Fix some typos

Reported-by: misspell-fixer <https://github.com/vlajos/misspell-fixer>

CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10544)

.travis.yml

@@ -178,7 +178,7 @@ script:
           travis_terminate 1;
       fi
     - if ! git diff --exit-code; then
-          echo -e '\052\052 FAILED -- UPDATED FILES NOT COMMITED';
+          echo -e '\052\052 FAILED -- UPDATED FILES NOT COMMITTED';
           travis_terminate 1;
       fi
     - if test -n "$GENERATE" && ! $make build_all_generated; then

Configurations/10-main.conf

@@ -276,7 +276,7 @@ my %targets = (
     # primarily because vendor assembler can't assemble our modules
     # with -KPIC flag. As result it, assembly support, was not even
     # available as option. But its lack means lack of side-channel
-    # resistant code, which is incompatible with security by todays
+    # resistant code, which is incompatible with security by today's
     # standards. Fortunately gcc is readily available prepackaged
     # option, which we can firmly point at...
     #
@@ -1776,7 +1776,7 @@ my %targets = (
                                    debug   => "/DEBUG/TRACEBACK",
                                    release => "/NODEBUG/NOTRACEBACK"),
         # Because of dso_cflags below, we can't set the generic |cflags| here,
-        # as it can't be overriden, so we set separate C flags for libraries
+        # as it can't be overridden, so we set separate C flags for libraries
         # and binaries instead.
         bin_cflags       => add("/NAMES=(AS_IS,SHORTENED)/EXTERN_MODEL=STRICT_REFDEF"),
         lib_cflags       => add("/NAMES=(AS_IS,SHORTENED)/EXTERN_MODEL=STRICT_REFDEF"),

INSTALL

@@ -1129,7 +1129,7 @@
 
  HASHBANGPERL
                 The command string for the Perl executable to insert in the
-                #! line of perl scripts that will be publically installed.
+                #! line of perl scripts that will be publicly installed.
                 Default: /usr/bin/env perl
                 Note: the value of this variable is added to the same scripts
                 on all platforms, but it's only relevant on Unix-like platforms.

apps/lib/build.info

@@ -1,4 +1,4 @@
-# Auxilliary program source
+# Auxiliary program source
 IF[{- $config{target} =~ /^(?:VC-|mingw)/ -}]
   # It's called 'init', but doesn't have much 'init' in it...
   $AUXLIBAPPSSRC=win32_init.c

apps/passwd.c

@@ -820,7 +820,7 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
             (*salt_p)[i] = cov_2char[(*salt_p)[i] & 0x3f]; /* 6 bits */
         (*salt_p)[i] = 0;
 # ifdef CHARSET_EBCDIC
-        /* The password encryption funtion will convert back to ASCII */
+        /* The password encryption function will convert back to ASCII */
         ascii2ebcdic(*salt_p, *salt_p, saltlen);
 # endif
     }

crypto/aes/asm/aesni-x86_64.pl

@@ -59,7 +59,7 @@
 # nothing one can do and the result appears optimal. CCM result is
 # identical to CBC, because CBC-MAC is essentially CBC encrypt without
 # saving output. CCM CTR "stays invisible," because it's neatly
-# interleaved wih CBC-MAC. This provides ~30% improvement over
+# interleaved with CBC-MAC. This provides ~30% improvement over
 # "straightforward" CCM implementation with CTR and CBC-MAC performed
 # disjointly. Parallelizable modes practically achieve the theoretical
 # limit.

crypto/aes/asm/bsaes-x86_64.pl

@@ -27,7 +27,7 @@
 # - code was made position-independent;
 # - rounds were folded into a loop resulting in >5x size reduction
 #   from 12.5KB to 2.2KB;
-# - above was possibile thanks to mixcolumns() modification that
+# - above was possible thanks to mixcolumns() modification that
 #   allowed to feed its output back to aesenc[last], this was
 #   achieved at cost of two additional inter-registers moves;
 # - some instruction reordering and interleaving;

crypto/asn1_dsa.c

@@ -99,7 +99,7 @@ int encode_der_integer(WPACKET *pkt, const BIGNUM *n)
 /*
  * Outputs the DER encoding of a DSA-Sig-Value or ECDSA-Sig-Value to pkt. pkt
  * may be initialised with a NULL buffer which enables pkt to be used to
- * calulate how many bytes would be needed.
+ * calculate how many bytes would be needed.
  *
  * Returns 1 on success or 0 on error.
  */

crypto/des/asm/des_enc.m4

@@ -104,15 +104,15 @@ changequote({,})
 ! technique.
 !
 ! The macro also loads address sbox 1 to 5 to global 1 to 5, address
-! sbox 6 to local6, and addres sbox 8 to out3.
+! sbox 6 to local6, and address sbox 8 to out3.
 !
-! Rotates the halfs 3 left to bring the sbox bits in convenient positions.
+! Rotates the halves 3 left to bring the sbox bits in convenient positions.
 !
 ! Loads key first round from address in parameter 5 to out0, out1.
 !
 ! After the original LibDES initial permutation, the resulting left
 ! is in the variable initially used for right and vice versa. The macro
-! implements the possibility to keep the halfs in the original registers.
+! implements the possibility to keep the halves in the original registers.
 !
 ! parameter 1  left
 ! parameter 2  right
@@ -1182,7 +1182,7 @@ DES_encrypt2:
 	add	%o7,global1,global1
 	sub	global1,.PIC.DES_SPtrans-.des_and,out2
 
-	! Set sbox address 1 to 6 and rotate halfs 3 left
+	! Set sbox address 1 to 6 and rotate halves 3 left
 	! Errors caught by destest? Yes. Still? *NO*
 
 	!sethi	%hi(DES_SPtrans), global1 ! address sbox 1

crypto/err/openssl.txt

@@ -2675,7 +2675,7 @@ PROP_R_NOT_AN_HEXADECIMAL_DIGIT:102:not an hexadecimal digit
 PROP_R_NOT_AN_IDENTIFIER:103:not an identifier
 PROP_R_NOT_AN_OCTAL_DIGIT:104:not an octal digit
 PROP_R_NOT_A_DECIMAL_DIGIT:105:not a decimal digit
-PROP_R_NO_MATCHING_STRING_DELIMETER:106:no matching string delimeter
+PROP_R_NO_MATCHING_STRING_DELIMITER:106:no matching string delimiter
 PROP_R_NO_VALUE:107:no value
 PROP_R_PARSE_FAILED:108:parse failed
 PROP_R_STRING_TOO_LONG:109:string too long

crypto/evp/digest.c

@@ -165,7 +165,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
 
     if (type->prov == NULL) {
 #ifdef FIPS_MODE
-        /* We only do explict fetches inside the FIPS module */
+        /* We only do explicit fetches inside the FIPS module */
         EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_INITIALIZATION_ERROR);
         return 0;
 #else

crypto/evp/e_aes.c

@@ -915,7 +915,7 @@ typedef struct {
                 } icv;
                 unsigned char k[32];
             } kmac_param;
-            /* KMAC-AES paramater block - end */
+            /* KMAC-AES parameter block - end */
 
             union {
                 unsigned long long g[2];
@@ -3228,7 +3228,7 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         return 0;
 
     /*
-     * Impose a limit of 2^20 blocks per data unit as specifed by
+     * Impose a limit of 2^20 blocks per data unit as specified by
      * IEEE Std 1619-2018.  The earlier and obsolete IEEE Std 1619-2007
      * indicated that this was a SHOULD NOT rather than a MUST NOT.
      * NIST SP 800-38E mandates the same limit.

crypto/evp/evp_enc.c

@@ -317,7 +317,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 
     if (cipher->prov == NULL) {
 #ifdef FIPS_MODE
-        /* We only do explict fetches inside the FIPS module */
+        /* We only do explicit fetches inside the FIPS module */
         EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
         return 0;
 #else

crypto/evp/pmeth_gn.c

@@ -78,7 +78,7 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[])
 }
 
 /*
- * TODO(3.0) Re-evalutate the names, it's possible that we find these to be
+ * TODO(3.0) Re-evaluate the names, it's possible that we find these to be
  * better:
  *
  * EVP_PKEY_param_settable()

crypto/property/property_err.c

@@ -24,8 +24,8 @@ static const ERR_STRING_DATA PROP_str_reasons[] = {
     "not an octal digit"},
     {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NOT_A_DECIMAL_DIGIT),
     "not a decimal digit"},
-    {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NO_MATCHING_STRING_DELIMETER),
-    "no matching string delimeter"},
+    {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NO_MATCHING_STRING_DELIMITER),
+    "no matching string delimiter"},
     {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_NO_VALUE), "no value"},
     {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_PARSE_FAILED), "parse failed"},
     {ERR_PACK(ERR_LIB_PROP, 0, PROP_R_STRING_TOO_LONG), "string too long"},

crypto/property/property_parse.c

@@ -203,7 +203,7 @@ static int parse_string(OPENSSL_CTX *ctx, const char *t[], char delim,
         s++;
     }
     if (*s == '\0') {
-        ERR_raise_data(ERR_LIB_PROP, PROP_R_NO_MATCHING_STRING_DELIMETER,
+        ERR_raise_data(ERR_LIB_PROP, PROP_R_NO_MATCHING_STRING_DELIMITER,
                        "HERE-->%c%s", delim, *t);
         return 0;
     }
@@ -492,7 +492,7 @@ int ossl_property_match_count(const OSSL_PROPERTY_LIST *query,
 
         /*
          * Handle the cases of a missing value and a query with no corresponding
-         * definition.  The former fails for any comparision except inequality,
+         * definition.  The former fails for any comparison except inequality,
          * the latter is treated as a comparison against the Boolean false.
          */
         if (q[i].type == PROPERTY_TYPE_VALUE_UNDEFINED) {

crypto/rand/rand_vms.c

@@ -488,7 +488,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool)
     /*
      * Add process id, thread id, and a high resolution timestamp
      * (where available, which is OpenVMS v8.4 and up) to ensure that
-     * the nonce is unique whith high probability for different process
+     * the nonce is unique with high probability for different process
      * instances.
      */
     data.pid = getpid();

crypto/rand/rand_win.c

@@ -133,7 +133,7 @@ int rand_pool_add_nonce_data(RAND_POOL *pool)
 
     /*
      * Add process id, thread id, and a high resolution timestamp to
-     * ensure that the nonce is unique whith high probability for
+     * ensure that the nonce is unique with high probability for
      * different process instances.
      */
     data.pid = GetCurrentProcessId();

crypto/rsa/rsa_sp800_56b_check.c

@@ -101,7 +101,7 @@ int rsa_check_prime_factor_range(const BIGNUM *p, int nbits, BN_CTX *ctx)
     if (shift >= 0) {
         /*
          * We don't have all the bits. bn_inv_sqrt_2 contains a rounded up
-         * value, so there is a very low probabilty that we'll reject a valid
+         * value, so there is a very low probability that we'll reject a valid
          * value.
          */
         if (!BN_lshift(low, low, shift))

crypto/serializer/serializer_meth.c

@@ -450,7 +450,7 @@ const OSSL_PARAM *OSSL_SERIALIZER_settable_ctx_params(OSSL_SERIALIZER *ser)
 /*
  * |ser| value NULL is valid, and signifies that there is no serializer.
  * This is useful to provide fallback mechanisms.
- *  Funtions that want to verify if there is a serializer can do so with
+ *  Functions that want to verify if there is a serializer can do so with
  * OSSL_SERIALIZER_CTX_get_serializer()
  */
 OSSL_SERIALIZER_CTX *OSSL_SERIALIZER_CTX_new(OSSL_SERIALIZER *ser)

doc/internal/man3/ossl_init_thread_deregister.pod

@@ -32,7 +32,7 @@ thread local variable and then register a stop handler. When the thread is
 stopping the stop handler is called (while on that thread) and the code can
 clean up the value stored in the thread local variable.
 
-A new stop handler is registerd using the function ossl_init_thread_start().
+A new stop handler is registered using the function ossl_init_thread_start().
 The I<index> parameter should be a unique value that can be used to identify a
 set of common stop handlers and is passed in a later call to
 ossl_init_thread_deregister. If no later call to ossl_init_thread_deregister is

doc/internal/man3/ossl_provider_new.pod

@@ -261,7 +261,7 @@ ossl_provider_library_context() return a pointer to the library context.
 This may be NULL, and is perfectly valid, as it denotes the default
 global library context.
 
-ossl_provider_teardown() doesnt't return any value.
+ossl_provider_teardown() doesn't return any value.
 
 ossl_provider_gettable_params() returns a pointer to a constant
 I<OSSL_PARAM> array if this function is available in the provider,

doc/internal/man7/build.info.pod

@@ -73,7 +73,7 @@ generators, and are used to specify exactly what end product files
 (programs, libraries, modules or scripts) are to be produced, and from
 what sources.
 
-Intermediate files, such as object files, are seldom refered to at
+Intermediate files, such as object files, are seldom referred to at
 all.  They sometimes can be, if there's a need, but this should happen
 very rarely, and support for that sort of thing is added on as-needed
 basis.
@@ -534,7 +534,7 @@ dependency is maintained:
 
     DEPEND[libfoo.a]{weak}=libfoo.a libcookie.a 
 
-This is useful in complex dependecy trees where two libraries can be
+This is useful in complex dependency trees where two libraries can be
 used as alternatives for each other.  In this example, C<lib1.a> and
 C<lib2.a> have alternative implementations of the same thing, and
 C<libmandatory.a> has unresolved references to that same thing, and is

doc/man1/openssl.pod

@@ -778,7 +778,7 @@ client.
 
 =item B<-xcertform> B<DER>|B<PEM>, B<-xkeyform> B<DER>|B<PEM>
 
-The input format for the extra certifcate and key, respectively.
+The input format for the extra certificate and key, respectively.
 See L<openssl(1)/Format Options> for details.
 
 =back

doc/man3/ASYNC_WAIT_CTX_new.pod

@@ -187,7 +187,7 @@ ASYNC_WAIT_CTX_set_wait_fd, ASYNC_WAIT_CTX_get_fd, ASYNC_WAIT_CTX_get_all_fds,
 ASYNC_WAIT_CTX_get_changed_fds, ASYNC_WAIT_CTX_clear_fd,
 ASYNC_WAIT_CTX_set_callback, ASYNC_WAIT_CTX_get_callback and
 ASYNC_WAIT_CTX_set_status all return 1 on success or 0 on error.
-ASYNC_WAIT_CTX_get_status() returs the engine status.
+ASYNC_WAIT_CTX_get_status() returns the engine status.
 
 
 =head1 NOTES

doc/man3/ERR_new.pod

@@ -27,7 +27,7 @@ ERR_set_debug() sets the debug information related to the current
 error in the thread's error queue.
 The values that can be given are the filename I<file>, line in the
 file I<line> and the name of the function I<func> where the error
-occured.
+occurred.
 The names must be constant, this function will only save away the
 pointers, not copy the strings.
 

doc/man3/ERR_put_error.pod

@@ -23,9 +23,9 @@ Deprecated since OpenSSL 3.0:
 =head1 DESCRIPTION
 
 ERR_raise() adds a new error to the thread's error queue.  The
-error occured in the library B<lib> for the reason given by the
+error occurred in the library B<lib> for the reason given by the
 B<reason> code.  Furthermore, the name of the file, the line, and name
-of the function where the error occured is saved with the error
+of the function where the error occurred is saved with the error
 record.
 
 ERR_raise_data() does the same thing as ERR_raise(), but also lets the

doc/man3/EVP_EncryptInit.pod

@@ -299,7 +299,7 @@ B<params> from CIPHER context B<ctx>.
 
 EVP_CIPHER_gettable_params(), EVP_CIPHER_gettable_ctx_params(), and
 EVP_CIPHER_settable_ctx_params() get a constant B<OSSL_PARAM> array
-that decribes the retrievable and settable parameters, i.e. parameters
+that describes the retrievable and settable parameters, i.e. parameters
 that can be used with EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params()
 and EVP_CIPHER_CTX_set_params(), respectively.
 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.

doc/man3/EVP_KDF.pod

@@ -122,7 +122,7 @@ defined by the implementation.
 
 EVP_KDF_gettable_params(), EVP_KDF_gettable_ctx_params() and
 EVP_KDF_settable_ctx_params() get a constant B<OSSL_PARAM> array that
-decribes the retrievable and settable parameters, i.e. parameters that
+describes the retrievable and settable parameters, i.e. parameters that
 can be used with EVP_KDF_get_params(), EVP_KDF_CTX_get_params()
 and EVP_KDF_CTX_set_params(), respectively.
 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.

doc/man3/EVP_MAC.pod

@@ -151,7 +151,7 @@ defined by the implementation.
 
 EVP_MAC_gettable_params(), EVP_MAC_gettable_ctx_params() and
 EVP_MAC_settable_ctx_params() get a constant B<OSSL_PARAM> array that
-decribes the retrievable and settable parameters, i.e. parameters that
+describes the retrievable and settable parameters, i.e. parameters that
 can be used with EVP_MAC_get_params(), EVP_MAC_CTX_get_params()
 and EVP_MAC_CTX_set_params(), respectively.
 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.

doc/man3/EVP_PKEY_CTX_ctrl.pod

@@ -198,7 +198,7 @@ The internal algorithm that supports this parameter is DSA.
 =back
 
 EVP_PKEY_CTX_gettable_params() and EVP_PKEY_CTX_settable_params() gets a
-constant B<OSSL_PARAM> array that decribes the  gettable and
+constant B<OSSL_PARAM> array that describes the  gettable and
 settable parameters for the current algorithm implementation, i.e. parameters
 that can be used with EVP_PKEY_CTX_get_params() and EVP_PKEY_CTX_set_params()
 respectively.

doc/man3/OPENSSL_FILE.pod

@@ -28,7 +28,7 @@ currently being compiled, as far as language and compiler versions allow.
 Otherwise, it yields "(unknown function)".
 
 The macro B<OPENSSL_MSTR> yields the expansion of the macro given as argument,
-which is useful for concatentation with string constants.
+which is useful for concatenation with string constants.
 The macro B<OPENSSL_MSTR_HELPER> is an auxiliary macro for this purpose.
 
 =head1 RETURN VALUES

doc/man3/OSSL_trace_set_channel.pod

@@ -130,11 +130,11 @@ registered very early with L<atexit(3)>.
 
 =item C<OSSL_TRACE_CATEGORY_TLS>
 
-Traces the TLS/SSL protocoll.
+Traces the TLS/SSL protocol.
 
 =item C<OSSL_TRACE_CATEGORY_TLS_CIPHER>
 
-Traces the ciphers used by the TLS/SSL protocoll.
+Traces the ciphers used by the TLS/SSL protocol.
 
 =item C<OSSL_TRACE_CATEGORY_ENGINE_CONF>
 

doc/man3/RAND_set_rand_method.pod

@@ -48,7 +48,7 @@ Each pointer may be NULL if the function is not implemented.
 
 =head1 RETURN VALUES
 
-RAND_set_rand_method() returns 1 on success and 0 on failue.
+RAND_set_rand_method() returns 1 on success and 0 on failure.
 RAND_get_rand_method() and RAND_OpenSSL() return pointers to the respective
 methods.
 

doc/man3/SSL_CTX_set_srp_password.pod

@@ -81,7 +81,7 @@ L<SRP_create_verifier(3)> to generate it.
 The callback should return B<SSL_ERROR_NONE> to proceed with the server key exchange,
 B<SSL3_AL_FATAL> for a fatal error or any value < 0 for a retryable error.
 In the event of a B<SSL3_AL_FATAL> the alert flag given by B<*al> will be sent
-back. By default this will be B<SSL_AD_UNKOWN_PSK_IDENTITY>.
+back. By default this will be B<SSL_AD_UNKNOWN_PSK_IDENTITY>.
 
 The SSL_CTX_set_srp_client_pwd_callback() function sets the client password
 callback on the client.

doc/man7/openssl-env.pod

@@ -26,7 +26,7 @@ See L<openssl-rehash(1)/Script Configuration>.
 
 =item B<OPENSSL_CONF>
 
-Specfies the path to a configuration file.
+Specifies the path to a configuration file.
 See L<openssl(1)> and L<config(5)>.
 
 =item B<OPENSSL_ENGINES>

doc/man7/provider-base.pod

@@ -159,7 +159,7 @@ This corresponds to the OpenSSL function L<ERR_new(3)>.
 sets debugging information in the current thread specific error
 record.
 The debugging information includes the name of the file I<file>, the
-line I<line> and the function name I<func> where the error occured.
+line I<line> and the function name I<func> where the error occurred.
 
 This corresponds to the OpenSSL function L<ERR_set_debug(3)>.
 
@@ -173,7 +173,7 @@ The additional data is given as a format string I<fmt> and a set of
 arguments I<args>, which are treated in the same manner as with
 BIO_vsnprintf().
 I<file> and I<line> may also be passed to indicate exactly where the
-error occured or was reported.
+error occurred or was reported.
 
 This corresponds to the OpenSSL function L<ERR_vset_error(3)>.
 

doc/man7/provider-cipher.pod

@@ -288,7 +288,7 @@ that varies with every record.
 Setting a TLS fixed IV changes a cipher to encrypt/decrypt TLS records.
 TLS records are encrypted/decrypted using a single OP_cipher_cipher call per
 record.
-For a record decryption the first bytes of the input buffer will be the explict
+For a record decryption the first bytes of the input buffer will be the explicit
 part of the IV and the final bytes of the input buffer will be the AEAD tag.
 The length of the explicit part of the IV and the tag length will depend on the
 cipher in use and will be defined in the RFC for the relevant ciphersuite.

doc/man7/provider-keyexch.pod

@@ -87,7 +87,7 @@ OP_keyexch_newctx() should create and return a pointer to a provider side
 structure for holding context information during a key exchange operation.
 A pointer to this context will be passed back in a number of the other key
 exchange operation function calls.
-The paramater I<provctx> is the provider context generated during provider
+The parameter I<provctx> is the provider context generated during provider
 initialisation (see L<provider(7)>).
 
 OP_keyexch_freectx() is passed a pointer to the provider side key exchange
@@ -100,7 +100,7 @@ the I<ctx> parameter and return the duplicate copy.
 =head2 Shared Secret Derivation Functions
 
 OP_keyexch_init() initialises a key exchange operation given a provider side key
-exchange context in the I<ctx> paramter, and a pointer to a provider key object
+exchange context in the I<ctx> parameter, and a pointer to a provider key object
 in the I<provkey> parameter. The key object should have been previously
 generated, loaded or imported into the provider using the key management
 (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
@@ -153,7 +153,7 @@ possible secret size.
 =back
 
 OP_keyexch_settable_ctx_params() gets a constant B<OSSL_PARAM> array that
-decribes the settable parameters, i.e. parameters that can be used with
+describes the settable parameters, i.e. parameters that can be used with
 OP_signature_set_ctx_params().
 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
 

doc/man7/provider-mac.pod

@@ -93,7 +93,7 @@ OP_mac_newctx() should create and return a pointer to a provider side
 structure for holding context information during a mac operation.
 A pointer to this context will be passed back in a number of the other mac
 operation function calls.
-The paramater I<provctx> is the provider context generated during provider
+The parameter I<provctx> is the provider context generated during provider
 initialisation (see L<provider(7)>).
 
 OP_mac_freectx() is passed a pointer to the provider side mac context in
@@ -108,7 +108,7 @@ I<mctx> parameter and return the duplicate copy.
 =head2 Encryption/Decryption Functions
 
 OP_mac_init() initialises a mac operation given a newly created provider
-side mac context in the I<mctx> paramter.
+side mac context in the I<mctx> parameter.
 
 OP_mac_update() is called to supply data for MAC computation of a previously
 initialised mac operation.

doc/man7/provider-signature.pod

@@ -209,7 +209,7 @@ The length of the "digest-size" parameter should not exceed that of a B<size_t>.
 =back
 
 OP_signature_gettable_ctx_params() and OP_signature_settable_ctx_params() get a
-constant B<OSSL_PARAM> array that decribes the gettable and settable parameters,
+constant B<OSSL_PARAM> array that describes the gettable and settable parameters,
 i.e. parameters that can be used with OP_signature_get_ctx_params() and
 OP_signature_set_ctx_params() respectively.
 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.

include/internal/propertyerr.h

@@ -43,7 +43,7 @@ int ERR_load_PROP_strings(void);
 # define PROP_R_NOT_AN_IDENTIFIER                         103
 # define PROP_R_NOT_AN_OCTAL_DIGIT                        104
 # define PROP_R_NOT_A_DECIMAL_DIGIT                       105
-# define PROP_R_NO_MATCHING_STRING_DELIMETER              106
+# define PROP_R_NO_MATCHING_STRING_DELIMITER              106
 # define PROP_R_NO_VALUE                                  107
 # define PROP_R_PARSE_FAILED                              108
 # define PROP_R_STRING_TOO_LONG                           109

include/openssl/core_numbers.h

@@ -29,7 +29,7 @@ extern "C" {
  * Names:
  * for any function base name 'foo' (uppercase form 'FOO'), we will have
  * the following:
- * - a macro for the identity with the name OSSL_FUNC_'FOO' or derivates
+ * - a macro for the identity with the name OSSL_FUNC_'FOO' or derivatives
  *   thereof (to be specified further down)
  * - a function signature typedef with the name OSSL_'foo'_fn
  * - a function pointer extractor function with the name OSSL_'foo'

providers/build.info

@@ -16,7 +16,7 @@
 #                       needed both by non-legacy and legacy code.
 #
 # libimplementations.a  Contains all non-legacy implementations.
-# liblegacy.a           Contains all legacy implementaions.
+# liblegacy.a           Contains all legacy implementations.
 #
 # libfips.a             Contains all things needed to support
 #                       FIPS implementations, such as code from

providers/implementations/ciphers/cipher_aes_xts.c

@@ -152,7 +152,7 @@ static int aes_xts_cipher(void *vctx, unsigned char *out, size_t *outl,
         return 0;
 
     /*
-     * Impose a limit of 2^20 blocks per data unit as specifed by
+     * Impose a limit of 2^20 blocks per data unit as specified by
      * IEEE Std 1619-2018.  The earlier and obsolete IEEE Std 1619-2007
      * indicated that this was a SHOULD NOT rather than a MUST NOT.
      * NIST SP 800-38E mandates the same limit.

providers/implementations/ciphers/cipher_tdes_wrap.c

@@ -14,7 +14,7 @@
 #include "prov/implementations.h"
 #include "prov/providercommonerr.h"
 
-/* TODO (3.0) Figure out what flags are requred */
+/* TODO (3.0) Figure out what flags are required */
 #define TDES_WRAP_FLAGS (EVP_CIPH_WRAP_MODE | EVP_CIPH_CUSTOM_IV)
 
 

ssl/record/ssl3_record.c

@@ -870,7 +870,7 @@ int ssl3_do_compress(SSL *ssl, SSL3_RECORD *wr)
  * SSLfatal() for internal errors, but not otherwise.
  *
  * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *   0: (in non-constant time) if the record is publicly invalid (i.e. too
  *       short etc).
  *   1: if the record's padding is valid / the encryption was successful.
  *   -1: if the record's padding is invalid or, if sending, an internal error
@@ -961,7 +961,7 @@ int ssl3_enc(SSL *s, SSL3_RECORD *inrecs, size_t n_recs, int sending)
  * internal errors, but not otherwise.
  *
  * Returns:
- *   0: (in non-constant time) if the record is publically invalid (i.e. too
+ *   0: (in non-constant time) if the record is publicly invalid (i.e. too
  *       short etc).
  *   1: if the record's padding is valid / the encryption was successful.
  *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
@@ -1108,7 +1108,7 @@ int tls1_enc(SSL *s, SSL3_RECORD *recs, size_t n_recs, int sending)
             } else if ((bs != 1) && sending) {
                 padnum = bs - (reclen[ctr] % bs);
 
-                /* Add weird padding of upto 256 bytes */
+                /* Add weird padding of up to 256 bytes */
 
                 if (padnum > MAX_PADDING) {
                     SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS1_ENC,
@@ -1688,7 +1688,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
     enc_err = s->method->ssl3_enc->enc(s, rr, 1, 0);
     /*-
      * enc_err is:
-     *    0: (in non-constant time) if the record is publically invalid.
+     *    0: (in non-constant time) if the record is publicly invalid.
      *    1: if the padding is valid
      *   -1: if the padding is invalid
      */

ssl/record/ssl3_record_tls13.c

@@ -16,7 +16,7 @@
  * internal errors, but not otherwise.
  *
  * Returns:
- *    0: (in non-constant time) if the record is publically invalid (i.e. too
+ *    0: (in non-constant time) if the record is publicly invalid (i.e. too
  *        short etc).
  *    1: if the record encryption was successful.
  *   -1: if the record's AEAD-authenticator is invalid or, if sending,

ssl/t1_enc.c

@@ -641,7 +641,7 @@ int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
         unsigned char hash[EVP_MAX_MD_SIZE * 2];
         size_t hashlen;
         /*
-         * Digest cached records keeping record buffer (if present): this wont
+         * Digest cached records keeping record buffer (if present): this won't
          * affect client auth because we're freezing the buffer at the same
          * point (after client key exchange and before certificate verify)
          */

test/bntest.c

@@ -2054,7 +2054,7 @@ static int test_rand_range(void)
         n_success += test_rand_range_single(i);
     if (TEST_int_ge(n_success, binomial_critical))
         return 1;
-    TEST_note("This test is expeced to fail by chance 0.01%% of the time.");
+    TEST_note("This test is expected to fail by chance 0.01%% of the time.");
     return 0;
 }
 

test/build.info

@@ -6,7 +6,7 @@ SUBDIRS=ossl_shim
 # Most of all, ../apps/lib/apps.c needs to be divided in smaller pieces to
 # be useful here.
 #
-# Auxilliary program source (copied from ../apps/build.info)
+# Auxiliary program source (copied from ../apps/build.info)
 IF[{- $config{target} =~ /^(?:VC-|mingw)/ -}]
   # It's called 'init', but doesn't have much 'init' in it...
   $AUXLIBAPPSSRC=../apps/lib/win32_init.c

util/find-doc-nits

@@ -238,7 +238,7 @@ sub check_head_style {
 my $markup_re =
     qr/(                        # Capture group
            [BIL]<               # The start of what we recurse on
-           (?:(?-1)|.)*?        # recurse the whole regexp (refering to
+           (?:(?-1)|.)*?        # recurse the whole regexp (referring to
                                 # the last opened capture group, i.e. the
                                 # start of this regexp), or pick next
                                 # character.  Do NOT be greedy!

util/perl/OpenSSL/Ordinals.pm

@@ -242,7 +242,7 @@ block.
 
 =item B<< filter => FILTERFUNCTION >>
 
-FILTERFUNTION is a reference to a function that takes one argument, which
+FILTERFUNCTION is a reference to a function that takes one argument, which
 is every OpenSSL::Ordinals::Item element available.
 
 =back

util/perl/TLSProxy/Proxy.pm

@@ -452,7 +452,7 @@ sub clientstart
     } else {
         # It's a bit counter-intuitive spot to make next connection to
         # the s_server. Rationale is that established connection works
-        # as syncronization point, in sense that this way we know that
+        # as synchronization point, in sense that this way we know that
         # s_server is actually done with current session...
         $self->connect_to_server();
     }