Remove repeated words

Found by running the checkpatch.pl Linux script to enforce coding style.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21468)

apps/cmp.c

@@ -1571,7 +1571,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
             if (opt_csr != NULL) {
                 CMP_err1("no -newkey option given with private key for POPO, -csr option only provides public key%s",
                         opt_key == NULL ? "" :
-                        ", and -key option superseded by by -csr");
+                        ", and -key option superseded by -csr");
                 return 0;
             }
             if (opt_key == NULL) {

crypto/cpuid.c

@@ -34,7 +34,7 @@ static variant_char *ossl_getenv(const char *name)
 {
     /*
      * Since we pull only one environment variable, it's simpler to
-     * to just ignore |name| and use equivalent wide-char L-literal.
+     * just ignore |name| and use equivalent wide-char L-literal.
      * As well as to ignore excessively long values...
      */
     static WCHAR value[48];
@@ -173,7 +173,7 @@ void OPENSSL_cpuid_setup(void)
  */
 
 /*
- * The volatile is used to to ensure that the compiler generates code that reads
+ * The volatile is used to ensure that the compiler generates code that reads
  * all values from the array and doesn't try to optimize this away. The standard
  * doesn't actually require this behavior if the original data pointed to is
  * not volatile, but compilers do this in practice anyway.

crypto/ec/ecp_s390x_nistp.c

@@ -178,7 +178,7 @@ static ECDSA_SIG *ecdsa_s390x_nistp_sign_sig(const unsigned char *dgst,
             goto ret;
         }
         /*
-         * Generate random k and copy to param param block. RAND_priv_bytes_ex
+         * Generate random k and copy to param block. RAND_priv_bytes_ex
          * is used instead of BN_priv_rand_range or BN_generate_dsa_nonce
          * because kdsa instruction constructs an in-range, invertible nonce
          * internally implementing counter-measures for RNG weakness.

crypto/http/http_client.c

@@ -1473,7 +1473,7 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
     do {
         /*
          * This does not necessarily catch the case when the full
-         * HTTP response came in in more than a single TCP message.
+         * HTTP response came in more than a single TCP message.
          */
         read_len = BIO_gets(fbio, mbuf, BUF_SIZE);
     } while (read_len > 2);

crypto/pem/pvkfmt.c

@@ -150,7 +150,7 @@ static EVP_PKEY *evp_pkey_new0_key(void *key, int evp_type)
  * Read the MSBLOB header and get relevant data from it.
  *
  * |pisdss| and |pispub| have a double role, as they can be used for
- * discovery as well as to check the the blob meets expectations.
+ * discovery as well as to check the blob meets expectations.
  * |*pisdss| is the indicator for whether the key is a DSA key or not.
  * |*pispub| is the indicator for whether the key is public or not.
  * In both cases, the following input values apply:

crypto/rsa/rsa_sp800_56b_gen.c

@@ -423,7 +423,7 @@ err:
  * See SP800-56Br1 6.3.1.3 (Step 6) Perform a pair-wise consistency test by
  * verifying that: k = (k^e)^d mod n for some integer k where 1 < k < n-1.
  *
- * Returns 1 if the RSA key passes the pairwise test or 0 it it fails.
+ * Returns 1 if the RSA key passes the pairwise test or 0 if it fails.
  */
 int ossl_rsa_sp800_56b_pairwise_test(RSA *rsa, BN_CTX *ctx)
 {

crypto/store/store_lib.c

@@ -1013,7 +1013,7 @@ OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bp, const char *scheme,
     ctx->post_process_data = post_process_data;
 
     /*
-     * ossl_store_get0_loader_int will raise an error if the loader for the
+     * ossl_store_get0_loader_int will raise an error if the loader for
      * the scheme cannot be retrieved. But if a loader was successfully
      * fetched then we remove this error from the error stack.
      */

crypto/x509/x509_trust.c

@@ -275,7 +275,7 @@ static int obj_trust(int id, X509 *x, int flags)
         /*
          * Reject when explicit trust EKU are set and none match.
          *
-         * Returning untrusted is enough for for full chains that end in
+         * Returning untrusted is enough for full chains that end in
          * self-signed roots, because when explicit trust is specified it
          * suppresses the default blanket trust of self-signed objects.
          *

include/internal/bio_tfo.h

@@ -54,7 +54,7 @@
  * Some options are purposely NOT defined per-platform
  *
  * OSSL_TFO_SYSCTL
- *     Defined as a sysctlbyname() option to to determine if
+ *     Defined as a sysctlbyname() option to determine if
  *     TFO is enabled in the kernel (macOS, FreeBSD)
  *
  * OSSL_TFO_SERVER_SOCKOPT
@@ -86,7 +86,7 @@
 /*
  * NO WINDOWS SUPPORT
  *
- * But this is is what would be used on the server:
+ * But this is what would be used on the server:
  *
  * define OSSL_TFO_SERVER_SOCKOPT       TCP_FASTOPEN
  * define OSSL_TFO_SERVER_SOCKOPT_VALUE 1

include/internal/quic_ackm.h

@@ -225,7 +225,7 @@ int ossl_ackm_is_ack_desired(OSSL_ACKM *ackm, int pkt_space);
  * the RFC.
  *
  * The return value of this function transitions from 1 to 0 for a given PN once
- * that PN is passed to ossl_ackm_on_rx_packet, thus thus function must be used
+ * that PN is passed to ossl_ackm_on_rx_packet, thus this function must be used
  * before calling ossl_ackm_on_rx_packet.
  */
 int ossl_ackm_is_rx_pn_processable(OSSL_ACKM *ackm, QUIC_PN pn, int pkt_space);

include/internal/recordmethod.h

@@ -228,7 +228,7 @@ struct ossl_record_method_st {
      * remain available until all the bytes from record are released via one or
      * more release_record calls.
      *
-     * Internally the the OSSL_RECORD_METHOD the implementation may read/process
+     * Internally the OSSL_RECORD_METHOD implementation may read/process
      * multiple records in one go and buffer them.
      */
     int (*read_record)(OSSL_RECORD_LAYER *rl, void **rechandle, int *rversion,

include/openssl/ec.h

@@ -1127,7 +1127,7 @@ OSSL_DEPRECATEDIN_3_0 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Indicates if an EC_KEY can be used for signing.
  *  \param  eckey  the EC_KEY object
- *  \return 1 if can can sign and 0 otherwise.
+ *  \return 1 if can sign and 0 otherwise.
  */
 OSSL_DEPRECATEDIN_3_0 int EC_KEY_can_sign(const EC_KEY *eckey);
 

providers/implementations/keymgmt/dh_kmgmt.c

@@ -699,7 +699,7 @@ static void *dh_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
         return NULL;
 
     /*
-     * If a group name is selected then the type is group regardless of what the
+     * If a group name is selected then the type is group regardless of what
      * the user selected. This overrides rather than errors for backwards
      * compatibility.
      */

ssl/quic/quic_txp.c

@@ -1984,7 +1984,7 @@ static int txp_generate_crypto_frames(OSSL_QUIC_TX_PACKETISER *txp,
 
         /*
          * Ensure we have enough iovecs allocated (1 for the header, up to 2 for
-         * the the stream data.)
+         * the stream data.)
          */
         if (!txp_el_ensure_iovec(&txp->el[enc_level], h->num_iovec + 3))
             return 0; /* alloc error */
@@ -2234,7 +2234,7 @@ static int txp_generate_stream_frames(OSSL_QUIC_TX_PACKETISER *txp,
 
         /*
          * Ensure we have enough iovecs allocated (1 for the header, up to 2 for
-         * the the stream data.)
+         * the stream data.)
          */
         if (!txp_el_ensure_iovec(&txp->el[enc_level], h->num_iovec + 3))
             goto err; /* alloc error */

ssl/statem/statem_srvr.c

@@ -2353,7 +2353,7 @@ WORK_STATE tls_post_process_client_hello(SSL_CONNECTION *s, WORK_STATE wst)
          * we now have the following setup.
          * client_random
          * cipher_list          - our preferred list of ciphers
-         * ciphers              - the clients preferred list of ciphers
+         * ciphers              - the client's preferred list of ciphers
          * compression          - basically ignored right now
          * ssl version is set   - sslv3
          * s->session           - The ssl session has been setup.

test/provider_pkey_test.c

@@ -93,7 +93,7 @@ static int test_pkey_sig(void)
         /*
          * If this picks the wrong signature without realizing it
          * we can get a segfault or some internal error. At least watch
-         * whether fake-rsa sign_init is is exercised by calling sign.
+         * whether fake-rsa sign_init is exercised by calling sign.
          */
         if (!TEST_int_eq(EVP_PKEY_sign_init(ctx), 1))
             goto end;

test/sslapitest.c

@@ -9054,7 +9054,7 @@ static int test_session_timeout(int test)
      * Test session ordering and timeout
      * Can't explicitly test performance of the new code,
      * but can test to see if the ordering of the sessions
-     * are correct, and they they are removed as expected
+     * are correct, and they are removed as expected
      */
     SSL_SESSION *early = NULL;
     SSL_SESSION *middle = NULL;

test/tls-provider.c

@@ -2152,7 +2152,7 @@ struct keytype_desc_st {
 /*
  * Start blatant code steal. Alternative: Open up d2i_X509_PUBKEY_INTERNAL
  * as per https://github.com/openssl/openssl/issues/16697 (TBD)
- * Code from from openssl/crypto/x509/x_pubkey.c as
+ * Code from openssl/crypto/x509/x_pubkey.c as
  * ossl_d2i_X509_PUBKEY_INTERNAL is presently not public
  */
 struct X509_pubkey_st {