Spelling... and more spelling

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1245)

CONTRIBUTING

@@ -62,7 +62,7 @@ the acceptance and review process faster:
 
     4.  Patches should follow our coding style (see
     https://www.openssl.org/policies/codingstyle.html) and compile without
-    warnings. Where gcc or clang is availble you should use the
+    warnings. Where gcc or clang is available you should use the
     --strict-warnings Configure option.  OpenSSL compiles on many varied
     platforms: try to ensure you only use portable features.
 

Configure

@@ -87,7 +87,7 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
 # DEBUG_UNUSED enables __owur (warn unused result) checks.
 my $gcc_devteam_warn = "-DDEBUG_UNUSED"
         # -DPEDANTIC complements -pedantic and is meant to mask code that
-        # is not strictly standard-compliant and/or implementation-specifc,
+        # is not strictly standard-compliant and/or implementation-specific,
         # e.g. inline assembly, disregards to alignment requirements, such
         # that -pedantic would complain about. Incidentally -DPEDANTIC has
         # to be used even in sanitized builds, because sanitizer too is
@@ -144,7 +144,7 @@ my $strict_warnings = 0;
 our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
 
 #
-# API compability name to version number mapping.
+# API compatibility name to version number mapping.
 #
 my $maxapi = "1.1.0";           # API for "no-deprecated" builds
 my $apitable = {
@@ -1059,7 +1059,7 @@ unless ($disabled{asan}) {
 }
 
 unless ($disabled{ubsan}) {
-    # -DPEDANTIC or -fnosanitize=aligmnent may also be required on some
+    # -DPEDANTIC or -fnosanitize=alignment may also be required on some
     # platforms.
     $config{cflags} .= "-fsanitize=undefined -fno-sanitize-recover=all ";
 }

INSTALL

@@ -151,7 +151,7 @@
                    on a platform that does not support AFALG.
 
   enable-asan
-                   Build with the Address sanitser. This is a developer option
+                   Build with the Address sanitiser. This is a developer option
                    only. It may not work on all platforms and should never be
                    used in production environments. It will only work when used
                    with gcc or clang and should be used in conjunction with the
@@ -326,7 +326,7 @@
                    "illegal instruction" exception. There might be a way
                    to enable support in kernel, e.g. FreeBSD kernel can be
                    compiled with CPU_ENABLE_SSE, and there is a way to
-                   disengage SSE2 code pathes upon application start-up,
+                   disengage SSE2 code paths upon application start-up,
                    but if you aim for wider "audience" running such kernel,
                    consider no-sse2. Both the 386 and no-asm options imply
                    no-sse2.
@@ -361,7 +361,7 @@
                    Don't build Time Stamping Authority support.
 
   enable-ubsan
-                   Build with the Undefined Behaviour sanitser. This is a
+                   Build with the Undefined Behaviour sanitiser. This is a
                    developer option only. It may not work on all platforms and
                    should never be used in production environments. It will only
                    work when used with gcc or clang and should be used in
@@ -566,7 +566,7 @@
        $ nmake test                                     # Windows
 
      NOTE: you MUST run the tests from an unprivileged account (or
-     disable your privileges temporarly if your platform allows it).
+     disable your privileges temporarily if your platform allows it).
 
      If some tests fail, look at the output.  There may be reasons for
      the failure that isn't a problem in OpenSSL itself (like a

NEWS

@@ -430,8 +430,8 @@
       o New STORE structure and library to provide an interface to all
         sorts of data repositories.  Supports storage of public and
         private keys, certificates, CRLs, numbers and arbitrary blobs.
-	This library is unfortunately unfinished and unused withing
+        This library is unfortunately unfinished and unused within
-	OpenSSL.
+        OpenSSL.
       o New control functions for the error stack.
       o Changed the PKCS#7 library to support one-pass S/MIME
         processing.
@@ -447,7 +447,7 @@
       o Major overhaul of RC4 performance on Intel P4, IA-64 and
         AMD64.
       o Changed the Configure script to have some algorithms disabled
-        by default.  Those can be explicitely enabled with the new
+        by default.  Those can be explicitly enabled with the new
         argument form 'enable-xxx'.
       o Change the default digest in 'openssl' commands from MD5 to
         SHA-1.

NOTES.WIN

@@ -97,7 +97,7 @@
    "Matching Perl" refers to chosen "shell environment", i.e. if built
    under MSYS, then Perl compiled for MSYS must be used.
 
-   Alternativelly, one can use MSYS2 from https://msys2.github.io/,
+   Alternatively, one can use MSYS2 from https://msys2.github.io/,
    which includes MingW (32-bit and 64-bit).
 
  * It is also possible to cross-compile it on Linux by configuring

README

@@ -82,7 +82,7 @@
 
  In order to avoid spam, this is a moderated mailing list, and it might
  take a couple of days for the ticket to show up.  (We also scan posts to make
- sure that security disclosures aren't publically posted by mistake.) Mail
+ sure that security disclosures aren't publicly posted by mistake.) Mail
  to this address is recorded in the public RT (request tracker) database
  (see https://www.openssl.org/community/index.html#bugs for details) and
  also forwarded the public openssl-dev mailing list.  Confidential mail

crypto/asn1/t_pkey.c

@@ -31,7 +31,7 @@ int ASN1_buf_print(BIO *bp, unsigned char *buf, size_t buflen, int indent)
         }
         /*
          * Use colon separators for each octet for compatibility as
-         * this fuction is used to print out key components.
+         * this function is used to print out key components.
          */
         if (BIO_printf(bp, "%02x%s", buf[i],
                        (i == buflen - 1) ? "" : ":") <= 0)

crypto/asn1/tasn_prn.c

@@ -169,7 +169,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
                 return 0;
             break;
         }
-        /* fall thru */
+        /* fall through */
     case ASN1_ITYPE_MSTRING:
         if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx))
             return 0;

crypto/objects/obj_dat.c

@@ -199,7 +199,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj)
             ao[i]->type = i;
             ao[i]->obj = o;
             aop = lh_ADDED_OBJ_insert(added, ao[i]);
-            /* memory leak, buit should not normally matter */
+            /* memory leak, but should not normally matter */
             OPENSSL_free(aop);
         }
     }

doc/apps/openssl.pod

@@ -156,7 +156,7 @@ Generation of RSA Private Key. Superseded by L<B<genpkey>|genpkey(1)>.
 
 =item L<B<nseq>|nseq(1)>
 
-Create or examine a netscape certificate sequence
+Create or examine a Netscape certificate sequence
 
 =item L<B<ocsp>|ocsp(1)>
 

doc/crypto/EVP_EncodeInit.pod

@@ -66,7 +66,7 @@ any remainder). This gives the number of blocks of data that will be processed.
 Ensure the output buffer contains 65 bytes of storage for each block, plus an
 additional byte for a NUL terminator. EVP_EncodeUpdate() may be called
 repeatedly to process large amounts of input data. In the event of an error
-EVP_EncodeUpdate() will set B<*outl> to 0 and return 0. On success 1 wil be
+EVP_EncodeUpdate() will set B<*outl> to 0 and return 0. On success 1 will be
 returned.
 
 EVP_EncodeFinal() must be called at the end of an encoding operation. It will
@@ -116,7 +116,7 @@ in this case. Otherwise the function returns 1 on success.
 EVP_DecodeBlock() will decode the block of B<n> characters of base 64 data
 contained in B<f> and store the result in B<t>. Any leading whitespace will be
 trimmed as will any trailing whitespace, newlines, carriage returns or EOF
-characters. After such trimming the length of the data in B<f> must be divisbile
+characters. After such trimming the length of the data in B<f> must be divisible
 by 4. For every 4 input bytes exactly 3 output bytes will be produced. The
 output will be padded with 0 bits if necessary to ensure that the output is
 always 3 bytes for every 4 input bytes. This function will return the length of

include/openssl/asn1.h

@@ -752,7 +752,7 @@ int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
                     int dump);
 const char *ASN1_tag2str(int tag);
 
-/* Used to load and write netscape format cert */
+/* Used to load and write Netscape format cert */
 
 int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
 

include/openssl/ssl.h

@@ -2335,7 +2335,7 @@ void ERR_load_SSL_strings(void);
 # define SSL_R_NO_RENEGOTIATION                           339
 # define SSL_R_NO_REQUIRED_DIGEST                         324
 # define SSL_R_NO_SHARED_CIPHER                           193
-# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS              376
+# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS             376
 # define SSL_R_NO_SRTP_PROFILES                           359
 # define SSL_R_NO_VALID_SCTS                              216
 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK                  403

ssl/d1_lib.c

@@ -278,7 +278,7 @@ struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft)
 
     /*
      * If remaining time is less than 15 ms, set it to 0 to prevent issues
-     * because of small devergences with socket timeouts.
+     * because of small divergences with socket timeouts.
      */
     if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
         memset(timeleft, 0, sizeof(*timeleft));
@@ -952,7 +952,7 @@ int dtls1_heartbeat(SSL *s)
 
     /*-
      * Create HeartBeat message, we just use a sequence number
-     * as payload to distuingish different messages and add
+     * as payload to distinguish different messages and add
      * some random stuff.
      */
     size = HEARTBEAT_SIZE(payload, padding);

ssl/ssl_conf.c

@@ -14,7 +14,7 @@
 #include <openssl/dh.h>
 
 /*
- * structure holding name tables. This is used for pemitted elements in lists
+ * structure holding name tables. This is used for permitted elements in lists
  * such as TLSv1.
  */
 

ssl/ssl_err.c

@@ -443,8 +443,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
     {ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"},
     {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST), "no required digest"},
     {ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"},
-    {ERR_REASON(SSL_R_NO_SHARED_SIGATURE_ALGORITHMS),
+    {ERR_REASON(SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS),
-     "no shared sigature algorithms"},
+     "no shared signature algorithms"},
     {ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"},
     {ERR_REASON(SSL_R_NO_VALID_SCTS), "no valid scts"},
     {ERR_REASON(SSL_R_NO_VERIFY_COOKIE_CALLBACK),

ssl/ssl_lib.c

@@ -2041,7 +2041,7 @@ int SSL_get_servername_type(const SSL *s)
  * is indicated to the callback. In this case, the client application has to
  * abort the connection or have a default application level protocol. 2) If
  * the server supports NPN, but advertises an empty list then the client
- * selects the first protcol in its list, but indicates via the API that this
+ * selects the first protocol in its list, but indicates via the API that this
  * fallback case was enacted. 3) Otherwise, the client finds the first
  * protocol in the server's list that it supports and selects this protocol.
  * This is because it's assumed that the server has better information about
@@ -4116,7 +4116,7 @@ int ssl_validate_ct(SSL *s)
      * value is negative.
      *
      * XXX: One might well argue that the return value of this function is an
-     * unforunate design choice.  Its job is only to determine the validation
+     * unfortunate design choice.  Its job is only to determine the validation
      * status of each of the provided SCTs.  So long as it correctly separates
      * the wheat from the chaff it should return success.  Failure in this case
      * ought to correspond to an inability to carry out its duties.

ssl/t1_enc.c

@@ -141,7 +141,7 @@ int tls1_change_cipher_state(SSL *s, int which)
             goto err;
         else
             /*
-             * make sure it's intialized in case we exit later with an error
+             * make sure it's initialised in case we exit later with an error
              */
             EVP_CIPHER_CTX_reset(s->enc_read_ctx);
         dd = s->enc_read_ctx;

ssl/t1_lib.c

@@ -2648,7 +2648,7 @@ int tls1_set_server_sigalgs(SSL *s)
         /* Fatal error is no shared signature algorithms */
         if (!s->cert->shared_sigalgs) {
             SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS,
-                   SSL_R_NO_SHARED_SIGATURE_ALGORITHMS);
+                   SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS);
             al = SSL_AD_ILLEGAL_PARAMETER;
             goto err;
         }