Veres Lajos 10 years ago committed by Ben Laurie
parent d2625fd657
commit 478b50cf67

@ -1402,7 +1402,7 @@
*) New option -sigopt to dgst utility. Update dgst to use
EVP_Digest{Sign,Verify}*. These two changes make it possible to use
alternative signing paramaters such as X9.31 or PSS in the dgst
alternative signing parameters such as X9.31 or PSS in the dgst
utility.
[Steve Henson]
@ -6448,7 +6448,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
reveal whether illegal block cipher padding was found or a MAC
verification error occured. (Neither SSLerr() codes nor alerts
verification error occurred. (Neither SSLerr() codes nor alerts
are directly visible to potential attackers, but the information
may leak via logfiles.)
@ -8855,7 +8855,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
*) Bugfix: ssl23_get_client_hello did not work properly when called in
state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
but a retry condition occured while trying to read the rest.
but a retry condition occurred while trying to read the rest.
[Bodo Moeller]
*) The PKCS7_ENC_CONTENT_new() function was setting the content type as
@ -9780,7 +9780,7 @@ des-cbc 3624.96k 5258.21k 5530.91k 5624.30k 5628.26k
other platforms details on the command line without having to patch the
Configure script everytime: One now can use ``perl Configure
<id>:<details>'', i.e. platform ids are allowed to have details appended
to them (seperated by colons). This is treated as there would be a static
to them (separated by colons). This is treated as there would be a static
pre-configured entry in Configure's %table under key <id> with value
<details> and ``perl Configure <id>'' is called. So, when you want to
perform a quick test-compile under FreeBSD 3.1 with pgcc and without

@ -29,7 +29,7 @@ eric (about to go bushwalking for the 4 day easter break :-)
7-Jan-98
- Finally reworked the cipher string to ciphers again, so it
works correctly
- All the app_data stuff is now ex_data with funcion calls to access.
- All the app_data stuff is now ex_data with function calls to access.
The index is supplied by a function and 'methods' can be setup
for the types that are called on XXX_new/XXX_free. This lets
applications get notified on creation and destruction. Some of
@ -937,7 +937,7 @@ Reasons to start playing with version 0.5.0
certificate, it is my aim to use perl5/Tk but I don't have time to do
this right now. It will generate the certificates but the management
scripts still need to be written. This is not a hard task.
- Things have been cleaned up alot.
- Things have been cleaned up a lot.
- Have a look at the enc and dgst programs in the apps directory.
- It supports v3 of x509 certiticates.

@ -1590,7 +1590,7 @@ if ($aes_obj =~ /\.o$/)
# aes-ctr.o is not a real file, only indication that assembler
# module implements AES_ctr32_encrypt...
$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
# aes-xts.o indicates presense of AES_xts_[en|de]crypt...
# aes-xts.o indicates presence of AES_xts_[en|de]crypt...
$cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
$aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
$aes_obj =~ s/\s*(vp|bs)aes-\w*\.o//g if ($fipscanisterinternal eq "y");

2
FAQ

@ -721,7 +721,7 @@ working across wider range of *BSD branches, not just OpenBSD.
If the test program in question fails withs SIGILL, Illegal Instruction
exception, then you more than likely to run SSE2-capable CPU, such as
Intel P4, under control of kernel which does not support SSE2
instruction extentions. See accompanying INSTALL file and
instruction extensions. See accompanying INSTALL file and
OPENSSL_ia32cap(3) documentation page for further information.
* Why does compiler fail to compile sha512.c?

@ -79,7 +79,7 @@
compiler flags for any other CPU specific configuration,
e.g. "-m32" to build x86 code on an x64 system.
no-sse2 Exclude SSE2 code pathes. Normally SSE2 extention is
no-sse2 Exclude SSE2 code pathes. Normally SSE2 extension is
detected at run-time, but the decision whether or not the
machine code will be executed is taken solely on CPU
capability vector. This means that if you happen to run OS

@ -378,7 +378,7 @@ The openssl program has numerous options and can be used for many different
things. Many of the options operate in an interactive mode requiring the
user to enter data. Because of this, a default screen is created for the
program. However, when running the test script it is not desirable to
have a seperate screen. Therefore, the build also creates openssl2.nlm.
have a separate screen. Therefore, the build also creates openssl2.nlm.
Openssl2.nlm is functionally identical but uses the console screen.
Openssl2 can be used when a non-interactive mode is desired.

@ -66,7 +66,7 @@ static LHASH *error_hash=NULL;
static LHASH *thread_hash=NULL;
several files have routines with static "init" to track if error strings
have been loaded ( may not want seperate error strings for each process )
have been loaded ( may not want separate error strings for each process )
The "init" variable can't be left "global" because the error has is a ptr
that is malloc'ed. The malloc'ed error has is dependant on the "init"
vars.

@ -148,7 +148,7 @@
static const char *ca_usage[]={
"usage: ca args\n",
"\n",
" -verbose - Talk alot while doing things\n",
" -verbose - Talk a lot while doing things\n",
" -config file - A config file\n",
" -name arg - The particular CA definition to use\n",
" -gencrl - Generate a new CRL\n",
@ -179,7 +179,7 @@ static const char *ca_usage[]={
" -utf8 - input characters are UTF8 (default ASCII)\n",
" -multivalue-rdn - enable support for multivalued RDNs\n",
" -extensions .. - Extension section (override value in config file)\n",
" -extfile file - Configuration file with X509v3 extentions to add\n",
" -extfile file - Configuration file with X509v3 extensions to add\n",
" -crlexts .. - CRL extension section (override value in config file)\n",
#ifndef OPENSSL_NO_ENGINE
" -engine e - use engine e, possibly a hardware device.\n",
@ -994,7 +994,7 @@ bad:
}
/*****************************************************************/
/* Read extentions config file */
/* Read extensions config file */
if (extfile)
{
extconf = NCONF_new(NULL);

@ -55,7 +55,7 @@ crl = $dir]crl.pem # The current CRL
private_key = $dir.private]cakey.pem# The private key
RANDFILE = $dir.private].rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
@ -107,7 +107,7 @@ default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret

@ -55,7 +55,7 @@ crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem# The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
x509_extensions = usr_cert # The extensions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
@ -107,7 +107,7 @@ default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
x509_extensions = v3_ca # The extensions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret

@ -1866,7 +1866,7 @@ SSL_set_tlsext_status_ids(con, ids);
if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
{
BIO_printf(bio_err,"TIMEOUT occured\n");
BIO_printf(bio_err,"TIMEOUT occurred\n");
}
if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))

@ -2359,7 +2359,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
{
BIO_printf(bio_err,"TIMEOUT occured\n");
BIO_printf(bio_err,"TIMEOUT occurred\n");
}
if (i <= 0) continue;

@ -84,7 +84,7 @@
static char *srp_usage[]={
"usage: srp [args] [user] \n",
"\n",
" -verbose Talk alot while doing things\n",
" -verbose Talk a lot while doing things\n",
" -config file A config file\n",
" -name arg The particular srp definition to use\n",
" -srpvfile arg The srp verifier file name\n",

@ -17,10 +17,10 @@ is returned as 1.
=====
I have not tested the following but it is reported by holtzman@mit.edu.
SSLref clients wait to recieve a server-verify before they send a
SSLref clients wait to receive a server-verify before they send a
client-finished. Besides this not being evident from the examples in
2.2.1, it makes more sense to always send all packets you can before
reading. SSLeay was waiting in the server to recieve a client-finish
reading. SSLeay was waiting in the server to receive a client-finish
before sending the server-verify :-). I have changed SSLeay to send a
server-verify before trying to read the client-finished.

@ -382,7 +382,7 @@ esac
#
# Do the Apollo stuff first. Here, we just simply assume
# that the existance of the /usr/apollo directory is proof
# that the existence of the /usr/apollo directory is proof
# enough
if [ -d /usr/apollo ]; then
echo "whatever-apollo-whatever"
@ -862,7 +862,7 @@ case "$GUESSOS" in
*) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
esac
# NB: This atalla support has been superceded by the ENGINE support
# NB: This atalla support has been superseded by the ENGINE support
# That contains its own header and definitions anyway. Support can
# be enabled or disabled on any supported platform without external
# headers, eg. by adding the "hw-atalla" switch to ./config or

@ -95,7 +95,7 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
/* Do reference counting. The value 'op' decides what to do.
* if it is +1 then the count is incremented. If op is 0 count is
* set to 1. If op is -1 count is decremented and the return value
* is the current refrence count or 0 if no reference count exists.
* is the current reference count or 0 if no reference count exists.
*/
int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)

@ -19,7 +19,7 @@ a 2 times speedup :-).
There are 3 versions of assember for the HP PA-RISC.
pa-risc.s is the origional one which works fine and generated using gcc :-)
pa-risc.s is the original one which works fine and generated using gcc :-)
pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
by Chris Ruemmler from HP (with some help from the HP C compiler).

@ -71,7 +71,7 @@
*
* Q. 64-bit registers under 32-bit kernels? Didn't you just say it
* doesn't work?
* A. You can't adress *all* registers as 64-bit wide:-( The catch is
* A. You can't address *all* registers as 64-bit wide:-( The catch is
* that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
* preserved if you're in a leaf function, i.e. such never calling
* any other functions. All functions in this module are leaf and

@ -867,7 +867,7 @@ ___
$code =~ s/\`([^\`]*)\`/eval($1)/gem;
# Below substitution makes it possible to compile without demanding
# VIS extentions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I
# VIS extensions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I
# dare to do this, because VIS capability is detected at run-time now
# and this routine is not called on CPU not capable to execute it. Do
# note that fzeros is not the only VIS dependency! Another dependency

@ -333,7 +333,7 @@ ___
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis3 {

@ -1,3 +1,3 @@
Cache RECP_CTX values
make the result argument independant of the inputs.
make the result argument independent of the inputs.
split up the _exp_ functions

@ -68,7 +68,7 @@ Version 3.26
Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
SIGWINCH case put in des_read_passwd() so the function does not
'exit' if this function is recieved.
'exit' if this function is received.
Version 3.25 17/07/96
Modified read_pwd.c so that stdin can be read if not a tty.

@ -272,7 +272,7 @@ define(ip_macro, {
! other half (use).
!
! In this version we do two rounds in a loop repeated 7 times
! and two rounds seperately.
! and two rounds separately.
!
! One half has the bits for the sboxes in the following positions:
!
@ -1542,7 +1542,7 @@ DES_ncbc_encrypt:
xor global4, local1, out5 ! iv xor next block
ba .ncbc.enc.next.block_2
add in1, 8, in1 ! output adress
add in1, 8, in1 ! output address
.ncbc.enc.next.block_fp:

@ -1,5 +1,5 @@
#
# Origional BC Makefile from Teun <Teun.Nijssen@kub.nl>
# Original BC Makefile from Teun <Teun.Nijssen@kub.nl>
#
#
CC = bcc

@ -200,7 +200,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
/* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
* that the AlgorithmIdentifier contains the paramaters, the private key
* that the AlgorithmIdentifier contains the parameters, the private key
* is explcitly included and the pubkey must be recalculated.
*/

@ -1,4 +1,4 @@
The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
The original FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
examples. This is an updated version that uses SHA-1 (FIPS 180-1)
supplied to me by Wei Dai
--

@ -109,14 +109,14 @@ typedef struct dso_st DSO;
/* The function prototype used for method functions (or caller-provided
* callbacks) that transform filenames. They are passed a DSO structure pointer
* (or NULL if they are to be used independantly of a DSO object) and a
* (or NULL if they are to be used independently of a DSO object) and a
* filename to transform. They should either return NULL (if there is an error
* condition) or a newly allocated string containing the transformed form that
* the caller will need to free with OPENSSL_free() when done. */
typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
/* The function prototype used for method functions (or caller-provided
* callbacks) that merge two file specifications. They are passed a
* DSO structure pointer (or NULL if they are to be used independantly of
* DSO structure pointer (or NULL if they are to be used independently of
* a DSO object) and two file specifications to merge. They should
* either return NULL (if there is an error condition) or a newly allocated
* string containing the result of merging that the caller will need
@ -202,7 +202,7 @@ struct dso_st
* be used in DSO_load() in place of meth->dso_merger. NB: This
* should normally set using DSO_set_merger(). */
DSO_MERGER_FUNC merger;
/* This is populated with (a copy of) the platform-independant
/* This is populated with (a copy of) the platform-independent
* filename used for this DSO. */
char *filename;
/* This is populated with (a copy of) the translated filename by which
@ -231,7 +231,7 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
* replaced. Return value is non-zero for success. */
int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
DSO_NAME_CONVERTER_FUNC *oldcb);
/* These functions can be used to get/set the platform-independant filename
/* These functions can be used to get/set the platform-independent filename
* used for a DSO. NB: set will fail if the DSO is already loaded. */
const char *DSO_get_filename(DSO *dso);
int DSO_set_filename(DSO *dso, const char *filename);

@ -124,7 +124,7 @@ static int dl_load(DSO *dso)
shl_t ptr = NULL;
/* We don't do any fancy retries or anything, just take the method's
* (or DSO's if it has the callback set) best translation of the
* platform-independant filename and try once with that. */
* platform-independent filename and try once with that. */
char *filename= DSO_convert_filename(dso, NULL);
if(filename == NULL)
@ -315,7 +315,7 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
* unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the
* same time, there's no great duplicating the code. Figuring out an elegant
* way to share one copy of the code would be more difficult and would not
* leave the implementations independant. */
* leave the implementations independent. */
#if defined(__hpux)
static const char extension[] = ".sl";
#else

@ -235,7 +235,7 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth);
* \param order the order of the group generated by the generator.
* \param cofactor the index of the sub-group generated by the generator
* in the group of all points on the elliptic curve.
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
@ -249,7 +249,7 @@ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
* \param group EC_GROUP object
* \param order BIGNUM to which the order is copied
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
@ -257,7 +257,7 @@ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
* \param group EC_GROUP object
* \param cofactor BIGNUM to which the cofactor is copied
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
@ -289,7 +289,7 @@ size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
* \param a BIGNUM with parameter a of the equation
* \param b BIGNUM with parameter b of the equation
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
@ -299,7 +299,7 @@ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, co
* \param a BIGNUM for parameter a of the equation
* \param b BIGNUM for parameter b of the equation
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
@ -310,7 +310,7 @@ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *
* \param a BIGNUM with parameter a of the equation
* \param b BIGNUM with parameter b of the equation
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
@ -320,7 +320,7 @@ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, c
* \param a BIGNUM for parameter a of the equation
* \param b BIGNUM for parameter b of the equation
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
#endif
@ -424,7 +424,7 @@ void EC_POINT_clear_free(EC_POINT *point);
/** Copies EC_POINT object
* \param dst destination EC_POINT object
* \param src source EC_POINT object
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
@ -445,7 +445,7 @@ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
/** Sets a point to infinity (neutral element)
* \param group underlying EC_GROUP object
* \param point EC_POINT to set to infinity
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
@ -456,7 +456,7 @@ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
* \param y BIGNUM with the y-coordinate
* \param z BIGNUM with the z-coordinate
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
@ -468,7 +468,7 @@ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
* \param y BIGNUM for the y-coordinate
* \param z BIGNUM for the z-coordinate
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
@ -479,7 +479,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
* \param x BIGNUM with the x-coordinate
* \param y BIGNUM with the y-coordinate
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
@ -490,7 +490,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
* \param x BIGNUM for the x-coordinate
* \param y BIGNUM for the y-coordinate
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
@ -501,7 +501,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
* \param x BIGNUM with x-coordinate
* \param y_bit integer with the y-Bit (either 0 or 1)
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, int y_bit, BN_CTX *ctx);
@ -512,7 +512,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
* \param x BIGNUM with the x-coordinate
* \param y BIGNUM with the y-coordinate
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
@ -523,7 +523,7 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
* \param x BIGNUM for the x-coordinate
* \param y BIGNUM for the y-coordinate
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
@ -534,7 +534,7 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
* \param x BIGNUM with x-coordinate
* \param y_bit integer with the y-Bit (either 0 or 1)
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
const BIGNUM *x, int y_bit, BN_CTX *ctx);
@ -559,7 +559,7 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
* \param buf memory buffer with the encoded ec point
* \param len length of the encoded ec point
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
const unsigned char *buf, size_t len, BN_CTX *ctx);
@ -585,7 +585,7 @@ EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
* \param a EC_POINT object with the first summand
* \param b EC_POINT object with the second summand
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
@ -594,7 +594,7 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC
* \param r EC_POINT object for the result (r = 2 * a)
* \param a EC_POINT object
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
@ -602,7 +602,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *
* \param group underlying EC_GROUP object
* \param a EC_POINT object to be inverted (it's used for the result as well)
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
@ -641,7 +641,7 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
* \param p array of size num of EC_POINT objects
* \param m array of size num of BIGNUM objects
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
@ -652,14 +652,14 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t nu
* \param q EC_POINT object with the first factor of the second summand
* \param m BIGNUM with the second factor of the second summand
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
/** Stores multiples of generator for faster point multiplication
* \param group EC_GROUP object
* \param ctx BN_CTX object (optional)
* \return 1 on success and 0 if an error occured
* \return 1 on success and 0 if an error occurred
*/
int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
@ -844,7 +844,7 @@ int EC_KEY_generate_key(EC_KEY *key);
int EC_KEY_check_key(const EC_KEY *key);
/** Sets a public key from affine coordindates performing
* neccessary NIST PKV tests.
* necessary NIST PKV tests.
* \param key the EC_KEY object
* \param x public key x coordinate
* \param y public key y coordinate

@ -122,7 +122,7 @@ use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
ENGINE_TABLE essentially provide linker-separation of the classes so that even
if ENGINEs implement *all* possible algorithms, an application using only
EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
ENGINE code that is independant of class, and of course the ENGINE
ENGINE code that is independent of class, and of course the ENGINE
implementation that the application loaded. It will *not* however link any
class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
other APIs, such as the RSA/DSA/etc library code.

@ -189,7 +189,7 @@ end:
static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
{
int n;
/* Iterate the 'c->sk' stack removing any occurance of 'e' */
/* Iterate the 'c->sk' stack removing any occurrence of 'e' */
while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
{
(void)sk_ENGINE_delete(pile->sk, n);

@ -1038,7 +1038,7 @@ ERR_STATE *ERR_get_state(void)
ERR_STATE_free(ret); /* could not insert it */
return(&fallback);
}
/* If a race occured in this function and we came second, tmpp
/* If a race occurred in this function and we came second, tmpp
* is the first one that we just replaced. */
if (tmpp)
ERR_STATE_free(tmpp);

@ -250,7 +250,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
/* We parse the input data */
for (i=0; i<inl; i++)
{
/* If the current line is > 80 characters, scream alot */
/* If the current line is > 80 characters, scream a lot */
if (ln >= 80) { rv= -1; goto end; }
/* Get char and put it into the buffer */

@ -371,7 +371,7 @@ ___
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {

@ -530,7 +530,7 @@ ___
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis3 {

@ -207,7 +207,7 @@ static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ)
static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ)
/* The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting
* to use freed up OIDs. If neccessary the actual freeing up of OIDs is
* to use freed up OIDs. If necessary the actual freeing up of OIDs is
* delayed.
*/

@ -1,5 +1,5 @@
The perl scripts in this directory are my 'hack' to generate
multiple different assembler formats via the one origional script.
multiple different assembler formats via the one original script.
The way to use this library is to start with adding the path to this directory
and then include it.

@ -1376,7 +1376,7 @@ ___
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {

@ -1092,7 +1092,7 @@ close STDOUT;
# .rva .LSEH_end_function
# .rva function_unwind_info
#
# Reference to functon_unwind_info from .xdata segment is the anchor.
# Reference to function_unwind_info from .xdata segment is the anchor.
# In case you wonder why references are 32-bit .rvas and not 64-bit
# .quads. References put into these two segments are required to be
# *relative* to the base address of the current binary module, a.k.a.

@ -96,7 +96,7 @@ typedef struct bio_ber_struct
int depth; /* used with indefinite encoding. */
int finished; /* No more read data */
/* writting */
/* writing */
char *w_addr;
int w_offset;
int w_left;

@ -132,7 +132,7 @@ int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
c.p=ASN1_STRING_data(s);
c.max=c.p+ASN1_STRING_length(s);
if (!asn1_GetSequence(&c,&length)) goto err;
/* Length is the length of the seqence */
/* Length is the length of the sequence */
c.q=c.p;
if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)
@ -299,7 +299,7 @@ int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
c.p=ASN1_STRING_data(s);
c.max=c.p+ASN1_STRING_length(s);
if (!asn1_GetSequence(&c,&length)) goto err;
/* Length is the length of the seqence */
/* Length is the length of the sequence */
c.q=c.p;
if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL)

@ -544,7 +544,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
if (pcert == NULL)
{
/* Always attempt to decrypt all rinfo even
* after sucess as a defence against MMA timing
* after success as a defence against MMA timing
* attacks.
*/
for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)

@ -72,7 +72,7 @@
* of entropy bytes are requested. The connection is left open until the
* query is competed.
* RAND_query_egd_bytes() returns with
* -1 if an error occured during connection or communication.
* -1 if an error occurred during connection or communication.
* num the number of bytes read from the EGD socket. This number is either
* the number of bytes requested or smaller, if the EGD pool is
* drained and the daemon signals that the pool is empty.
@ -84,7 +84,7 @@
* RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
* Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
* seed status so that the return value can reflect the seed state:
* -1 if an error occured during connection or communication _or_
* -1 if an error occurred during connection or communication _or_
* if the PRNG has still not received the required seeding.
* num the number of bytes read from the EGD socket. This number is either
* the number of bytes requested or smaller, if the EGD pool is

@ -142,7 +142,7 @@ int RAND_poll(void)
* ThreadSwitchWithDelay() will introduce additional variability into
* the data returned by rdtsc.
*
* Applications can agument the seed material by adding additional
* Applications can argument the seed material by adding additional
* stuff with RAND_add() and should probably do so.
*/
l = GetProcessSwitchCount();

@ -1,7 +1,7 @@
1.1 23/08/96 - eay
Changed RC2_set_key() so it now takes another argument. Many
thanks to Peter Gutmann <pgut01@cs.auckland.ac.nz> for the
clarification and origional specification of RC2. BSAFE uses
clarification and original specification of RC2. BSAFE uses
this last parameter, 'bits'. It the key is 128 bits, BSAFE
also sets this parameter to 128. The old behaviour can be
duplicated by setting this parameter to 1024.

@ -8,7 +8,7 @@ this point I will not bother right now. I believe the trick will be
to remove my 'copy X array onto stack' until inside the RIP1() finctions the
first time round. To do this I need another register and will only have one
temporary one. A bit tricky.... I can also cleanup the saving of the 5 words
after the first half of the calculation. I should read the origional
after the first half of the calculation. I should read the original
value, add then write. Currently I just save the new and read the origioal.
I then read both at the end. Bad.

@ -368,7 +368,7 @@ ___
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {

@ -544,7 +544,7 @@ ___
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {

@ -791,7 +791,7 @@ ___
# Purpose of these subroutines is to explicitly encode VIS instructions,
# so that one can compile the module without having to specify VIS
# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
# Idea is to reserve for option to produce "universal" binary and let
# programmer detect if current CPU is VIS capable at run-time.
sub unvis {

@ -132,7 +132,7 @@ static void tree_print(char *str, X509_POLICY_TREE *tree,
#endif
/* Initialize policy tree. Return values:
* 0 Some internal error occured.
* 0 Some internal error occurred.
* -1 Inconsistent or invalid extensions in certificates.
* 1 Tree initialized OK.
* 2 Policy tree is empty.

@ -15,7 +15,7 @@ default_keyfile = privkey.pem
# Don't prompt for fields: use those in section directly
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extentions to add to the self signed cert
x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request

@ -16,7 +16,7 @@ default_keyfile = privkey.pem
# Don't prompt for fields: use those in section directly
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca # The extentions to add to the self signed cert
x509_extensions = v3_ca # The extensions to add to the self signed cert
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request

@ -971,7 +971,7 @@ tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p)
/* loop finishes as soon as we detect that one side closed;
* when all (program and OS) buffers have enough space,
* the data from the last succesful read in each direction is transferred
* the data from the last successful read in each direction is transferred
* before close */
do {
int clear_read_select = 0, clear_write_select = 0,

@ -135,7 +135,7 @@ typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
/* key : rc4 key data */
/* index_1 : value of index x from RC4 key structure */
/* index_2 : value of index y from RC4 key structure */
/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
/* Be careful : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
unsigned char *index_1, unsigned char *index_2, int mode ) ;
@ -146,7 +146,7 @@ typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
/* key_3 : des third key data */
/* iv : initial vector */
/* mode : xdes mode (encrypt or decrypt) */
/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
/* Be careful : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,
const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;

@ -153,7 +153,7 @@ Generation of Private Key or Parameters.
=item L<B<genrsa>|genrsa(1)>
Generation of RSA Private Key. Superceded by L<B<genpkey>|genpkey(1)>.
Generation of RSA Private Key. Superseded by L<B<genpkey>|genpkey(1)>.
=item L<B<nseq>|nseq(1)>

@ -159,7 +159,7 @@ B<param:file> generates a key using the parameter file or certificate B<file>,
the algorithm is determined by the parameters. B<algname:file> use algorithm
B<algname> and parameter file B<file>: the two algorithms must match or an
error occurs. B<algname> just uses algorithm B<algname>, and parameters,
if neccessary should be specified via B<-pkeyopt> parameter.
if necessary should be specified via B<-pkeyopt> parameter.
B<dsa:filename> generates a DSA key using the parameters
in the file B<filename>. B<ec:filename> generates EC key (usable both with

@ -174,7 +174,7 @@ The IP address used in the B<IP> options can be in either IPv4 or IPv6 format.
The value of B<dirName> should point to a section containing the distinguished
name to use as a set of name value pairs. Multi values AVAs can be formed by
preceeding the name with a B<+> character.
preceding the name with a B<+> character.
otherName can include arbitrary data associated with an OID: the value
should be the OID followed by a semicolon and the content in standard

@ -61,7 +61,7 @@ Encode the B<NULL> type, the B<value> string must not be present.
=item B<INTEGER>, B<INT>
Encodes an ASN1 B<INTEGER> type. The B<value> string represents
the value of the integer, it can be preceeded by a minus sign and
the value of the integer, it can be preceded by a minus sign and
is normally interpreted as a decimal value unless the prefix B<0x>
is included.

@ -84,7 +84,7 @@ or NULL in case of an error.
BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(),
BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on
success and 0 if an error occured.
success and 0 if an error occurred.
BN_BLINDING_thread_id() returns a pointer to the thread id object
within a B<BN_BLINDING> object.

@ -267,7 +267,7 @@ and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
changed to return truely const EVP_MD * in OpenSSL 0.9.7.
changed to return truly const EVP_MD * in OpenSSL 0.9.7.
The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
later, so now EVP_sha1() can be used with RSA and DSA, there is no need to

@ -23,10 +23,10 @@ doesn't use parameters.
The function EVP_PKEY_copy_parameters() copies the parameters from key
B<from> to key B<to>.
The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys
The function EVP_PKEY_cmp_parameters() compares the parameters of keys
B<a> and B<b>.
The funcion EVP_PKEY_cmp() compares the public key components and paramters
The function EVP_PKEY_cmp() compares the public key components and paramters
(if present) of keys B<a> and B<b>.
=head1 NOTES

@ -44,7 +44,7 @@ B<loc>. The deleted entry is returned and must be freed up.
=head1 NOTES
The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
is strongly recommened for the B<type> parameter. This allows the
is strongly recommend for the B<type> parameter. This allows the
internal code to correctly determine the type of the field and to
apply length checks according to the relevant standards. This is
done using ASN1_STRING_set_by_NID().

@ -32,7 +32,7 @@ checks.
X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a
non-negative integer representing where in the certificate chain the error
occurred. If it is zero it occured in the end entity certificate, one if
occurred. If it is zero it occurred in the end entity certificate, one if
it is the certificate which signed the end entity certificate and so on.
X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
@ -246,11 +246,11 @@ Some feature of a certificate extension is not supported. Unused.
=item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
A name constraint violation occured in the permitted subtrees.
A name constraint violation occurred in the permitted subtrees.
=item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
A name constraint violation occured in the excluded subtrees.
A name constraint violation occurred in the excluded subtrees.
=item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported>
@ -270,7 +270,7 @@ a garbage extension or some new feature not currently supported.
=item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
An error occured when attempting to verify the CRL path. This error can only
An error occurred when attempting to verify the CRL path. This error can only
happen if extended CRL checking is enabled.
=item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>

@ -39,7 +39,7 @@ Since the introduction of the ENGINE API, the recommended way of controlling
default implementations is by using the ENGINE API functions. The default
B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
RAND_get_rand_method(), is only used if no ENGINE has been set as the default
"rand" implementation. Hence, these two functions are no longer the recommened
"rand" implementation. Hence, these two functions are no longer the recommend
way to control defaults.
If an alternative B<RAND_METHOD> implementation is being used (either set

@ -539,13 +539,13 @@ int X509_verify_cert(
The applications
Ok, where to begin....
In the begining, when SSLeay was small (April 1995), there
In the beginning, when SSLeay was small (April 1995), there
were but few applications, they did happily cohabit in
the one bin directory. Then over time, they did multiply and grow,
and they started to look like microsoft software; 500k to print 'hello world'.
A new approach was needed. They were coalessed into one 'Monolithic'
application, ssleay. This one program is composed of many programs that
can all be compiled independantly.
can all be compiled independently.
ssleay has 3 modes of operation.
1) If the ssleay binary has the name of one of its component programs, it