various spelling fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

12 files changed, 25 insertions, 24 deletions

diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 6d75225cce..193f603374 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -797,7 +797,7 @@ int DTLSv1_listen(SSL *s, BIO_ADDR *client)
             }
 
             /*
-             * This is unneccessary if rbio and wbio are one and the same - but
+             * This is unnecessary if rbio and wbio are one and the same - but
              * maybe they're not. We ignore errors here - some BIOs do not
              * support this.
              */
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index 00af44e09d..6f9ac96d05 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -666,7 +666,7 @@ int dtls1_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
 
         if (dest_maxlen > 0) {
             /*
-             * XDTLS: In a pathalogical case, the Client Hello may be
+             * XDTLS: In a pathological case, the Client Hello may be
              * fragmented--don't always expect dest_maxlen bytes
              */
             if (SSL3_RECORD_get_length(rr)  < dest_maxlen) {
diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 773a6d68d9..4a5907b6f3 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -495,7 +495,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
     /*
      * Depending on platform multi-block can deliver several *times*
      * better performance. Downside is that it has to allocate
-     * jumbo buffer to accomodate up to 8 records, but the
+     * jumbo buffer to accommodate up to 8 records, but the
      * compromise is considered worthy.
      */
     if (type == SSL3_RT_APPLICATION_DATA &&
@@ -631,7 +631,7 @@ int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
     split_send_fragment = s->split_send_fragment;
     /*
      * If max_pipelines is 0 then this means "undefined" and we default to
-     * 1 pipeline. Similaraly if the cipher does not support pipelined
+     * 1 pipeline. Similarly if the cipher does not support pipelined
      * processing then we also only use 1 pipeline, or if we're not using
      * explicit IVs
      */
@@ -810,7 +810,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
         /*
          * extra fragment would be couple of cipher blocks, which would be
          * multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
-         * payload, then we can just pretent we simply have two headers.
+         * payload, then we can just pretend we simply have two headers.
          */
         align = (size_t)SSL3_BUFFER_get_buf(wb) + 2 * SSL3_RT_HEADER_LENGTH;
         align = (0-align) & (SSL3_ALIGN_PAYLOAD - 1);
@@ -862,7 +862,7 @@ int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
 
         *(outbuf[j]++) = (s->version >> 8);
         /*
-         * Some servers hang if iniatial client hello is larger than 256 bytes
+         * Some servers hang if initial client hello is larger than 256 bytes
          * and record version number > TLS 1.0
          */
         if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO
@@ -1445,7 +1445,7 @@ int ssl3_read_bytes(SSL *s, int type, int *recvd_type, unsigned char *buf,
             /*
              * This is a warning but we receive it if we requested
              * renegotiation and the peer denied it. Terminate with a fatal
-             * alert because if application tried to renegotiatie it
+             * alert because if application tried to renegotiate it
              * presumably had a good reason and expects it to succeed. In
              * future we might have a renegotiation where we don't care if
              * the peer refused it where we carry on.
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 35ef9487f9..ec5ff9be53 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -231,7 +231,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
             goto err;
         else
             /*
-             * make sure it's intialized in case we exit later with an error
+             * make sure it's initialised in case we exit later with an error
              */
             EVP_CIPHER_CTX_reset(s->enc_read_ctx);
         dd = s->enc_read_ctx;
@@ -262,7 +262,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
             goto err;
         else
             /*
-             * make sure it's intialized in case we exit later with an error
+             * make sure it's initialised in case we exit later with an error
              */
             EVP_CIPHER_CTX_reset(s->enc_write_ctx);
         dd = s->enc_write_ctx;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ef65050cc4..fc2aac890e 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3839,7 +3839,7 @@ int ssl3_shutdown(SSL *s)
         if (ret == -1) {
             /*
              * we only get to return -1 here the 2nd/Nth invocation, we must
-             * have already signalled return 0 upon a previous invoation,
+             * have already signalled return 0 upon a previous invocation,
              * return WANT_WRITE
              */
             return (ret);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 24ac352d1d..8668a595e1 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -842,7 +842,7 @@ static int ssl_add_cert_to_buf(BUF_MEM *buf, unsigned long *l, X509 *x)
     return 1;
 }
 
-/* Add certificate chain to internal SSL BUF_MEM strcuture */
+/* Add certificate chain to internal SSL BUF_MEM structure */
 int ssl_add_cert_chain(SSL *s, CERT_PKEY *cpk, unsigned long *l)
 {
     BUF_MEM *buf = s->init_buf;
diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
index d0cadc60f0..8e00743e64 100644
--- a/ssl/ssl_err.c
+++ b/ssl/ssl_err.c
@@ -588,7 +588,7 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
     {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"},
     {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"},
     {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING),
-     "required compresssion algorithm missing"},
+     "required compression algorithm missing"},
     {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING),
      "scsv received when renegotiating"},
     {ERR_REASON(SSL_R_SCT_VERIFICATION_FAILED), "sct verification failed"},
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index e6511895ce..a289d3af73 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -3706,7 +3706,7 @@ void SSL_set_not_resumable_session_callback(SSL *ssl,
 
 /*
  * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
- * vairable, freeing EVP_MD_CTX previously stored in that variable, if any.
+ * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
  * If EVP_MD pointer is passed, initializes ctx with this md Returns newly
  * allocated ctx;
  */
diff --git a/ssl/ssl_txt.c b/ssl/ssl_txt.c
index b2c6bf7ce6..e0f82eccf1 100644
--- a/ssl/ssl_txt.c
+++ b/ssl/ssl_txt.c
@@ -238,7 +238,7 @@ int SSL_SESSION_print_keylog(BIO *bp, const SSL_SESSION *x)
 
     /*
      * the RSA prefix is required by the format's definition although there's
-     * nothing RSA-specifc in the output, therefore, we don't have to check if
+     * nothing RSA-specific in the output, therefore, we don't have to check if
      * the cipher suite is based on RSA
      */
     if (BIO_puts(bp, "RSA ") <= 0)
diff --git a/ssl/statem/statem.h b/ssl/statem/statem.h
index 263a395392..f8f79cfa35 100644
--- a/ssl/statem/statem.h
+++ b/ssl/statem/statem.h
@@ -54,7 +54,7 @@
 
 /*****************************************************************************
  *                                                                           *
- * These emums should be considered PRIVATE to the state machine. No         *
+ * These enums should be considered PRIVATE to the state machine. No         *
  * non-state machine code should need to use these                           *
  *                                                                           *
  *****************************************************************************/
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index 73f54bcb96..08b8c7d0e7 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -870,7 +870,7 @@ int tls_construct_client_hello(SSL *s)
      *      1. Client hello indicates TLS 1.2
      *      2. Server hello says TLS 1.0
      *      3. RSA encrypted premaster secret uses 1.2.
-     *      4. Handhaked proceeds using TLS 1.0.
+     *      4. Handshake proceeds using TLS 1.0.
      *      5. Server sends hello request to renegotiate.
      *      6. Client hello indicates TLS v1.0 as we now
      *         know that is maximum server supports.
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index a20e85fb4b..26feac96fa 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -767,7 +767,7 @@ static int tls1_check_cert_param(SSL *s, X509 *x, int set_ee_md)
 
 # ifndef OPENSSL_NO_EC
 /*
- * tls1_check_ec_tmp_key - Check EC temporary key compatiblity
+ * tls1_check_ec_tmp_key - Check EC temporary key compatibility
  * @s: SSL connection
  * @cid: Cipher ID we're considering using
  *
@@ -1179,7 +1179,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
 
         /*-
          * check for enough space.
-         * 4 for the servername type and entension length
+         * 4 for the servername type and extension length
          * 2 for servernamelist length
          * 1 for the hostname type
          * 2 for hostname length
@@ -1217,7 +1217,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
 
         /*-
          * check for enough space.
-         * 4 for the srp type type and entension length
+         * 4 for the srp type type and extension length
          * 1 for the srp user identity
          * + srp user identity length
          */
@@ -1412,7 +1412,7 @@ unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *buf,
 #ifndef OPENSSL_NO_NEXTPROTONEG
     if (s->ctx->next_proto_select_cb && !s->s3->tmp.finish_md_len) {
         /*
-         * The client advertises an emtpy extension to indicate its support
+         * The client advertises an empty extension to indicate its support
          * for Next Protocol Negotiation
          */
         if (limit - ret - 4 < 0)
@@ -2002,7 +2002,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
             /*
              * Although the server_name extension was intended to be
              * extensible to new name types, RFC 4366 defined the
-             * syntax inextensibly and OpenSSL 1.0.x parses it as
+             * syntax inextensibility and OpenSSL 1.0.x parses it as
              * such.
              * RFC 6066 corrected the mistake but adding new name types
              * is nevertheless no longer feasible, so act as if no other
@@ -2231,7 +2231,7 @@ static int ssl_scan_clienthello_tlsext(SSL *s, PACKET *pkt, int *al)
              *
              * s->new_session will be set on renegotiation, but we
              * probably shouldn't rely that it couldn't be set on
-             * the initial renegotation too in certain cases (when
+             * the initial renegotiation too in certain cases (when
              * there's some other reason to disallow resuming an
              * earlier session -- the current code won't be doing
              * anything like that, but this might change).
@@ -2733,7 +2733,8 @@ int tls1_set_server_sigalgs(SSL *s)
 {
     int al;
     size_t i;
-    /* Clear any shared sigtnature algorithms */
+
+    /* Clear any shared signature algorithms */
     OPENSSL_free(s->cert->shared_sigalgs);
     s->cert->shared_sigalgs = NULL;
     s->cert->shared_sigalgslen = 0;
@@ -3071,7 +3072,7 @@ end:
  * tls_decrypt_ticket attempts to decrypt a session ticket.
  *
  *   etick: points to the body of the session ticket extension.
- *   eticklen: the length of the session tickets extenion.
+ *   eticklen: the length of the session tickets extension.
  *   sess_id: points at the session ID.
  *   sesslen: the length of the session ID.
  *   psess: (output) on return, if a ticket was decrypted, then this is set to