Refer to RFCs consistently.
We were a mix of "RFC1234" and "RFC 1234". Apparently there is actually
an answer for this, which is with a space textually and without a space
in the citation/reference tag:
https://datatracker.ietf.org/doc/html/rfc7322#section-3.5
Change-Id: I0c44023163fe3a2a3ffe28cbc644d4c952dc8f1e
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/48965
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c
index 4329493..7829d67 100644
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@@ -279,7 +279,7 @@
/*
* "dump" a string. This is done when the type is unknown, or the flags
* request it. We can either dump the content octets or the entire DER
- * encoding. This uses the RFC2253 #01234 format.
+ * encoding. This uses the RFC 2253 #01234 format.
*/
static int do_dump(unsigned long lflags, BIO *out, const ASN1_STRING *str)
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index de564d0..f7ad084 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -118,7 +118,7 @@
* Now the tables and helper functions for the string table:
*/
-/* size limits: this stuff is taken straight from RFC3280 */
+/* size limits: this stuff is taken straight from RFC 3280 */
#define ub_name 32768
#define ub_common_name 64
diff --git a/crypto/asn1/asn1_test.cc b/crypto/asn1/asn1_test.cc
index e6847c8..bd03ee8 100644
--- a/crypto/asn1/asn1_test.cc
+++ b/crypto/asn1/asn1_test.cc
@@ -584,7 +584,7 @@
ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB,
"\\00\\0A\\80\\FF\\,\\+\\\"\\\\\\<\\>\\;"},
- // When quoted, fewer characters need to be escaped in RFC2253.
+ // When quoted, fewer characters need to be escaped in RFC 2253.
{V_ASN1_T61STRING,
{0, '\n', 0x80, 0xff, ',', '+', '"', '\\', '<', '>', ';'},
0,
@@ -600,13 +600,13 @@
ASN1_STRFLGS_ESC_QUOTE,
"\\00\\0A\\80\\FF\\\"\\\\"},
- // RFC2253 only escapes spaces at the start and end of a string.
+ // RFC 2253 only escapes spaces at the start and end of a string.
{V_ASN1_T61STRING, StringToVector(" "), 0, ASN1_STRFLGS_ESC_2253,
"\\ \\ "},
{V_ASN1_T61STRING, StringToVector(" "), 0,
ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_QUOTE, "\" \""},
- // RFC2253 only escapes # at the start of a string.
+ // RFC 2253 only escapes # at the start of a string.
{V_ASN1_T61STRING, StringToVector("###"), 0, ASN1_STRFLGS_ESC_2253,
"\\###"},
{V_ASN1_T61STRING, StringToVector("###"), 0,
@@ -682,7 +682,7 @@
// |ASN1_STRFLGS_UTF8_CONVERT| still converts these bytes to UTF-8.
//
// TODO(davidben): This seems like a bug. Although it's unclear because
- // the non-RFC2253 options aren't especially sound. Can we just remove
+ // the non-RFC-2253 options aren't especially sound. Can we just remove
// them?
{V_ASN1_OCTET_STRING, {0xff}, 0, ASN1_STRFLGS_UTF8_CONVERT, "\xc3\xbf"},
{-1, {0xff}, 0, ASN1_STRFLGS_UTF8_CONVERT, "\xc3\xbf"},
diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl
index 71bc7b8..117ed32 100644
--- a/crypto/asn1/charmap.pl
+++ b/crypto/asn1/charmap.pl
@@ -62,17 +62,17 @@
# Set up an array with the type of ASCII characters
# Each set bit represents a character property.
-# RFC2253 character properties
+# RFC 2253 character properties
my $RFC2253_ESC = 1; # Character escaped with \
my $ESC_CTRL = 2; # Escaped control character
-# These are used with RFC1779 quoting using "
+# These are used with RFC 1779 quoting using "
my $NOESC_QUOTE = 8; # Not escaped if quoted
my $PSTRING_CHAR = 0x10; # Valid PrintableString character
my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
my $RFC2253_LAST_ESC = 0x40; # Escaped with \ if last character
for($i = 0; $i < 128; $i++) {
- # Set the RFC2253 escape characters (control)
+ # Set the RFC 2253 escape characters (control)
$arr[$i] = 0;
if(($i < 32) || ($i > 126)) {
$arr[$i] |= $ESC_CTRL;
@@ -88,7 +88,7 @@
# Now setup the rest
-# Remaining RFC2253 escaped characters
+# Remaining RFC 2253 escaped characters
$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
diff --git a/crypto/cipher_extra/test/cipher_tests.txt b/crypto/cipher_extra/test/cipher_tests.txt
index bf7325e..782b08e 100644
--- a/crypto/cipher_extra/test/cipher_tests.txt
+++ b/crypto/cipher_extra/test/cipher_tests.txt
@@ -271,7 +271,7 @@
Ciphertext =
-# AES Counter test vectors from RFC3686
+# AES Counter test vectors from RFC 3686
Cipher = AES-128-CTR
Key = AE6852F8121067CC4BF7A5765577F39E
IV = 00000030000000000000000000000001
diff --git a/crypto/fipsmodule/md4/md4.c b/crypto/fipsmodule/md4/md4.c
index 8779402..a505d05 100644
--- a/crypto/fipsmodule/md4/md4.c
+++ b/crypto/fipsmodule/md4/md4.c
@@ -72,7 +72,7 @@
return out;
}
-// Implemented from RFC1186 The MD4 Message-Digest Algorithm.
+// Implemented from RFC 1186 The MD4 Message-Digest Algorithm.
int MD4_Init(MD4_CTX *md4) {
OPENSSL_memset(md4, 0, sizeof(MD4_CTX));
diff --git a/crypto/fipsmodule/modes/gcm_nohw.c b/crypto/fipsmodule/modes/gcm_nohw.c
index f8618b8..92d5441 100644
--- a/crypto/fipsmodule/modes/gcm_nohw.c
+++ b/crypto/fipsmodule/modes/gcm_nohw.c
@@ -193,7 +193,7 @@
#endif // BORINGSSL_HAS_UINT128
void gcm_init_nohw(u128 Htable[16], const uint64_t Xi[2]) {
- // We implement GHASH in terms of POLYVAL, as described in RFC8452. This
+ // We implement GHASH in terms of POLYVAL, as described in RFC 8452. This
// avoids a shift by 1 in the multiplication, needed to account for bit
// reversal losing a bit after multiplication, that is,
// rev128(X) * rev128(Y) = rev255(X*Y).
diff --git a/crypto/hmac_extra/hmac_tests.txt b/crypto/hmac_extra/hmac_tests.txt
index 53f3f8f..1d7efd2 100644
--- a/crypto/hmac_extra/hmac_tests.txt
+++ b/crypto/hmac_extra/hmac_tests.txt
@@ -5,7 +5,7 @@
Input = "More text test vectors to stuff up EBCDIC machines :-)"
Output = e9139d1e6ee064ef8cf514fc7dc83e86
-# HMAC tests from RFC2104
+# HMAC tests from RFC 2104
HMAC = MD5
Key = 0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
Input = "Hi There"
diff --git a/crypto/obj/objects.txt b/crypto/obj/objects.txt
index b88342d..25c2430 100644
--- a/crypto/obj/objects.txt
+++ b/crypto/obj/objects.txt
@@ -364,7 +364,7 @@
rsadsi 2 6 : : hmacWithMD5
rsadsi 2 7 : : hmacWithSHA1
-# From RFC4231
+# From RFC 4231
rsadsi 2 8 : : hmacWithSHA224
rsadsi 2 9 : : hmacWithSHA256
rsadsi 2 10 : : hmacWithSHA384
@@ -492,7 +492,7 @@
id-kp 7 : ipsecUser : IPSec User
!Cname time-stamp
id-kp 8 : timeStamping : Time Stamping
-# From OCSP spec RFC2560
+# From OCSP spec RFC 2560
!Cname OCSP-sign
id-kp 9 : OCSPSigning : OCSP Signing
id-kp 10 : DVCS : dvcs
@@ -776,7 +776,7 @@
!Cname no-rev-avail
id-ce 56 : noRevAvail : X509v3 No Revocation Available
-# From RFC5280
+# From RFC 5280
ext-key-usage 0 : anyExtendedKeyUsage : Any Extended Key Usage
@@ -820,7 +820,7 @@
internet 5 : security : Security
internet 6 : snmpv2 : SNMPv2
# Documents refer to "internet 7" as "mail". This however leads to ambiguities
-# with RFC2798, Section 9.1.3, where "mail" is defined as the short name for
+# with RFC 2798, Section 9.1.3, where "mail" is defined as the short name for
# rfc822Mailbox. The short name is therefore here left out for a reason.
# Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as
# references are realized via long name "Mail" (with capital M).
@@ -1313,7 +1313,7 @@
1 3 36 3 3 2 8 1 1 13 : brainpoolP512r1
1 3 36 3 3 2 8 1 1 14 : brainpoolP512t1
-# ECDH schemes from RFC5753
+# ECDH schemes from RFC 5753
!Alias x9-63-scheme 1 3 133 16 840 63 0
!Alias secg-scheme certicom-arc 1
diff --git a/crypto/pkcs8/pkcs8_x509.c b/crypto/pkcs8/pkcs8_x509.c
index efdf33a..e24fb42 100644
--- a/crypto/pkcs8/pkcs8_x509.c
+++ b/crypto/pkcs8/pkcs8_x509.c
@@ -1180,7 +1180,7 @@
}
// PKCS#12 is a very confusing recursive data format, built out of another
- // recursive data format. Section 5.1 of RFC7292 describes the encoding
+ // recursive data format. Section 5.1 of RFC 7292 describes the encoding
// algorithm, but there is no clear overview. A quick summary:
//
// PKCS#7 defines a ContentInfo structure, which is a overgeneralized typed
diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc
index d2813fa..0e64018 100644
--- a/crypto/x509/x509_test.cc
+++ b/crypto/x509/x509_test.cc
@@ -3059,7 +3059,7 @@
// Test the various |X509_ATTRIBUTE| creation functions.
TEST(X509Test, Attribute) {
- // The friendlyName attribute has a BMPString value. See RFC2985,
+ // The friendlyName attribute has a BMPString value. See RFC 2985,
// section 5.5.1.
static const uint8_t kTest1[] = {0x26, 0x03}; // U+2603 SNOWMAN
static const uint8_t kTest1UTF8[] = {0xe2, 0x98, 0x83};
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 3d55990..818459c 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1403,12 +1403,12 @@
}
/*
- * RFC3280 says nothing about the relationship between CRL path and
+ * RFC 3280 says nothing about the relationship between CRL path and
* certificate path, which could lead to situations where a certificate could
- * be revoked or validated by a CA not authorised to do so. RFC5280 is more
+ * be revoked or validated by a CA not authorised to do so. RFC 5280 is more
* strict and states that the two paths must end in the same trust anchor,
* though some discussions remain... until this is resolved we use the
- * RFC5280 version
+ * RFC 5280 version
*/
static int check_crl_chain(X509_STORE_CTX *ctx,
@@ -1919,8 +1919,8 @@
int i, day, sec, ret = 0;
/*
- * Note that ASN.1 allows much more slack in the time format than RFC5280.
- * In RFC5280, the representation is fixed:
+ * Note that ASN.1 allows much more slack in the time format than RFC 5280.
+ * In RFC 5280, the representation is fixed:
* UTCTime: YYMMDDHHMMSSZ
* GeneralizedTime: YYYYMMDDHHMMSSZ
*
diff --git a/crypto/x509/x_x509.c b/crypto/x509/x_x509.c
index ff0bff8..679acb1 100644
--- a/crypto/x509/x_x509.c
+++ b/crypto/x509/x_x509.c
@@ -128,14 +128,14 @@
}
}
- /* Per RFC5280, section 4.1.2.8, these fields require v2 or v3. */
+ /* Per RFC 5280, section 4.1.2.8, these fields require v2 or v3. */
if (version == 0 && (ret->cert_info->issuerUID != NULL ||
ret->cert_info->subjectUID != NULL)) {
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
return 0;
}
- /* Per RFC5280, section 4.1.2.9, extensions require v3. */
+ /* Per RFC 5280, section 4.1.2.9, extensions require v3. */
if (version != 2 && ret->cert_info->extensions != NULL) {
OPENSSL_PUT_ERROR(X509, X509_R_INVALID_FIELD_FOR_VERSION);
return 0;
diff --git a/crypto/x509v3/pcy_data.c b/crypto/x509v3/pcy_data.c
index 58584c2..c4a56ca 100644
--- a/crypto/x509v3/pcy_data.c
+++ b/crypto/x509v3/pcy_data.c
@@ -79,7 +79,7 @@
/*
* Create a data based on an existing policy. If 'id' is NULL use the oid in
* the policy, otherwise use 'id'. This behaviour covers the two types of
- * data in RFC3280: data with from a CertificatePolcies extension and
+ * data in RFC 3280: data with from a CertificatePolcies extension and
* additional data with just the qualifiers of anyPolicy and ID from another
* source.
*/
diff --git a/crypto/x509v3/pcy_int.h b/crypto/x509v3/pcy_int.h
index fc6e20a..aee71d6 100644
--- a/crypto/x509v3/pcy_int.h
+++ b/crypto/x509v3/pcy_int.h
@@ -65,7 +65,7 @@
/*
* This structure and the field names correspond to the Policy 'node' of
- * RFC3280. NB this structure contains no pointers to parent or child data:
+ * RFC 3280. NB this structure contains no pointers to parent or child data:
* X509_POLICY_NODE contains that. This means that the main policy data can
* be kept static and cached with the certificate.
*/
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index 136b45f..292cd20 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -332,7 +332,7 @@
}
/*
- * This corresponds to RFC3280 6.1.3(d)(1): link any data from
+ * This corresponds to RFC 3280 6.1.3(d)(1): link any data from
* CertificatePolicies onto matching parent or anyPolicy if no match.
*/
@@ -365,7 +365,7 @@
}
/*
- * This corresponds to RFC3280 6.1.3(d)(2): Create new data for any unmatched
+ * This corresponds to RFC 3280 6.1.3(d)(2): Create new data for any unmatched
* policies in the parent and link to anyPolicy.
*/
@@ -500,7 +500,7 @@
if (curr->flags & X509_V_FLAG_INHIBIT_MAP) {
for (i = sk_X509_POLICY_NODE_num(nodes) - 1; i >= 0; i--) {
node = sk_X509_POLICY_NODE_value(nodes, i);
- /* Delete any mapped data: see RFC3280 XXXX */
+ /* Delete any mapped data: see RFC 3280 XXXX */
if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) {
node->parent->nchild--;
OPENSSL_free(node);
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index fd6e689..0b4ad80 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -1120,7 +1120,7 @@
/*
* Convert IP addresses both IPv4 and IPv6 into an OCTET STRING compatible
- * with RFC3280.
+ * with RFC 3280.
*/
ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 1d30300..45a9794 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -384,7 +384,7 @@
// in several forms:
//
// Some BIT STRINGs represent a bitmask of named bits, such as the X.509 key
-// usage extension in RFC5280, section 4.2.1.3. For such bit strings, DER
+// usage extension in RFC 5280, section 4.2.1.3. For such bit strings, DER
// imposes an additional restriction that trailing zero bits are removed. Some
// functions like |ASN1_BIT_STRING_set_bit| help in maintaining this.
//
@@ -523,10 +523,10 @@
// epoch would be "19700101000000Z" for a GeneralizedTime and "700101000000Z"
// for a UTCTime.
//
-// ASN.1 does not define how to interpret UTCTime's two-digit year. RFC5280
+// ASN.1 does not define how to interpret UTCTime's two-digit year. RFC 5280
// defines it as a range from 1950 to 2049 for X.509. The library uses the
-// RFC5280 interpretation. It does not currently enforce the restrictions from
-// BER, and the additional restrictions from RFC5280, but future versions may.
+// RFC 5280 interpretation. It does not currently enforce the restrictions from
+// BER, and the additional restrictions from RFC 5280, but future versions may.
// Callers should not rely on fractional seconds and non-UTC time zones.
//
// The |ASN1_TIME| typedef represents the X.509 Time type, which is a CHOICE of
@@ -606,7 +606,7 @@
const ASN1_TIME *from, const ASN1_TIME *to);
// ASN1_TIME_set represents |t| as a GeneralizedTime or UTCTime and writes
-// the result to |s|. As in RFC5280, section 4.1.2.5, it uses UTCTime when the
+// the result to |s|. As in RFC 5280, section 4.1.2.5, it uses UTCTime when the
// time fits and GeneralizedTime otherwise. It returns |s| on success and NULL
// on error. If |s| is NULL, it returns a newly-allocated |ASN1_TIME| instead.
//
@@ -614,7 +614,7 @@
OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
// ASN1_TIME_adj adds |offset_day| days and |offset_sec| seconds to
-// |t| and writes the result to |s|. As in RFC5280, section 4.1.2.5, it uses
+// |t| and writes the result to |s|. As in RFC 5280, section 4.1.2.5, it uses
// UTCTime when the time fits and GeneralizedTime otherwise. It returns |s| on
// success and NULL on error. If |s| is NULL, it returns a newly-allocated
// |ASN1_GENERALIZEDTIME| instead.
@@ -774,7 +774,7 @@
// replaced with '.'.
OPENSSL_EXPORT int ASN1_STRING_print(BIO *out, const ASN1_STRING *str);
-// ASN1_STRFLGS_ESC_2253 causes characters to be escaped as in RFC2253, section
+// ASN1_STRFLGS_ESC_2253 causes characters to be escaped as in RFC 2253, section
// 2.4.
#define ASN1_STRFLGS_ESC_2253 1
@@ -805,7 +805,7 @@
#define ASN1_STRFLGS_SHOW_TYPE 0x40
// ASN1_STRFLGS_DUMP_ALL causes all strings to be printed as a hexdump, using
-// RFC2253 hexstring notation, such as "#0123456789ABCDEF".
+// RFC 2253 hexstring notation, such as "#0123456789ABCDEF".
#define ASN1_STRFLGS_DUMP_ALL 0x80
// ASN1_STRFLGS_DUMP_UNKNOWN behaves like |ASN1_STRFLGS_DUMP_ALL| but only
@@ -815,11 +815,11 @@
// ASN1_STRFLGS_DUMP_DER causes hexdumped strings (as determined by
// |ASN1_STRFLGS_DUMP_ALL| or |ASN1_STRFLGS_DUMP_UNKNOWN|) to print the entire
-// DER element as in RFC2253, rather than only the contents of the
+// DER element as in RFC 2253, rather than only the contents of the
// |ASN1_STRING|.
#define ASN1_STRFLGS_DUMP_DER 0x200
-// ASN1_STRFLGS_RFC2253 causes the string to be escaped as in RFC2253,
+// ASN1_STRFLGS_RFC2253 causes the string to be escaped as in RFC 2253,
// additionally escaping control characters.
#define ASN1_STRFLGS_RFC2253 \
(ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | \
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 2886e2c..9f38c81 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -181,26 +181,26 @@
#define TLS1_AD_NO_APPLICATION_PROTOCOL 120
#define TLS1_AD_ECH_REQUIRED 121 // draft-ietf-tls-esni-10
-// ExtensionType values from RFC6066
+// ExtensionType values from RFC 6066
#define TLSEXT_TYPE_server_name 0
#define TLSEXT_TYPE_status_request 5
-// ExtensionType values from RFC4492
+// ExtensionType values from RFC 4492
#define TLSEXT_TYPE_ec_point_formats 11
-// ExtensionType values from RFC5246
+// ExtensionType values from RFC 5246
#define TLSEXT_TYPE_signature_algorithms 13
-// ExtensionType value from RFC5764
+// ExtensionType value from RFC 5764
#define TLSEXT_TYPE_srtp 14
-// ExtensionType value from RFC7301
+// ExtensionType value from RFC 7301
#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
-// ExtensionType value from RFC7685
+// ExtensionType value from RFC 7685
#define TLSEXT_TYPE_padding 21
-// ExtensionType value from RFC7627
+// ExtensionType value from RFC 7627
#define TLSEXT_TYPE_extended_master_secret 23
// ExtensionType value from draft-ietf-quic-tls. Drafts 00 through 32 use
@@ -210,7 +210,7 @@
// use the value 57 which was officially registered with IANA.
#define TLSEXT_TYPE_quic_transport_parameters_legacy 0xffa5
-// ExtensionType value from RFC9000
+// ExtensionType value from RFC 9000
#define TLSEXT_TYPE_quic_transport_parameters 57
// TLSEXT_TYPE_quic_transport_parameters_standard is an alias for
@@ -219,13 +219,13 @@
#define TLSEXT_TYPE_quic_transport_parameters_standard \
TLSEXT_TYPE_quic_transport_parameters
-// ExtensionType value from RFC8879
+// ExtensionType value from RFC 8879
#define TLSEXT_TYPE_cert_compression 27
-// ExtensionType value from RFC4507
+// ExtensionType value from RFC 4507
#define TLSEXT_TYPE_session_ticket 35
-// ExtensionType values from RFC8446
+// ExtensionType values from RFC 8446
#define TLSEXT_TYPE_supported_groups 10
#define TLSEXT_TYPE_pre_shared_key 41
#define TLSEXT_TYPE_early_data 42
@@ -236,7 +236,7 @@
#define TLSEXT_TYPE_signature_algorithms_cert 50
#define TLSEXT_TYPE_key_share 51
-// ExtensionType value from RFC5746
+// ExtensionType value from RFC 5746
#define TLSEXT_TYPE_renegotiate 0xff01
// ExtensionType value from draft-ietf-tls-subcerts.
@@ -252,7 +252,7 @@
#define TLSEXT_TYPE_ech_is_inner 0xda09
#define TLSEXT_TYPE_ech_outer_extensions 0xfd00
-// ExtensionType value from RFC6962
+// ExtensionType value from RFC 6962
#define TLSEXT_TYPE_certificate_timestamp 18
// This is not an IANA defined extension number
@@ -313,7 +313,7 @@
#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065
#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066
-// AES ciphersuites from RFC3268
+// AES ciphersuites from RFC 3268
#define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F
#define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030
@@ -337,7 +337,7 @@
#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256 0x0300003F
#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256 0x03000040
-// Camellia ciphersuites from RFC4132
+// Camellia ciphersuites from RFC 4132
#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000041
#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA 0x03000042
#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA 0x03000043
@@ -354,7 +354,7 @@
#define TLS1_CK_ADH_WITH_AES_128_SHA256 0x0300006C
#define TLS1_CK_ADH_WITH_AES_256_SHA256 0x0300006D
-// Camellia ciphersuites from RFC4132
+// Camellia ciphersuites from RFC 4132
#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000084
#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA 0x03000085
#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000086
@@ -362,7 +362,7 @@
#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x03000088
#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA 0x03000089
-// SEED ciphersuites from RFC4162
+// SEED ciphersuites from RFC 4162
#define TLS1_CK_RSA_WITH_SEED_SHA 0x03000096
#define TLS1_CK_DH_DSS_WITH_SEED_SHA 0x03000097
#define TLS1_CK_DH_RSA_WITH_SEED_SHA 0x03000098
@@ -370,7 +370,7 @@
#define TLS1_CK_DHE_RSA_WITH_SEED_SHA 0x0300009A
#define TLS1_CK_ADH_WITH_SEED_SHA 0x0300009B
-// TLS v1.2 GCM ciphersuites from RFC5288
+// TLS v1.2 GCM ciphersuites from RFC 5288
#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256 0x0300009C
#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384 0x0300009D
#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256 0x0300009E
@@ -384,7 +384,7 @@
#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256 0x030000A6
#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384 0x030000A7
-// ECC ciphersuites from RFC4492
+// ECC ciphersuites from RFC 4492
#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA 0x0300C001
#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA 0x0300C002
#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA 0x0300C003
@@ -426,7 +426,7 @@
#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA 0x0300C021
#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA 0x0300C022
-// ECDH HMAC based ciphersuites from RFC5289
+// ECDH HMAC based ciphersuites from RFC 5289
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256 0x0300C023
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 0x0300C024
@@ -437,7 +437,7 @@
#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256 0x0300C029
#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384 0x0300C02A
-// ECDH GCM based ciphersuites from RFC5289
+// ECDH GCM based ciphersuites from RFC 5289
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02B
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0x0300C02C
#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0x0300C02D
@@ -473,7 +473,7 @@
#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA"
#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA"
-// AES ciphersuites from RFC3268
+// AES ciphersuites from RFC 3268
#define TLS1_TXT_RSA_WITH_AES_128_SHA "AES128-SHA"
#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AES128-SHA"
#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AES128-SHA"
@@ -488,7 +488,7 @@
#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AES256-SHA"
#define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AES256-SHA"
-// ECC ciphersuites from RFC4492
+// ECC ciphersuites from RFC 4492
#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA "ECDH-ECDSA-NULL-SHA"
#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA "ECDH-ECDSA-RC4-SHA"
#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA "ECDH-ECDSA-DES-CBC3-SHA"
@@ -540,7 +540,7 @@
#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA "SRP-RSA-AES-256-CBC-SHA"
#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA "SRP-DSS-AES-256-CBC-SHA"
-// Camellia ciphersuites from RFC4132
+// Camellia ciphersuites from RFC 4132
#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA "CAMELLIA128-SHA"
#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA "DH-DSS-CAMELLIA128-SHA"
#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA "DH-RSA-CAMELLIA128-SHA"
@@ -555,7 +555,7 @@
#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA "DHE-RSA-CAMELLIA256-SHA"
#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA "ADH-CAMELLIA256-SHA"
-// SEED ciphersuites from RFC4162
+// SEED ciphersuites from RFC 4162
#define TLS1_TXT_RSA_WITH_SEED_SHA "SEED-SHA"
#define TLS1_TXT_DH_DSS_WITH_SEED_SHA "DH-DSS-SEED-SHA"
#define TLS1_TXT_DH_RSA_WITH_SEED_SHA "DH-RSA-SEED-SHA"
@@ -578,7 +578,7 @@
#define TLS1_TXT_ADH_WITH_AES_128_SHA256 "ADH-AES128-SHA256"
#define TLS1_TXT_ADH_WITH_AES_256_SHA256 "ADH-AES256-SHA256"
-// TLS v1.2 GCM ciphersuites from RFC5288
+// TLS v1.2 GCM ciphersuites from RFC 5288
#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256 "AES128-GCM-SHA256"
#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384 "AES256-GCM-SHA384"
#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256 "DHE-RSA-AES128-GCM-SHA256"
@@ -592,7 +592,7 @@
#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256 "ADH-AES128-GCM-SHA256"
#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384 "ADH-AES256-GCM-SHA384"
-// ECDH HMAC based ciphersuites from RFC5289
+// ECDH HMAC based ciphersuites from RFC 5289
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256 "ECDHE-ECDSA-AES128-SHA256"
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384 "ECDHE-ECDSA-AES256-SHA384"
@@ -603,7 +603,7 @@
#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256 "ECDH-RSA-AES128-SHA256"
#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384 "ECDH-RSA-AES256-SHA384"
-// ECDH GCM based ciphersuites from RFC5289
+// ECDH GCM based ciphersuites from RFC 5289
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \
"ECDHE-ECDSA-AES128-GCM-SHA256"
#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 9f8edce..fa333ca 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -261,7 +261,7 @@
#define XN_FLAG_SEP_MASK (0xf << 16)
#define XN_FLAG_COMPAT 0 // Traditional SSLeay: use old X509_NAME_print
-#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) // RFC2253 ,+
+#define XN_FLAG_SEP_COMMA_PLUS (1 << 16) // RFC 2253 ,+
#define XN_FLAG_SEP_CPLUS_SPC (2 << 16) // ,+ spaced: more readable
#define XN_FLAG_SEP_SPLUS_SPC (3 << 16) // ;+ spaced
#define XN_FLAG_SEP_MULTILINE (4 << 16) // One line per field
@@ -280,13 +280,13 @@
#define XN_FLAG_SPC_EQ (1 << 23) // Put spaces round '='
// This determines if we dump fields we don't recognise:
-// RFC2253 requires this.
+// RFC 2253 requires this.
#define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24)
#define XN_FLAG_FN_ALIGN (1 << 25) // Align field names to 20 characters
-// Complete set of RFC2253 flags
+// Complete set of RFC 2253 flags
#define XN_FLAG_RFC2253 \
(ASN1_STRFLGS_RFC2253 | XN_FLAG_SEP_COMMA_PLUS | XN_FLAG_DN_REV | \
@@ -463,7 +463,7 @@
#define X509_extract_key(x) X509_get_pubkey(x)
// X509_get_pathlen returns path length constraint from the basic constraints
-// extension in |x509|. (See RFC5280, section 4.2.1.9.) It returns -1 if the
+// extension in |x509|. (See RFC 5280, section 4.2.1.9.) It returns -1 if the
// constraint is not present, or if some extension in |x509| was invalid.
//
// Note that decoding an |X509| object will not check for invalid extensions. To
@@ -1144,7 +1144,7 @@
// a known NID.
OPENSSL_EXPORT int X509_REQ_get_signature_nid(const X509_REQ *req);
-// i2d_re_X509_REQ_tbs serializes the CertificationRequestInfo (see RFC2986)
+// i2d_re_X509_REQ_tbs serializes the CertificationRequestInfo (see RFC 2986)
// portion of |req|. If |outp| is NULL, nothing is written. Otherwise, if
// |*outp| is not NULL, the result is written to |*outp|, which must have enough
// space available, and |*outp| is advanced just past the output. If |outp| is
@@ -1171,7 +1171,7 @@
// X509_REQ_extension_nid returns one if |nid| is a supported CSR attribute type
// for carrying extensions and zero otherwise. The supported types are
-// |NID_ext_req| (pkcs-9-at-extensionRequest from RFC2985) and |NID_ms_ext_req|
+// |NID_ext_req| (pkcs-9-at-extensionRequest from RFC 2985) and |NID_ms_ext_req|
// (a Microsoft szOID_CERT_EXTENSIONS variant).
OPENSSL_EXPORT int X509_REQ_extension_nid(int nid);
@@ -1179,7 +1179,7 @@
// returns a newly-allocated |STACK_OF(X509_EXTENSION)| containing the result.
// It returns NULL on error, or if |req| did not request extensions.
//
-// This function supports both pkcs-9-at-extensionRequest from RFC2985 and the
+// This function supports both pkcs-9-at-extensionRequest from RFC 2985 and the
// Microsoft szOID_CERT_EXTENSIONS variant.
OPENSSL_EXPORT STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index ab060f1..31422f4 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -657,7 +657,7 @@
// extension, or -1 if not found. If |out_idx| is non-NULL, duplicate extensions
// are not treated as an error. Callers, however, should not rely on this
// behavior as it may be removed in the future. Duplicate extensions are
-// forbidden in RFC5280.
+// forbidden in RFC 5280.
//
// WARNING: This function is difficult to use correctly. Callers should pass a
// non-NULL |out_critical| and check both the return value and |*out_critical|
@@ -787,7 +787,7 @@
OPENSSL_EXPORT uint32_t X509_get_extended_key_usage(X509 *x);
// X509_get0_subject_key_id returns |x509|'s subject key identifier, if present.
-// (See RFC5280, section 4.2.1.2.) It returns NULL if the extension is not
+// (See RFC 5280, section 4.2.1.2.) It returns NULL if the extension is not
// present or if some extension in |x509| was invalid.
//
// Note that decoding an |X509| object will not check for invalid extensions. To
@@ -796,7 +796,7 @@
OPENSSL_EXPORT const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x509);
// X509_get0_authority_key_id returns keyIdentifier of |x509|'s authority key
-// identifier, if the extension and field are present. (See RFC5280,
+// identifier, if the extension and field are present. (See RFC 5280,
// section 4.2.1.1.) It returns NULL if the extension is not present, if it is
// present but lacks a keyIdentifier field, or if some extension in |x509| was
// invalid.
@@ -808,7 +808,7 @@
// X509_get0_authority_issuer returns the authorityCertIssuer of |x509|'s
// authority key identifier, if the extension and field are present. (See
-// RFC5280, section 4.2.1.1.) It returns NULL if the extension is not present,
+// RFC 5280, section 4.2.1.1.) It returns NULL if the extension is not present,
// if it is present but lacks a authorityCertIssuer field, or if some extension
// in |x509| was invalid.
//
@@ -819,7 +819,7 @@
// X509_get0_authority_serial returns the authorityCertSerialNumber of |x509|'s
// authority key identifier, if the extension and field are present. (See
-// RFC5280, section 4.2.1.1.) It returns NULL if the extension is not present,
+// RFC 5280, section 4.2.1.1.) It returns NULL if the extension is not present,
// if it is present but lacks a authorityCertSerialNumber field, or if some
// extension in |x509| was invalid.
//
diff --git a/ssl/encrypted_client_hello.cc b/ssl/encrypted_client_hello.cc
index f5d02fd..4b837ff 100644
--- a/ssl/encrypted_client_hello.cc
+++ b/ssl/encrypted_client_hello.cc
@@ -436,7 +436,7 @@
}
bool ssl_is_valid_ech_public_name(Span<const uint8_t> public_name) {
- // See draft-ietf-tls-esni-11, Section 4 and RFC5890, Section 2.3.1. The
+ // See draft-ietf-tls-esni-11, Section 4 and RFC 5890, Section 2.3.1. The
// public name must be a dot-separated sequence of LDH labels and not begin or
// end with a dot.
auto copy = public_name;
diff --git a/ssl/internal.h b/ssl/internal.h
index 3b7326a..7505e5d 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -2315,7 +2315,7 @@
#define TLSEXT_CHANNEL_ID_SIZE 128
-// From RFC4492, used in encoding the curve type in ECParameters
+// From RFC 4492, used in encoding the curve type in ECParameters
#define NAMED_CURVE_TYPE 3
struct CERT {
diff --git a/ssl/ssl_cipher.cc b/ssl/ssl_cipher.cc
index 4f5049c..60b3e2c 100644
--- a/ssl/ssl_cipher.cc
+++ b/ssl/ssl_cipher.cc
@@ -234,7 +234,7 @@
SSL_HANDSHAKE_MAC_DEFAULT,
},
- // GCM ciphersuites from RFC5288
+ // GCM ciphersuites from RFC 5288
// Cipher 9C
{
@@ -346,7 +346,7 @@
SSL_HANDSHAKE_MAC_DEFAULT,
},
- // GCM based TLS v1.2 ciphersuites from RFC5289
+ // GCM based TLS v1.2 ciphersuites from RFC 5289
// Cipher C02B
{
diff --git a/ssl/test/runner/common.go b/ssl/test/runner/common.go
index 809ed1f..d43e7d1 100644
--- a/ssl/test/runner/common.go
+++ b/ssl/test/runner/common.go
@@ -176,7 +176,7 @@
CertTypeRSAFixedDH = 3 // A certificate containing a static DH key
CertTypeDSSFixedDH = 4 // A certificate containing a static DH key
- // See RFC4492 sections 3 and 5.5.
+ // See RFC 4492 sections 3 and 5.5.
CertTypeECDSASign = 64 // A certificate containing an ECDSA-capable public key, signed with ECDSA.
CertTypeRSAFixedECDH = 65 // A certificate containing an ECDH-capable public key, signed with RSA.
CertTypeECDSAFixedECDH = 66 // A certificate containing an ECDH-capable public key, signed with ECDSA.
diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc
index 72ec4a1..f1a62b2 100644
--- a/ssl/tls13_server.cc
+++ b/ssl/tls13_server.cc
@@ -270,7 +270,7 @@
return ssl_ticket_aead_ignore_ticket;
}
- // Per RFC8446, section 4.2.9, servers MUST abort the handshake if the client
+ // Per RFC 8446, section 4.2.9, servers MUST abort the handshake if the client
// sends pre_shared_key without psk_key_exchange_modes.
CBS unused;
if (!ssl_client_hello_get_extension(client_hello, &unused,
diff --git a/util/fetch_ech_config_list.go b/util/fetch_ech_config_list.go
index 03b2f87..badaae2 100644
--- a/util/fetch_ech_config_list.go
+++ b/util/fetch_ech_config_list.go
@@ -175,7 +175,7 @@
// Verify that this response answers the question that we asked in the
// query. If the resolver encountered any CNAMEs, it's not guaranteed
// that the response will contain a question with the same QNAME as our
- // query. However, RFC8499 Section 4 indicates that in general use, the
+ // query. However, RFC 8499 Section 4 indicates that in general use, the
// response's QNAME should match the query, so we will make that
// assumption.
q, err := p.Question()