "wide" as Itanium. Yet it's
// essentially different in respect to this module, and a re-tune was
// required. Well, because some intruction latencies has changed. Most
// required. Well, because some instruction latencies has changed. Most
// noticeably those intensively used:
//
// Itanium Itanium2
@ -370,7 +370,7 @@ bn_mul_words:
// The loop therefore spins at the latency of xma minus 1, or in other
// words at 6*(n+4) ticks:-( Compare to the "production" loop above
// that runs in 2*(n+11) where the low latency problem is worked around
// by moving the dependency to one-tick latent interger ALU. Note that
// by moving the dependency to one-tick latent integer ALU. Note that
// "distance" between ldf8 and xma is not latency of ldf8, but the
// *difference* between xma and ldf8 latencies.
.L_bn_mul_words_ctop:
@ -432,7 +432,7 @@ bn_mul_add_words:
// version was performing *all* additions in IALU and was starving
// for those even on Itanium 2. In this version one addition is
// moved to FPU and is folded with multiplication. This is at cost
// of propogating the result from previous call to this subroutine
// of propagating the result from previous call to this subroutine
// to L2 cache... In other words negligible even for shorter keys.
// *Overall* performance improvement [over previous version] varies
// from 11 to 22 percent depending on key length.

View file

@ -22,7 +22,7 @@
# This is drop-in MIPS III/IV ISA replacement for crypto/bn/bn_asm.c.
#
# The module is designed to work with either of the "new" MIPS ABI(5),
# namely N32 or N64, offered by IRIX 6.x. It's not ment to work under
# namely N32 or N64, offered by IRIX 6.x. It's not meant to work under
# IRIX 5.x not only because it doesn't support new ABIs but also
# because 5.x kernels put R4x00 CPU into 32-bit mode and all those
# 64-bit instructions (daddu, dmultu, etc.) found below gonna only

View file

@ -425,7 +425,7 @@ $data=<<EOF;
# r9,r10, r11 are the equivalents of c1,c2, c3.
#
# Possible optimization of loading all 8 longs of a into registers
# doesnt provide any speedup
# doesn't provide any speedup
#
xor r0,r0,r0 #set r0 = 0.Used in addze
@ -1015,7 +1015,7 @@ $data=<<EOF;
$UMULL r8,r6,r7
$UMULH r9,r6,r7
addc r11,r11,r8
addze r12,r9 # since we didnt set r12 to zero before.
addze r12,r9 # since we didn't set r12 to zero before.
addze r10,r0
#mul_add_c(a[1],b[0],c2,c3,c1);
$LD r6,`1*$BNSZ`(r4)

View file

@ -52,7 +52,7 @@
* # cd ../..
* # make; make test
*
* Q. V8plus achitecture? What kind of beast is that?
* Q. V8plus architecture? What kind of beast is that?
* A. Well, it's rather a programming model than an architecture...
* It's actually v9-compliant, i.e. *any* UltraSPARC, CPU under
* special conditions, namely when kernel doesn't preserve upper

View file

@ -20,7 +20,7 @@
# for undertaken effort are multiple. First of all, UltraSPARC is not
# the whole SPARCv9 universe and other VIS-free implementations deserve
# optimized code as much. Secondly, newly introduced UltraSPARC T1,
# a.k.a. Niagara, has shared FPU and concurrent FPU-intensive pathes,
# a.k.a. Niagara, has shared FPU and concurrent FPU-intensive paths,
# such as sparcv9a-mont, will simply sink it. Yes, T1 is equipped with
# several integrated RSA/DSA accelerator circuits accessible through
# kernel driver [only(*)], but having decent user-land software

View file

@ -58,7 +58,7 @@
#
# Modulo-scheduled inner loops allow to interleave floating point and
# integer instructions and minimize Read-After-Write penalties. This
# results in *further* 20-50% perfromance improvement [depending on
# results in *further* 20-50% performance improvement [depending on
# key length, more for longer keys] on USI&II cores and 30-80% - on
# USIII&IV.

View file

@ -294,7 +294,7 @@ if (0) {
&xor ("eax","eax"); # signal "not fast enough [yet]"
&jmp (&label("just_leave"));
# While the below code provides competitive performance for
# all key lengthes on modern Intel cores, it's still more
# all key lengths on modern Intel cores, it's still more
# than 10% slower for 4096-bit key elsewhere:-( "Competitive"
# means compared to the original integer-only assembler.
# 512-bit RSA sign is better by ~40%, but that's about all

View file

@ -1134,7 +1134,7 @@ $code.=<<___;
ldrb @t[1],[r12],#1 @ read input
subs @t[3],@t[3],#1
eor @t[0],@t[0],@t[1]
strb @t[0],[r14],#1 @ store ouput
strb @t[0],[r14],#1 @ store output
bne .Loop_tail_neon
.Ldone_neon:

View file

@ -374,7 +374,7 @@ __ecp_nistz256_div_by_2:
mov $ff,$a0,lsl#31 @ place least significant bit to most
@ significant position, now arithmetic
@ right shift by 31 will produce -1 or
@ 0, while logical rigth shift 1 or 0,
@ 0, while logical right shift 1 or 0,
@ this is how modulus is conditionally
@ synthesized in this case...
ldr $a3,[$a_ptr,#12]

View file

@ -20,7 +20,7 @@ int ossl_init_thread_start(uint64_t opts);
/*
* OPENSSL_INIT flags. The primary list of these is in crypto.h. Flags below
* are those ommitted from crypto.h because they are "reserved for internal
* are those omitted from crypto.h because they are "reserved for internal
* use".
*/
# define OPENSSL_INIT_ZLIB 0x00010000L

View file

@ -95,7 +95,7 @@
# where Tproc is time required for Karatsuba pre- and post-processing,
# is more realistic estimate. In this case it gives ... 1.91 cycles.
# Or in other words, depending on how well we can interleave reduction
# and one of the two multiplications the performance should be betwen
# and one of the two multiplications the performance should be between
# 1.91 and 2.16. As already mentioned, this implementation processes
# one byte out of 8KB buffer in 2.10 cycles, while x86_64 counterpart
# - in 2.02. x86_64 performance is better, because larger register
@ -722,7 +722,7 @@ sub mmx_loop() {
&pxor ($red[1],$red[1]);
&pxor ($red[2],$red[2]);
# Just like in "May" verson modulo-schedule for critical path in
# Just like in "May" version modulo-schedule for critical path in
# 'Z.hi ^= rem_8bit[Z.lo&0xff^((u8)H[nhi]<<4)]<<48'. Final 'pxor'
# is scheduled so late that rem_8bit[] has to be shifted *right*
# by 16, which is why last argument to pinsrw is 2, which
@ -1148,7 +1148,7 @@ my ($Xhi,$Xi) = @_;
&movdqu (&QWP(0,$Xip),$Xi);
&function_end("gcm_ghash_clmul");
} else { # Algorith 5. Kept for reference purposes.
} else { # Algorithm 5. Kept for reference purposes.
sub reduction_alg5 { # 19/16 times faster than Intel version
my ($Xhi,$Xi)=@_;

View file

@ -299,7 +299,7 @@ int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
/*
* Check validity of thisUpdate and nextUpdate fields. It is possible that
* the request will take a few seconds to process and/or the time wont be
* the request will take a few seconds to process and/or the time won't be
* totally accurate. Therefore to avoid rejecting otherwise valid time we
* allow the times to be within 'nsec' of the current time. Also to avoid
* accepting very old responses without a nextUpdate field an optional maxage

View file

@ -151,7 +151,7 @@ static int check_pem(const char *nm, const char *name)
slen = pem_check_suffix(nm, "PRIVATE KEY");
if (slen > 0) {
/*
* NB: ENGINE implementations wont contain a deprecated old
* NB: ENGINE implementations won't contain a deprecated old
* private key decode function so don't look for them.
*/
ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);

View file

@ -62,7 +62,7 @@ if ($flavour =~ /64/) {
$PUSH ="stw";
} else { die "nonsense $flavour"; }
# Define endianess based on flavour
# Define endianness based on flavour
# i.e.: linux64le
$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;

View file

@ -48,7 +48,7 @@ NON_EMPTY_TRANSLATION_UNIT
* the number of bytes requested or smaller, if the EGD pool is
* drained and the daemon signals that the pool is empty.
*
* RAND_egd(path) will query 255 bytes and use the bytes retreived to seed
* RAND_egd(path) will query 255 bytes and use the bytes retrieved to seed
* the PRNG.
* RAND_egd() is a wrapper for RAND_egd_bytes() with numbytes=255.
*/

View file

@ -157,7 +157,7 @@ if ($alt=0) {
&movd ($i>0?"mm1":"mm2",&DWP(0,$dat,$ty,4));
# (*) This is the key to Core2 and Westmere performance.
# Whithout movz out-of-order execution logic confuses
# Without movz out-of-order execution logic confuses
# itself and fails to reorder loads and stores. Problem
# appears to be fixed in Sandy Bridge...
}

View file

@ -57,7 +57,7 @@
# As was shown by Zou Nanhai loop unrolling can improve Intel EM64T
# performance by >30% [unlike P4 32-bit case that is]. But this is
# provided that loads are reordered even more aggressively! Both code
# pathes, AMD64 and EM64T, reorder loads in essentially same manner
# paths, AMD64 and EM64T, reorder loads in essentially same manner
# as my IA-64 implementation. On Opteron this resulted in modest 5%
# improvement [I had to test it], while final Intel P4 performance
# achieves respectful 432MBps on 2.8GHz processor now. For reference.

View file

@ -44,7 +44,7 @@ if ($flavour =~ /64/) {
$PUSH ="stw";
} else { die "nonsense $flavour"; }
# Define endianess based on flavour
# Define endianness based on flavour
# i.e.: linux64le
$LITTLE_ENDIAN = ($flavour=~/le$/) ? $SIZE_T : 0;

View file

@ -41,7 +41,7 @@
# level parallelism, on a given CPU implementation in this case.
#
# Special note on Intel EM64T. While Opteron CPU exhibits perfect
# perfromance ratio of 1.5 between 64- and 32-bit flavors [see above],
# performance ratio of 1.5 between 64- and 32-bit flavors [see above],
# [currently available] EM64T CPUs apparently are far from it. On the
# contrary, 64-bit version, sha512_block, is ~30% *slower* than 32-bit
# sha256_block:-( This is presumably because 64-bit shifts/rotates

View file

@ -298,7 +298,7 @@ _sparcv9_vis1_instrument:
sub %o3,%o2,%o2
sub %o4,%o3,%o3
! find minumum value
! find minimum value
cmp %o0,%o1
.word 0x38680002 !bgu,a %xcc,.+8
mov %o1,%o0

View file

@ -889,7 +889,7 @@ static int check_cert(X509_STORE_CTX *ctx)
crl = NULL;
dcrl = NULL;
/*
* If reasons not updated we wont get anywhere by another iteration,
* If reasons not updated we won't get anywhere by another iteration,
* so exit loop.
*/
if (last_reasons == ctx->current_reasons) {

View file

@ -41,7 +41,7 @@ static const X509_CRL_METHOD *default_crl_method = &int_crl_meth;
/*
* The X509_CRL_INFO structure needs a bit of customisation. Since we cache
* the original encoding the signature wont be affected by reordering of the
* the original encoding the signature won't be affected by reordering of the
* revoked field.
*/
static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,

View file

@ -129,7 +129,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
* decremented for every non-self-issued certificate in the path, but may
* be further reduced by policy constraints in a non-leaf certificate.
*
* The ultimate policy set is the interesection of all the policies along
* The ultimate policy set is the intersection of all the policies along
* the path, if we hit a certificate with an empty policy set, and explicit
* policy is required we're done.
*/

View file

@ -499,7 +499,7 @@ a blank line. Piping the mail directly to sendmail is one way to
achieve the correct format.
The supplied message to be signed or encrypted must include the
necessary MIME headers or many S/MIME clients wont display it
necessary MIME headers or many S/MIME clients won't display it
properly (if at all). You can use the B<-text> option to automatically
add plain text headers.

View file

@ -327,7 +327,7 @@ and accepted from the server.
=item B<-dtls>, B<-dtls1>, B<-dtls1_2>
These options make B<s_client> use DTLS protocols instead of TLS.
With B<-dtls>, B<s_client> will negotiate any supported DTLS protcol version,
With B<-dtls>, B<s_client> will negotiate any supported DTLS protocol version,
whilst B<-dtls1> and B<-dtls1_2> will only support DTLS1.0 and DTLS1.2
respectively.

View file

@ -72,7 +72,7 @@ this option prevents output of the encoded version of the session.
=item B<-context ID>
this option can set the session id so the output session information uses the
supplied ID. The ID can be any string of characters. This option wont normally
supplied ID. The ID can be any string of characters. This option won't normally
be used.
=back

View file

@ -331,7 +331,7 @@ a blank line. Piping the mail directly to sendmail is one way to
achieve the correct format.
The supplied message to be signed or encrypted must include the
necessary MIME headers or many S/MIME clients wont display it
necessary MIME headers or many S/MIME clients won't display it
properly (if at all). You can use the B<-text> option to automatically
add plain text headers.

View file

@ -128,7 +128,7 @@ The ASYNC_block_pause() function will prevent the currently active job from
pausing. The block will remain in place until a subsequent call to
ASYNC_unblock_pause(). These functions can be nested, e.g. if you call
ASYNC_block_pause() twice then you must call ASYNC_unblock_pause() twice in
order to reenable pausing. If these functions are called while there is no
order to re-enable pausing. If these functions are called while there is no
currently active job then they have no effect. This functionality can be useful
to avoid deadlock scenarios. For example during the execution of an ASYNC_JOB an
application acquires a lock. It then calls some cryptographic function which

View file

@ -560,7 +560,7 @@ Encrypt a string using IDEA:
EVP_CIPHER_CTX_free(ctx);
/* Need binary mode for fopen because encrypted data is
* binary data. Also cannot use strlen() on it because
* it wont be null terminated and may contain embedded
* it won't be null terminated and may contain embedded
* nulls.
*/
out = fopen(outfile, "wb");

View file

@ -179,7 +179,7 @@ CRYPTO_set_mem_functions() and CRYPTO_set_mem_debug()
return 1 on success or 0 on failure (almost
always because allocations have already happened).
CRYPTO_mem_ctrl() returns -1 if an error occured, otherwise the
CRYPTO_mem_ctrl() returns -1 if an error occurred, otherwise the
previous value of the mode.
OPENSSL_mem_debug_push() and OPENSSL_mem_debug_pop()

View file

@ -201,7 +201,7 @@ X509_STORE_CTX_get_check_issued(), X509_STORE_CTX_get_check_revocation(),
X509_STORE_CTX_get_get_crl(), X509_STORE_CTX_get_check_crl(),
X509_STORE_CTX_get_cert_crl(), X509_STORE_CTX_get_check_policy(),
X509_STORE_CTX_get_lookup_certs(), X509_STORE_CTX_get_lookup_crls()
and X509_STORE_CTX_get_cleanup() were addded in OpenSSL 1.1.0.
and X509_STORE_CTX_get_cleanup() were added in OpenSSL 1.1.0.
=head1 COPYRIGHT

View file

@ -246,7 +246,7 @@ X509_STORE_set_cert_crl(), X509_STORE_get_cert_crl(),
X509_STORE_set_check_policy(), X509_STORE_get_check_policy(),
X509_STORE_set_lookup_certs(), X509_STORE_get_lookup_certs(),
X509_STORE_set_lookup_crls(), X509_STORE_get_lookup_crls(),
X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were addded in
X509_STORE_set_cleanup() and X509_STORE_get_cleanup() were added in
OpenSSL 1.1.0.
=head1 COPYRIGHT

View file

@ -118,7 +118,7 @@ certificate B<x>. This is for the users who need to mark non-RFC3820 proxy
certificates as such, as OpenSSL only detects RFC3820 compliant ones.
X509_get_proxy_pathlen() returns the proxy certificate path length for the
given certificate B<x> if it is a proxy certicate.
given certificate B<x> if it is a proxy certificate.
=head1 NOTES

View file

@ -76,7 +76,7 @@ extern "C" {
# if OPENSSL_API_COMPAT < 0x00908000L
/* deprecated name for the flag */
# define BN_FLG_EXP_CONSTTIME BN_FLG_CONSTTIME
# define BN_FLG_FREE 0x8000 /* used for debuging */
# define BN_FLG_FREE 0x8000 /* used for debugging */
# endif
void BN_set_flags(BIGNUM *b, int n);

View file

@ -672,7 +672,7 @@ typedef struct st_dynamic_MEM_fns {
} dynamic_MEM_fns;
/*
* FIXME: Perhaps the memory and locking code (crypto.h) should declare and
* use these types so we (and any other dependant code) can simplify a bit??
* use these types so we (and any other dependent code) can simplify a bit??
*/
/* The top-level structure */
typedef struct st_dynamic_fns {

View file

@ -1502,7 +1502,7 @@ typedef struct cert_st {
unsigned char *ctypes;
size_t ctype_num;
/*
* suppported signature algorithms. When set on a client this is sent in
* supported signature algorithms. When set on a client this is sent in
* the client hello as the supported signature algorithms extension. For
* servers it represents the signature algorithms we are willing to use.
*/

View file

@ -800,7 +800,7 @@ static int dtls_get_reassembled_message(SSL *s, long *len)
s->init_num = 0;
goto redo;
} else { /* Incorrectly formated Hello request */
} else { /* Incorrectly formatted Hello request */
al = SSL_AD_UNEXPECTED_MESSAGE;
SSLerr(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE,

View file

@ -1443,8 +1443,8 @@ WORK_STATE tls_post_process_client_hello(SSL *s, WORK_STATE wst)
/*-
* we now have the following setup.
* client_random
* cipher_list - our prefered list of ciphers
* ciphers - the clients prefered list of ciphers
* cipher_list - our preferred list of ciphers
* ciphers - the clients preferred list of ciphers
* compression - basically ignored right now
* ssl version is set - sslv3
* s->session - The ssl session has been setup.

View file

@ -478,7 +478,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
unsigned char hash[EVP_MAX_MD_SIZE * 2];
int hashlen;
/* Digest cached records keeping record buffer (if present):
* this wont affect client auth because we're freezing the buffer
* this won't affect client auth because we're freezing the buffer
* at the same point (after client key exchange and before certificate
* verify)
*/

View file

@ -214,7 +214,7 @@ static unsigned char cbc_ok[32] = {
};
# ifdef SCREW_THE_PARITY
# error "SCREW_THE_PARITY is not ment to be defined."
# error "SCREW_THE_PARITY is not meant to be defined."
# error "Original vectors are preserved for reference only."
static unsigned char cbc2_key[8] =
{ 0xf0, 0xe1, 0xd2, 0xc3, 0xb4, 0xa5, 0x96, 0x87 };

View file

@ -270,7 +270,7 @@ int test_builtin(BIO *out)
}
/*
* create and verify a ecdsa signature with every availble curve (with )
* create and verify a ecdsa signature with every available curve (with )
*/
BIO_printf(out, "\ntesting ECDSA_sign() and ECDSA_verify() "
"with some internal curves:\n");

View file

@ -23,7 +23,7 @@ my $testcount = scalar @libnames;
plan tests => $testcount * 2;
note
"NOTE: developper test! It's possible that it won't run on your\n",
"NOTE: developer test! It's possible that it won't run on your\n",
"platform, and that's perfectly fine. This is mainly for developers\n",
"on Unix to check that our shared libraries are consistent with the\n",
"ordinals (util/*.num in the source tree), something that should be\n",

View file

@ -38,7 +38,7 @@ ok(run(test(["d2i_test", "ASN1_ANY", "OK",
srctop_file('test','d2i-tests','high_tag.der')])),
"Running d2i_test high_tag.der");
# Above test data but interpeted as ASN.1 INTEGER: this will be rejected
# Above test data but interpreted as ASN.1 INTEGER: this will be rejected
# because the tag is invalid.
ok(run(test(["d2i_test", "ASN1_INTEGER", "decode",
srctop_file('test','d2i-tests','high_tag.der')])),

View file

@ -110,7 +110,7 @@ sub add_frag_alert_filter
#);
#push @{$proxy->record_list}, $record;
# Now add the alert level (Fatal) as a seperate record
# Now add the alert level (Fatal) as a separate record
$byte = pack('C', TLSProxy::Message::AL_LEVEL_FATAL);
my $record = TLSProxy::Record->new(
0,

View file

@ -16,7 +16,7 @@ default_keyfile = privkey.pem
# Don't prompt for fields: use those in section directly
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extentions to add to the self signed cert
x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request