root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Add util/codespell-check.sh and run it 

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28639)
This commit is contained in:
Bob Beck 2025-09-22 13:51:32 -06:00 committed by Neil Horman
parent 7b4a56420d
commit e70d3b1886
49 changed files with 90 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS.md
View File

@ -316,7 +316,7 @@ This release adds the following new features:
* Added X509_STORE_get1_objects to avoid issues with the existing * Added X509_STORE_get1_objects to avoid issues with the existing
X509_STORE_get0_objects API in multi-threaded applications. X509_STORE_get0_objects API in multi-threaded applications.
* Support for using certificate profiles and extened delayed delivery in CMP * Support for using certificate profiles and extended delayed delivery in CMP
This release incorporates the following potentially significant or incompatible This release incorporates the following potentially significant or incompatible
changes: changes:

2
apps/lib/apps.c
View File

@ -932,7 +932,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin,
SET_EXPECT1(pparams, OSSL_STORE_INFO_PARAMS); SET_EXPECT1(pparams, OSSL_STORE_INFO_PARAMS);
SET_EXPECT1(pcert, OSSL_STORE_INFO_CERT); SET_EXPECT1(pcert, OSSL_STORE_INFO_CERT);
/* /*
* Up to here, the follwing holds. * Up to here, the following holds.
* If just one of the ppkey, ppubkey, pparams, and pcert function parameters * If just one of the ppkey, ppubkey, pparams, and pcert function parameters
* is nonzero, expect > 0 indicates which type of credential is expected. * is nonzero, expect > 0 indicates which type of credential is expected.
* If expect == 0, more than one of them is nonzero (multiple types expected). * If expect == 0, more than one of them is nonzero (multiple types expected).

4
apps/speed.c
View File

@ -4317,7 +4317,7 @@ int speed_main(int argc, char **argv)
} }
/* /*
* Try explicitly fetching the signature algoritm implementation to * Try explicitly fetching the signature algorithm implementation to
* use in case the algorithm does not support EVP_PKEY_sign_init * use in case the algorithm does not support EVP_PKEY_sign_init
*/ */
ERR_set_mark(); ERR_set_mark();
@ -4354,7 +4354,7 @@ int speed_main(int argc, char **argv)
} }
if (EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len, md, md_len) <= 0) { if (EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len, md, md_len) <= 0) {
BIO_printf(bio_err, BIO_printf(bio_err,
"Error while obtaining signature bufffer length for %s.\n", "Error while obtaining signature buffer length for %s.\n",
sig_name); sig_name);
goto sig_err_break; goto sig_err_break;
} }

8
crypto/aes/asm/aes-sha1-armv8.pl
View File

@ -413,7 +413,7 @@ $code.=<<___;
/* get outstanding bytes of the digest */ /* get outstanding bytes of the digest */
sub x8,x5,x2 sub x8,x5,x2
/* substract loaded bytes */ /* subtract loaded bytes */
sub x5,x5,64 sub x5,x5,64
/* /*
* main combined loop CBC * main combined loop CBC
@ -2443,7 +2443,7 @@ asm_sha1_hmac_aescbc_dec:
rev32 v28.16b,v28.16b /* endian swap w2 */ rev32 v28.16b,v28.16b /* endian swap w2 */
rev32 v29.16b,v29.16b /* endian swap w3 */ rev32 v29.16b,v29.16b /* endian swap w3 */
/* substract loaded bytes */ /* subtract loaded bytes */
sub x5,x5,64 sub x5,x5,64
/* /*
* now we can do the loop prolog, 1st sha1 block * now we can do the loop prolog, 1st sha1 block
@ -2567,7 +2567,7 @@ asm_sha1_hmac_aescbc_dec:
ld1 {v29.16b},[x3],16 /* next w3 */ ld1 {v29.16b},[x3],16 /* next w3 */
sha1p q24,s22,v23.4s sha1p q24,s22,v23.4s
/* substract loaded bytes */ /* subtract loaded bytes */
sub x5,x5,64 sub x5,x5,64
/* /*
* aes_blocks_left := number after the main (sha) block is done. * aes_blocks_left := number after the main (sha) block is done.
@ -2812,7 +2812,7 @@ $code.=<<___;
add v25.4s,v25.4s,v21.4s add v25.4s,v25.4s,v21.4s
/* save aes res, bump aes_out_ptr */ /* save aes res, bump aes_out_ptr */
st1 {v3.16b},[x1],16 st1 {v3.16b},[x1],16
/* substract loaded bytes */ /* subtract loaded bytes */
sub x5,x5,64 sub x5,x5,64
/* loop if more to do */ /* loop if more to do */
cbnz x15,.Ldec_main_loop cbnz x15,.Ldec_main_loop

8
crypto/aes/asm/aes-sha256-armv8.pl
View File

@ -427,7 +427,7 @@ $code.=<<___;
/* get outstanding bytes of the digest */ /* get outstanding bytes of the digest */
sub x12,x5,x2 sub x12,x5,x2
/* substract loaded bytes */ /* subtract loaded bytes */
sub x5,x5,64 sub x5,x5,64
/* /*
@ -2590,7 +2590,7 @@ asm_sha256_hmac_aescbc_dec:
rev32 v28.16b,v28.16b /* endian swap w2 */ rev32 v28.16b,v28.16b /* endian swap w2 */
rev32 v29.16b,v29.16b /* endian swap w3 */ rev32 v29.16b,v29.16b /* endian swap w3 */
/* substract loaded bytes */ /* subtract loaded bytes */
sub x5,x5,64 sub x5,x5,64
/* /*
* now we can do the loop prolog, 1st sha256 block * now we can do the loop prolog, 1st sha256 block
@ -2746,7 +2746,7 @@ asm_sha256_hmac_aescbc_dec:
sha256h q22, q23, v7.4s sha256h q22, q23, v7.4s
sha256h2 q23, q21, v7.4s sha256h2 q23, q21, v7.4s
/* substract loaded bytes */ /* subtract loaded bytes */
sub x5,x5,64 sub x5,x5,64
/* /*
@ -3017,7 +3017,7 @@ $code.=<<___;
add v25.4s,v25.4s,v23.4s /* EFGH += working copy */ add v25.4s,v25.4s,v23.4s /* EFGH += working copy */
/* save aes res, bump aes_out_ptr */ /* save aes res, bump aes_out_ptr */
st1 {v3.16b},[x1],16 st1 {v3.16b},[x1],16
/* substract loaded bytes */ /* subtract loaded bytes */
sub x5,x5,64 sub x5,x5,64
cbnz x15,.Ldec_main_loop /* loop if more to do */ cbnz x15,.Ldec_main_loop /* loop if more to do */
/* /*

4
crypto/aes/asm/aesni-xts-avx512.pl
View File

@ -2194,7 +2194,7 @@ ___
vpxorq %zmm6,%zmm5,%zmm5{%k2} vpxorq %zmm6,%zmm5,%zmm5{%k2}
vpxord %zmm5,%zmm7,%zmm10 vpxord %zmm5,%zmm7,%zmm10
# Make next 8 tweek values by all x 2^8 # Make next 8 tweak values by all x 2^8
vpsrldq \$0xf,%zmm9,%zmm13 vpsrldq \$0xf,%zmm9,%zmm13
vpclmulqdq \$0x0,%zmm25,%zmm13,%zmm14 vpclmulqdq \$0x0,%zmm25,%zmm13,%zmm14
vpslldq \$0x1,%zmm9,%zmm11 vpslldq \$0x1,%zmm9,%zmm11
@ -2234,7 +2234,7 @@ ___
jmp .L_do_n_blocks_${rndsuffix} jmp .L_do_n_blocks_${rndsuffix}
.L_start_by8_${rndsuffix}: .L_start_by8_${rndsuffix}:
# Make first 7 tweek values # Make first 7 tweak values
vbroadcasti32x4 ($TW),%zmm0 vbroadcasti32x4 ($TW),%zmm0
vbroadcasti32x4 shufb_15_7(%rip),%zmm8 vbroadcasti32x4 shufb_15_7(%rip),%zmm8
mov \$0xaa,$tmp1 mov \$0xaa,$tmp1

2
crypto/cpuid.c
View File

@ -146,7 +146,7 @@ void OPENSSL_cpuid_setup(void)
OPENSSL_ia32cap_P[index + 1] = (unsigned int)(vecx >> 32); OPENSSL_ia32cap_P[index + 1] = (unsigned int)(vecx >> 32);
} }
} }
/* skip delimeter */ /* skip delimiter */
if ((env = ossl_strchr(env, ':')) != NULL) if ((env = ossl_strchr(env, ':')) != NULL)
env++; env++;
} else { /* zeroize the next two indexes */ } else { /* zeroize the next two indexes */

2
crypto/evp/ctrl_params_translate.c
View File

@ -2878,7 +2878,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
* function to put it to good use, or maybe affect it. * function to put it to good use, or maybe affect it.
* *
* NOTE: even though EVP_PKEY_CTX_ctrl return value is documented * NOTE: even though EVP_PKEY_CTX_ctrl return value is documented
* as return positive on Success and 0 or negative on falure. There * as return positive on Success and 0 or negative on failure. There
* maybe parameters (e.g. ecdh_cofactor), which actually return 0 * maybe parameters (e.g. ecdh_cofactor), which actually return 0
* as success value. That is why we do POST_PARAMS_TO_CTRL for 0 * as success value. That is why we do POST_PARAMS_TO_CTRL for 0
* value as well * value as well

2
crypto/http/http_client.c
View File

@ -842,7 +842,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
if (*p != '\r' && *p != '\n') if (*p != '\r' && *p != '\n')
break; break;
} }
if (*p != '\0') /* not end of headers or not end of error reponse content */ if (*p != '\0') /* not end of headers or not end of error response content */
goto next_line; goto next_line;
/* Found blank line(s) indicating end of headers */ /* Found blank line(s) indicating end of headers */

2
crypto/lms/lm_ots_params.c
View File

@ -56,7 +56,7 @@ uint16_t ossl_lm_ots_params_checksum(const LM_OTS_PARAMS *params,
{ {
uint16_t sum = 0; uint16_t sum = 0;
uint16_t i; uint16_t i;
/* Largest size is 8 * 32 / 1 = 256 (which doesnt quite fit into 8 bits) */ /* Largest size is 8 * 32 / 1 = 256 (which doesn't quite fit into 8 bits) */
uint16_t bytes = (8 * params->n / params->w); uint16_t bytes = (8 * params->n / params->w);
uint16_t end = (1 << params->w) - 1; uint16_t end = (1 << params->w) - 1;

2
crypto/lms/lm_ots_verify.c
View File

@ -27,7 +27,7 @@ static int lm_ots_compute_pubkey_final(EVP_MD_CTX *ctx, EVP_MD_CTX *ctxIq,
* that returns a non finalized value of H(I || q) * that returns a non finalized value of H(I || q)
* @param sig An LM_OTS_SIG object that contains C and y * @param sig An LM_OTS_SIG object that contains C and y
* @param pub The public key LM_OTS_PARAMS * @param pub The public key LM_OTS_PARAMS
* @param Id A 16 byte indentifier (I) associated with a LMS tree * @param Id A 16 byte identifier (I) associated with a LMS tree
* @param q The leaf index of the LMS tree. * @param q The leaf index of the LMS tree.
* @param msg A message to verify * @param msg A message to verify
* @param msglen The size of |msg| * @param msglen The size of |msg|

2
crypto/lms/lms_verify.c
View File

@ -51,7 +51,7 @@ int lms_sig_compute_tc_from_path(const unsigned char *paths, uint32_t n,
/* /*
* Calculate the public key Tc using the path * Calculate the public key Tc using the path
* The root hash is the hash of its 2 childrens Hash values. * The root hash is the hash of its 2 children's Hash values.
* A child hash for each level is passed in by paths, and we have * A child hash for each level is passed in by paths, and we have
* a leaf value that can be used with the path to calculate the parent * a leaf value that can be used with the path to calculate the parent
* hash. * hash.

8
crypto/ml_kem/ml_kem.c
View File

@ -50,7 +50,7 @@
/* /*
* Return whether a value that can only be 0 or 1 is non-zero, in constant time * Return whether a value that can only be 0 or 1 is non-zero, in constant time
* in practice! The return value is a mask that is all ones if true, and all * in practice! The return value is a mask that is all ones if true, and all
* zeros otherwise (twos-complement arithmentic assumed for unsigned values). * zeros otherwise (twos-complement arithmetic assumed for unsigned values).
* *
* Although this is used in constant-time selects, we omit a value barrier * Although this is used in constant-time selects, we omit a value barrier
* here. Value barriers impede auto-vectorization (likely because it forces * here. Value barriers impede auto-vectorization (likely because it forces
@ -506,7 +506,7 @@ static void scalar_mult_const(scalar *s, uint16_t a)
} }
/*- /*-
* FIPS 203, Section 4.3, Algoritm 9: "NTT". * FIPS 203, Section 4.3, Algorithm 9: "NTT".
* In-place number theoretic transform of a given scalar. Note that ML-KEM's * In-place number theoretic transform of a given scalar. Note that ML-KEM's
* kPrime 3329 does not have a 512th root of unity, so this transform leaves * kPrime 3329 does not have a 512th root of unity, so this transform leaves
* off the last iteration of the usual FFT code, with the 128 relevant roots of * off the last iteration of the usual FFT code, with the 128 relevant roots of
@ -539,7 +539,7 @@ static void scalar_ntt(scalar *s)
} }
/*- /*-
* FIPS 203, Section 4.3, Algoritm 10: "NTT^(-1)". * FIPS 203, Section 4.3, Algorithm 10: "NTT^(-1)".
* In-place inverse number theoretic transform of a given scalar, with pairs of * In-place inverse number theoretic transform of a given scalar, with pairs of
* entries of s->v being interpreted as elements of GF(3329^2). Just as with * entries of s->v being interpreted as elements of GF(3329^2). Just as with
* the number theoretic transform, this leaves off the first step of the normal * the number theoretic transform, this leaves off the first step of the normal
@ -596,7 +596,7 @@ static void scalar_sub(scalar *lhs, const scalar *rhs)
* GF(3329)[X]/(X^2 - 17^(2*bitreverse(i)+1)). * GF(3329)[X]/(X^2 - 17^(2*bitreverse(i)+1)).
* *
* The value of 17^(2*bitreverse(i)+1) mod 3329 is stored in the precomputed * The value of 17^(2*bitreverse(i)+1) mod 3329 is stored in the precomputed
* ModRoots table. Note that our Barrett transform only allows us to multipy * ModRoots table. Note that our Barrett transform only allows us to multiply
* two reduced numbers together, so we need some intermediate reduction steps, * two reduced numbers together, so we need some intermediate reduction steps,
* even if an uint64_t could hold 3 multiplied numbers. * even if an uint64_t could hold 3 multiplied numbers.
*/ */

4
crypto/modes/asm/aes-gcm-avx512.pl
View File

@ -2592,7 +2592,7 @@ ___
$code .= <<___; $code .= <<___;
vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]} vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]}
vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs
vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduct vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduction
___ ___
} }
@ -3222,7 +3222,7 @@ ___
$code .= <<___; $code .= <<___;
vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]} vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]}
vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs
vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduct vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduction
___ ___
} }

2
crypto/provider_core.c
View File

@ -1038,7 +1038,7 @@ static int provider_init(OSSL_PROVIDER *prov)
#ifndef FIPS_MODULE #ifndef FIPS_MODULE
OSSL_TRACE_BEGIN(PROVIDER) { OSSL_TRACE_BEGIN(PROVIDER) {
BIO_printf(trc_out, BIO_printf(trc_out,
"(provider %s) initalizing\n", prov->name); "(provider %s) initializing\n", prov->name);
} OSSL_TRACE_END(PROVIDER); } OSSL_TRACE_END(PROVIDER);
#endif #endif

2
crypto/x509/x509_vfy.c
View File

@ -408,7 +408,7 @@ static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert)
* Likely it would be good if build_chain() sets |check_signing_allowed|. * Likely it would be good if build_chain() sets |check_signing_allowed|.
* Yet if |sk| is a list of trusted certs, as with X509_STORE_CTX_set0_trusted_stack(), * Yet if |sk| is a list of trusted certs, as with X509_STORE_CTX_set0_trusted_stack(),
* better not set |check_signing_allowed|. * better not set |check_signing_allowed|.
* Maybe not touch X509_STORE_CTX_get1_issuer(), for API backward compatiblity. * Maybe not touch X509_STORE_CTX_get1_issuer(), for API backward compatibility.
*/ */
static X509 *get0_best_issuer_sk(X509_STORE_CTX *ctx, int check_signing_allowed, static X509 *get0_best_issuer_sk(X509_STORE_CTX *ctx, int check_signing_allowed,
int no_dup, STACK_OF(X509) *sk, X509 *x) int no_dup, STACK_OF(X509) *sk, X509 *x)

4
demos/quic/poll-server/quic-server-ssl-poll-http.c
View File

@ -75,7 +75,7 @@
* This is a simple non-blocking QUIC HTTP/1.0 server application. * This is a simple non-blocking QUIC HTTP/1.0 server application.
* Server accepts QUIC connections. It then accepts bi-directional * Server accepts QUIC connections. It then accepts bi-directional
* stream from client and reads request. By default it sends * stream from client and reads request. By default it sends
* 12345 bytes back as HHTTP/1.0 response to any GET request. * 12345 bytes back as HTTP/1.0 response to any GET request.
* If GET request comes with URL for example as follows: * If GET request comes with URL for example as follows:
* /foo/bar/file_65535.txt * /foo/bar/file_65535.txt
* then the server sends 64kB of data in HTTP/1.0 response. * then the server sends 64kB of data in HTTP/1.0 response.
@ -216,7 +216,7 @@ struct poll_event_connection {
* Members in poll manager deserve some explanation: * Members in poll manager deserve some explanation:
* - pm_head, holds a list of poll_event structures (connections and * - pm_head, holds a list of poll_event structures (connections and
* streams) * streams)
* - pm_event_count number of events to montior in SSL_poll(3ossl) * - pm_event_count number of events to monitor in SSL_poll(3ossl)
* - pm_poll_set array of events to poll on * - pm_poll_set array of events to poll on
* - pm_poll_set_sz number of slots (space) available in pm_poll_set * - pm_poll_set_sz number of slots (space) available in pm_poll_set
* - pm_need_rebuild whenever list of events to monitor in a list changes * - pm_need_rebuild whenever list of events to monitor in a list changes

4
doc/designs/ML-KEM.md
View File

@ -44,7 +44,7 @@ subsequent computations (encapsulation).
Since the private key includes the public key as one of its components, the matrix Since the private key includes the public key as one of its components, the matrix
is also pre-computed and stored with the private key, and then need not be is also pre-computed and stored with the private key, and then need not be
regenerated during decapsulation. regenerated during decapsulation.
During encapsulation (typically peformed by servers), it is in principle During encapsulation (typically performed by servers), it is in principle
possible to save space and compute the matrix elements *just-in-time*, as each possible to save space and compute the matrix elements *just-in-time*, as each
matrix element is used exactly once. matrix element is used exactly once.
This is not currently implemented, and the matrix is pre-computed in full. This is not currently implemented, and the matrix is pre-computed in full.
@ -90,7 +90,7 @@ Keys can be generated via the usual **EVP_PKEY_generate()** and
An explicit seed can be specified by setting the key generation An explicit seed can be specified by setting the key generation
**OSSL_PKEY_PARAM_ML_KEM_SEED** parameter to a 64-byte octet-string **OSSL_PKEY_PARAM_ML_KEM_SEED** parameter to a 64-byte octet-string
(concatentation of the **d** and **z** values (32-bytes each) in that order). (concatenation of the **d** and **z** values (32-bytes each) in that order).
KEM API KEM API
------- -------

2
doc/designs/functions-for-explicitly-fetched-signature-algorithms.md
View File

@ -54,7 +54,7 @@ and `EVP_PKEY_verify()` remain supported.
Some more recent verification algorithms need to obtain the signature Some more recent verification algorithms need to obtain the signature
before processing the data. before processing the data.
This is particularly important for streaming modes of operation. This is particularly important for streaming modes of operation.
This design proposes a mechanism to accomodate these algorithms This design proposes a mechanism to accommodate these algorithms
and modes of operation. and modes of operation.
New public API - API Reference New public API - API Reference

2
doc/designs/ml-dsa.md
View File

@ -103,7 +103,7 @@ the API's used should be
OpenSSL command line support OpenSSL command line support
---------------------------- ----------------------------
For backwards compatability reasons `EVP_DigestSignInit_ex()`, For backwards compatibility reasons `EVP_DigestSignInit_ex()`,
`EVP_DigestSign()`, `EVP_DigestVerifyInit_ex()` and `EVP_DigestVerify()` may `EVP_DigestSign()`, `EVP_DigestVerifyInit_ex()` and `EVP_DigestVerify()` may
also be used, but the digest passed in `mdname` must be NULL (i.e. it also be used, but the digest passed in `mdname` must be NULL (i.e. it
effectively behaves the same as above). effectively behaves the same as above).

2
doc/designs/quic-design/quic-concurrency.md
View File

@ -386,7 +386,7 @@ int ossl_cml_write(QUIC_CML *cml, QUIC_CML_PIPE pipe_handle,
/* /*
* Returns the number of bytes a receiving pipe currently has waiting to be * Returns the number of bytes a receiving pipe currently has waiting to be
* read. The returned value may increase over time asynchronously but will only * read. The returned value may increase over time asynchronously but will only
* decreate in response to an ossl_cml_read call. * decrease in response to an ossl_cml_read call.
*/ */
size_t ossl_cml_read_available(QUIC_CML *cml, QUIC_CML_PIPE pipe_handle); size_t ossl_cml_read_available(QUIC_CML *cml, QUIC_CML_PIPE pipe_handle);

8
doc/designs/quic-design/server/quic-polling.md
View File

@ -1072,7 +1072,7 @@ typedef struct ssl_poll_event_st {
* this, applications must still ensure no events in an SSL_POLL_EVENT * this, applications must still ensure no events in an SSL_POLL_EVENT
* structure recorded from a previous call to this function are left over, which * structure recorded from a previous call to this function are left over, which
* may still reference that poll descriptor. Therefore, applications must still * may still reference that poll descriptor. Therefore, applications must still
* excercise caution when freeing resources which are registered, or which were * exercise caution when freeing resources which are registered, or which were
* previously registered in a poll group. * previously registered in a poll group.
*/ */
#define SSL_POLL_FLAG_NO_HANDLE_EVENTS (1U << 0) #define SSL_POLL_FLAG_NO_HANDLE_EVENTS (1U << 0)
@ -1324,13 +1324,13 @@ void process_event(const SSL_POLL_EVENT *event)
for (i = 0; i < nevents; ++i) { for (i = 0; i < nevents; ++i) {
process_event(&events[i]); /* do something in application */ process_event(&events[i]); /* do something in application */
/* We have processed the event so now reenable it. */ /* We have processed the event so now re-enable it. */
SSL_POLL_CHANGE_chflag(chg++, events[i].desc, events[i].instance, SSL_POLL_CHANGE_chflag(chg++, events[i].desc, events[i].instance,
SSL_POLL_EVENT_FLAG_DISABLE, 0); SSL_POLL_EVENT_FLAG_DISABLE, 0);
++nchanges; ++nchanges;
} }
/* Reenable any event we processed and go to sleep again. */ /* Re-enable any event we processed and go to sleep again. */
if (!SSL_POLL_GROUP_change_poll(pg, changes, nchanges, sizeof(changes[0]), if (!SSL_POLL_GROUP_change_poll(pg, changes, nchanges, sizeof(changes[0]),
events, OSSL_NELEM(events), sizeof(events[0]), events, OSSL_NELEM(events), sizeof(events[0]),
NULL, 0, &nevents)) NULL, 0, &nevents))
@ -1419,7 +1419,7 @@ There are two kinds of polling that occur:
Firstly, the `SSL_POLL_METHOD` object is defined abstractly as follows: Firstly, the `SSL_POLL_METHOD` object is defined abstractly as follows:
```c ```c
/* API (Psuedocode) */ /* API (Pseudocode) */
#define SSL_POLL_METHOD_CAP_IMMEDIATE (1U << 0) /* supports immediate mode */ #define SSL_POLL_METHOD_CAP_IMMEDIATE (1U << 0) /* supports immediate mode */
#define SSL_POLL_METHOD_CAP_RETAINED (1U << 1) /* supports retained mode */ #define SSL_POLL_METHOD_CAP_RETAINED (1U << 1) /* supports retained mode */

2
doc/designs/rfc4514.md
View File

@ -121,7 +121,7 @@ Only the entries of type "A" (Attribute Type) are potentially relevant. All
the *mainstream* attribute types are already listed in the *mainstream* attribute types are already listed in
`crypto/objects/objects.txt` and should be already supported: `crypto/objects/objects.txt` and should be already supported:
| Atribute Name | OID | Reference | | Attribute Name | OID | Reference |
|---|---|---| |---|---|---|
| uid | 0.9.2342.19200300.100.1.1 | [RFC4519] | | uid | 0.9.2342.19200300.100.1.1 | [RFC4519] |
| userId | 0.9.2342.19200300.100.1.1 | [RFC4519] | | userId | 0.9.2342.19200300.100.1.1 | [RFC4519] |

2
doc/man3/EVP_SKEY.pod
View File

@ -135,7 +135,7 @@ EVP_SKEY_up_ref() returns 1 for success and 0 on failure.
EVP_SKEY_export() and EVP_SKEY_get0_raw_key() return 1 for success and 0 on failure. EVP_SKEY_export() and EVP_SKEY_get0_raw_key() return 1 for success and 0 on failure.
EVP_SKEY_get0_skeymgmt_name() and EVP_SKEY_get0_provider_name() return the EVP_SKEY_get0_skeymgmt_name() and EVP_SKEY_get0_provider_name() return the
names of the associated EVP_SKEYMGMT object and its provider correspondigly. names of the associated EVP_SKEYMGMT object and its provider correspondingly.
EVP_SKEY_is_a() returns 1 if I<skey> has the key type I<name>, EVP_SKEY_is_a() returns 1 if I<skey> has the key type I<name>,
otherwise 0. otherwise 0.

2
doc/man3/OSSL_PROVIDER.pod
View File

@ -206,7 +206,7 @@ I<capability>. For each capability of that name supported by the provider it
will call the callback I<cb> and supply a set of L<OSSL_PARAM(3)>s describing the will call the callback I<cb> and supply a set of L<OSSL_PARAM(3)>s describing the
capability. It will also pass back the argument I<arg>. For more details about capability. It will also pass back the argument I<arg>. For more details about
capabilities and what they can be used for please see capabilities and what they can be used for please see
L<provider-base(7)/CAPABILTIIES>. L<provider-base(7)/CAPABILITIES>.
=head1 RETURN VALUES =head1 RETURN VALUES

4
doc/man3/PKCS12_gen_mac.pod
View File

@ -74,14 +74,14 @@ All functions returning an integer return 1 on success and 0 if an error occurre
=item B<LEGACY_GOST_PKCS12> =item B<LEGACY_GOST_PKCS12>
=for comment =for comment
https://tc26.ru/standarts/metodicheskie-rekomendatsii/transportnyy-klyuchevoy-konteyner.html section 5.1 https://tc26.ru/standards/metodicheskie-rekomendatsii/transportnyy-klyuchevoy-konteyner.html section 5.1
https://tc26.ru/standard/rs/%D0%A0%2050.1.112-2016.pdf section 5 https://tc26.ru/standard/rs/%D0%A0%2050.1.112-2016.pdf section 5
https://meganorm.ru/mega_doc/norm/prikaz/25/r_1323565_1_041-2022_rekomendatsii_po_standartizatsii.html section 7.1 https://meganorm.ru/mega_doc/norm/prikaz/25/r_1323565_1_041-2022_rekomendatsii_po_standartizatsii.html section 7.1
If this environment variable is set, MAC generation that utilises If this environment variable is set, MAC generation that utilises
GOST R 34.11-94 or GOST 34.11-2012 hashing algorithms is performed the usual GOST R 34.11-94 or GOST 34.11-2012 hashing algorithms is performed the usual
way and not in accordance with the specification provided in the methodical way and not in accordance with the specification provided in the methodical
recommendation MP 26.2.002-2012 (or in its later versions, standartisation recommendation MP 26.2.002-2012 (or in its later versions, standardisation
recommendation P 50.1.112-2016 or P 1323565.1.041-2022) recommendation P 50.1.112-2016 or P 1323565.1.041-2022)
of Technical Committee 26, that specifies that the key used for MAC of Technical Committee 26, that specifies that the key used for MAC
generation should be the last 32 bytes of the 96-byte sequence generated generation should be the last 32 bytes of the 96-byte sequence generated

2
doc/man3/SSL_CTX_set_domain_flags.pod
View File

@ -42,7 +42,7 @@ Specifying this flag configures the Single-Threaded Concurrency Model (SCM).
=item B<SSL_DOMAIN_FLAG_MULTI_THREAD> =item B<SSL_DOMAIN_FLAG_MULTI_THREAD>
Speciyfing this flag configures the Contentive Concurrency Model (CCM) (unless Specifying this flag configures the Contentive Concurrency Model (CCM) (unless
B<SSL_DOMAIN_FLAG_THREAD_ASSISTED> is also specified). B<SSL_DOMAIN_FLAG_THREAD_ASSISTED> is also specified).
If OpenSSL was built without thread support, this is identical to If OpenSSL was built without thread support, this is identical to

4
engines/e_padlock.c
View File

@ -203,9 +203,9 @@ struct padlock_cipher_data {
int rounds:4; int rounds:4;
int dgst:1; /* n/a in C3 */ int dgst:1; /* n/a in C3 */
int align:1; /* n/a in C3 */ int align:1; /* n/a in C3 */
int ciphr:1; /* n/a in C3 */ int cipher:1; /* n/a in C3 */
unsigned int keygen:1; unsigned int keygen:1;
int interm:1; int intern:1;
unsigned int encdec:1; unsigned int encdec:1;
int ksize:2; int ksize:2;
} b; } b;

2
fuzz/ml-kem.c
View File

@ -640,7 +640,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
return -1; return -1;
/* /*
* Get the first byte of the buffer to tell us what operation * Get the first byte of the buffer to tell us what operation
* to preform * to perform
*/ */
buffer_cursor = consume_uint8t(buf, &len, &operation); buffer_cursor = consume_uint8t(buf, &len, &operation);
if (buffer_cursor == NULL) if (buffer_cursor == NULL)

6
fuzz/slh-dsa.c
View File

@ -378,7 +378,7 @@ static void slh_dsa_sign_verify(uint8_t **buf, size_t *len, void *key1,
/* /*
* the context_string parameter can be no more than 255 bytes, so if * the context_string parameter can be no more than 255 bytes, so if
* our random input buffer is greater than that, we expect failure above, * our random input buffer is greater than that, we expect failure above,
* which we check for. In that event, theres nothing more we can do here * which we check for. In that event, there's nothing more we can do here
* so bail out * so bail out
*/ */
if (expect_init_rc == 0) if (expect_init_rc == 0)
@ -439,7 +439,7 @@ static void slh_dsa_export_import(uint8_t **buf, size_t *len, void *key1,
* EVP_PKEY returns: * EVP_PKEY returns:
* 1 if the keys are equivalent * 1 if the keys are equivalent
* 0 if the keys are not equivalent * 0 if the keys are not equivalent
* -1 if the key types are differnt * -1 if the key types are different
* -2 if the operation is not supported * -2 if the operation is not supported
*/ */
OPENSSL_assert(EVP_PKEY_eq(alice, new) == 1); OPENSSL_assert(EVP_PKEY_eq(alice, new) == 1);
@ -578,7 +578,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
return -1; return -1;
/* /*
* Get the first byte of the buffer to tell us what operation * Get the first byte of the buffer to tell us what operation
* to preform * to perform
*/ */
buffer_cursor = consume_uint8t(buf, &len, &operation); buffer_cursor = consume_uint8t(buf, &len, &operation);
if (buffer_cursor == NULL) if (buffer_cursor == NULL)

2
include/crypto/ml_kem.h
View File

@ -154,7 +154,7 @@ typedef struct {
int security_category; int security_category;
} ML_KEM_VINFO; } ML_KEM_VINFO;
/* Retrive global variant-specific parameters */ /* Retrieve global variant-specific parameters */
const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int evp_type); const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int evp_type);
/* Known as ML_KEM_KEY via crypto/types.h */ /* Known as ML_KEM_KEY via crypto/types.h */

2
providers/implementations/encode_decode/ml_common_codecs.c
View File

@ -57,7 +57,7 @@ ossl_ml_common_pkcs8_fmt_order(const char *algorithm_name,
/* /*
* Formats are case-insensitive, separated by spaces, tabs or commas. * Formats are case-insensitive, separated by spaces, tabs or commas.
* Duplicate formats are allowed, the first occurence determines the order. * Duplicate formats are allowed, the first occurrence determines the order.
*/ */
do { do {
if (*(fmt += strspn(fmt, sep)) == '\0') if (*(fmt += strspn(fmt, sep)) == '\0')

2
providers/implementations/encode_decode/ml_dsa_codecs.c
View File

@ -126,7 +126,7 @@ ossl_ml_dsa_d2i_PUBKEY(const uint8_t *pk, int pk_len, int evp_type,
if (!ossl_ml_dsa_pk_decode(ret, pk, (size_t) pk_len)) { if (!ossl_ml_dsa_pk_decode(ret, pk, (size_t) pk_len)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING, ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
"errror parsing %s public key from input SPKI", "error parsing %s public key from input SPKI",
params->alg); params->alg);
ossl_ml_dsa_key_free(ret); ossl_ml_dsa_key_free(ret);
return NULL; return NULL;

2
providers/implementations/encode_decode/ml_kem_codecs.c
View File

@ -125,7 +125,7 @@ ossl_ml_kem_d2i_PUBKEY(const uint8_t *pubenc, int publen, int evp_type,
if (!ossl_ml_kem_parse_public_key(pubenc, (size_t) publen, ret)) { if (!ossl_ml_kem_parse_public_key(pubenc, (size_t) publen, ret)) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING, ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING,
"errror parsing %s public key from input SPKI", "error parsing %s public key from input SPKI",
v->algorithm_name); v->algorithm_name);
ossl_ml_kem_key_free(ret); ossl_ml_kem_key_free(ret);
return NULL; return NULL;

4
providers/implementations/kem/rsa_kem.c.in
View File

@ -302,7 +302,7 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
/* /*
* If outlen is specified, then it must report the length * If outlen is specified, then it must report the length
* of the out buffer on input so that we can confirm * of the out buffer on input so that we can confirm
* its size is sufficent for encapsulation * its size is sufficient for encapsulation
*/ */
if (outlen != NULL && *outlen < nlen) { if (outlen != NULL && *outlen < nlen) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH); ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
@ -334,7 +334,7 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
/** /**
* rsasve_recover - Recovers a secret value from ciphertext using an RSA * rsasve_recover - Recovers a secret value from ciphertext using an RSA
* private key. Once, recovered, the secret value is considered to be a * private key. Once, recovered, the secret value is considered to be a
* shared secret. Algorithm is preformed as per * shared secret. Algorithm is performed as per
* NIST SP 800-56B Rev 2 * NIST SP 800-56B Rev 2
* 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER). * 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER).
* *

2
providers/implementations/macs/blake2_mac_impl.c
View File

@ -146,7 +146,7 @@ static int blake2_mac_final(void *vmacctx,
return BLAKE2_FINAL(out, &macctx->ctx); return BLAKE2_FINAL(out, &macctx->ctx);
} }
/* See blake2.h for parameter defintion */ /* See blake2.h for parameter definition */
static const OSSL_PARAM *blake2_gettable_ctx_params(ossl_unused void *ctx, static const OSSL_PARAM *blake2_gettable_ctx_params(ossl_unused void *ctx,
ossl_unused void *provctx) ossl_unused void *provctx)
{ {

2
providers/implementations/signature/rsa_sig.c.in
View File

@ -111,7 +111,7 @@ typedef struct {
unsigned int mgf1_md_set : 1; unsigned int mgf1_md_set : 1;
/* /*
* Flags to say what are the possible next external calls in what * Flags to say what are the possible next external calls in what
* consitutes the life cycle of an algorithm. The relevant calls are: * constitutes the life cycle of an algorithm. The relevant calls are:
* - init * - init
* - update * - update
* - final * - final

2
ssl/quic/quic_channel.c
View File

@ -2478,7 +2478,7 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch, int channel_only)
while (PACKET_remaining(&vpkt) > 0) { while (PACKET_remaining(&vpkt) > 0) {
/* /*
* We only support quic version 1 at the moment, so * We only support quic version 1 at the moment, so
* look to see if thats offered * look to see if that's offered
*/ */
if (!PACKET_get_net_4(&vpkt, &supported_ver)) if (!PACKET_get_net_4(&vpkt, &supported_ver))
return; return;

8
ssl/quic/quic_port.c
View File

@ -520,9 +520,9 @@ static QUIC_CHANNEL *port_make_channel(QUIC_PORT *port, SSL *tls, OSSL_QRX *qrx,
/* /*
* Creating a a new channel is made a bit tricky here as there is a * Creating a a new channel is made a bit tricky here as there is a
* bit of a circular dependency. Initalizing a channel requires that * bit of a circular dependency. Initializing a channel requires that
* the ch->tls and optionally the qlog_title be configured prior to * the ch->tls and optionally the qlog_title be configured prior to
* initalization, but we need the channel at least partially configured * initialization, but we need the channel at least partially configured
* to create the new handshake layer, so we have to do this in a few steps. * to create the new handshake layer, so we have to do this in a few steps.
*/ */
@ -1033,7 +1033,7 @@ err:
/** /**
* @brief Parses contents of a buffer into a validation token. * @brief Parses contents of a buffer into a validation token.
* *
* VALIDATION_TOKEN should already be initalized. Does some basic sanity checks. * VALIDATION_TOKEN should already be initialized. Does some basic sanity checks.
* *
* @param token Validation token to fill data in. * @param token Validation token to fill data in.
* @param buf Buffer of previously marshaled validation token. * @param buf Buffer of previously marshaled validation token.
@ -1291,7 +1291,7 @@ static void port_send_version_negotiation(QUIC_PORT *port, BIO_ADDR *peer,
} }
/** /**
* @brief defintions of token lifetimes * @brief definitions of token lifetimes
* *
* RETRY tokens are only valid for 10 seconds * RETRY tokens are only valid for 10 seconds
* NEW_TOKEN tokens have a lifetime of 3600 sec (1 hour) * NEW_TOKEN tokens have a lifetime of 3600 sec (1 hour)

2
ssl/quic/quic_record_util.c
View File

@ -44,7 +44,7 @@ int ossl_quic_hkdf_extract(OSSL_LIB_CTX *libctx,
* at least 8 bytes. It means that the length of destination connection ID * at least 8 bytes. It means that the length of destination connection ID
* may be less than the minimum length for HKDF required by FIPS provider. * may be less than the minimum length for HKDF required by FIPS provider.
* *
* Therefore, we need to set `key-check` to zero to allow using destionation * Therefore, we need to set `key-check` to zero to allow using destination
* connection ID as IKM. * connection ID as IKM.
*/ */
*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_FIPS_KEY_CHECK, &key_check); *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_FIPS_KEY_CHECK, &key_check);

4
ssl/rio/rio_notifier.c
View File

@ -83,7 +83,7 @@ static int create_socket(int domain, int socktype, int protocol)
/* /*
* Its also possible that someone is building a binary on a newer windows * Its also possible that someone is building a binary on a newer windows
* SDK, but running it on a runtime that doesn't support inheritance * SDK, but running it on a runtime that doesn't support inheritance
* supression. In that case the above will return INVALID_SOCKET, and * suppression. In that case the above will return INVALID_SOCKET, and
* our response for those older platforms is to try the call again * our response for those older platforms is to try the call again
* without the flag * without the flag
*/ */
@ -142,7 +142,7 @@ static int create_socket(int domain, int socktype, int protocol)
* *
* Win32 does not support socketpair(2), and Win32 pipes are not compatible with * Win32 does not support socketpair(2), and Win32 pipes are not compatible with
* Winsock select(2). This means our only means of making select(2) wakeable is * Winsock select(2). This means our only means of making select(2) wakeable is
* to artifically create a loopback TCP connection and send bytes to it. * to artificially create a loopback TCP connection and send bytes to it.
*/ */
int ossl_rio_notifier_init(RIO_NOTIFIER *nfy) int ossl_rio_notifier_init(RIO_NOTIFIER *nfy)
{ {

6
ssl/ssl_lib.c
View File

@ -3962,8 +3962,8 @@ static long check_keylog_bio_free(BIO *b, int oper, const char *argp,
/* /*
* Note we _dont_ take the keylog_lock here * Note we _dont_ take the keylog_lock here
* This is intentional, because we only free the keylog lock * This is intentional, because we only free the keylog lock
* During SSL_CTX_free, in which we already posess the lock, so * During SSL_CTX_free, in which we already possess the lock, so
* Theres no need to grab it again here * There's no need to grab it again here
*/ */
if (oper == BIO_CB_FREE) if (oper == BIO_CB_FREE)
keylog_bio = NULL; keylog_bio = NULL;
@ -4319,7 +4319,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
/* Make sure we have a global lock allocated */ /* Make sure we have a global lock allocated */
if (!RUN_ONCE(&ssl_keylog_once, ssl_keylog_init)) { if (!RUN_ONCE(&ssl_keylog_once, ssl_keylog_init)) {
/* use a trace message as a warning */ /* use a trace message as a warning */
OSSL_TRACE(TLS, "Unable to initalize keylog data\n"); OSSL_TRACE(TLS, "Unable to initialize keylog data\n");
goto out; goto out;
} }

2
ssl/statem/extensions_srvr.c
View File

@ -901,7 +901,7 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt,
goto end; goto end;
/* /*
* We now have the folowing lists available to make a decision for * We now have the following lists available to make a decision for
* which group the server should use for key exchange : * which group the server should use for key exchange :
* From client: clntgroups[clnt_num_groups], * From client: clntgroups[clnt_num_groups],
* keyshares_arr[keyshares_cnt], encoded_pubkey_arr[keyshares_cnt] * keyshares_arr[keyshares_cnt], encoded_pubkey_arr[keyshares_cnt]

2
ssl/t1_enc.c
View File

@ -72,7 +72,7 @@ static int tls1_PRF(SSL_CONNECTION *s,
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
(void *)seed5, (size_t)seed5_len); (void *)seed5, (size_t)seed5_len);
/* /*
* If we have a propery query string, the kdf needs to know about it in the event * If we have a property query string, the kdf needs to know about it in the event
* the specific kdf in use allocated a digest as part of its implementation * the specific kdf in use allocated a digest as part of its implementation
*/ */
if (SSL_CONNECTION_GET_CTX(s)->propq != NULL) if (SSL_CONNECTION_GET_CTX(s)->propq != NULL)

8
ssl/t1_lib.c
View File

@ -1583,10 +1583,10 @@ static int tuple_cb(const char *tuple, int len, void *arg)
/* /*
* Set groups and prepare generation of keyshares based on a string of groupnames, * Set groups and prepare generation of keyshares based on a string of groupnames,
* names separated by the group or the tuple delimiter, with per-group prefixes to * names separated by the group or the tuple delimiter, with per-group prefixes to
* (1) add a key share for this group, (2) ignore the group if unkown to the current * (1) add a key share for this group, (2) ignore the group if unknown to the current
* context, (3) delete a previous occurrence of the group in the current tuple. * context, (3) delete a previous occurrence of the group in the current tuple.
* *
* The list parsing is done in two hierachical steps: The top-level step extracts the * The list parsing is done in two hierarchical steps: The top-level step extracts the
* string of a tuple using tuple_cb, while the next lower step uses gid_cb to * string of a tuple using tuple_cb, while the next lower step uses gid_cb to
* parse and process the groups inside a tuple * parse and process the groups inside a tuple
*/ */
@ -1646,7 +1646,7 @@ int tls1_set_groups_list(SSL_CTX *ctx,
} }
/* /*
* We check whether a tuple was completly emptied by using "-" prefix * We check whether a tuple was completely emptied by using "-" prefix
* excessively, in which case we remove the tuple * excessively, in which case we remove the tuple
*/ */
for (i = j = 0; j < gcb.tplcnt; j++) { for (i = j = 0; j < gcb.tplcnt; j++) {
@ -1693,7 +1693,7 @@ int tls1_set_groups_list(SSL_CTX *ctx,
/* /*
* tuple_cb and gid_cb combo ensures there are no duplicates or unknown groups so we * tuple_cb and gid_cb combo ensures there are no duplicates or unknown groups so we
* can just go ahead and set the results (after diposing the existing) * can just go ahead and set the results (after disposing the existing)
*/ */
OPENSSL_free(*grpext); OPENSSL_free(*grpext);
*grpext = gcb.gid_arr; *grpext = gcb.gid_arr;

4
ssl/t1_trce.c
View File

@ -1310,7 +1310,7 @@ static int ssl_print_certificate(BIO *bio, const SSL_CONNECTION *sc, int indent,
x = NULL; x = NULL;
} }
if (x == NULL) if (x == NULL)
BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n"); BIO_puts(bio, "<UNPARSABLE CERTIFICATE>\n");
else { else {
BIO_puts(bio, "\n------details-----\n"); BIO_puts(bio, "\n------details-----\n");
X509_print_ex(bio, x, XN_FLAG_ONELINE, 0); X509_print_ex(bio, x, XN_FLAG_ONELINE, 0);
@ -1541,7 +1541,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc
p = msg; p = msg;
nm = d2i_X509_NAME(NULL, &p, (long)dlen); nm = d2i_X509_NAME(NULL, &p, (long)dlen);
if (!nm) { if (!nm) {
BIO_puts(bio, "<UNPARSEABLE DN>\n"); BIO_puts(bio, "<UNPARSABLE DN>\n");
} else { } else {
X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE); X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE);
BIO_puts(bio, "\n"); BIO_puts(bio, "\n");

9
util/codespell-check.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
# Run codespell and apply fixes to the OpenSSL tree.
# If you get a false positive here, the usual fix is to
# add it to the end of the -L list of ignored words, below.
codespell -w --ignore-regex '\b[a-zA-Z][a-zA-Z]\b' \
-L 'ADDAD, addin, adin, allws, alo, Alo, alow, anS, Buda, buildd, bve, cann, CANN, ciph, Collison, consumation, DELET, dota, Durin, ect, ede, endianess, endin, engineerr, ENGINEerr, FILETEST, filetests, htmp, inbrace, ine, informat, ISCONNECTION, isnt, KEYPAIR, keyserver, larg, LOd, Manger, Merget, nclusion, NOo, OPTIO, outin, passin, poping, pris, rewinded, shouldnot, SHS, Sorce, sover, succes, testss, Thi, tmplate, tne, uis, usign, vew, Widgits, aas, Aas, AAS, abd, ABD, accreting, AFAIR, afile, afterAll, AfterAll, Ake, ALine, allEdges, alloced, alloco, ALS, alsptd, ang, ans, ANS, aNULL, archType, arithmetics, assertIn, atLeast, AtLeast, atMost, bootup, BRE, CAF, cant, Chang, checkin, childs, circularly, Circularly, claus, Claus, clen, CLOS, Collet, compilability, compileTime, CompileTime, complies, COMPLIES, configury, co-ordinate, co-ordinates, crasher, crashers, crate, Crate, CRATE, creat, CREAT, CrOS, crypted, CRYPTED, currentY, DAA, datas, debbugs, Debbugs, dependancies, dependancy, dependant, deque, Deque, doubleclick, doubleClick, DoubleClick, dout, Dout, DOUT, dum, dur, Dur, ECT, EDE, FileTest, flate, Flate, FLATE, fpr, FPR, FPT, gord, gost, Gost, GOST, Hart, hasTable, hel, hist, HIST, HSI, ifset, iif, IIF, implementor, Implementor, implementors, Implementors, inactivate, indention, indx, inh, inout, inOut, InOut, INOUT, ist, IST, keep-alives, keypair, keyPair, Keypair, KeyPair, keypairs, keyPairs, Keypairs, KeyPairs, LAMDA, leapYear, LOD, Maked, Manuel, ment, minimise, mis, Mis, MIS, mitre, Mitre, MITRE, mmaped, msdos, MSDOS, nam, Nam, NAM, Ned, nin, Nin, nmake, NMake, NMAKE, notin, Notin, NotIn, numer, OCE, offsetp, ois, onText, OnText, openin, OptIn, origN, paeth, Paeth, PAETH, parm, pARM, Parm, PARM, parms, pARMS, Parms, PARMs, PARMS, pass-thru, pres, Pres, prevEnd, PullRequest, que, readd, Readd, readded, Readded, regArg, regArgs, requestor, Requestor, requestors, re-usable, Re-usable, re-use, Re-use, re-used, Re-used, re-uses, Re-uses, re-using, Re-using, sav, SEH, ser, Ser, SER, servent, shouldBe, siz, SIZ, SME, SOM, splitted, statics, Statics, strRange, technics, therefor, Therefor, therefrom, thirdparty, thirdParty, Thirdparty, ThirdParty, THIRDPARTY, thru, Thur, THUR, tolen, tthe, UIs, upto, upTo, uptodate, upToDate, UpToDate, useable, Useable, userA, UserA, varN, vertexes, vor, WAN, Wirth, wont, WRONLY, WTH, roperties, igest, equest, equests, ategory, couldn, wasn, ture, biom, bion, sHolder' \
-S '*codespell-check.sh, */LICENSE, */test/danetest.in, */test/data2.bin, */test/recipes/30-test_evp_data/evppkey_kas.txt, */test/recipes/30-test_evp_data/evppkey.txt, */3rd*[pP]arty/*, */aspell/*, */charsets/*, */chrtrans/*, */codepage/*, */data/*, */deps/*, */dict/*, */dictionaries/*, */doc*/[a-df-z][a-z]/*, */doc*/[a-z][a-z][_-][a-zA-Z][a-zA-Z]/*, */doc*/e[a-mo-z]/*, */[eE]ncode/*, */[eE]ncodings/*, */extern/*, */external/*, */externals/*, */help/[a-df-z][a-z]/*, */help/[a-z][a-z]_[A-Z][A-Z]/*, */help/es/*, */i18n/*, */icu/*, */info/[a-df-z][a-z]/*, */info/[a-z][a-z]_[A-Z][A-Z]/*, */info/es/*, */intl/*, */l10n/*, */langmap/*, */langs/*, */[lL]ang/*, */[lL]anguage/*, */[lL]anguages/*, */*[lL]ocal[ei]*/*, */man*/[a-df-z][a-z]/*, */man*/[a-z][a-z][_-][a-zA-Z][a-zA-Z]/*, */man*/e[a-mo-z]/*, */messages[_./][a-df-z][a-z][_./]*, */messages[_./][a-z][a-z]_[A-Z][A-Z][_./]*, */messages[_./]es[_./]*, */[mM]ath[jJ]ax/*, */runtime/*, */[tT]hird*[pP]arty/*, */[tT]ranslation/*, */[tT]ranslations/*, */unicode/*, */Unicode/*, */unicore/*, */vendor/*, */vendors/*, */.versions/*, *_8h.html, *_8h_source.html, *.asc, */AUTHORS*, CONTRIBUTORS*, *.crt, *.css.map, */*.desktop, */*.desktop.in, *.eps, /fonts/*, *.fr.utf-8, *.git, *__*__*.html, *.html.de, *.html.es, *.html.fr, *.html.ko.euc-kr, *.html.pt-br, *.info_[0-9], *.ipynb, *.ja.utf8, *.js.map, */[lL]ocale, localization*-[a-z][a-z].*, localization*-[a-z][a-z]_[a-zA-Z][a-zA-Z].*, *lorem-ipsum*, */.mailmap, *.min.js, *.pdf, *.pem, *.po, *.ppm, *.ps, */rfc[1-9]*.txt, *.rtf, */searchindex.js, *.sum, *.svg, *.svn, THANKS*, *.tr.utf8, *.xpm, */yarn.lock, *.zh-cn.utf8, *.zlib, ABOUT-NLS, authors.xml, CREDITS, CREDITS.TXT, DONATIONS, jquery.js, jquery.min.map, MAINTAINERS, NormalizationTest.txt, package-lock.json, UnicodeData.txt, */*[^a/]test/*, */*[^a/]tests/*, */test*/*, [cC]hange.[lL]og*, [cC]hange[lL]og*, *[._-][cC]hanges, [cC]hanges[._-]*, CHANGE.log*, CHANGELOG*, *[._-]CHANGES, CHANGES[._-]*, [cC]hanges, CHANGES, *man[12345657]/*'

2
util/perl/OpenSSL/paramnames.pm
View File

@ -625,7 +625,7 @@ my %params = (
'OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING' => "block_padding", 'OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING' => "block_padding",
'OSSL_LIBSSL_RECORD_LAYER_PARAM_HS_PADDING' => "hs_padding", 'OSSL_LIBSSL_RECORD_LAYER_PARAM_HS_PADDING' => "hs_padding",
# Symmetric Key parametes # Symmetric Key parameters
'OSSL_SKEY_PARAM_RAW_BYTES' => "raw-bytes", 'OSSL_SKEY_PARAM_RAW_BYTES' => "raw-bytes",
'OSSL_SKEY_PARAM_KEY_LENGTH' => "key-length", 'OSSL_SKEY_PARAM_KEY_LENGTH' => "key-length",
); );

4
util/perl/TLSProxy/Proxy.pm
View File

@ -124,10 +124,10 @@ sub init
my $test_client_port; my $test_client_port;
# Sometimes, our random selection of client ports gets unlucky # Sometimes, our random selection of client ports gets unlucky
# And we randomly select a port thats already in use. This causes # And we randomly select a port that's already in use. This causes
# this test to fail, so lets harden ourselves against that by doing # this test to fail, so lets harden ourselves against that by doing
# a test bind to the randomly selected port, and only continue once we # a test bind to the randomly selected port, and only continue once we
# find a port thats available. # find a port that's available.
my $test_client_addr = $have_IPv6 ? "[::1]" : "127.0.0.1"; my $test_client_addr = $have_IPv6 ? "[::1]" : "127.0.0.1";
my $found_port = 0; my $found_port = 0;
for (my $i = 0; $i <= 10; $i++) { for (my $i = 0; $i <= 10; $i++) {