Fix typos

Reviewed-by: Tim Hudson <[email protected]>
Reviewed-by: Tomas Mraz <[email protected]>
(Merged from openssl#17392)

Configure

@@ -603,7 +603,7 @@ my @disable_cascades = (
     # Without shared libraries, dynamic engines aren't possible.
     # This is due to them having to link with libcrypto and register features
     # using the ENGINE functionality, and since that relies on global tables,
-    # those *have* to be exacty the same as the ones accessed from the app,
+    # those *have* to be exactly the same as the ones accessed from the app,
     # which cannot be guaranteed if shared libraries aren't present.
     # (note that even with shared libraries, both the app and dynamic engines
     # must be linked with the same library)
@@ -1800,7 +1800,7 @@ my %skipdir = ();
 my %disabled_info = ();         # For configdata.pm
 foreach my $what (sort keys %disabled) {
     # There are deprecated disablables that translate to themselves.
-    # They cause disabling cascades, but should otherwise not regiter.
+    # They cause disabling cascades, but should otherwise not register.
     next if $deprecated_disablables{$what};
     # The generated $disabled{"deprecated-x.y"} entries are special
     # and treated properly elsewhere

INSTALL.md

@@ -1597,7 +1597,7 @@ working incorrectly. If you think you encountered a bug, please
 Along with a short description of the bug, please provide the complete
 configure command line and the relevant output including the error message.
 
-Note: To make the output readable, pleace add a 'code fence' (three backquotes
+Note: To make the output readable, please add a 'code fence' (three backquotes
 ` ``` ` on a separate line) before and after your output:
 
      ```

README-ENGINES.md

@@ -8,7 +8,7 @@ The ENGINE API was introduced in OpenSSL version 0.9.6 as a low level
 interface for adding alternative implementations of cryptographic
 primitives, most notably for integrating hardware crypto devices.
 
-The ENGINE interface has its limitations and it has been superseeded
+The ENGINE interface has its limitations and it has been superseded
 by the [PROVIDER API](README-PROVIDERS.md), it is deprecated in OpenSSL
 version 3.0. The following documentation is retained as an aid for
 users who need to maintain or support existing ENGINE implementations.

apps/cmp.c

@@ -1115,7 +1115,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
     if (opt_grant_implicitconf)
         (void)OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(srv_ctx, 1);
 
-    if (opt_failure != INT_MIN) { /* option has been set explicity */
+    if (opt_failure != INT_MIN) { /* option has been set explicitly */
         if (opt_failure < 0 || OSSL_CMP_PKIFAILUREINFO_MAX < opt_failure) {
             CMP_err1("-failure out of range, should be >= 0 and <= %d",
                      OSSL_CMP_PKIFAILUREINFO_MAX);

apps/include/http_server.h

@@ -94,7 +94,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
  * Send an ASN.1-formatted HTTP response
  * cbio: destination BIO (typically as returned by http_server_get_asn1_req())
  *       note: cbio should not do an encoding that changes the output length
- * keep_alive: grant persistent connnection
+ * keep_alive: grant persistent connection
  * content_type: string identifying the type of the response
  * it: the response ASN.1 type
  * resp: the response to send

configdata.pm.in

@@ -20,7 +20,7 @@
          # Unix form /VOLUME/DIR1/DIR2/FILE, which is what VMS perl supports
          # for 'use lib'.
 
-         # Start with spliting the native path
+         # Start with splitting the native path
          (my $vol, my $dirs, my $file) = File::Spec->splitpath($path);
          my @dirs = File::Spec->splitdir($dirs);
 
@@ -88,7 +88,7 @@ unless (caller) {
     if (scalar @ARGV == 0) {
         # With no arguments, re-create the build file
         # We do that in two steps, where the first step emits perl
-        # snipets.
+        # snippets.
 
         my $buildfile = $target{build_file};
         my $buildfile_template = "$buildfile.in";

crypto/aes/asm/aesv8-armx.pl

@@ -417,7 +417,7 @@ ()
 # If lsize < 3*16 bytes, treat them as the tail, interleave the
 # two blocks AES instructions.
 # There is one special case, if the original input data size dsize
-# = 16 bytes, we will treat it seperately to improve the
+# = 16 bytes, we will treat it separately to improve the
 # performance: one independent code block without LR, FP load and
 # store, just looks like what the original ECB implementation does.
 
@@ -2162,7 +2162,7 @@ ()
 # will be processed specially, which be integrated into the 5*16 bytes
 # loop to improve the efficiency.
 # There is one special case, if the original input data size dsize
-# = 16 bytes, we will treat it seperately to improve the
+# = 16 bytes, we will treat it separately to improve the
 # performance: one independent code block without LR, FP load and
 # store.
 # Encryption will process the (length -tailcnt) bytes as mentioned
@@ -3495,7 +3495,7 @@ ()
 	cbnz	x2,.Lxts_dec_1st_done
 	vld1.32	{$dat0},[$inp],#16
 
-	// Decrypt the last secod block to get the last plain text block
+	// Decrypt the last second block to get the last plain text block
 .Lxts_dec_1st_done:
 	eor	$tmpin,$dat0,$iv1
 	ldr	$rounds,[$key1,#240]

crypto/bn/asm/rsaz-2k-avx512.pl

@@ -88,7 +88,7 @@
 # specified in the original algorithm as according to the Lemma 1 from the paper
 # [2], the result will be always < 2*m and can be used as a direct input to
 # the next AMM iteration.  This post-condition is true, provided the correct
-# parameter |s| (notion of the Lemma 1 from [2]) is choosen, i.e.  s >= n + 2 * k,
+# parameter |s| (notion of the Lemma 1 from [2]) is chosen, i.e.  s >= n + 2 * k,
 # which matches our case: 1040 > 1024 + 2 * 1.
 #
 # [1] Gueron, S. Efficient software implementations of modular exponentiation.

crypto/bn/asm/rsaz-3k-avx512.pl

@@ -75,7 +75,7 @@
 # specified in the original algorithm as according to the Lemma 1 from the paper
 # [2], the result will be always < 2*m and can be used as a direct input to
 # the next AMM iteration.  This post-condition is true, provided the correct
-# parameter |s| (notion of the Lemma 1 from [2]) is choosen, i.e.  s >= n + 2 * k,
+# parameter |s| (notion of the Lemma 1 from [2]) is chosen, i.e.  s >= n + 2 * k,
 # which matches our case: 1560 > 1536 + 2 * 1.
 #
 # [1] Gueron, S. Efficient software implementations of modular exponentiation.

crypto/bn/asm/rsaz-4k-avx512.pl

@@ -72,7 +72,7 @@
 # specified in the original algorithm as according to the Lemma 1 from the paper
 # [2], the result will be always < 2*m and can be used as a direct input to
 # the next AMM iteration.  This post-condition is true, provided the correct
-# parameter |s| (notion of the Lemma 1 from [2]) is choosen, i.e.  s >= n + 2 * k,
+# parameter |s| (notion of the Lemma 1 from [2]) is chosen, i.e.  s >= n + 2 * k,
 # which matches our case: 2080 > 2048 + 2 * 1.
 #
 # [1] Gueron, S. Efficient software implementations of modular exponentiation.

crypto/cmp/cmp_vfy.c

@@ -598,7 +598,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
                 break;
             }
             ossl_cmp_debug(ctx,
-                           "sucessfully validated PBM-based CMP message protection");
+                           "successfully validated PBM-based CMP message protection");
             return 1;
         }
         ossl_cmp_warn(ctx, "verifying PBM-based CMP message protection failed");
@@ -628,7 +628,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
             /* use ctx->srvCert for signature check even if not acceptable */
             if (verify_signature(ctx, msg, scrt)) {
                 ossl_cmp_debug(ctx,
-                               "sucessfully validated signature-based CMP message protection");
+                               "successfully validated signature-based CMP message protection");
 
                 return 1;
             }
@@ -668,7 +668,7 @@ static int check_transactionID_or_nonce(ASN1_OCTET_STRING *expected,
  * Any msg->extraCerts are prepended to ctx->untrusted.
  *
  * Ensures that:
- * its sender is of appropriate type (curently only X509_NAME) and
+ * its sender is of appropriate type (currently only X509_NAME) and
  *     matches any expected sender or srvCert subject given in the ctx
  * it has a valid body type
  * its protection is valid (or invalid/absent, but only if a callback function

crypto/context.c

@@ -402,7 +402,7 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index,
      * The alloc call ensures there's a value there. We release the ctx->lock
      * for this, because the allocation itself may recursively call
      * ossl_lib_ctx_get_data for other indexes (never this one). The allocation
-     * will itself aquire the ctx->lock when it actually comes to store the
+     * will itself acquire the ctx->lock when it actually comes to store the
      * allocated data (see ossl_lib_ctx_generic_new() above). We call
      * ossl_crypto_alloc_ex_data_intern() here instead of CRYPTO_alloc_ex_data().
      * They do the same thing except that the latter calls CRYPTO_get_ex_data()

crypto/ec/ec2_oct.c

@@ -272,7 +272,7 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
     }
 
     /*
-     * The first octet is the point converison octet PC, see X9.62, page 4
+     * The first octet is the point conversion octet PC, see X9.62, page 4
      * and section 4.4.2.  It must be:
      *     0x00          for the point at infinity
      *     0x02 or 0x03  for compressed form

crypto/encode_decode/encoder_lib.c

@@ -523,7 +523,7 @@ static int encoder_process(struct encoder_process_data_st *data)
 
         OSSL_TRACE_BEGIN(ENCODER) {
             BIO_printf(trc_out,
-                       "[%d]    Skipping because recusion level %d failed\n",
+                       "[%d]    Skipping because recursion level %d failed\n",
                        data->level, new_data.level);
         } OSSL_TRACE_END(ENCODER);
     }

crypto/evp/ctrl_params_translate.c

@@ -2153,7 +2153,7 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
       OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
     /*
      * The "rsa_oaep_label" ctrl_str expects the value to always be hex.
-     * This is accomodated by default_fixup_args() above, which mimics that
+     * This is accommodated by default_fixup_args() above, which mimics that
      * expectation for any translation item where |ctrl_str| is NULL and
      * |ctrl_hexstr| is non-NULL.
      */

crypto/evp/m_sigver.c

@@ -239,7 +239,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
              * This might be requested by a later call to EVP_MD_CTX_get0_md().
              * In that case the "explicit fetch" rules apply for that
              * function (as per man pages), i.e. the ref count is not updated
-             * so the EVP_MD should not be used beyound the lifetime of the
+             * so the EVP_MD should not be used beyond the lifetime of the
              * EVP_MD_CTX.
              */
             ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);

crypto/ffc/ffc_params_generate.c

@@ -435,7 +435,7 @@ static int generate_q_fips186_2(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd,
         }
         if (r != 0)
             goto err; /* Exit if error */
-        /* Try another iteration if it wasnt prime - was in old code.. */
+        /* Try another iteration if it wasn't prime - was in old code.. */
         generate_seed = 1;
     }
 err:

crypto/rand/rand_egd.c

@@ -58,7 +58,7 @@ struct sockaddr_un {
 /*
  * HPNS:
  *
- *  Our current MQ 5.3 EGD requies compatability-mode sockets
+ *  Our current MQ 5.3 EGD requires compatability-mode sockets
  *  This code forces the mode to compatibility if required
  *  and then restores the mode.
  *

crypto/rsa/rsa_lib.c

@@ -1103,7 +1103,7 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen)
     if (!evp_pkey_ctx_set_params_strict(ctx, rsa_params))
         return 0;
 
-    /* Ownership is supposed to be transfered to the callee. */
+    /* Ownership is supposed to be transferred to the callee. */
     OPENSSL_free(label);
     return 1;
 }

crypto/x509/v3_ist.c

@@ -17,7 +17,7 @@
 
 /*
  * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE)
- * This extention is required to obtain the status of a qualified certificate at Russian Federation.
+ * This extension is required to obtain the status of a qualified certificate at Russian Federation.
  * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
  * Russian Federal Law 63 "Digital Sign" is available here:  http://www.consultant.ru/document/cons_doc_LAW_112701/
  */

crypto/x509/v3_utf8.c

@@ -16,7 +16,7 @@
 
 /*
  * Subject Sign Tool (1.2.643.100.111) The name of the tool used to signs the subject (UTF8String)
- * This extention is required to obtain the status of a qualified certificate at Russian Federation.
+ * This extension is required to obtain the status of a qualified certificate at Russian Federation.
  * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
  * Russian Federal Law 63 "Digital Sign" is available here:  http://www.consultant.ru/document/cons_doc_LAW_112701/
  */

crypto/x509/v3_utl.c

@@ -47,7 +47,7 @@ static int x509v3_add_len_value(const char *name, const char *value,
     if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL)
         goto err;
     if (value != NULL) {
-        /* We don't allow embeded NUL characters */
+        /* We don't allow embedded NUL characters */
         if (memchr(value, 0, vallen) != NULL)
             goto err;
         tvalue = OPENSSL_strndup(value, vallen);

crypto/x509/x_pubkey.c

@@ -170,7 +170,7 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval,
 
     /*
      * Try to decode with legacy method first.  This ensures that engines
-     * aren't overriden by providers.
+     * aren't overridden by providers.
      */
     if ((ret = x509_pubkey_decode(&pubkey->pkey, pubkey)) == -1) {
         /* -1 indicates a fatal error, like malloc failure */

demos/mac/gmac.c

@@ -85,7 +85,7 @@ int main(int argc, char **argv)
         goto end;
     }
 
-    /* GMAC requries a GCM mode cipher to be specified */
+    /* GMAC requires a GCM mode cipher to be specified */
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
                                             "AES-128-GCM", 0);
 

dev/release-aux/README.md

@@ -1,4 +1,4 @@
-Auxilliary files for dev/release.sh
+Auxillary files for dev/release.sh
 ===================================
 
 - release-state-fn.sh

dev/release.sh

@@ -224,7 +224,7 @@ elif $force; then
     :
 else
     echo >&2 "Not in master or any recognised release branch"
-    echo >&2 "Please 'git checkout' an approprite branch"
+    echo >&2 "Please 'git checkout' an appropriate branch"
     exit 1
 fi
 orig_HEAD=$(git rev-parse HEAD)
@@ -369,7 +369,7 @@ for fixup in "$HERE/dev/release-aux"/fixup-*-release.pl; do
         perl -pi $fixup $file
 done
 
-$VERBOSE "== Comitting updates and tagging"
+$VERBOSE "== Committing updates and tagging"
 git add -u
 git commit $git_quiet -m "Prepare for release of $release_text"
 if [ -n "$reviewers" ]; then

doc/internal/man3/OPTIONS.pod

@@ -155,7 +155,7 @@ on multiple lines; each entry should use B<OPT_MORE_STR>, like this:
         {OPT_MORE_STR, 0, 0,
          "This flag is not really needed on Unix systems"},
         {OPT_MORE_STR, 0, 0,
-         "(Unix and descendents for ths win!)"}
+         "(Unix and descendents for the win!)"}
 
 Each subsequent line will be indented the correct amount.
 

doc/internal/man3/ossl_random_add_conf_module.pod

@@ -15,7 +15,7 @@ ossl_random_add_conf_module - internal random configuration module
 
 ossl_random_add_conf_module() adds the random configuration module
 for providers.
-This allows the type and parameters of the stardard setup of random number
+This allows the type and parameters of the standard setup of random number
 generators to be configured with an OpenSSL L<config(5)> file.
 
 =head1 RETURN VALUES

doc/internal/man7/EVP_PKEY.pod

@@ -19,7 +19,7 @@ private/public key pairs, but has had other uses as well.
 
 =for comment "uses" could as well be "abuses"...
 
-The private/public key pair that an B<EVP_PKEY> contains is refered to
+The private/public key pair that an B<EVP_PKEY> contains is referred to
 as its "internal key" or "origin" (the reason for "origin" is
 explained further down, in L</Export cache for provider operations>),
 and it can take one of the following forms:

doc/man1/openssl-genpkey.pod.in

@@ -278,7 +278,7 @@ RFC5114 names "dh_1024_160", "dh_2048_224", "dh_2048_256".
 
 If this option is set, then the appropriate RFC5114 parameters are used
 instead of generating new parameters. The value I<num> can be one of
-1, 2 or 3 that are equivalant to using the option B<group> with one of
+1, 2 or 3 that are equivalent to using the option B<group> with one of
 "dh_1024_160", "dh_2048_224" or "dh_2048_256".
 All other options will be ignored if this value is set.
 
@@ -333,7 +333,7 @@ The B<algorithm> option must be B<"DH">.
 =item "default"
 
 Selects a default type based on the B<algorithm>. This is used by the
-OpenSSL default provider to set the type for backwards compatability.
+OpenSSL default provider to set the type for backwards compatibility.
 If B<algorithm> is B<"DH"> then B<"generator"> is used.
 If B<algorithm> is B<"DHX"> then B<"fips186_2"> is used.
 

doc/man1/openssl-s_client.pod.in

@@ -274,7 +274,7 @@ See L<openssl-format-options(1)> for details.
 
 =item B<-pass> I<arg>
 
-the private key and certifiate file password source.
+the private key and certificate file password source.
 For more information about the format of I<arg>
 see L<openssl-passphrase-options(1)>.
 

doc/man1/openssl-verification-options.pod

@@ -92,7 +92,7 @@ It does not have a negative trust attribute rejecting the given use.
 =item *
 
 It has a positive trust attribute accepting the given use
-or (by default) one of the following compatibilty conditions apply:
+or (by default) one of the following compatibility conditions apply:
 It is self-signed or the B<-partial_chain> option is given
 (which corresponds to the B<X509_V_FLAG_PARTIAL_CHAIN> flag being set).
 

doc/man3/ASN1_aux_cb.pod

@@ -3,7 +3,7 @@
 =head1 NAME
 
 ASN1_AUX, ASN1_PRINT_ARG, ASN1_STREAM_ARG, ASN1_aux_cb, ASN1_aux_const_cb
-- ASN.1 auxilliary data
+- ASN.1 auxiliary data
 
 =head1 SYNOPSIS
 
@@ -45,7 +45,7 @@ ASN.1 data structures can be associated with an B<ASN1_AUX> object to supply
 additional information about the ASN.1 structure. An B<ASN1_AUX> structure is
 associated with the structure during the definition of the ASN.1 template. For
 example an B<ASN1_AUX> structure will be associated by using one of the various
-ASN.1 template definition macros that supply auxilliary information such as
+ASN.1 template definition macros that supply auxiliary information such as
 ASN1_SEQUENCE_enc(), ASN1_SEQUENCE_ref(), ASN1_SEQUENCE_cb_const_cb(),
 ASN1_SEQUENCE_const_cb(), ASN1_SEQUENCE_cb() or ASN1_NDEF_SEQUENCE_cb().
 

doc/man3/ASN1_item_sign.pod

@@ -62,7 +62,7 @@ I<algor2> are ignored if they are NULL.
 ASN1_item_sign() is similar to ASN1_item_sign_ex() but uses default values of
 NULL for the I<id>, I<libctx> and I<propq>.
 
-ASN1_item_sign_ctx() is similiar to ASN1_item_sign() but uses the parameters
+ASN1_item_sign_ctx() is similar to ASN1_item_sign() but uses the parameters
 contained in digest context I<ctx>.
 
 ASN1_item_verify_ex() is used to verify the signature I<signature> of internal
@@ -77,7 +77,7 @@ See EVP_PKEY_CTX_set1_id() for further info.
 ASN1_item_verify() is similar to ASN1_item_verify_ex() but uses default values of
 NULL for the I<id>, I<libctx> and I<propq>.
 
-ASN1_item_verify_ctx() is similiar to ASN1_item_verify() but uses the parameters
+ASN1_item_verify_ctx() is similar to ASN1_item_verify() but uses the parameters
 contained in digest context I<ctx>.