projects
/
BearSSL
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
a8a8f51
)
Fixed some typographic errors in comments.
author
Thomas Pornin
<pornin@bolet.org>
Sun, 27 May 2018 21:37:15 +0000
(23:37 +0200)
committer
Thomas Pornin
<pornin@bolet.org>
Sun, 27 May 2018 21:37:15 +0000
(23:37 +0200)
22 files changed:
README.txt
patch
|
blob
|
history
inc/bearssl_aead.h
patch
|
blob
|
history
inc/bearssl_hash.h
patch
|
blob
|
history
inc/bearssl_hmac.h
patch
|
blob
|
history
inc/bearssl_prf.h
patch
|
blob
|
history
inc/bearssl_rand.h
patch
|
blob
|
history
inc/bearssl_ssl.h
patch
|
blob
|
history
inc/bearssl_x509.h
patch
|
blob
|
history
samples/custom_profile.c
patch
|
blob
|
history
src/ec/ec_prime_i15.c
patch
|
blob
|
history
src/ec/ec_prime_i31.c
patch
|
blob
|
history
src/inner.h
patch
|
blob
|
history
src/int/i15_decmod.c
patch
|
blob
|
history
src/int/i31_decmod.c
patch
|
blob
|
history
src/rand/sysrng.c
patch
|
blob
|
history
src/rsa/rsa_pkcs1_sig_unpad.c
patch
|
blob
|
history
src/ssl/ssl_hs_client.c
patch
|
blob
|
history
src/ssl/ssl_hs_client.t0
patch
|
blob
|
history
src/ssl/ssl_hs_common.t0
patch
|
blob
|
history
src/ssl/ssl_hs_server.c
patch
|
blob
|
history
src/ssl/ssl_hs_server.t0
patch
|
blob
|
history
src/x509/asn1.t0
patch
|
blob
|
history
diff --git
a/README.txt
b/README.txt
index
a440e29
..
0e318aa
100644
(file)
--- a/
README.txt
+++ b/
README.txt
@@
-112,7
+112,7
@@
Dependencies are simple and systematic:
I follow this simple version numbering scheme:
I follow this simple version numbering scheme:
- - Version numbers are `x.y` or `x.y.z` where `x`, `y` an
s
`z` are
+ - Version numbers are `x.y` or `x.y.z` where `x`, `y` an
d
`z` are
decimal integers (possibly greater than 10). When the `.z` part is
missing, it is equivalent to `.0`.
decimal integers (possibly greater than 10). When the `.z` part is
missing, it is equivalent to `.0`.
diff --git
a/inc/bearssl_aead.h
b/inc/bearssl_aead.h
index
c495dc2
..
8e35a1f
100644
(file)
--- a/
inc/bearssl_aead.h
+++ b/
inc/bearssl_aead.h
@@
-877,7
+877,7
@@
extern const br_aead_class br_eax_vtable;
* can still be provided by chunks, but the total size must match
* the value provided upon initialisation.
*
* can still be provided by chunks, but the total size must match
* the value provided upon initialisation.
*
- * - The nonce length is constrained betwen 7 and 13 bytes (inclusive).
+ * - The nonce length is constrained betwe
e
n 7 and 13 bytes (inclusive).
* Furthermore, the plaintext length, when encoded, must fit over
* 15-nonceLen bytes; thus, if the nonce has length 13 bytes, then
* the plaintext length cannot exceed 65535 bytes.
* Furthermore, the plaintext length, when encoded, must fit over
* 15-nonceLen bytes; thus, if the nonce has length 13 bytes, then
* the plaintext length cannot exceed 65535 bytes.
diff --git
a/inc/bearssl_hash.h
b/inc/bearssl_hash.h
index
860ab71
..
3b15ba7
100644
(file)
--- a/
inc/bearssl_hash.h
+++ b/
inc/bearssl_hash.h
@@
-93,7
+93,7
@@
extern "C" {
* - `br_xxx_out(const br_xxx_context *ctx, void *out)`
*
* Complete the hash computation and write the result in the provided
* - `br_xxx_out(const br_xxx_context *ctx, void *out)`
*
* Complete the hash computation and write the result in the provided
- * buffer. The output buffer MUST be large enough to accomodate the
+ * buffer. The output buffer MUST be large enough to accom
m
odate the
* result. The context is NOT modified by this operation, so this
* function can be used to get a "partial hash" while still keeping
* the possibility of adding more bytes to the input.
* result. The context is NOT modified by this operation, so this
* function can be used to get a "partial hash" while still keeping
* the possibility of adding more bytes to the input.
diff --git
a/inc/bearssl_hmac.h
b/inc/bearssl_hmac.h
index
511dbbe
..
14147d8
100644
(file)
--- a/
inc/bearssl_hmac.h
+++ b/
inc/bearssl_hmac.h
@@
-155,7
+155,7
@@
void br_hmac_update(br_hmac_context *ctx, const void *data, size_t len);
/**
* \brief Compute the HMAC output.
*
/**
* \brief Compute the HMAC output.
*
- * The destination buffer MUST be large enough to accomodate the result;
+ * The destination buffer MUST be large enough to accom
m
odate the result;
* its length is at most the "natural length" of HMAC (i.e. the output
* length of the underlying hash function). The context is NOT modified;
* further bytes may be processed. Thus, "partial HMAC" values can be
* its length is at most the "natural length" of HMAC (i.e. the output
* length of the underlying hash function). The context is NOT modified;
* further bytes may be processed. Thus, "partial HMAC" values can be
diff --git
a/inc/bearssl_prf.h
b/inc/bearssl_prf.h
index
9d54ad8
..
fdf608c
100644
(file)
--- a/
inc/bearssl_prf.h
+++ b/
inc/bearssl_prf.h
@@
-37,7
+37,7
@@
extern "C" {
* # The TLS PRF
*
* The "PRF" is the pseudorandom function used internally during the
* # The TLS PRF
*
* The "PRF" is the pseudorandom function used internally during the
- * SSL/TLS handshake, notably to expand nego
c
iated shared secrets into
+ * SSL/TLS handshake, notably to expand nego
t
iated shared secrets into
* the symmetric encryption keys that will be used to process the
* application data.
*
* the symmetric encryption keys that will be used to process the
* application data.
*
diff --git
a/inc/bearssl_rand.h
b/inc/bearssl_rand.h
index
37379d2
..
060cb40
100644
(file)
--- a/
inc/bearssl_rand.h
+++ b/
inc/bearssl_rand.h
@@
-279,7
+279,7
@@
typedef int (*br_prng_seeder)(const br_prng_class **ctx);
* is returned.
*
* If `name` is not `NULL`, then `*name` is set to a symbolic string
* is returned.
*
* If `name` is not `NULL`, then `*name` is set to a symbolic string
- * that identifies the seeder implemention. If no seeder is returned
+ * that identifies the seeder implement
at
ion. If no seeder is returned
* and `name` is not `NULL`, then `*name` is set to a pointer to the
* constant string `"none"`.
*
* and `name` is not `NULL`, then `*name` is set to a pointer to the
* constant string `"none"`.
*
diff --git
a/inc/bearssl_ssl.h
b/inc/bearssl_ssl.h
index
6640bc6
..
2a4fada
100644
(file)
--- a/
inc/bearssl_ssl.h
+++ b/
inc/bearssl_ssl.h
@@
-1278,7
+1278,7
@@
br_ssl_engine_get_hash(br_ssl_engine_context *ctx, int id)
/**
* \brief Set the PRF implementation (for TLS 1.0 and 1.1).
*
/**
* \brief Set the PRF implementation (for TLS 1.0 and 1.1).
*
- * This function sets (or removes, if `impl` is `NULL`) the implemenation
+ * This function sets (or removes, if `impl` is `NULL`) the implemen
t
ation
* for the PRF used in TLS 1.0 and 1.1.
*
* \param cc SSL engine context.
* for the PRF used in TLS 1.0 and 1.1.
*
* \param cc SSL engine context.
@@
-1293,7
+1293,7
@@
br_ssl_engine_set_prf10(br_ssl_engine_context *cc, br_tls_prf_impl impl)
/**
* \brief Set the PRF implementation with SHA-256 (for TLS 1.2).
*
/**
* \brief Set the PRF implementation with SHA-256 (for TLS 1.2).
*
- * This function sets (or removes, if `impl` is `NULL`) the implemenation
+ * This function sets (or removes, if `impl` is `NULL`) the implemen
t
ation
* for the SHA-256 variant of the PRF used in TLS 1.2.
*
* \param cc SSL engine context.
* for the SHA-256 variant of the PRF used in TLS 1.2.
*
* \param cc SSL engine context.
@@
-1308,7
+1308,7
@@
br_ssl_engine_set_prf_sha256(br_ssl_engine_context *cc, br_tls_prf_impl impl)
/**
* \brief Set the PRF implementation with SHA-384 (for TLS 1.2).
*
/**
* \brief Set the PRF implementation with SHA-384 (for TLS 1.2).
*
- * This function sets (or removes, if `impl` is `NULL`) the implemenation
+ * This function sets (or removes, if `impl` is `NULL`) the implemen
t
ation
* for the SHA-384 variant of the PRF used in TLS 1.2.
*
* \param cc SSL engine context.
* for the SHA-384 variant of the PRF used in TLS 1.2.
*
* \param cc SSL engine context.
@@
-1916,7
+1916,7
@@
br_ssl_engine_last_error(const br_ssl_engine_context *cc)
* Informs the engine that 'len' bytes have been read from the buffer
* (extract operation) or written to the buffer (inject operation).
* The 'len' value MUST NOT be zero. The 'len' value MUST NOT exceed
* Informs the engine that 'len' bytes have been read from the buffer
* (extract operation) or written to the buffer (inject operation).
* The 'len' value MUST NOT be zero. The 'len' value MUST NOT exceed
- * that which was obtained from a prece
e
ding br_ssl_engine_xxx_buf()
+ * that which was obtained from a preceding br_ssl_engine_xxx_buf()
* call.
*/
* call.
*/
@@
-2517,7
+2517,7
@@
struct br_ssl_client_context_ {
* then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1,
* or 2 to 6 for the SHA family).
*
* then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1,
* or 2 to 6 for the SHA family).
*
- * - If ECDSA is suported with hash function of ID `x`, then bit `8+x`
+ * - If ECDSA is sup
p
orted with hash function of ID `x`, then bit `8+x`
* is set.
*
* - Newer algorithms are symbolic 16-bit identifiers that do not
* is set.
*
* - Newer algorithms are symbolic 16-bit identifiers that do not
@@
-3564,7
+3564,7
@@
br_ssl_server_get_client_suites(const br_ssl_server_context *cc, size_t *num)
* then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1,
* or 2 to 6 for the SHA family).
*
* then bit `x` is set (hash function ID is 0 for the special MD5+SHA-1,
* or 2 to 6 for the SHA family).
*
- * - If ECDSA is suported with hash function of ID `x`, then bit `8+x`
+ * - If ECDSA is sup
p
orted with hash function of ID `x`, then bit `8+x`
* is set.
*
* - Newer algorithms are symbolic 16-bit identifiers that do not
* is set.
*
* - Newer algorithms are symbolic 16-bit identifiers that do not
diff --git
a/inc/bearssl_x509.h
b/inc/bearssl_x509.h
index
1f55b4e
..
10e3510
100644
(file)
--- a/
inc/bearssl_x509.h
+++ b/
inc/bearssl_x509.h
@@
-360,7
+360,7
@@
typedef struct {
* - `end_chain()` is called when the last certificate in the chain
* was processed.
* - `get_pkey()` is called after chain processing, if the chain
* - `end_chain()` is called when the last certificate in the chain
* was processed.
* - `get_pkey()` is called after chain processing, if the chain
- * validation was succes
ful
l.
+ * validation was succes
sfu
l.
*
* A context structure may be reused; the `start_chain()` method shall
* ensure (re)initialisation.
*
* A context structure may be reused; the `start_chain()` method shall
* ensure (re)initialisation.
diff --git
a/samples/custom_profile.c
b/samples/custom_profile.c
index
7588f9d
..
8133532
100644
(file)
--- a/
samples/custom_profile.c
+++ b/
samples/custom_profile.c
@@
-181,7
+181,7
@@
example_client_profile(br_ssl_client_context *cc
* -- ECDSA signature verification is needed for "ECDHE_ECDSA"
* cipher suites (but not for ECDHE_RSA, ECDH_ECDSA or ECDH_RSA).
*
* -- ECDSA signature verification is needed for "ECDHE_ECDSA"
* cipher suites (but not for ECDHE_RSA, ECDH_ECDSA or ECDH_RSA).
*
- * Normaly, you use the "default" implementations, obtained
+ * Normal
l
y, you use the "default" implementations, obtained
* through relevant function calls. These functions return
* implementations that are deemed "best" for the current
* platform, where "best" means "fastest within constant-time
* through relevant function calls. These functions return
* implementations that are deemed "best" for the current
* platform, where "best" means "fastest within constant-time
@@
-196,7
+196,7
@@
example_client_profile(br_ssl_client_context *cc
* "i32". The "i31" code is somewhat faster than the "i32" code.
* Usually, "i31" is faster than "i15", except on some specific
* architectures (ARM Cortex M0, M0+, M1 and M3) where the "i15"
* "i32". The "i31" code is somewhat faster than the "i32" code.
* Usually, "i31" is faster than "i15", except on some specific
* architectures (ARM Cortex M0, M0+, M1 and M3) where the "i15"
- * should be prefered (the "i15" code is constant-time, while
+ * should be prefer
r
ed (the "i15" code is constant-time, while
* the "i31" is not, and the "i15" code is faster anyway).
*
* ECDSA code also comes in "i15" and "i31" variants. As in the
* the "i31" is not, and the "i15" code is faster anyway).
*
* ECDSA code also comes in "i15" and "i31" variants. As in the
@@
-359,7
+359,7
@@
example_client_profile(br_ssl_client_context *cc
* ctmul64 Uses 64-bit multiplications with a 64-bit result.
*
* On 64-bit platforms, ctmul64 is the smallest and fastest of
* ctmul64 Uses 64-bit multiplications with a 64-bit result.
*
* On 64-bit platforms, ctmul64 is the smallest and fastest of
- * the three. On 32-bit systems, ctmul should be prefered. The
+ * the three. On 32-bit systems, ctmul should be prefer
r
ed. The
* ctmul32 implementation is meant to be used for the specific
* 32-bit systems that do not have a 32x32->64 multiplier (i.e.
* the ARM Cortex-M0 and Cortex-M0+).
* ctmul32 implementation is meant to be used for the specific
* 32-bit systems that do not have a 32x32->64 multiplier (i.e.
* the ARM Cortex-M0 and Cortex-M0+).
diff --git
a/src/ec/ec_prime_i15.c
b/src/ec/ec_prime_i15.c
index
85affe5
..
0f210f2
100644
(file)
--- a/
src/ec/ec_prime_i15.c
+++ b/
src/ec/ec_prime_i15.c
@@
-765,7
+765,7
@@
api_muladd(unsigned char *A, const unsigned char *B, size_t len,
/*
* TODO: see about merging the two ladders. Right now, we do
/*
* TODO: see about merging the two ladders. Right now, we do
- * two independ
a
nt point multiplications, which is a bit
+ * two independ
e
nt point multiplications, which is a bit
* wasteful of CPU resources (but yields short code).
*/
* wasteful of CPU resources (but yields short code).
*/
diff --git
a/src/ec/ec_prime_i31.c
b/src/ec/ec_prime_i31.c
index
ce4d4ab
..
0586a3b
100644
(file)
--- a/
src/ec/ec_prime_i31.c
+++ b/
src/ec/ec_prime_i31.c
@@
-764,7
+764,7
@@
api_muladd(unsigned char *A, const unsigned char *B, size_t len,
/*
* TODO: see about merging the two ladders. Right now, we do
/*
* TODO: see about merging the two ladders. Right now, we do
- * two independ
a
nt point multiplications, which is a bit
+ * two independ
e
nt point multiplications, which is a bit
* wasteful of CPU resources (but yields short code).
*/
* wasteful of CPU resources (but yields short code).
*/
diff --git
a/src/inner.h
b/src/inner.h
index
5f596a1
..
d552f03
100644
(file)
--- a/
src/inner.h
+++ b/
src/inner.h
@@
-85,7
+85,7
@@
*
* The test on 'unsigned long' should already catch most cases, the one
* notable exception being Windows code where 'unsigned long' is kept to
*
* The test on 'unsigned long' should already catch most cases, the one
* notable exception being Windows code where 'unsigned long' is kept to
- * 32-bit for compatbility with all the legacy code that liberally uses
+ * 32-bit for compat
i
bility with all the legacy code that liberally uses
* the 'DWORD' type for 32-bit values.
*
* Macro names are taken from: http://nadeausoftware.com/articles/2012/02/c_c_tip_how_detect_processor_type_using_compiler_predefined_macros
* the 'DWORD' type for 32-bit values.
*
* Macro names are taken from: http://nadeausoftware.com/articles/2012/02/c_c_tip_how_detect_processor_type_using_compiler_predefined_macros
diff --git
a/src/int/i15_decmod.c
b/src/int/i15_decmod.c
index
be955e3
..
6076c57
100644
(file)
--- a/
src/int/i15_decmod.c
+++ b/
src/int/i15_decmod.c
@@
-46,7
+46,7
@@
br_i15_decode_mod(uint16_t *x, const void *src, size_t len, const uint16_t *m)
* or 0x00000000 (value does not fit).
*
* We must iterate over all bytes of the source, _and_ possibly
* or 0x00000000 (value does not fit).
*
* We must iterate over all bytes of the source, _and_ possibly
- * some extra vir
ut
al bytes (with value 0) so as to cover the
+ * some extra vir
tu
al bytes (with value 0) so as to cover the
* complete modulus as well. We also add 4 such extra bytes beyond
* the modulus length because it then guarantees that no accumulated
* partial word remains to be processed.
* complete modulus as well. We also add 4 such extra bytes beyond
* the modulus length because it then guarantees that no accumulated
* partial word remains to be processed.
diff --git
a/src/int/i31_decmod.c
b/src/int/i31_decmod.c
index
745bc10
..
3cd7bfe
100644
(file)
--- a/
src/int/i31_decmod.c
+++ b/
src/int/i31_decmod.c
@@
-46,7
+46,7
@@
br_i31_decode_mod(uint32_t *x, const void *src, size_t len, const uint32_t *m)
* or 0x00000000 (value does not fit).
*
* We must iterate over all bytes of the source, _and_ possibly
* or 0x00000000 (value does not fit).
*
* We must iterate over all bytes of the source, _and_ possibly
- * some extra vir
ut
al bytes (with value 0) so as to cover the
+ * some extra vir
tu
al bytes (with value 0) so as to cover the
* complete modulus as well. We also add 4 such extra bytes beyond
* the modulus length because it then guarantees that no accumulated
* partial word remains to be processed.
* complete modulus as well. We also add 4 such extra bytes beyond
* the modulus length because it then guarantees that no accumulated
* partial word remains to be processed.
diff --git
a/src/rand/sysrng.c
b/src/rand/sysrng.c
index
3a10db9
..
bec06be
100644
(file)
--- a/
src/rand/sysrng.c
+++ b/
src/rand/sysrng.c
@@
-139,7
+139,7
@@
seeder_win32(const br_prng_class **ctx)
}
#endif
}
#endif
-/* see bearssl_rand.h
.h
*/
+/* see bearssl_rand.h */
br_prng_seeder
br_prng_seeder_system(const char **name)
{
br_prng_seeder
br_prng_seeder_system(const char **name)
{
diff --git
a/src/rsa/rsa_pkcs1_sig_unpad.c
b/src/rsa/rsa_pkcs1_sig_unpad.c
index
d179945
..
c8ae08f
100644
(file)
--- a/
src/rsa/rsa_pkcs1_sig_unpad.c
+++ b/
src/rsa/rsa_pkcs1_sig_unpad.c
@@
-68,7
+68,7
@@
br_rsa_pkcs1_sig_unpad(const unsigned char *sig, size_t sig_len,
/*
* Check the "00 01 FF .. FF 00" with at least eight 0xFF bytes.
/*
* Check the "00 01 FF .. FF 00" with at least eight 0xFF bytes.
- * The compar
a
ison is valid because we made sure that the signature
+ * The comparison is valid because we made sure that the signature
* is at least 11 bytes long.
*/
if (memcmp(sig, pad1, sizeof pad1) != 0) {
* is at least 11 bytes long.
*/
if (memcmp(sig, pad1, sizeof pad1) != 0) {
diff --git
a/src/ssl/ssl_hs_client.c
b/src/ssl/ssl_hs_client.c
index
2c35f29
..
cba2f13
100644
(file)
--- a/
src/ssl/ssl_hs_client.c
+++ b/
src/ssl/ssl_hs_client.c
@@
-86,7
+86,7
@@
void br_ssl_hs_client_run(void *t0ctx);
* specific name. It must be noted that since the engine context is the
* first field of the br_ssl_client_context structure ('eng'), then
* pointers values of both types are interchangeable, modulo an
* specific name. It must be noted that since the engine context is the
* first field of the br_ssl_client_context structure ('eng'), then
* pointers values of both types are interchangeable, modulo an
- * appropriate cast. This also means that "adresses" computed as offsets
+ * appropriate cast. This also means that "ad
d
resses" computed as offsets
* within the structure work for both kinds of context.
*/
#define CTX ((br_ssl_client_context *)ENG)
* within the structure work for both kinds of context.
*/
#define CTX ((br_ssl_client_context *)ENG)
diff --git
a/src/ssl/ssl_hs_client.t0
b/src/ssl/ssl_hs_client.t0
index
0747d42
..
23b39e7
100644
(file)
--- a/
src/ssl/ssl_hs_client.t0
+++ b/
src/ssl/ssl_hs_client.t0
@@
-31,7
+31,7
@@
preamble {
* specific name. It must be noted that since the engine context is the
* first field of the br_ssl_client_context structure ('eng'), then
* pointers values of both types are interchangeable, modulo an
* specific name. It must be noted that since the engine context is the
* first field of the br_ssl_client_context structure ('eng'), then
* pointers values of both types are interchangeable, modulo an
- * appropriate cast. This also means that "adresses" computed as offsets
+ * appropriate cast. This also means that "ad
d
resses" computed as offsets
* within the structure work for both kinds of context.
*/
#define CTX ((br_ssl_client_context *)ENG)
* within the structure work for both kinds of context.
*/
#define CTX ((br_ssl_client_context *)ENG)
@@
-969,7
+969,7
@@
cc: get-client-chain ( auth_types -- ) {
\ Parse CertificateRequest. Header has already been read.
: read-contents-CertificateRequest ( lim -- )
\ Parse CertificateRequest. Header has already been read.
: read-contents-CertificateRequest ( lim -- )
- \ Read supported client authenti
fi
cation types. We keep only
+ \ Read supported client authentication types. We keep only
\ RSA, ECDSA, and ECDH.
0 { auth_types }
read8 open-elt
\ RSA, ECDSA, and ECDH.
0 { auth_types }
read8 open-elt
diff --git
a/src/ssl/ssl_hs_common.t0
b/src/ssl/ssl_hs_common.t0
index
dd9abcb
..
a879258
100644
(file)
--- a/
src/ssl/ssl_hs_common.t0
+++ b/
src/ssl/ssl_hs_common.t0
@@
-581,7
+581,7
@@
cc: more-incoming-bytes? ( -- bool ) {
read16 skip-blob ;
\ Open a substructure: the inner structure length is checked against,
read16 skip-blob ;
\ Open a substructure: the inner structure length is checked against,
-\ and sub
s
tracted, from the output structure current limit.
+\ and subtracted, from the output structure current limit.
: open-elt ( lim len -- lim-outer lim-inner )
dup { len }
- dup 0< if ERR_BAD_PARAM fail then
: open-elt ( lim len -- lim-outer lim-inner )
dup { len }
- dup 0< if ERR_BAD_PARAM fail then
diff --git
a/src/ssl/ssl_hs_server.c
b/src/ssl/ssl_hs_server.c
index
5dd30a1
..
a6be5e7
100644
(file)
--- a/
src/ssl/ssl_hs_server.c
+++ b/
src/ssl/ssl_hs_server.c
@@
-86,7
+86,7
@@
void br_ssl_hs_server_run(void *t0ctx);
* specific name. It must be noted that since the engine context is the
* first field of the br_ssl_server_context structure ('eng'), then
* pointers values of both types are interchangeable, modulo an
* specific name. It must be noted that since the engine context is the
* first field of the br_ssl_server_context structure ('eng'), then
* pointers values of both types are interchangeable, modulo an
- * appropriate cast. This also means that "adresses" computed as offsets
+ * appropriate cast. This also means that "ad
d
resses" computed as offsets
* within the structure work for both kinds of context.
*/
#define CTX ((br_ssl_server_context *)ENG)
* within the structure work for both kinds of context.
*/
#define CTX ((br_ssl_server_context *)ENG)
diff --git
a/src/ssl/ssl_hs_server.t0
b/src/ssl/ssl_hs_server.t0
index
58d5c94
..
9f6e934
100644
(file)
--- a/
src/ssl/ssl_hs_server.t0
+++ b/
src/ssl/ssl_hs_server.t0
@@
-31,7
+31,7
@@
preamble {
* specific name. It must be noted that since the engine context is the
* first field of the br_ssl_server_context structure ('eng'), then
* pointers values of both types are interchangeable, modulo an
* specific name. It must be noted that since the engine context is the
* first field of the br_ssl_server_context structure ('eng'), then
* pointers values of both types are interchangeable, modulo an
- * appropriate cast. This also means that "adresses" computed as offsets
+ * appropriate cast. This also means that "ad
d
resses" computed as offsets
* within the structure work for both kinds of context.
*/
#define CTX ((br_ssl_server_context *)ENG)
* within the structure work for both kinds of context.
*/
#define CTX ((br_ssl_server_context *)ENG)
@@
-864,7
+864,7
@@
cc: save-session ( -- ) {
\ suites are filtered out. In particular:
\ -- ECDHE suites are removed if there is no common hash function
\ (for the relevant signature algorithm) or no common curve.
\ suites are filtered out. In particular:
\ -- ECDHE suites are removed if there is no common hash function
\ (for the relevant signature algorithm) or no common curve.
- \ -- TLS-1.2-only suites are removed if the nego
c
iated version is
+ \ -- TLS-1.2-only suites are removed if the nego
t
iated version is
\ TLS-1.1 or lower.
addr-client_suites dup >css-off
begin dup css-max < while
\ TLS-1.1 or lower.
addr-client_suites dup >css-off
begin dup css-max < while
diff --git
a/src/x509/asn1.t0
b/src/x509/asn1.t0
index
6732f9d
..
ba59252
100644
(file)
--- a/
src/x509/asn1.t0
+++ b/
src/x509/asn1.t0
@@
-278,7
+278,7
@@
cc: get32 ( addr -- val ) {
0x80 - dup ifnot ERR_X509_INDEFINITE_LENGTH fail then
\ Masking out bit 7, this yields the number of bytes over which
0x80 - dup ifnot ERR_X509_INDEFINITE_LENGTH fail then
\ Masking out bit 7, this yields the number of bytes over which
- \ the value is encoded. Since the total certicate length must
+ \ the value is encoded. Since the total certi
fi
cate length must
\ fit over 3 bytes (this is a consequence of SSL/TLS message
\ format), we can reject big lengths and keep the length in a
\ single integer.
\ fit over 3 bytes (this is a consequence of SSL/TLS message
\ format), we can reject big lengths and keep the length in a
\ single integer.