@@ -338,7 +338,7 @@ breaking changes, and mappings for the large list of deprecated functions.
338338 *Matt Caswell*
339339
340340 * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
341- occuppied by the removed hash table entries.
341+ occupied by the removed hash table entries.
342342
343343 This function is used when decoding certificates or keys. If a long lived
344344 process periodically decodes certificates or keys its memory usage will
@@ -535,7 +535,7 @@ breaking changes, and mappings for the large list of deprecated functions.
535535
536536 * The EVP_get_cipherbyname() function will return NULL for algorithms such as
537537 "AES-128-SIV", "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were
538- previously only accessible via low level interfaces. Use EVP_CIPHER_fetch()
538+ previously only accessible via low- level interfaces. Use EVP_CIPHER_fetch()
539539 instead to retrieve these algorithms from a provider.
540540
541541 *Shane Lontis*
@@ -882,7 +882,7 @@ breaking changes, and mappings for the large list of deprecated functions.
882882
883883 *David von Oheimb*
884884
885- * All of the low level EC_KEY functions have been deprecated.
885+ * All of the low- level EC_KEY functions have been deprecated.
886886
887887 *Shane Lontis, Paul Dale, Richard Levitte, and Tomáš Mráz*
888888
@@ -1163,7 +1163,7 @@ breaking changes, and mappings for the large list of deprecated functions.
11631163
11641164 *David von Oheimb*
11651165
1166- * All of the low level RSA functions have been deprecated.
1166+ * All of the low- level RSA functions have been deprecated.
11671167
11681168 *Paul Dale*
11691169
@@ -1188,11 +1188,11 @@ breaking changes, and mappings for the large list of deprecated functions.
11881188
11891189 *Paul Dale*
11901190
1191- * All of the low level DH functions have been deprecated.
1191+ * All of the low- level DH functions have been deprecated.
11921192
11931193 *Paul Dale and Matt Caswell*
11941194
1195- * All of the low level DSA functions have been deprecated.
1195+ * All of the low- level DSA functions have been deprecated.
11961196
11971197 *Paul Dale*
11981198
@@ -1201,7 +1201,7 @@ breaking changes, and mappings for the large list of deprecated functions.
12011201
12021202 *Richard Levitte*
12031203
1204- * Deprecated low level ECDH and ECDSA functions.
1204+ * Deprecated low- level ECDH and ECDSA functions.
12051205
12061206 *Paul Dale*
12071207
@@ -1220,7 +1220,7 @@ breaking changes, and mappings for the large list of deprecated functions.
12201220
12211221 *Paul Dale*
12221222
1223- * All of the low level HMAC functions have been deprecated.
1223+ * All of the low- level HMAC functions have been deprecated.
12241224
12251225 *Paul Dale and David von Oheimb*
12261226
@@ -1236,7 +1236,7 @@ breaking changes, and mappings for the large list of deprecated functions.
12361236
12371237 *Rich Salz*
12381238
1239- * All of the low level CMAC functions have been deprecated.
1239+ * All of the low- level CMAC functions have been deprecated.
12401240
12411241 *Paul Dale*
12421242
@@ -1255,7 +1255,7 @@ breaking changes, and mappings for the large list of deprecated functions.
12551255
12561256 *Richard Levitte*
12571257
1258- * All of the low level cipher functions have been deprecated.
1258+ * All of the low- level cipher functions have been deprecated.
12591259
12601260 *Matt Caswell and Paul Dale*
12611261
@@ -1525,7 +1525,7 @@ breaking changes, and mappings for the large list of deprecated functions.
15251525 used and the recipient will not notice the attack.
15261526 As a work around for this potential attack the length of the decrypted
15271527 key must be equal to the cipher default key length, in case the
1528- certifiate is not given and all recipientInfo are tried out.
1528+ certificate is not given and all recipientInfo are tried out.
15291529 The old behaviour can be re-enabled in the CMS code by setting the
15301530 CMS_DEBUG_DECRYPT flag.
15311531
@@ -1545,7 +1545,7 @@ breaking changes, and mappings for the large list of deprecated functions.
15451545 when primes for RSA keys are computed.
15461546 Since we previously always generated primes == 2 (mod 3) for RSA keys,
15471547 the 2-prime and 3-prime RSA modules were easy to distinguish, since
1548- `N = p*q = 1 (mod 3)`, but `N = p*q*r = 2 (mod 3)`. Therefore fingerprinting
1548+ `N = p*q = 1 (mod 3)`, but `N = p*q*r = 2 (mod 3)`. Therefore, fingerprinting
15491549 2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
15501550 This avoids possible fingerprinting of newly generated RSA modules.
15511551
@@ -1966,7 +1966,7 @@ OpenSSL 1.1.1
19661966 ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
19671967 structure which contains a buffer holding the string data and a field
19681968 holding the buffer length. This contrasts with normal C strings which
1969- are repesented as a buffer for the string data which is terminated
1969+ are represented as a buffer for the string data which is terminated
19701970 with a NUL (0) byte.
19711971
19721972 Although not a strict requirement, ASN.1 strings that are parsed using
@@ -2054,7 +2054,7 @@ OpenSSL 1.1.1
20542054
20552055 * Fixed the X509_issuer_and_serial_hash() function. It attempts to
20562056 create a unique hash value based on the issuer and serial number data
2057- contained within an X509 certificate. However it was failing to correctly
2057+ contained within an X509 certificate. However, it was failing to correctly
20582058 handle any errors that may occur while parsing the issuer field (which might
20592059 occur if the issuer field is maliciously constructed). This may subsequently
20602060 result in a NULL pointer deref and a crash leading to a potential denial of
@@ -2072,7 +2072,7 @@ OpenSSL 1.1.1
20722072
20732073 Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
20742074 functions. Previously they could overflow the output length argument in some
2075- cases where the input length is close to the maximum permissable length for
2075+ cases where the input length is close to the maximum permissible length for
20762076 an integer on the platform. In such cases the return value from the function
20772077 call would be 1 (indicating success), but the output length value would be
20782078 negative. This could cause applications to behave incorrectly or crash.
@@ -2174,7 +2174,7 @@ OpenSSL 1.1.1
21742174 when primes for RSA keys are computed.
21752175 Since we previously always generated primes == 2 (mod 3) for RSA keys,
21762176 the 2-prime and 3-prime RSA modules were easy to distinguish, since
2177- N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting
2177+ N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore, fingerprinting
21782178 2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
21792179 This avoids possible fingerprinting of newly generated RSA modules.
21802180
@@ -2233,7 +2233,7 @@ OpenSSL 1.1.1
22332233 * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
22342234 number generator (RNG). This was intended to include protection in the
22352235 event of a fork() system call in order to ensure that the parent and child
2236- processes did not share the same RNG state. However this protection was not
2236+ processes did not share the same RNG state. However, this protection was not
22372237 being used in the default case.
22382238
22392239 A partial mitigation for this issue is that the output from a high
@@ -2275,7 +2275,7 @@ OpenSSL 1.1.1
22752275 used and the recipient will not notice the attack.
22762276 As a work around for this potential attack the length of the decrypted
22772277 key must be equal to the cipher default key length, in case the
2278- certifiate is not given and all recipientInfo are tried out.
2278+ certificate is not given and all recipientInfo are tried out.
22792279 The old behaviour can be re-enabled in the CMS code by setting the
22802280 CMS_DEBUG_DECRYPT flag.
22812281 ([CVE-2019-1563])
@@ -3045,7 +3045,7 @@ OpenSSL 1.1.0
30453045 used and the recipient will not notice the attack.
30463046 As a work around for this potential attack the length of the decrypted
30473047 key must be equal to the cipher default key length, in case the
3048- certifiate is not given and all recipientInfo are tried out.
3048+ certificate is not given and all recipientInfo are tried out.
30493049 The old behaviour can be re-enabled in the CMS code by setting the
30503050 CMS_DEBUG_DECRYPT flag.
30513051 ([CVE-2019-1563])
@@ -3280,7 +3280,7 @@ OpenSSL 1.1.0
32803280
32813281 OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
32823282 (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
3283- changes this is no longer possible in 1.1.0. Therefore the new
3283+ changes this is no longer possible in 1.1.0. Therefore, the new
32843284 SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
32853285 1.1.0 to provide equivalent functionality.
32863286
@@ -3371,7 +3371,7 @@ OpenSSL 1.1.0
33713371
33723372 During a renegotiation handshake if the Encrypt-Then-Mac extension is
33733373 negotiated where it was not in the original handshake (or vice-versa) then
3374- this can cause OpenSSL to crash (dependant on ciphersuite). Both clients
3374+ this can cause OpenSSL to crash (dependent on ciphersuite). Both clients
33753375 and servers are affected.
33763376
33773377 This issue was reported to OpenSSL by Joe Orton (Red Hat).
@@ -3543,7 +3543,7 @@ OpenSSL 1.1.0
35433543 place, and this would cause the connection to immediately fail. Assuming
35443544 that the application calls SSL_free() on the failed connection in a timely
35453545 manner then the 21Mb of allocated memory will then be immediately freed
3546- again. Therefore the excessive memory allocation will be transitory in
3546+ again. Therefore, the excessive memory allocation will be transitory in
35473547 nature. This then means that there is only a security impact if:
35483548
35493549 1) The application does not call SSL_free() in a timely manner in the event
@@ -4310,7 +4310,7 @@ OpenSSL 1.1.0
43104310 * Given the pervasive nature of TLS extensions it is inadvisable to run
43114311 OpenSSL without support for them. It also means that maintaining
43124312 the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
4313- not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
4313+ not well tested). Therefore, the OPENSSL_NO_TLSEXT option has been removed.
43144314
43154315 *Matt Caswell*
43164316
@@ -4388,7 +4388,7 @@ OpenSSL 1.1.0
43884388
43894389 *Matt Caswell*
43904390
4391- * SSLv2 support has been removed. It still supports receiving a SSLv2
4391+ * SSLv2 support has been removed. It still supports receiving an SSLv2
43924392 compatible client hello.
43934393
43944394 *Kurt Roeckx*
@@ -4842,7 +4842,7 @@ OpenSSL 1.0.2
48424842 used and the recipient will not notice the attack.
48434843 As a work around for this potential attack the length of the decrypted
48444844 key must be equal to the cipher default key length, in case the
4845- certifiate is not given and all recipientInfo are tried out.
4845+ certificate is not given and all recipientInfo are tried out.
48464846 The old behaviour can be re-enabled in the CMS code by setting the
48474847 CMS_DEBUG_DECRYPT flag.
48484848 ([CVE-2019-1563])
@@ -5318,8 +5318,8 @@ OpenSSL 1.0.2
53185318 has been completed. An attacker could force up to approx. 15 messages to
53195319 remain in the buffer when they are no longer required. These messages will
53205320 be cleared when the DTLS connection is closed. The default maximum size for
5321- a message is 100k. Therefore the attacker could force an additional 1500k
5322- to be consumed per connection. By opening many simulataneous connections an
5321+ a message is 100k. Therefore, the attacker could force an additional 1500k
5322+ to be consumed per connection. By opening many simultaneous connections an
53235323 attacker could cause a DoS attack through memory exhaustion.
53245324
53255325 This issue was reported to OpenSSL by Quan Luo.
@@ -6483,7 +6483,7 @@ OpenSSL 1.0.1
64836483 message).
64846484
64856485 The rules of C pointer arithmetic are such that "p + len" is only well
6486- defined where len <= SIZE. Therefore the above idiom is actually
6486+ defined where len <= SIZE. Therefore, the above idiom is actually
64876487 undefined behaviour.
64886488
64896489 For example this could cause problems if some malloc implementation
@@ -6519,8 +6519,8 @@ OpenSSL 1.0.1
65196519 has been completed. An attacker could force up to approx. 15 messages to
65206520 remain in the buffer when they are no longer required. These messages will
65216521 be cleared when the DTLS connection is closed. The default maximum size for
6522- a message is 100k. Therefore the attacker could force an additional 1500k
6523- to be consumed per connection. By opening many simulataneous connections an
6522+ a message is 100k. Therefore, the attacker could force an additional 1500k
6523+ to be consumed per connection. By opening many simultaneous connections an
65246524 attacker could cause a DoS attack through memory exhaustion.
65256525
65266526 This issue was reported to OpenSSL by Quan Luo.
@@ -6586,7 +6586,7 @@ OpenSSL 1.0.1
65866586 amounts of input data then a length check can overflow resulting in a heap
65876587 corruption.
65886588
6589- Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
6589+ Internally to OpenSSL the EVP_EncodeUpdate() function is primarily used by
65906590 the `PEM_write_bio*` family of functions. These are mainly used within the
65916591 OpenSSL command line applications, so any application which processes data
65926592 from an untrusted source and outputs it as a PEM file should be considered
@@ -7252,7 +7252,7 @@ OpenSSL 1.0.1
72527252 * Build option no-ssl3 is incomplete.
72537253
72547254 When OpenSSL is configured with "no-ssl3" as a build option, servers
7255- could accept and complete a SSL 3.0 handshake, and clients could be
7255+ could accept and complete an SSL 3.0 handshake, and clients could be
72567256 configured to send them.
72577257 ([CVE-2014-3568])
72587258
@@ -8269,7 +8269,7 @@ OpenSSL 1.0.0
82698269 * Build option no-ssl3 is incomplete.
82708270
82718271 When OpenSSL is configured with "no-ssl3" as a build option, servers
8272- could accept and complete a SSL 3.0 handshake, and clients could be
8272+ could accept and complete an SSL 3.0 handshake, and clients could be
82738273 configured to send them.
82748274 ([CVE-2014-3568])
82758275
@@ -9518,7 +9518,7 @@ OpenSSL 1.0.1.]
95189518
95199519 * Add initial support for TLS extensions, specifically for the server_name
95209520 extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
9521- have new members for a host name . The SSL data structure has an
9521+ have new members for a hostname . The SSL data structure has an
95229522 additional member `SSL_CTX *initial_ctx` so that new sessions can be
95239523 stored in that context to allow for session resumption, even after the
95249524 SSL has been switched to a new SSL_CTX in reaction to a client's
@@ -9542,7 +9542,7 @@ OpenSSL 1.0.1.]
95429542
95439543 openssl s_server has new options '-servername_host ...', '-cert2 ...',
95449544 '-key2 ...', '-servername_fatal' (subject to change). This allows
9545- testing the HostName extension for a specific single host name ('-cert'
9545+ testing the HostName extension for a specific single hostname ('-cert'
95469546 and '-key' remain fallbacks for handshakes without HostName
95479547 negotiation). If the unrecognized_name alert has to be sent, this by
95489548 default is a warning; it becomes fatal with the '-servername_fatal'
@@ -10045,7 +10045,7 @@ OpenSSL 0.9.x
1004510045
1004610046 The OpenSSL project does not recommend any specific CA and does not
1004710047 have any policy with respect to including or excluding any CA.
10048- Therefore it does not make any sense to ship an arbitrary selection
10048+ Therefore, it does not make any sense to ship an arbitrary selection
1004910049 of root CA certificates with the OpenSSL software.
1005010050
1005110051 *Lutz Jaenicke*
@@ -10225,7 +10225,7 @@ OpenSSL 0.9.x
1022510225
1022610226 * Add initial support for TLS extensions, specifically for the server_name
1022710227 extension so far. The SSL_SESSION, SSL_CTX, and SSL data structures now
10228- have new members for a host name . The SSL data structure has an
10228+ have new members for a hostname . The SSL data structure has an
1022910229 additional member `SSL_CTX *initial_ctx` so that new sessions can be
1023010230 stored in that context to allow for session resumption, even after the
1023110231 SSL has been switched to a new SSL_CTX in reaction to a client's
@@ -10249,7 +10249,7 @@ OpenSSL 0.9.x
1024910249
1025010250 openssl s_server has new options '-servername_host ...', '-cert2 ...',
1025110251 '-key2 ...', '-servername_fatal' (subject to change). This allows
10252- testing the HostName extension for a specific single host name ('-cert'
10252+ testing the HostName extension for a specific single hostname ('-cert'
1025310253 and '-key' remain fallbacks for handshakes without HostName
1025410254 negotiation). If the unrecognized_name alert has to be sent, this by
1025510255 default is a warning; it becomes fatal with the '-servername_fatal'
0 commit comments