Fix various typos, repeated words, align some spelling to LDP.

Partially revamped from #16712 - fall thru -> fall through - time stamp -> timestamp - host name -> hostname - ipv6 -> IPv6 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19059)
2022-08-23 20:40:44 +02:00 · 2022-08-23 20:40:44 +02:00 · d7f3a2cc86
parent c734058309
commit d7f3a2cc86
6 changed files with 45 additions and 45 deletions
--- a/ACKNOWLEDGEMENTS.md
+++ b/ACKNOWLEDGEMENTS.md
@ -1,5 +1,5 @@
-Acknowlegements
+Acknowledgements
-===============
+================
 Please see our [Thanks!][] page for the current acknowledgements.
--- a/CHANGES.md
+++ b/CHANGES.md
@ -338,7 +338,7 @@ breaking changes, and mappings for the large list of deprecated functions.
   *Matt Caswell*
 * Fix a bug in the OPENSSL_LH_flush() function that breaks reuse of the memory
-   occuppied by the removed hash table entries.
+   occupied by the removed hash table entries.
   This function is used when decoding certificates or keys. If a long lived
   process periodically decodes certificates or keys its memory usage will
@ -535,7 +535,7 @@ breaking changes, and mappings for the large list of deprecated functions.
 * The EVP_get_cipherbyname() function will return NULL for algorithms such as
   "AES-128-SIV", "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were
-   previously only accessible via low level interfaces. Use EVP_CIPHER_fetch()
+   previously only accessible via low-level interfaces. Use EVP_CIPHER_fetch()
   instead to retrieve these algorithms from a provider.
   *Shane Lontis*
@ -882,7 +882,7 @@ breaking changes, and mappings for the large list of deprecated functions.
   *David von Oheimb*
- * All of the low level EC_KEY functions have been deprecated.
+ * All of the low-level EC_KEY functions have been deprecated.
   *Shane Lontis, Paul Dale, Richard Levitte, and Tomáš Mráz*
@ -1163,7 +1163,7 @@ breaking changes, and mappings for the large list of deprecated functions.
   *David von Oheimb*
- * All of the low level RSA functions have been deprecated.
+ * All of the low-level RSA functions have been deprecated.
   *Paul Dale*
@ -1188,11 +1188,11 @@ breaking changes, and mappings for the large list of deprecated functions.
   *Paul Dale*
- * All of the low level DH functions have been deprecated.
+ * All of the low-level DH functions have been deprecated.
   *Paul Dale and Matt Caswell*
- * All of the low level DSA functions have been deprecated.
+ * All of the low-level DSA functions have been deprecated.
   *Paul Dale*
@ -1201,7 +1201,7 @@ breaking changes, and mappings for the large list of deprecated functions.
   *Richard Levitte*
- * Deprecated low level ECDH and ECDSA functions.
+ * Deprecated low-level ECDH and ECDSA functions.
   *Paul Dale*
@ -1220,7 +1220,7 @@ breaking changes, and mappings for the large list of deprecated functions.
   *Paul Dale*
- * All of the low level HMAC functions have been deprecated.
+ * All of the low-level HMAC functions have been deprecated.
   *Paul Dale and David von Oheimb*
@ -1236,7 +1236,7 @@ breaking changes, and mappings for the large list of deprecated functions.
   *Rich Salz*
- * All of the low level CMAC functions have been deprecated.
+ * All of the low-level CMAC functions have been deprecated.
   *Paul Dale*
@ -1255,7 +1255,7 @@ breaking changes, and mappings for the large list of deprecated functions.
   *Richard Levitte*
- * All of the low level cipher functions have been deprecated.
+ * All of the low-level cipher functions have been deprecated.
   *Matt Caswell and Paul Dale*
@ -1525,7 +1525,7 @@ breaking changes, and mappings for the large list of deprecated functions.
   used and the recipient will not notice the attack.
   As a work around for this potential attack the length of the decrypted
   key must be equal to the cipher default key length, in case the
-   certifiate is not given and all recipientInfo are tried out.
+   certificate is not given and all recipientInfo are tried out.
   The old behaviour can be re-enabled in the CMS code by setting the
   CMS_DEBUG_DECRYPT flag.
@ -1545,7 +1545,7 @@ breaking changes, and mappings for the large list of deprecated functions.
   when primes for RSA keys are computed.
   Since we previously always generated primes == 2 (mod 3) for RSA keys,
   the 2-prime and 3-prime RSA modules were easy to distinguish, since
-   `N = p*q = 1 (mod 3)`, but `N = p*q*r = 2 (mod 3)`. Therefore fingerprinting
+   `N = p*q = 1 (mod 3)`, but `N = p*q*r = 2 (mod 3)`. Therefore, fingerprinting
   2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
   This avoids possible fingerprinting of newly generated RSA modules.
@ -1966,7 +1966,7 @@ OpenSSL 1.1.1
   ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING
   structure which contains a buffer holding the string data and a field
   holding the buffer length. This contrasts with normal C strings which
-   are repesented as a buffer for the string data which is terminated
+   are represented as a buffer for the string data which is terminated
   with a NUL (0) byte.
   Although not a strict requirement, ASN.1 strings that are parsed using
@ -2054,7 +2054,7 @@ OpenSSL 1.1.1
 * Fixed the X509_issuer_and_serial_hash() function. It attempts to
   create a unique hash value based on the issuer and serial number data
-   contained within an X509 certificate. However it was failing to correctly
+   contained within an X509 certificate. However, it was failing to correctly
   handle any errors that may occur while parsing the issuer field (which might
   occur if the issuer field is maliciously constructed). This may subsequently
   result in a NULL pointer deref and a crash leading to a potential denial of
@ -2072,7 +2072,7 @@ OpenSSL 1.1.1
   Fixed the EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate
   functions. Previously they could overflow the output length argument in some
-   cases where the input length is close to the maximum permissable length for
+   cases where the input length is close to the maximum permissible length for
   an integer on the platform. In such cases the return value from the function
   call would be 1 (indicating success), but the output length value would be
   negative. This could cause applications to behave incorrectly or crash.
@ -2174,7 +2174,7 @@ OpenSSL 1.1.1
   when primes for RSA keys are computed.
   Since we previously always generated primes == 2 (mod 3) for RSA keys,
   the 2-prime and 3-prime RSA modules were easy to distinguish, since
-   N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting
+   N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore, fingerprinting
   2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
   This avoids possible fingerprinting of newly generated RSA modules.
@ -2233,7 +2233,7 @@ OpenSSL 1.1.1
 * Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
   number generator (RNG). This was intended to include protection in the
   event of a fork() system call in order to ensure that the parent and child
-   processes did not share the same RNG state. However this protection was not
+   processes did not share the same RNG state. However, this protection was not
   being used in the default case.
   A partial mitigation for this issue is that the output from a high
@ -2275,7 +2275,7 @@ OpenSSL 1.1.1
   used and the recipient will not notice the attack.
   As a work around for this potential attack the length of the decrypted
   key must be equal to the cipher default key length, in case the
-   certifiate is not given and all recipientInfo are tried out.
+   certificate is not given and all recipientInfo are tried out.
   The old behaviour can be re-enabled in the CMS code by setting the
   CMS_DEBUG_DECRYPT flag.
   ([CVE-2019-1563])
@ -3045,7 +3045,7 @@ OpenSSL 1.1.0
   used and the recipient will not notice the attack.
   As a work around for this potential attack the length of the decrypted
   key must be equal to the cipher default key length, in case the
-   certifiate is not given and all recipientInfo are tried out.
+   certificate is not given and all recipientInfo are tried out.
   The old behaviour can be re-enabled in the CMS code by setting the
   CMS_DEBUG_DECRYPT flag.
   ([CVE-2019-1563])
@ -3280,7 +3280,7 @@ OpenSSL 1.1.0
   OpenSSL 1.0.2 and below had the ability to disable renegotiation using the
   (undocumented) SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS flag. Due to the opacity
-   changes this is no longer possible in 1.1.0. Therefore the new
+   changes this is no longer possible in 1.1.0. Therefore, the new
   SSL_OP_NO_RENEGOTIATION option from 1.1.1-dev has been backported to
   1.1.0 to provide equivalent functionality.
@ -3371,7 +3371,7 @@ OpenSSL 1.1.0
   During a renegotiation handshake if the Encrypt-Then-Mac extension is
   negotiated where it was not in the original handshake (or vice-versa) then
-   this can cause OpenSSL to crash (dependant on ciphersuite). Both clients
+   this can cause OpenSSL to crash (dependent on ciphersuite). Both clients
   and servers are affected.
   This issue was reported to OpenSSL by Joe Orton (Red Hat).
@ -3543,7 +3543,7 @@ OpenSSL 1.1.0
   place, and this would cause the connection to immediately fail. Assuming
   that the application calls SSL_free() on the failed connection in a timely
   manner then the 21Mb of allocated memory will then be immediately freed
-   again. Therefore the excessive memory allocation will be transitory in
+   again. Therefore, the excessive memory allocation will be transitory in
   nature. This then means that there is only a security impact if:
   1) The application does not call SSL_free() in a timely manner in the event
@ -4310,7 +4310,7 @@ OpenSSL 1.1.0
 * Given the pervasive nature of TLS extensions it is inadvisable to run
   OpenSSL without support for them. It also means that maintaining
   the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
-   not well tested). Therefore the OPENSSL_NO_TLSEXT option has been removed.
+   not well tested). Therefore, the OPENSSL_NO_TLSEXT option has been removed.
   *Matt Caswell*
@ -4388,7 +4388,7 @@ OpenSSL 1.1.0
   *Matt Caswell*
- * SSLv2 support has been removed.  It still supports receiving a SSLv2
+ * SSLv2 support has been removed.  It still supports receiving an SSLv2
   compatible client hello.
   *Kurt Roeckx*
@ -4842,7 +4842,7 @@ OpenSSL 1.0.2
   used and the recipient will not notice the attack.
   As a work around for this potential attack the length of the decrypted
   key must be equal to the cipher default key length, in case the
-   certifiate is not given and all recipientInfo are tried out.
+   certificate is not given and all recipientInfo are tried out.
   The old behaviour can be re-enabled in the CMS code by setting the
   CMS_DEBUG_DECRYPT flag.
   ([CVE-2019-1563])
@ -5318,8 +5318,8 @@ OpenSSL 1.0.2
   has been completed. An attacker could force up to approx. 15 messages to
   remain in the buffer when they are no longer required. These messages will
   be cleared when the DTLS connection is closed. The default maximum size for
-   a message is 100k. Therefore the attacker could force an additional 1500k
+   a message is 100k. Therefore, the attacker could force an additional 1500k
-   to be consumed per connection. By opening many simulataneous connections an
+   to be consumed per connection. By opening many simultaneous connections an
   attacker could cause a DoS attack through memory exhaustion.
   This issue was reported to OpenSSL by Quan Luo.
@ -6483,7 +6483,7 @@ OpenSSL 1.0.1
   message).
   The rules of C pointer arithmetic are such that "p + len" is only well
-   defined where len <= SIZE. Therefore the above idiom is actually
+   defined where len <= SIZE. Therefore, the above idiom is actually
   undefined behaviour.
   For example this could cause problems if some malloc implementation
@ -6519,8 +6519,8 @@ OpenSSL 1.0.1
   has been completed. An attacker could force up to approx. 15 messages to
   remain in the buffer when they are no longer required. These messages will
   be cleared when the DTLS connection is closed. The default maximum size for
-   a message is 100k. Therefore the attacker could force an additional 1500k
+   a message is 100k. Therefore, the attacker could force an additional 1500k
-   to be consumed per connection. By opening many simulataneous connections an
+   to be consumed per connection. By opening many simultaneous connections an
   attacker could cause a DoS attack through memory exhaustion.
   This issue was reported to OpenSSL by Quan Luo.
@ -6586,7 +6586,7 @@ OpenSSL 1.0.1
   amounts of input data then a length check can overflow resulting in a heap
   corruption.
-   Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
+   Internally to OpenSSL the EVP_EncodeUpdate() function is primarily used by
   the `PEM_write_bio*` family of functions. These are mainly used within the
   OpenSSL command line applications, so any application which processes data
   from an untrusted source and outputs it as a PEM file should be considered
@ -7252,7 +7252,7 @@ OpenSSL 1.0.1
 * Build option no-ssl3 is incomplete.
   When OpenSSL is configured with "no-ssl3" as a build option, servers
-   could accept and complete a SSL 3.0 handshake, and clients could be
+   could accept and complete an SSL 3.0 handshake, and clients could be
   configured to send them.
   ([CVE-2014-3568])
@ -8269,7 +8269,7 @@ OpenSSL 1.0.0
 * Build option no-ssl3 is incomplete.
   When OpenSSL is configured with "no-ssl3" as a build option, servers
-   could accept and complete a SSL 3.0 handshake, and clients could be
+   could accept and complete an SSL 3.0 handshake, and clients could be
   configured to send them.
   ([CVE-2014-3568])
@ -9518,7 +9518,7 @@ OpenSSL 1.0.1.]
 * Add initial support for TLS extensions, specifically for the server_name
   extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
-   have new members for a host name.  The SSL data structure has an
+   have new members for a hostname.  The SSL data structure has an
   additional member `SSL_CTX *initial_ctx` so that new sessions can be
   stored in that context to allow for session resumption, even after the
   SSL has been switched to a new SSL_CTX in reaction to a client's
@ -9542,7 +9542,7 @@ OpenSSL 1.0.1.]
   openssl s_server has new options '-servername_host ...', '-cert2 ...',
   '-key2 ...', '-servername_fatal' (subject to change).  This allows
-   testing the HostName extension for a specific single host name ('-cert'
+   testing the HostName extension for a specific single hostname ('-cert'
   and '-key' remain fallbacks for handshakes without HostName
   negotiation).  If the unrecognized_name alert has to be sent, this by
   default is a warning; it becomes fatal with the '-servername_fatal'
@ -10045,7 +10045,7 @@ OpenSSL 0.9.x
   The OpenSSL project does not recommend any specific CA and does not
   have any policy with respect to including or excluding any CA.
-   Therefore it does not make any sense to ship an arbitrary selection
+   Therefore, it does not make any sense to ship an arbitrary selection
   of root CA certificates with the OpenSSL software.
   *Lutz Jaenicke*
@ -10225,7 +10225,7 @@ OpenSSL 0.9.x
 * Add initial support for TLS extensions, specifically for the server_name
   extension so far.  The SSL_SESSION, SSL_CTX, and SSL data structures now
-   have new members for a host name.  The SSL data structure has an
+   have new members for a hostname.  The SSL data structure has an
   additional member `SSL_CTX *initial_ctx` so that new sessions can be
   stored in that context to allow for session resumption, even after the
   SSL has been switched to a new SSL_CTX in reaction to a client's
@ -10249,7 +10249,7 @@ OpenSSL 0.9.x
   openssl s_server has new options '-servername_host ...', '-cert2 ...',
   '-key2 ...', '-servername_fatal' (subject to change).  This allows
-   testing the HostName extension for a specific single host name ('-cert'
+   testing the HostName extension for a specific single hostname ('-cert'
   and '-key' remain fallbacks for handshakes without HostName
   negotiation).  If the unrecognized_name alert has to be sent, this by
   default is a warning; it becomes fatal with the '-servername_fatal'
--- a/NEWS.md
+++ b/NEWS.md
@ -64,7 +64,7 @@ OpenSSL 3.0
  * Enhanced 'openssl list' with many new options.
  * Added migration guide to man7.
  * Implemented support for fully "pluggable" TLSv1.3 groups.
-  * Added suport for Kernel TLS (KTLS).
+  * Added support for Kernel TLS (KTLS).
  * Changed the license to the Apache License v2.0.
  * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,
    RC4, RC5, and DES to the legacy provider.
@ -107,7 +107,7 @@ OpenSSL 3.0
  * Deprecated ERR_put_error(), ERR_get_error_line(), ERR_get_error_line_data(),
    ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and
    ERR_func_error_string().
-  * Added OSSL_PROVIDER_available(), to check provider availibility.
+  * Added OSSL_PROVIDER_available(), to check provider availability.
  * Added 'openssl mac' that uses the EVP_MAC API.
  * Added 'openssl kdf' that uses the EVP_KDF API.
  * Add OPENSSL_info() and 'openssl info' to get built-in data.
--- a/NOTES-PERL.md
+++ b/NOTES-PERL.md
@ -117,7 +117,7 @@ descriptions below, `Text::Template` will serve as an example.
       $ cpan -f -i Text::Template
-   Note: on VMS, you must quote any argument that contains upper case
+   Note: on VMS, you must quote any argument that contains uppercase
   characters, so the lines above would be:
       $ cpan -i "Text::Template"
--- a/util/mkdef.pl
+++ b/util/mkdef.pl
@ -89,7 +89,7 @@ die "--type argument must be equal to 'lib' or 'dso'"
 #  0x0000000000000001 (NEEDED)             Shared library: [libcrypto-opt.so.1.1]
 #  0x000000000000000e (SONAME)             Library soname: [libssl-opt.so.1.1]
 #
-# We case-fold the variant tag to upper case and replace all non-alnum
+# We case-fold the variant tag to uppercase and replace all non-alnum
 # characters with "_".  This yields the following symbol versions:
 #
 # $ nm libcrypto.so | grep -w A
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@ -248,7 +248,7 @@ if ( ! $reindex && $statefile ) {
 # Scan each C source file and look for reason codes.  This is done by
 # looking for strings that "look like" reason codes: basically anything
-# consisting of all upper case and numerics which _R_ in it and which has
+# consisting of all uppercase and numerics which _R_ in it and which has
 # the name of an error library at the start.  Should there be anything else,
 # such as a type name, we add exceptions here.
 # If a code doesn't exist in list compiled from headers then mark it