More typo fixes

Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)

CHANGES

@@ -466,7 +466,7 @@
   *) Add X25519 support.
      Add ASN.1 and EVP_PKEY methods for X25519. This includes support
      for public and private key encoding using the format documented in
-     draft-ietf-curdle-pkix-02. The coresponding EVP_PKEY method supports
+     draft-ietf-curdle-pkix-02. The corresponding EVP_PKEY method supports
      key generation and key derivation.
 
      TLS support complies with draft-ietf-tls-rfc4492bis-08 and uses

Configure

@@ -2580,7 +2580,7 @@ sub isabsolute {
     # On non-platforms, we just use file_name_is_absolute().
     return file_name_is_absolute($file) unless $^O eq "VMS";
 
-    # If the file spec includes a device or a directpry spec,
+    # If the file spec includes a device or a directory spec,
     # file_name_is_absolute() is perfectly safe.
     return file_name_is_absolute($file) if $file =~ m|[:\[]|;
 

NOTES.VMS

@@ -77,7 +77,7 @@
     $ set image /flag=call_debug [.test]evp_test.exe
 
  Then just run it and you will find yourself in a debugging session.
- When done, we recomment that you turn that flag back off:
+ When done, we recommend that you turn that flag back off:
 
     $ set image /flag=nocall_debug [.test]evp_test.exe
 

apps/passwd.c

@@ -70,7 +70,7 @@ typedef enum OPTION_choice {
 
 const OPTIONS passwd_options[] = {
     {"help", OPT_HELP, '-', "Display this summary"},
-    {"in", OPT_IN, '<', "Pead passwords from file"},
+    {"in", OPT_IN, '<', "Read passwords from file"},
     {"noverify", OPT_NOVERIFY, '-',
      "Never verify when reading password from terminal"},
     {"quiet", OPT_QUIET, '-', "No warnings"},

crypto/aes/asm/aesni-sha1-x86_64.pl

@@ -315,7 +315,7 @@ ___
     $r++;	unshift(@rndkey,pop(@rndkey));
 };
 
-sub Xupdate_ssse3_16_31()		# recall that $Xi starts wtih 4
+sub Xupdate_ssse3_16_31()		# recall that $Xi starts with 4
 { use integer;
   my $body = shift;
   my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
@@ -1188,7 +1188,7 @@ ___
     $r++;	unshift(@rndkey,pop(@rndkey));
 };
 
-sub Xupdate_avx_16_31()		# recall that $Xi starts wtih 4
+sub Xupdate_avx_16_31()		# recall that $Xi starts with 4
 { use integer;
   my $body = shift;
   my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions

crypto/bio/b_addr.c

@@ -762,7 +762,7 @@ int BIO_lookup(const char *host, const char *service,
                  * it was errno. To minimize mixup add 1000. Underlying
                  * reason for this is that hstrerror is declared obsolete,
                  * not to mention that a) h_errno is not always guaranteed
-                 * to be meanigless; b) hstrerror can reside in yet another
+                 * to be meaningless; b) hstrerror can reside in yet another
                  * library, linking for sake of hstrerror is an overkill;
                  * c) this path is not executed on contemporary systems
                  * anyway [above getaddrinfo/gai_strerror is]. We just let

crypto/bn/asm/sparcv9-mont.pl

@@ -30,7 +30,7 @@
 # instructions...
 
 # (*)	Engine accessing the driver in question is on my TODO list.
-#	For reference, acceleator is estimated to give 6 to 10 times
+#	For reference, accelerator is estimated to give 6 to 10 times
 #	improvement on single-threaded RSA sign. It should be noted
 #	that 6-10x improvement coefficient does not actually mean
 #	something extraordinary in terms of absolute [single-threaded]

crypto/pem/pem_lib.c

@@ -316,7 +316,7 @@ int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
         dsize = 0;
         goto err;
     }
-    /* dzise + 8 bytes are needed */
+    /* dsize + 8 bytes are needed */
     /* actually it needs the cipher block size extra... */
     data = OPENSSL_malloc((unsigned int)dsize + 20);
     if (data == NULL) {

crypto/sha/asm/sha1-586.pl

@@ -661,7 +661,7 @@ my $_ror=sub { &ror(@_) };
 	&jmp	(&label("loop"));
 
 ######################################################################
-# SSE instruction sequence is first broken to groups of indepentent
+# SSE instruction sequence is first broken to groups of independent
 # instructions, independent in respect to their inputs and shifter
 # (not all architectures have more than one). Then IALU instructions
 # are "knitted in" between the SSE groups. Distance is maintained for
@@ -670,14 +670,14 @@ my $_ror=sub { &ror(@_) };
 #
 # Temporary registers usage. X[2] is volatile at the entry and at the
 # end is restored from backtrace ring buffer. X[3] is expected to
-# contain current K_XX_XX constant and is used to caclulate X[-1]+K
+# contain current K_XX_XX constant and is used to calculate X[-1]+K
 # from previous round, it becomes volatile the moment the value is
 # saved to stack for transfer to IALU. X[4] becomes volatile whenever
 # X[-4] is accumulated and offloaded to backtrace ring buffer, at the
 # end it is loaded with next K_XX_XX [which becomes X[3] in next
 # round]...
 #
-sub Xupdate_ssse3_16_31()		# recall that $Xi starts wtih 4
+sub Xupdate_ssse3_16_31()		# recall that $Xi starts with 4
 { use integer;
   my $body = shift;
   my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
@@ -1200,7 +1200,7 @@ my $_ror=sub { &shrd(@_[0],@_) };
 	&and	(@T[0],@T[1]);
 	&jmp	(&label("loop"));
 
-sub Xupdate_avx_16_31()		# recall that $Xi starts wtih 4
+sub Xupdate_avx_16_31()		# recall that $Xi starts with 4
 { use integer;
   my $body = shift;
   my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions

crypto/sha/asm/sha1-x86_64.pl

@@ -577,7 +577,7 @@ sub AUTOLOAD()		# thunk [simplified] 32-bit style perlasm
     $code .= "\t$opcode\t".join(',',$arg,reverse @_)."\n";
 }
 
-sub Xupdate_ssse3_16_31()		# recall that $Xi starts wtih 4
+sub Xupdate_ssse3_16_31()		# recall that $Xi starts with 4
 { use integer;
   my $body = shift;
   my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
@@ -1042,7 +1042,7 @@ $code.=<<___;
 	jmp	.Loop_avx
 ___
 
-sub Xupdate_avx_16_31()		# recall that $Xi starts wtih 4
+sub Xupdate_avx_16_31()		# recall that $Xi starts with 4
 { use integer;
   my $body = shift;
   my @insns = (&$body,&$body,&$body,&$body);	# 40 instructions
@@ -1526,7 +1526,7 @@ sub bodyx_40_59 () {	# 10 instructions, 3 cycles critical path
 	)
 }
 
-sub Xupdate_avx2_16_31()		# recall that $Xi starts wtih 4
+sub Xupdate_avx2_16_31()		# recall that $Xi starts with 4
 { use integer;
   my $body = shift;
   my @insns = (&$body,&$body,&$body,&$body,&$body);	# 35 instructions

crypto/x86cpuid.pl

@@ -283,7 +283,7 @@ for (@ARGV) { $sse2=1 if (/-DOPENSSL_IA32_SSE2/); }
 &set_label("spin");
 	&lea	("ebx",&DWP(0,"eax","ecx"));
 	&nop	();
-	&data_word(0x1ab10ff0);	# lock;	cmpxchg	%ebx,(%edx)	# %eax is envolved and is always reloaded
+	&data_word(0x1ab10ff0);	# lock;	cmpxchg	%ebx,(%edx)	# %eax is involved and is always reloaded
 	&jne	(&label("spin"));
 	&mov	("eax","ebx");	# OpenSSL expects the new value
 	&pop	("ebx");

doc/README

@@ -2,7 +2,7 @@
 README  This file
 
 fingerprints.txt
-        PGP fingerprints of authoried release signers
+        PGP fingerprints of authorised release signers
 
 standards.txt
         Moved to the web, https://www.openssl.org/docs/standards.html

doc/man3/BN_rand.pod

@@ -21,7 +21,7 @@ BN_rand, BN_pseudo_rand, BN_rand_range, BN_pseudo_rand_range - generate pseudo-r
 BN_rand() generates a cryptographically strong pseudo-random number of
 B<bits> in length and stores it in B<rnd>.
 If B<bits> is less than zero, or too small to
-accomodate the requirements specified by the B<top> and B<bottom>
+accommodate the requirements specified by the B<top> and B<bottom>
 parameters, an error is returned.
 The B<top> parameters specifies
 requirements on the most significant bit of the generated number.

doc/man3/SCT_new.pod

@@ -162,7 +162,7 @@ SCT_set_version() returns 1 if the specified version is supported, 0 otherwise.
 SCT_set_log_entry_type() returns 1 if the specified log entry type is supported, 0 otherwise.
 
 SCT_set0_log_id() and B<SCT_set1_log_id> return 1 if the specified LogID is a
-valid SHA-256 hash, 0 otherwise. Aditionally, B<SCT_set1_log_id> returns 0 if
+valid SHA-256 hash, 0 otherwise. Additionally, B<SCT_set1_log_id> returns 0 if
 malloc fails.
 
 B<SCT_set_signature_nid> returns 1 if the specified NID is supported, 0 otherwise.

doc/man3/SSL_SESSION_get0_peer.pod

@@ -20,7 +20,7 @@ returned value (unless L<X509_up_ref(3)> has also been called).
 =head1 RETURN VALUES
 
 SSL_SESSION_get0_peer() returns a pointer to the peer certificate or NULL if
-no peer certificat is available.
+no peer certificate is available.
 
 =head1 SEE ALSO
 

doc/man3/SSL_set_bio.pod

@@ -63,7 +63,7 @@ previously set value, then no additional references are consumed.
 =item *
 
 If the rbio and wbio parameters are different and the rbio is the same as the
-previously set value then one reference is consumbed for the wbio and no
+previously set value then one reference is consumed for the wbio and no
 references are consumed for the rbio.
 
 =item *

doc/man3/X509_VERIFY_PARAM_set_flags.pod

@@ -269,7 +269,7 @@ is used to specify a verification time, the check is not suppressed.
 
 =head1 INHERITANCE FLAGS
 
-These flags spevify how parameters are "inherited" from one structure to
+These flags specify how parameters are "inherited" from one structure to
 another.
 
 If B<X509_VP_FLAG_ONCE> is set then the current setting is zeroed

doc/man7/X25519.pod

@@ -36,7 +36,7 @@ output in PEM format:
  EVP_PKEY_CTX_free(pctx);
  PEM_write_PrivateKey(stdout, pkey, NULL, NULL, 0, NULL, NULL);
 
-The key derviation example in L<EVP_PKEY_derive(3)> can be used with
+The key derivation example in L<EVP_PKEY_derive(3)> can be used with
 B<X25519>.
 
 =head1 SEE ALSO

include/internal/dso.h

@@ -139,7 +139,7 @@ DSO_METHOD *DSO_METHOD_openssl(void);
  * This function writes null-terminated pathname of DSO module containing
  * 'addr' into 'sz' large caller-provided 'path' and returns the number of
  * characters [including trailing zero] written to it. If 'sz' is 0 or
- * negative, 'path' is ignored and required amount of charachers [including
+ * negative, 'path' is ignored and required amount of characters [including
  * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then
  * pathname of cryptolib itself is returned. Negative or zero return value
  * denotes error.

include/openssl/bio.h

@@ -170,7 +170,7 @@ extern "C" {
 /*
  * This is used with memory BIOs:
  * BIO_FLAGS_MEM_RDONLY means we shouldn't free up or change the data in any way;
- * BIO_FLAGS_NONCLEAR_RST means we should't clear data on reset.
+ * BIO_FLAGS_NONCLEAR_RST means we shouldn't clear data on reset.
  */
 # define BIO_FLAGS_MEM_RDONLY    0x200
 # define BIO_FLAGS_NONCLEAR_RST  0x400

include/openssl/objects.h

@@ -91,7 +91,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
  * const void *a_;
  * const nid_triple const *a = a_;
  *
- * The assignement discards a const because what you really want is:
+ * The assignment discards a const because what you really want is:
  *
  * const int const * const *a = a_;
  *
@@ -99,7 +99,7 @@ const void *OBJ_bsearch_ex_(const void *key, const void *base, int num,
  * which breaks comparison functions.
  *
  * Thus we end up having to cast, sadly, or unpack the
- * declarations. Or, as I finally did in this case, delcare nid_triple
+ * declarations. Or, as I finally did in this case, declare nid_triple
  * to be a struct, which it should have been in the first place.
  *
  * Ben, August 2008.

include/openssl/ui.h

@@ -207,7 +207,7 @@ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth);
 UI_METHOD *UI_OpenSSL(void);
 
 /*
- * NULL method.  Literarily does nothing, but may serve as a placeholder
+ * NULL method.  Literally does nothing, but may serve as a placeholder
  * to avoid internal default.
  */
 const UI_METHOD *UI_null(void);

include/openssl/x509.h

@@ -641,7 +641,7 @@ int X509_get_signature_type(const X509 *x);
 
 /*
  * This one is only used so that a binary form can output, as in
- * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf)
+ * i2d_X509_NAME(X509_get_X509_PUBKEY(x), &buf)
  */
 X509_PUBKEY *X509_get_X509_PUBKEY(const X509 *x);
 const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);

ssl/record/ssl3_record.c

@@ -1662,8 +1662,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
 }
 
 /*
- * retrieve a buffered record that belongs to the current epoch, ie,
+ * Retrieve a buffered record that belongs to the current epoch, i.e. processed
- * processed
  */
 #define dtls1_get_processed_record(s) \
                    dtls1_retrieve_buffered_record((s), \

ssl/ssl_lib.c

@@ -741,7 +741,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
 {
     /*
      * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
-     * we can "construct" a session to give us the desired check - ie. to
+     * we can "construct" a session to give us the desired check - i.e. to
      * find if there's a session in the hash table that would conflict with
      * any new session built out of this id/id_len and the ssl_version in use
      * by this SSL.
@@ -2546,8 +2546,8 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
 }
 
 /*
- * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from
+ * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
- * |ssl|. On return it sets |*data| to point to |*len| bytes of protocol name
+ * On return it sets |*data| to point to |*len| bytes of protocol name
  * (not including the leading length-prefix byte). If the server didn't
  * respond with a negotiated protocol then |*len| will be zero.
  */
@@ -3147,10 +3147,7 @@ int SSL_get_error(const SSL *s, int i)
     }
 
     if (SSL_want_write(s)) {
-        /*
+        /* Access wbio directly - in order to use the buffered bio if present */
-         * Access wbio directly - in order to use the buffered bio if
-         * present
-         */
         bio = s->wbio;
         if (BIO_should_write(bio))
             return (SSL_ERROR_WANT_WRITE);
@@ -3893,7 +3890,7 @@ void SSL_set_not_resumable_session_callback(SSL *ssl,
 /*
  * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
  * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
- * If EVP_MD pointer is passed, initializes ctx with this md.
+ * If EVP_MD pointer is passed, initializes ctx with this |md|.
  * Returns the newly allocated ctx;
  */
 

ssl/statem/extensions.c

@@ -325,7 +325,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
  * Verify whether we are allowed to use the extension |type| in the current
  * |context|. Returns 1 to indicate the extension is allowed or unknown or 0 to
  * indicate the extension is not allowed. If returning 1 then |*found| is set to
- * 1 if we found a definition for the extension, and |*idx| is set to its index
+ * the definition for the extension we found.
  */
 static int verify_extension(SSL *s, unsigned int context, unsigned int type,
                             custom_ext_methods *meths, RAW_EXTENSION *rawexlist,

ssl/statem/statem_clnt.c

@@ -1983,7 +1983,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
         goto err;
     }
 
-    /* test non-zero pupkey */
+    /* test non-zero pubkey */
     if (BN_is_zero(bnpub_key)) {
         *al = SSL_AD_DECODE_ERROR;
         SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_BAD_DH_VALUE);

ssl/statem/statem_srvr.c

@@ -659,7 +659,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
     case TLS_ST_SW_SRVR_HELLO:
         if (SSL_IS_DTLS(s)) {
             /*
-             * Messages we write from now on should be bufferred and
+             * Messages we write from now on should be buffered and
              * retransmitted if necessary, so we need to use the timer now
              */
             st->use_timer = 1;

ssl/t1_lib.c

@@ -1841,7 +1841,7 @@ static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x)
  * attempting to use them.
  */
 
-/* Flags which need to be set for a certificate when stict mode not set */
+/* Flags which need to be set for a certificate when strict mode not set */
 
 #define CERT_PKEY_VALID_FLAGS \
         (CERT_PKEY_EE_SIGNATURE|CERT_PKEY_EE_PARAM)
@@ -2101,7 +2101,7 @@ void tls1_set_cert_validity(SSL *s)
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);
 }
 
-/* User level utiity function to check a chain is suitable */
+/* User level utility function to check a chain is suitable */
 int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
 {
     return tls1_check_chain(s, x, pk, chain, -1);
@@ -2205,8 +2205,8 @@ int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)
 }
 
 /*
- * Check security of a chain, if sk includes the end entity certificate then
+ * Check security of a chain, if |sk| includes the end entity certificate then
- * x is NULL. If vfy is 1 then we are verifying a peer chain and not sending
+ * |x| is NULL. If |vfy| is 1 then we are verifying a peer chain and not sending
  * one to the peer. Return values: 1 if ok otherwise error code to use
  */
 
@@ -2257,7 +2257,7 @@ int tls_choose_sigalg(SSL *s, int *al)
         int curve = -1, skip_ec = 0;
 #endif
 
-        /* Look for a certificate matching shared sigaglgs */
+        /* Look for a certificate matching shared sigalgs */
         for (i = 0; i < s->cert->shared_sigalgslen; i++) {
             lu = s->cert->shared_sigalgs[i];
 
@@ -2304,7 +2304,7 @@ int tls_choose_sigalg(SSL *s, int *al)
             if (idx == -1)
                 return 1;
             if (idx == SSL_PKEY_GOST_EC) {
-                /* Work out which GOST certificate is avaiable */
+                /* Work out which GOST certificate is available */
                 if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
                     idx = SSL_PKEY_GOST12_512;
                 } else if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {

ssl/tls13_enc.c

@@ -454,7 +454,7 @@ int tls13_change_cipher_state(SSL *s, int which)
             labellen = sizeof(client_handshake_traffic) - 1;
             log_label = CLIENT_HANDSHAKE_LABEL;
             /*
-             * The hanshake hash used for the server read/client write handshake
+             * The handshake hash used for the server read/client write handshake
              * traffic secret is the same as the hash for the server
              * write/client read handshake traffic secret. However, if we
              * processed early data then we delay changing the server

test/build.info

@@ -332,7 +332,7 @@ IF[{- !$disabled{tests} -}]
   # test routines.  Some of them need to reach internal symbols that aren't
   # available through the shared library (at least on Linux, Solaris, Windows
   # and VMS, where the exported symbols are those listed in util/*.num), these
-  # programs are forcebly linked with the static libraries, where all symbols
+  # programs are forcibly linked with the static libraries, where all symbols
   # are always available.  This excludes linking these programs natively on
   # Windows when building shared libraries, since the static libraries share
   # names with the DLL import libraries.

test/ossl_shim/ossl_shim.cc

@@ -1048,7 +1048,7 @@ static bool DoExchange(bssl::UniquePtr<SSL_SESSION> *out_session,
     }
 
     // Reset the state to assert later that the callback isn't called in
-    // renegotations.
+    // renegotiations.
     GetTestState(ssl.get())->got_new_session = false;
   }
 

test/recipes/70-test_sslrecords.t

@@ -119,7 +119,7 @@ $proxy->serverflags("-tls1_2");
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test");
 
-#Unregcognised record type tests
+#Unrecognised record type tests
 
 #Test 10: Sending an unrecognised record type in TLS1.2 should fail
 $proxy->clear();

test/recordlentest.c

@@ -174,7 +174,7 @@ static int test_record_overflow(int idx)
         recversion = TLS1_2_VERSION;
 
     if (!write_record(serverbio, len, SSL3_RT_APPLICATION_DATA, recversion)) {
-        printf("Unable to write encryprted record\n");
+        printf("Unable to write encrypted record\n");
         goto end;
     }
 

test/sslapitest.c

@@ -447,7 +447,7 @@ static int test_keylog_no_master_key(void) {
 
     /*
      * Now we want to test that our output data was vaguely sensible. For this
-     * test, we expect no CLIENT_RANDOM entry becuase it doesn't make sense for
+     * test, we expect no CLIENT_RANDOM entry because it doesn't make sense for
      * TLSv1.3, but we do expect both client and server to emit keys.
      */
     expected.client_handshake_secret_count = 1;
@@ -503,7 +503,7 @@ static int full_early_callback(SSL *s, int *al, void *arg)
     }
     len = SSL_early_get0_compression_methods(s, &p);
     if (len != 1 || *p != 0) {
-        printf("Early callback expected comperssion methods mismatch\n");
+        printf("Early callback expected compression methods mismatch\n");
         return 0;
     }
     return 1;
@@ -574,7 +574,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
     int certlen;
 
     if (certbio == NULL) {
-        printf("Can't load the certficate file\n");
+        printf("Can't load the certificate file\n");
         goto end;
     }
     chaincert = PEM_read_bio_X509(certbio, NULL, NULL, NULL);
@@ -603,7 +603,7 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
      * We assume the supplied certificate is big enough so that if we add
      * NUM_EXTRA_CERTS it will make the overall message large enough. The
      * default buffer size is requested to be 16k, but due to the way BUF_MEM
-     * works, it ends up allocing a little over 21k (16 * 4/3). So, in this test
+     * works, it ends up allocating a little over 21k (16 * 4/3). So, in this test
      * we need to have a message larger than that.
      */
     certlen = i2d_X509(chaincert, NULL);
@@ -860,11 +860,11 @@ static int test_tlsext_status_type(void)
 
     /*
      * We'll just use any old cert for this test - it doesn't have to be an OCSP
-     * specifc one. We'll use the server cert.
+     * specific one. We'll use the server cert.
      */
     certbio = BIO_new_file(cert, "r");
     if (certbio == NULL) {
-        printf("Can't load the certficate file\n");
+        printf("Can't load the certificate file\n");
         goto end;
     }
     id = OCSP_RESPID_new();
@@ -1246,7 +1246,7 @@ static int test_ssl_set_bio(int idx)
 
     /*
      * We want to maintain our own refs to these BIO, so do an up ref for each
-     * BIO that will have ownersip transferred in the SSL_set_bio() call
+     * BIO that will have ownership transferred in the SSL_set_bio() call
      */
     if (irbio != NULL)
         BIO_up_ref(irbio);
@@ -1342,7 +1342,7 @@ static int execute_test_ssl_bio(SSL_BIO_TEST_FIXTURE fix)
      */
     BIO_push(sslbio, membio1);
 
-    /* Verify chaning the rbio/wbio directly does not cause leaks */
+    /* Verify changing the rbio/wbio directly does not cause leaks */
     if (fix.change_bio != NO_BIO_CHANGE) {
         membio2 = BIO_new(BIO_s_mem());
         if (membio2 == NULL) {

test/ssltest_old.c

@@ -285,7 +285,6 @@ static int verify_servername(SSL *client, SSL *server)
  * next_protos_parse parses a comma separated list of strings into a string
  * in a format suitable for passing to SSL_CTX_set_next_protos_advertised.
  *   outlen: (output) set to the length of the resulting buffer on success.
- *   err: (maybe NULL) on failure, an error message line is written to this BIO.
  *   in: a NUL terminated string like "abc,def,ghi"
  *
  *   returns: a malloced buffer or NULL on failure.
@@ -1758,7 +1757,7 @@ int main(int argc, char *argv[])
             goto err;
         }
         if (SSL_version(c_ssl) != version) {
-            BIO_printf(bio_err, "Unxpected version negotiated. "
+            BIO_printf(bio_err, "Unexpected version negotiated. "
                 "Expected: %s, got %s\n", should_negotiate, SSL_get_version(c_ssl));
             ret = 1;
             goto err;

test/testlib/OpenSSL/Test.pm

@@ -1072,7 +1072,7 @@ sub __fixup_prg {
 	# Make sure to quotify the program file on platforms that may
 	# have spaces or similar in their path name.
 	# To our knowledge, VMS is the exception where quotifying should
-	# never happem.
+	# never happen.
 	($prog) = quotify($prog) unless $^O eq "VMS";
 	return $prefix.$prog;
     }

util/TLSProxy/Record.pm

@@ -247,7 +247,7 @@ sub decrypt()
             #record layer changes yet, so it's a bit more complicated. For now
             #we will additionally check if the data length is 2 (1 byte for
             #alert level, 1 byte for alert description). If it is, then this is
-            #an unecrypted alert, so don't try to decrypt
+            #an unencrypted alert, so don't try to decrypt
             return $data if (length($data) == 2);
         }
         $mactaglen = 16;