diff options
author | Jack Lloyd <[email protected]> | 2018-09-28 10:48:41 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-09-28 10:51:12 -0400 |
commit | 8e6fa0a74ee5bf3fcf129ae1c474a3d732500f74 (patch) | |
tree | db9d7f035bdcea3ee1e36dcc5ad1dd4afa825a58 /doc/manual | |
parent | 519b21c9586045be3e9316e57bbc5c68ba5841da (diff) |
Spell check the documentation
Diffstat (limited to 'doc/manual')
-rw-r--r-- | doc/manual/abi.rst | 2 | ||||
-rw-r--r-- | doc/manual/bigint.rst | 2 | ||||
-rw-r--r-- | doc/manual/block_cipher.rst | 12 | ||||
-rw-r--r-- | doc/manual/building.rst | 2 | ||||
-rw-r--r-- | doc/manual/cipher_modes.rst | 12 | ||||
-rw-r--r-- | doc/manual/cli.rst | 12 | ||||
-rw-r--r-- | doc/manual/compression.rst | 2 | ||||
-rw-r--r-- | doc/manual/credentials_manager.rst | 2 | ||||
-rw-r--r-- | doc/manual/deprecated.rst | 2 | ||||
-rw-r--r-- | doc/manual/ecc.rst | 2 | ||||
-rw-r--r-- | doc/manual/ffi.rst | 4 | ||||
-rw-r--r-- | doc/manual/filters.rst | 6 | ||||
-rw-r--r-- | doc/manual/fpe.rst | 6 | ||||
-rw-r--r-- | doc/manual/fuzzing.rst | 2 | ||||
-rw-r--r-- | doc/manual/hash.rst | 2 | ||||
-rw-r--r-- | doc/manual/kdf.rst | 4 | ||||
-rw-r--r-- | doc/manual/keywrap.rst | 4 | ||||
-rw-r--r-- | doc/manual/message_auth_codes.rst | 6 | ||||
-rw-r--r-- | doc/manual/otp.rst | 2 | ||||
-rw-r--r-- | doc/manual/passhash.rst | 8 | ||||
-rw-r--r-- | doc/manual/pbkdf.rst | 2 | ||||
-rw-r--r-- | doc/manual/pkcs11.rst | 4 | ||||
-rw-r--r-- | doc/manual/pubkey.rst | 22 | ||||
-rw-r--r-- | doc/manual/rng.rst | 8 | ||||
-rw-r--r-- | doc/manual/secmem.rst | 6 | ||||
-rw-r--r-- | doc/manual/stream_ciphers.rst | 6 | ||||
-rw-r--r-- | doc/manual/tls.rst | 16 | ||||
-rw-r--r-- | doc/manual/versions.rst | 4 | ||||
-rw-r--r-- | doc/manual/x509.rst | 14 |
29 files changed, 88 insertions, 88 deletions
diff --git a/doc/manual/abi.rst b/doc/manual/abi.rst index 888f0c33a..faf7bcc44 100644 --- a/doc/manual/abi.rst +++ b/doc/manual/abi.rst @@ -3,7 +3,7 @@ ABI Stability ==================== Botan uses semantic versioning for the API; if API features are added the minor -version increases, whereas if API compatability breaks occur the major version +version increases, whereas if API compatibility breaks occur the major version is increased. However no guarantees about ABI are made between releases. Maintaining an ABI diff --git a/doc/manual/bigint.rst b/doc/manual/bigint.rst index 4eaec268b..ae087fc1b 100644 --- a/doc/manual/bigint.rst +++ b/doc/manual/bigint.rst @@ -240,7 +240,7 @@ Number theoretic functions available include: .. cpp:function:: bool is_prime(BigInt n, RandomNumberGenerator& rng, \ size_t prob = 56, double is_random = false) - Test *n* for primality using a probablistic algorithm (Miller-Rabin). With + Test *n* for primality using a probabilistic algorithm (Miller-Rabin). With this algorithm, there is some non-zero probability that true will be returned even if *n* is actually composite. Modifying *prob* allows you to decrease the chance of such a false positive, at the cost of increased runtime. Sufficient diff --git a/doc/manual/block_cipher.rst b/doc/manual/block_cipher.rst index 85daeee99..a4707aeab 100644 --- a/doc/manual/block_cipher.rst +++ b/doc/manual/block_cipher.rst @@ -11,7 +11,7 @@ operations such as authenticated encryption. You probably want an authenticated cipher mode instead (see :ref:`cipher_modes`) This interface is used to build higher level operations (such as cipher modes or MACs), or in the very rare situation where ECB is required, - eg for compatability with an existing system. + eg for compatibility with an existing system. .. cpp:class:: BlockCipher @@ -45,12 +45,12 @@ operations such as authenticated encryption. .. cpp:function:: size_t minimum_keylength() const - Return the smallest key length (in bytes) that is acceptible for the + Return the smallest key length (in bytes) that is acceptable for the algorithm. .. cpp:function:: size_t maximum_keylength() const - Return the largest key length (in bytes) that is acceptible for the + Return the largest key length (in bytes) that is acceptable for the algorithm. .. cpp:function:: std::string name() const @@ -79,7 +79,7 @@ operations such as authenticated encryption. .. cpp:function:: size_t parallel_bytes() const Returns ``parallelism`` multiplied by the block size as well as a small - fudge factor. That's because even ciphers that have no implicit parallism + fudge factor. That's because even ciphers that have no implicit parallelism typically see a small speedup for being called with several blocks due to caching effects. @@ -205,7 +205,7 @@ Available if ``BOTAN_HAS_CAST128`` is defined. CAST-256 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -A 128-bit cipher that was a contestent in the NIST AES competition. +A 128-bit cipher that was a contestant in the NIST AES competition. Rarely used, and now deprecated in Botan. Use AES or Serpent instead. Available if ``BOTAN_HAS_CAST256`` is defined. @@ -243,7 +243,7 @@ GOST-28147-89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A old 64-bit Russian cipher. Possible security issues. Avoid unless -compatability is needed. +compatibility is needed. Available if ``BOTAN_HAS_GOST_28147_89`` is defined. diff --git a/doc/manual/building.rst b/doc/manual/building.rst index 60525dc9e..487ae542a 100644 --- a/doc/manual/building.rst +++ b/doc/manual/building.rst @@ -428,7 +428,7 @@ compiler whenever a C++ file is compiled. Typically this is used for setting include paths. ``botan config libs``: Print options for which libraries to link to -(this will include a reference to the botan library iself). +(this will include a reference to the botan library itself). Your ``Makefile`` can run ``botan config`` and get the options necessary for getting your application to compile and link, regardless diff --git a/doc/manual/cipher_modes.rst b/doc/manual/cipher_modes.rst index 553f883a0..7ad62b928 100644 --- a/doc/manual/cipher_modes.rst +++ b/doc/manual/cipher_modes.rst @@ -28,12 +28,12 @@ All cipher mode implementations are are derived from the base class .. cpp:function:: size_t minimum_keylength() const - Return the smallest key length (in bytes) that is acceptible for the + Return the smallest key length (in bytes) that is acceptable for the algorithm. .. cpp:function:: size_t maximum_keylength() const - Return the largest key length (in bytes) that is acceptible for the + Return the largest key length (in bytes) that is acceptable for the algorithm. .. cpp:function:: void start_msg(const uint8_t* nonce, size_t nonce_len) @@ -143,7 +143,7 @@ CFB Available if ``BOTAN_HAS_MODE_CFB`` is defined. -CFB uses a block cipher to create a self-syncronizing stream cipher. It is used +CFB uses a block cipher to create a self-synchronizing stream cipher. It is used for example in the OpenPGP protocol. There is no reason to prefer it. XTS @@ -229,7 +229,7 @@ will be returned by :cpp:func:`get_cipher` if the named cipher is an AEAD mode). way that an attacker could observe the effects of. One simply way to assure this could never happen is to never - call update, and instead always marshall the entire message + call update, and instead always marshal the entire message into a single buffer and call finish on it when decrypting. .. cpp:function:: size_t update_granularity() const @@ -262,7 +262,7 @@ Available AEAD Modes If in doubt about what to use, pick ChaCha20Poly1305, AES-256/GCM, or AES-256/SIV. Both ChaCha20Poly1305 and AES with GCM are widely implemented. SIV is somewhat more obscure (and is slower than either GCM or ChaCha20Poly1305), but has -excellent security properites. +excellent security properties. ChaCha20Poly1305 ~~~~~~~~~~~~~~~~~~ @@ -318,7 +318,7 @@ SIV Available if ``BOTAN_HAS_AEAD_SIV`` is defined. -Requires a 128-bit block cipher. Unlike other AEADs, SIV is "misuse resistent"; +Requires a 128-bit block cipher. Unlike other AEADs, SIV is "misuse resistant"; if a nonce is repeated, SIV retains security, with the exception that if the same nonce is used to encrypt the same message multiple times, an attacker can detect the fact that the message was duplicated (this is simply because if both diff --git a/doc/manual/cli.rst b/doc/manual/cli.rst index e4e3cb9f6..431c81430 100644 --- a/doc/manual/cli.rst +++ b/doc/manual/cli.rst @@ -50,7 +50,7 @@ Public Key Cryptography key, it is recommended to encrypt it with a provided *passphrase*. *pbe* is the name of the desired encryption algorithm, which uses *pbe-millis* milliseconds to derive the encryption key from the passed - *passphrase*. Algorithm specific parameters, as the desired bitlength of an + *passphrase*. Algorithm specific parameters, as the desired bit length of an RSA key, can be passed with *params*. - For RSA *params* specifies the bit length of the RSA modulus. It defaults to 3072. @@ -105,11 +105,11 @@ Public Key Cryptography in fact generate a valid DSA group, the command will fail. ``dl_group_info --pem name`` - Print raw Diffie-Hellman parameters (p,g) of the standarized DH group + Print raw Diffie-Hellman parameters (p,g) of the standardized DH group *name*. If *pem* is set, the X9.42 encoded group is printed. ``ec_group_info --pem name`` - Print raw elliptic curve domain parameters of the standarized curve *name*. If + Print raw elliptic curve domain parameters of the standardized curve *name*. If *pem* is set, the encoded domain is printed. ``pk_encrypt --aead=AES-256/GCM rsa_pubkey datafile`` @@ -160,7 +160,7 @@ X.509 used, the certificate's fingerprint is also printed. ``cert_verify subject *ca_certs`` - Verify if the provided X.509 certificate *subject* can be sucessfully + Verify if the provided X.509 certificate *subject* can be successfully validated. The list of trusted CA certificates is passed with *ca_certs*, which is a list of one or more certificates. @@ -180,7 +180,7 @@ TLS Server/Client none of the TLS version flags is set, the latest supported version is chosen. The client honors the TLS policy defined in the *policy* file and prints all certificates in the chain, if *print-certs* is passed. - *next-protocols* is a comma seperated list and specifies the protocols to + *next-protocols* is a comma separated list and specifies the protocols to advertise with Application-Layer Protocol Negotiation (ALPN). ``tls_server cert key --port=443 --type=tcp --policy=`` @@ -268,7 +268,7 @@ Miscellaneous Commands Decode and print *file* with ASN.1 Basic Encoding Rules (BER). ``http_get url`` - Retrieve ressource from the passed http *url*. + Retrieve resource from the passed http *url*. ``speed --msec=500 --provider= --buf-size=1024 algos`` Measures the speed of the passed *algos*. If no *algos* are passed all diff --git a/doc/manual/compression.rst b/doc/manual/compression.rst index 4a40b24c7..5637a5a68 100644 --- a/doc/manual/compression.rst +++ b/doc/manual/compression.rst @@ -81,7 +81,7 @@ Supported values for `type` include `zlib` (raw zlib with no checksum), `deflate` (zlib's deflate format), `gzip`, `bz2`, and `lzma`. A null pointer will be returned if the algorithm is unavailable. -To use a compression algorithm in a `Pipe` use the adaptor types +To use a compression algorithm in a `Pipe` use the adapter types `Compression_Filter` and `Decompression_Filter` from `comp_filter.h`. The constructors of both filters take a `std::string` argument (passed to `make_compressor` or `make_decompressor`), the compression filter also takes a diff --git a/doc/manual/credentials_manager.rst b/doc/manual/credentials_manager.rst index 169e5ab8e..bc18c5d8e 100644 --- a/doc/manual/credentials_manager.rst +++ b/doc/manual/credentials_manager.rst @@ -53,7 +53,7 @@ implementation. const std::string& context) Return the certificate chain to use to identifier ourselves, if - we have one of type *cert_key_tye* and we would like to use a + we have one of type *cert_key_type* and we would like to use a certificate in this *type*/*context*. .. cpp:function:: Private_Key* private_key_for(const X509_Certificate& cert, \ diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst index e116f6e77..5c1074ddb 100644 --- a/doc/manual/deprecated.rst +++ b/doc/manual/deprecated.rst @@ -21,7 +21,7 @@ in the source. - Using ``X509_Certificate::subject_info`` and ``issuer_info`` to access any information that is not included in the DN or subject alternative name. Prefer - using the specific accessor functions for other data, eg instead of + using the specific assessor functions for other data, eg instead of ``cert.subject_info("X509.Certificate.serial")`` use ``cert.serial_number()``. - The Buffered_Computation base class. In a future release the class will be diff --git a/doc/manual/ecc.rst b/doc/manual/ecc.rst index 72c90a310..f522bbe3d 100644 --- a/doc/manual/ecc.rst +++ b/doc/manual/ecc.rst @@ -136,7 +136,7 @@ during common operations. .. cpp:function:: PointGFp point_multiply(const BigInt& x, const PointGFp& pt, const BigInt& y) const - Multi-exponentation. Returns base_point*x + pt*y. Not constant time. + Multi-exponentiation. Returns base_point*x + pt*y. Not constant time. (Ordinarily used for signature verification.) .. cpp:function:: PointGFp blinded_base_point_multiply(const BigInt& k, \ diff --git a/doc/manual/ffi.rst b/doc/manual/ffi.rst index 2dec14943..84f729837 100644 --- a/doc/manual/ffi.rst +++ b/doc/manual/ffi.rst @@ -268,7 +268,7 @@ need to implement custom primitives using a PRP. size_t* out_keylength_modulo) Return the limits on the key which can be provided to this cipher. If any of the - parameters are null, no output is written to that field. This allows retreiving only + parameters are null, no output is written to that field. This allows retrieving only (say) the maximum supported keylength, if that is the only information needed. .. cpp:function:: int botan_block_cipher_clear(botan_block_cipher_t bc) @@ -402,7 +402,7 @@ Symmetric Ciphers .. cpp:function:: size_t botan_cipher_get_tag_length(botan_cipher_t cipher, size_t* tag_len) - Write the tag length of the cipher to ``tag_len``. This will be zero for non-authenticted + Write the tag length of the cipher to ``tag_len``. This will be zero for non-authenticated ciphers. .. cpp:function:: int botan_cipher_valid_nonce_length(botan_cipher_t cipher, size_t nl) diff --git a/doc/manual/filters.rst b/doc/manual/filters.rst index f62d78ce2..6b867159b 100644 --- a/doc/manual/filters.rst +++ b/doc/manual/filters.rst @@ -10,7 +10,7 @@ Pipe/Filter Message Processing applications using it somewhat opaque because it is not obvious what this or that Pipe& object actually does (type of operation, number of messages output (if any!), and so on), whereas using say a HashFunction or AEAD_Mode - provides a much better idea in the code of what operation is occuring. + provides a much better idea in the code of what operation is occurring. This filter interface is no longer used within the library itself (outside a few dusty corners) and will likely not see any further major @@ -40,7 +40,7 @@ Here is an example that uses a pipe to base64 encode some strings:: std::string m1 = pipe.read_all_as_string(0); // "message1" std::string m2 = pipe.read_all_as_string(1); // "message2" -Bytestreams in the pipe are grouped into messages; blocks of data that +Byte streams in the pipe are grouped into messages; blocks of data that are processed in an identical fashion (ie, with the same sequence of filter operations). Messages are delimited by calls to ``start_msg`` and ``end_msg``. Each message in a pipe has its own identifier, which @@ -268,7 +268,7 @@ pointers (they will be added in order), or with an array of filter pointers and a ``size_t`` that tells ``Chain`` how many filters are in the array (again, they will be attached in order). Here's the example from the last section, using chain instead of relying on the implicit -passthrough the other version used:: +pass through the other version used:: Pipe pipe(new Fork( new Chain(new Hash_Filter("SHA-256"), new Hex_Encoder), diff --git a/doc/manual/fpe.rst b/doc/manual/fpe.rst index efb85be60..9d77a4086 100644 --- a/doc/manual/fpe.rst +++ b/doc/manual/fpe.rst @@ -5,7 +5,7 @@ Format preserving encryption (FPE) refers to a set of techniques for encrypting data such that the ciphertext has the same format as the plaintext. For instance, you can use FPE to encrypt credit card numbers with valid checksums such that the ciphertext is also an -credit card number with a valid checksum, or similiarly for bank +credit card number with a valid checksum, or similarly for bank account numbers, US Social Security numbers, or even more general mappings like English words onto other English words. @@ -37,12 +37,12 @@ The interfaces for FE1 are defined in the header ``fpe_fe1.h``: std::string mac_algo = "HMAC(SHA-256)") Initialize an FPE operation to encrypt/decrypt integers less - than *n*. It is expected that *n* is trially factorable into + than *n*. It is expected that *n* is trivially factorable into small integers. Common usage would be n to be a power of 10. Note that the default parameters to this constructor are **incompatible** with the ``fe1_encrypt`` and ``fe1_decrypt`` - function originally added in 1.9.17. For compatability, use + function originally added in 1.9.17. For compatibility, use 3 rounds and set ``compat_mode`` to true. .. cpp:function:: BigInt encrypt(const BigInt& x, const uint8_t tweak[], size_t tweak_len) const diff --git a/doc/manual/fuzzing.rst b/doc/manual/fuzzing.rst index 0aceaf29b..519bae4e1 100644 --- a/doc/manual/fuzzing.rst +++ b/doc/manual/fuzzing.rst @@ -53,7 +53,7 @@ Fuzzing with TLS-Attacker -------------------------- TLS-Attacker (https://github.com/RUB-NDS/TLS-Attacker) includes a mode for fuzzing -TLS servers. A prebuilt copy of TLS-Attacker is available in a git repo:: +TLS servers. A prebuilt copy of TLS-Attacker is available in a git repository:: $ git clone --depth 1 https://github.com/randombit/botan-ci-tools.git diff --git a/doc/manual/hash.rst b/doc/manual/hash.rst index 9dadb4336..517af9f18 100644 --- a/doc/manual/hash.rst +++ b/doc/manual/hash.rst @@ -231,7 +231,7 @@ Whirlpool Available if ``BOTAN_HAS_WHIRLPOOL`` is defined. -A 512-bit hash function standarized by ISO and NESSIE. Relatively slow, and due +A 512-bit hash function standardized by ISO and NESSIE. Relatively slow, and due to the table based implementation it is (unlike almost all other hashes) potentially vulnerable to cache based side channels. Prefer Skein-512 or BLAKE2b in new code. diff --git a/doc/manual/kdf.rst b/doc/manual/kdf.rst index 984a25f15..bc126cbab 100644 --- a/doc/manual/kdf.rst +++ b/doc/manual/kdf.rst @@ -29,7 +29,7 @@ shared secret created using Diffie-Hellman key agreement. All variations on the same theme. Deterministically creates a uniform random value from *secret* and *salt*. Typically *salt* is - a lable or identifier, such as a session id. + a label or identifier, such as a session id. You can create a :cpp:class:`KDF` using @@ -50,7 +50,7 @@ HKDF Defined in RFC 5869, HKDF uses HMAC to process inputs. Also available are variants HKDF-Extract and HKDF-Expand. HKDF is the combined Extract+Expand operation. Use the combined HKDF unless you need -compatability with some other system. +compatibility with some other system. Available if ``BOTAN_HAS_HKDF`` is defined. diff --git a/doc/manual/keywrap.rst b/doc/manual/keywrap.rst index a0791a5ae..3116797e5 100644 --- a/doc/manual/keywrap.rst +++ b/doc/manual/keywrap.rst @@ -2,7 +2,7 @@ AES Key Wrapping ================================= NIST specifies two mechanisms for wrapping (encrypting) symmetric keys using -another key. The first (and older, more widely supported) methd requres the +another key. The first (and older, more widely supported) method requires the input be a multiple of 8 bytes long. The other allows any length input, though only up to 2**32 bytes. @@ -55,6 +55,6 @@ This interface is defined in ``rfc3394.h``. .. cpp:function:: secure_vector<uint8_t> rfc3394_keyunwrap(const secure_vector<uint8_t>& key, \ const SymmetricKey& kek) - Unwrap a key wrapped wtih rfc3394_keywrap. + Unwrap a key wrapped with rfc3394_keywrap. diff --git a/doc/manual/message_auth_codes.rst b/doc/manual/message_auth_codes.rst index 031ac680c..70b6c9c3b 100644 --- a/doc/manual/message_auth_codes.rst +++ b/doc/manual/message_auth_codes.rst @@ -51,12 +51,12 @@ The Botan MAC computation is split into five stages. .. cpp:function:: size_t minimum_keylength() const - Return the smallest key length (in bytes) that is acceptible for the + Return the smallest key length (in bytes) that is acceptable for the algorithm. .. cpp:function:: size_t maximum_keylength() const - Return the largest key length (in bytes) that is acceptible for the + Return the largest key length (in bytes) that is acceptable for the algorithm. .. cpp:function:: void start(const uint8_t* nonce, size_t nonce_len) @@ -199,7 +199,7 @@ CBC-MAC An older authentication code based on a block cipher. Serious security problems, in particular **insecure** if messages of several different lengths are -authenticated. Avoid unless required for compatability. +authenticated. Avoid unless required for compatibility. Available if ``BOTAN_HAS_CBC_MAC`` is defined. diff --git a/doc/manual/otp.rst b/doc/manual/otp.rst index 5a7864afd..bb8bf6fde 100644 --- a/doc/manual/otp.rst +++ b/doc/manual/otp.rst @@ -44,7 +44,7 @@ given to any other symmetric key or plaintext password. .. cpp:function:: uint32_t generate_hotp(uint64_t counter) - Return the OTP assosciated with a specific counter value. + Return the OTP associated with a specific counter value. .. cpp:function:: std::pair<bool,uint64_t> verify_hotp(uint32_t otp, \ uint64_t starting_counter, size_t resync_range = 0) diff --git a/doc/manual/passhash.rst b/doc/manual/passhash.rst index e44c7f6c4..02094a99a 100644 --- a/doc/manual/passhash.rst +++ b/doc/manual/passhash.rst @@ -11,7 +11,7 @@ machines. The general approach is to store, instead of the password, the output of a one way function of the password. Upon receiving an -authentication request, the authenticator can recompute the one way +authentication request, the authenticating party can recompute the one way function and compare the value just computed with the one that was stored. If they match, then the authentication request succeeds. But when an attacker gains access to the database, they only have the @@ -32,7 +32,7 @@ inspection of the database. There are two solutions to these problems: salting and iteration. Salting refers to including, along with the password, a randomly chosen value which perturbs the one way function. Salting can -reduce the effectivness of offline dictionary generation, because for +reduce the effectiveness of offline dictionary generation, because for each potential password, an attacker would have to compute the one way function output for all possible salts. It also prevents the same password from producing the same output, as long as the salts do not @@ -110,7 +110,7 @@ Bcrypt provides outputs that look like this:: work factor was set to 10 up until the 2.8.0 release. It is recommended to set the work factor as high as your system can tolerate - (from a performance and latency perspective) since higher workfactors greatly + (from a performance and latency perspective) since higher work factors greatly improve the security against GPU-based attacks. For example, for protecting high value administrator passwords, consider using work factor 15 or 16; at these work factors each bcrypt computation takes several seconds. Since admin @@ -152,7 +152,7 @@ Passhash9 hashes look like:: "$9$AAAKxwMGNPSdPkOKJS07Xutm3+1Cr3ytmbnkjO6LjHzCMcMQXvcT" This function should be secure with the proper parameters, and will remain in -the library for the forseeable future, but it is specific to Botan rather than +the library for the foreseeable future, but it is specific to Botan rather than being a widely used password hash. Prefer bcrypt. .. warning:: diff --git a/doc/manual/pbkdf.rst b/doc/manual/pbkdf.rst index 5d0da9e95..534ba5c21 100644 --- a/doc/manual/pbkdf.rst +++ b/doc/manual/pbkdf.rst @@ -93,7 +93,7 @@ The ``PasswordHashFamily`` creates specific instances of ``PasswordHash``: .. cpp:function:: std::unique_ptr<PasswordHash> tune(size_t output_len, std::chrono::milliseconds msec) const Return a password hash instance tuned to run for approximately ``msec`` - millseconds when producing an output of length ``output_len``. (Accuracy + milliseconds when producing an output of length ``output_len``. (Accuracy may vary, use the command line utility ``botan pbkdf_tune`` to check.) .. cpp:function:: std::unique_ptr<PasswordHash> from_configuration( \ diff --git a/doc/manual/pkcs11.rst b/doc/manual/pkcs11.rst index e8fa4c373..c6b7ec07d 100644 --- a/doc/manual/pkcs11.rst +++ b/doc/manual/pkcs11.rst @@ -105,7 +105,7 @@ All possible PKCS#11 return values are represented by the enum class: All methods of the :cpp:class:`LowLevel` class have a default parameter ``ReturnValue* return_value = ThrowException``. This parameter controls the error handling of all :cpp:class:`LowLevel` methods. The default -behaviour ``return_value = ThrowException`` is to throw an exception if the method does +behavior ``return_value = ThrowException`` is to throw an exception if the method does not complete successfully. If a non-``NULL`` pointer is passed, ``return_value`` receives the return value of the PKCS#11 function and no exception is thrown. In case ``nullptr`` is passed as ``return_value``, the exact return value is ignored and the method just returns @@ -493,7 +493,7 @@ The remaining hierarchy is defined as follows: * :cpp:class:`PrivateKeyProperties` inherits from :cpp:class:`KeyProperties` * :cpp:class:`SecretKeyProperties` inherits from :cpp:class:`KeyProperties` -PKCS#11 objects themself are represented by the :cpp:class:`Object` class. +PKCS#11 objects themselves are represented by the :cpp:class:`Object` class. .. cpp:class:: Object diff --git a/doc/manual/pubkey.rst b/doc/manual/pubkey.rst index 5647170db..af9d520c7 100644 --- a/doc/manual/pubkey.rst +++ b/doc/manual/pubkey.rst @@ -8,7 +8,7 @@ Key Objects ---------------------------------------- Public and private keys are represented by classes ``Public_Key`` and it's -subclass ``Private_Key``. The use of inheritence here means that a +subclass ``Private_Key``. The use of inheritance here means that a ``Private_Key`` can be converted into a reference to a public key. None of the functions on ``Public_Key`` and ``Private_Key`` itself are @@ -17,12 +17,12 @@ operations are *very insecure*. The only purpose of these functions is to provide a clean interface that higher level operations can be built on. So really the only thing you need to know is that when a function takes a reference to a ``Public_Key``, it can take any public key or private key, and -similiarly for ``Private_Key``. +similarly for ``Private_Key``. Types of ``Public_Key`` include ``RSA_PublicKey``, ``DSA_PublicKey``, ``ECDSA_PublicKey``, ``ECKCDSA_PublicKey``, ``ECGDSA_PublicKey``, ``DH_PublicKey``, ``ECDH_PublicKey``, ``Curve25519_PublicKey``, ``ElGamal_PublicKey``, ``McEliece_PublicKey``, ``XMSS_PublicKey`` -and ``GOST_3410_PublicKey``. There are cooresponding ``Private_Key`` classes for each of these algorithms. +and ``GOST_3410_PublicKey``. There are corresponding ``Private_Key`` classes for each of these algorithms. .. _creating_new_private_keys: @@ -138,7 +138,7 @@ Unencrypted serialization is also supported. .. warning:: - In most situations, using unecrypted private key storage is a bad idea, + In most situations, using unencrypted private key storage is a bad idea, because anyone can come along and grab the private key without having to know any passwords or other secrets. Unless you have very particular security requirements, always use the versions that encrypt the key based on @@ -236,7 +236,7 @@ To import and export public keys, use: These functions operate in the same way as the ones described in :ref:`serializing_private_keys`, except that no encryption option is - availabe. + available. .. _dl_group: @@ -462,7 +462,7 @@ ElGamal; these use the EME class: RandomNumberGenerator& rng) Where *private_key* is the key to use for the key agreement. The system - paramters are specified in *ecies_params* and the RNG to use is passed in + parameters are specified in *ecies_params* and the RNG to use is passed in *rng*. .. cpp:function:: ECIES_Encryptor(RandomNumberGenerator& rng, \ @@ -595,7 +595,7 @@ Signatures are verified using .. cpp:function:: PK_Verifier(const Public_Key& pub_key, \ const std::string& emsa, Signature_Format format = IEEE_1363) - Construct a new verifier for signatures assicated with public + Construct a new verifier for signatures associated with public key *pub_key*. The *emsa* and *format* should be the same as that used by the signer. @@ -603,7 +603,7 @@ Signatures are verified using .. cpp:function:: void update(const std::vector<uint8_t>& in) .. cpp:function:: void update(uint8_t in) - Add further message data that is purportedly assocated with the + Add further message data that is purportedly associated with the signature that will be checked. .. cpp:function:: bool check_signature(const uint8_t* sig, size_t length) @@ -767,7 +767,7 @@ McEliece -------------------------- McEliece is a cryptographic scheme based on error correcting codes which is -thought to be resistent to quantum computers. First proposed in 1978, it is fast +thought to be resistant to quantum computers. First proposed in 1978, it is fast and patent-free. Variants have been proposed and broken, but with suitable parameters the original scheme remains secure. However the public keys are quite large, which has hindered deployment in the past. @@ -782,7 +782,7 @@ http://www.cryptosource.de/docs/mceliece_in_botan.pdf Encryption in the McEliece scheme consists of choosing a message block of size `n`, encoding it in the error correcting code which is the public key, then adding `t` bit errors. The code is created such that knowing only the public -key, decoding `t` errors is intractible, but with the additional knowledge of +key, decoding `t` errors is intractable, but with the additional knowledge of the secret structure of the code a fast decoding technique exists. The McEliece implementation in HyMES, and also in Botan, uses an optimization to @@ -816,7 +816,7 @@ In ``mcies.h`` there are functions for this combination: const std::string& aead = "AES-256/OCB") For a given security level (SL) a McEliece key would use -parameters n and t, and have the cooresponding key sizes listed: +parameters n and t, and have the corresponding key sizes listed: +-----+------+-----+---------------+----------------+ | SL | n | t | public key KB | private key KB | diff --git a/doc/manual/rng.rst b/doc/manual/rng.rst index b29bbc831..2cacd39df 100644 --- a/doc/manual/rng.rst +++ b/doc/manual/rng.rst @@ -56,7 +56,7 @@ are only available on certain platforms. Others are mostly useful in specific situations. Generally prefer using either the system RNG, or else ``AutoSeeded_RNG`` which is -intented to provide best possible behavior in a userspace PRNG. +intended to provide best possible behavior in a userspace PRNG. System_RNG ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -90,7 +90,7 @@ AutoSeeded_RNG AutoSeeded_RNG is type naming a 'best available' userspace PRNG. The exact definition of this has changed over time and may change in the -future, fortunately there is no compatability concerns when changing +future, fortunately there is no compatibility concerns when changing any RNG since the only expectation is it produces bits indistinguishable from random. @@ -133,7 +133,7 @@ HMAC_DRBG's constructors are: The specification of HMAC DRBG requires that each invocation produce no more than 64 kibibytes of data. However, the RNG interface allows - producing arbitrary amounts of data in a single request. To accomodate + producing arbitrary amounts of data in a single request. To accommodate this, ``HMAC_DRBG`` treats requests for more data as if they were multiple requests each of (at most) the maximum size. You can specify a smaller maximum size with ``max_number_of_bytes_per_request``. There is @@ -240,7 +240,7 @@ and entropy. The following entropy sources are currently used: * The system RNG (``arc4random``, ``/dev/urandom``, or ``RtlGenRandom``). - * RDRAND and RSEED are used if available, but not counted as contributing entropy + * RDRAND and RDSEED are used if available, but not counted as contributing entropy * ``/dev/random`` and ``/dev/urandom``. This may be redundant with the system RNG * ``getentropy``, only used on OpenBSD currently * ``/proc`` walk: read files in ``/proc``. Last ditch protection against diff --git a/doc/manual/secmem.rst b/doc/manual/secmem.rst index ce5ff205b..8dd479b7e 100644 --- a/doc/manual/secmem.rst +++ b/doc/manual/secmem.rst @@ -2,10 +2,10 @@ Memory container ======================================== -A major concern with mixing modern multiuser OSes and cryptographic +A major concern with mixing modern multi-user OSes and cryptographic code is that at any time the code (including secret keys) could be swapped to disk, where it can later be read by an attacker, or left -floating around in memory for later retreval. +floating around in memory for later retrieval. For this reason the library uses a ``std::vector`` with a custom allocator that will zero memory before deallocation, named via typedef @@ -15,7 +15,7 @@ love. Some operating systems offer the ability to lock memory into RAM, preventing swapping from occurring. Typically this operation is -restricted to privledged users (root or admin), however some OSes +restricted to privileged users (root or admin), however some OSes including Linux and FreeBSD allow normal users to lock a small amount of memory. On these systems, allocations first attempt to allocate out of this small locked pool, and then if that fails will fall back to diff --git a/doc/manual/stream_ciphers.rst b/doc/manual/stream_ciphers.rst index 96ec9f422..dfee40970 100644 --- a/doc/manual/stream_ciphers.rst +++ b/doc/manual/stream_ciphers.rst @@ -45,12 +45,12 @@ class :cpp:class:`StreamCipher` (`botan/stream_cipher.h`). .. cpp:function:: size_t minimum_keylength() const - Return the smallest key length (in bytes) that is acceptible for the + Return the smallest key length (in bytes) that is acceptable for the algorithm. .. cpp:function:: size_t maximum_keylength() const - Return the largest key length (in bytes) that is acceptible for the + Return the largest key length (in bytes) that is acceptable for the algorithm. .. cpp:function:: bool valid_iv_length(size_t iv_len) const @@ -206,6 +206,6 @@ does not support IVs or seeking within the cipher stream. .. warning:: RC4 is now badly broken. **Avoid in new code** and use only if required for - compatability with existing systems. + compatibility with existing systems. Available if ``BOTAN_HAS_RC4`` is defined. diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index 5e615af0f..310beaee1 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -24,7 +24,7 @@ passed in results in some change in the state, such as a handshake completing, or some data or an alert being received from the other side, then the appropriate user provided callback will be invoked. -If the reader is familiar with OpenSSL's BIO layer, it might be analagous +If the reader is familiar with OpenSSL's BIO layer, it might be analogous to saying the only way of interacting with Botan's TLS is via a `BIO_mem` I/O abstraction. This makes the library completely agnostic to how you write your network layer, be it blocking sockets, libevent, asio, a @@ -45,7 +45,7 @@ information about the connection. As an example you could ``send`` to perform a blocking write on a socket, or append the data to a queue managed by your application, and initiate - an asyncronous write. + an asynchronous write. For TLS all writes must occur *in the order requested*. For DTLS this ordering is not strictly required, but is still recommended. @@ -64,7 +64,7 @@ information about the connection. For TLS the record number will always increase. For DTLS, it is possible to receive records with the `rec_no` field out of - order, or with gaps, cooresponding to reordered or lost datagrams. + order, or with gaps, corresponding to reordered or lost datagrams. .. cpp:function:: void tls_alert(Alert alert) @@ -93,7 +93,7 @@ information about the connection. const Policy& policy) Optional - default implementation should work for many users. - It can be overrided for implementing extra validation routines + It can be overridden for implementing extra validation routines such as public key pinning. Verifies the certificate chain in *cert_chain*, assuming the leaf @@ -211,7 +211,7 @@ available: If the current TLS connection state is unable to transmit new application records (for example because a handshake has not - yet completed or the connnection has already ended due to an + yet completed or the connection has already ended due to an error) an exception will be thrown. .. cpp:function:: void close() @@ -484,7 +484,7 @@ TLS Servers ) The first 5 arguments as well as the final argument -*reserved_io_buffer_size*, are treated similiarly to the :ref:`client +*reserved_io_buffer_size*, are treated similarly to the :ref:`client <tls_client>`. If a client sends the ALPN extension, the ``callbacks`` function @@ -887,7 +887,7 @@ policy settings from a file. simply allow only ECDH key exchange in the application policy. DH exchange also often involves transferring several additional Kb (without the benefit of post quantum security) so if CECPQ1 is being disabled for - traffic overhread reasons, DH should also be avoid. + traffic overhead reasons, DH should also be avoid. Also allowed: "RSA", "SRP_SHA", "ECDHE_PSK", "DHE_PSK", "PSK" @@ -1126,7 +1126,7 @@ TLS Ciphersuites .. cpp:function:: std::string to_string() const - Return the ful name of ciphersuite (for example + Return the full name of ciphersuite (for example "RSA_WITH_RC4_128_SHA" or "ECDHE_RSA_WITH_AES_128_GCM_SHA256") .. cpp:function:: std::string kex_algo() const diff --git a/doc/manual/versions.rst b/doc/manual/versions.rst index 60fe58e9d..511141b75 100644 --- a/doc/manual/versions.rst +++ b/doc/manual/versions.rst @@ -45,7 +45,7 @@ The build-time version information is defined in `botan/build.h` .. versionadded:: 1.10.1 A macro expanding to a string that is set to a revision identifier - cooresponding to the source, or "unknown" if this could not be + corresponding to the source, or "unknown" if this could not be determined. It is set for all official releases, and for builds that originated from within a git checkout. @@ -81,7 +81,7 @@ version checks, are included in `botan/version.h` Botan::runtime_version_check(BOTAN_VERSION_MAJOR, BOTAN_VERSION_MINOR, BOTAN_VERSION_PATCH) It will return an empty string if the versions match, or otherwise - an error message indicating the discrepency. This only is useful in + an error message indicating the discrepancy. This only is useful in dynamic libraries, where it is possible to compile and run against different versions. diff --git a/doc/manual/x509.rst b/doc/manual/x509.rst index 72e74b56a..08b6b66a8 100644 --- a/doc/manual/x509.rst +++ b/doc/manual/x509.rst @@ -130,7 +130,7 @@ The major certificate format in use today is X.509v3, used for instance in the Returns either an enumeration listing key constraints (what the associated key can be used for) or ``NO_CONSTRAINTS`` if the - relevent extension was not included. Example values are + relevant extension was not included. Example values are ``DIGITAL_SIGNATURE`` and ``KEY_CERT_SIGN``. More than one value might be specified. @@ -423,7 +423,7 @@ certificates. .. cpp:function:: void affirm_cert(const X509_Certificate&) - Reverses the revokation for ``cert`` + Reverses the revocation for ``cert`` .. cpp:function:: std::vector<X509_CRL> generate_crls() const @@ -446,7 +446,7 @@ implementation of this interface for sqlite3, and a subclass of Path Validation ---------------------------------------- -The process of validating a certfificate chain up to a trusted root is +The process of validating a certificate chain up to a trusted root is called `path validation`, and in botan that operation is handled by a set of functions in ``x509path.h`` named ``x509_path_validate``: @@ -467,13 +467,13 @@ set of functions in ``x509path.h`` named ``x509_path_validate``: ``UNSPECIFIED``. ``validation_time`` allows setting the time point at which all certificates are validated. This is really only useful for testing. The default is the current system clock's current time. ``ocsp_timeout`` sets the timeout for - OCSP requests. The default of 0 disables OCSP checks alltogether. + OCSP requests. The default of 0 disables OCSP checks completely. ``ocsp_resp`` allows adding additional OCSP responses retrieved from outside of the path validation. Note that OCSP online checks are done only as long as the http_util module was compiled in. Availability of online OCSP checks can be checked using the macro BOTAN_HAS_ONLINE_REVOCATION_CHECKS. - For the different flavours of ``x509_path_validate``, check ``x509path.h``. + For the different flavors of ``x509_path_validate``, check ``x509path.h``. The result of the validation is returned as a class: @@ -508,7 +508,7 @@ The result of the validation is returned as a class: Returns the 'worst' error that occurred during validation. For instance, we do not want an expired certificate with an invalid signature to be reported to the user as being simply expired (a - relativly innocuous and common error) when the signature isn't + relatively innocuous and common error) when the signature isn't even valid. .. cpp:function:: const std::vector<std::set<Certificate_Status_Code>>& all_statuses() const @@ -545,7 +545,7 @@ step. The two constructors are: bool ocsp_all_intermediates = false) A variant of the above with some convenient defaults. The current - default `minimum_key_strength` of 80 roughly cooresponds to 1024 + default `minimum_key_strength` of 80 roughly corresponds to 1024 bit RSA. The set of trusted hashes is set to all SHA-2 variants, and, if `minimum_key_strength` is less than or equal to 80, then SHA-1 signatures will also be accepted. |