Fix typos found by codespell

Typos in doc/man* will be fixed in a different commit.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20910)

7 files changed, 11 insertions, 11 deletions

diff --git a/ssl/quic/quic_ackm.c b/ssl/quic/quic_ackm.c
index 7478d5fc24..4caf146c61 100644
--- a/ssl/quic/quic_ackm.c
+++ b/ssl/quic/quic_ackm.c
@@ -317,7 +317,7 @@ tx_pkt_history_remove(struct tx_pkt_history_st *h, uint64_t pkt_num)
  * n) will no longer be processed. Although datagrams may be reordered in the
  * network, a PN we receive can only become provably ACKed after our own
  * subsequently generated ACK frame is sent in a future TX packet, and then we
- * receive another RX PN acknowleding that TX packet. This means that a given RX
+ * receive another RX PN acknowledging that TX packet. This means that a given RX
  * PN can only become provably ACKed at least 1 RTT after it is received; it is
  * unlikely that any reordered datagrams will still be "in the network" (and not
  * lost) by this time. If this does occur for whatever reason and a late PN is
@@ -334,7 +334,7 @@ tx_pkt_history_remove(struct tx_pkt_history_st *h, uint64_t pkt_num)
  * we use to keep track of which PNs we have received but which have not yet
  * been provably ACKed, and thus will later need to generate an ACK frame for.
  *
- * The correspondance with the logical states discussed above is as follows. A
+ * The correspondence with the logical states discussed above is as follows. A
  * PN is in state (C) if it is below the watermark; otherwise it is in state (B)
  * if it is in the logical set of PNs, and in state (A) otherwise.
  *
@@ -430,7 +430,7 @@ static void rx_pkt_history_trim_range_count(struct rx_pkt_history_st *h)
     }
 
     /*
-     * Bump watermark to cover all PNs we removed to avoid accidential
+     * Bump watermark to cover all PNs we removed to avoid accidental
      * reprocessing of packets.
      */
     if (highest != QUIC_PN_INVALID)
diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index aa4233c51d..16b52861a8 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -2078,7 +2078,7 @@ static void ch_start_terminating(QUIC_CHANNEL *ch,
     case QUIC_CHANNEL_STATE_TERMINATING_DRAINING:
         /*
          * Other than in the force-immediate case, we remain here until the
-         * timout expires.
+         * timeout expires.
          */
         if (force_immediate)
             ch_on_terminating_timeout(ch);
diff --git a/ssl/quic/quic_channel_local.h b/ssl/quic/quic_channel_local.h
index b945f36542..3854567b36 100644
--- a/ssl/quic/quic_channel_local.h
+++ b/ssl/quic/quic_channel_local.h
@@ -12,7 +12,7 @@
  * QUIC channel internals. It is intended that only the QUIC_CHANNEL
  * implementation and the RX depacketiser be allowed to access this structure
  * directly. As the RX depacketiser has no state of its own and computes over a
- * QUIC_CHANNEL structure, it can be viewed as an extention of the QUIC_CHANNEL
+ * QUIC_CHANNEL structure, it can be viewed as an extension of the QUIC_CHANNEL
  * implementation. While the RX depacketiser could be provided with adequate
  * accessors to do what it needs, this would weaken the abstraction provided by
  * the QUIC_CHANNEL to other components; moreover the coupling of the RX
diff --git a/ssl/record/methods/recmethod_local.h b/ssl/record/methods/recmethod_local.h
index 9454ca56b8..b5dfaf30d2 100644
--- a/ssl/record/methods/recmethod_local.h
+++ b/ssl/record/methods/recmethod_local.h
@@ -255,7 +255,7 @@ struct ossl_record_layer_st
     /* each decoded record goes in here */
     TLS_RL_RECORD rrec[SSL_MAX_PIPELINES];
 
-    /* How many records have we got available in the rrec bufer */
+    /* How many records have we got available in the rrec buffer */
     size_t num_recs;
 
     /* The record number in the rrec buffer that can be read next */
@@ -313,7 +313,7 @@ struct ossl_record_layer_st
      */
     unsigned int max_frag_len;
 
-    /* The maxium amount of early data we can receive/send */
+    /* The maximum amount of early data we can receive/send */
     uint32_t max_early_data;
 
     /* The amount of early data that we have sent/received */
@@ -355,7 +355,7 @@ struct ossl_record_layer_st
     DTLS_BITMAP next_bitmap;
 
     /*
-     * Whether we are currently in a hanshake or not. Only maintained for DTLS
+     * Whether we are currently in a handshake or not. Only maintained for DTLS
      */
     int in_init;
 
diff --git a/ssl/record/methods/tls1_meth.c b/ssl/record/methods/tls1_meth.c
index 139da76fc6..6112c349a1 100644
--- a/ssl/record/methods/tls1_meth.c
+++ b/ssl/record/methods/tls1_meth.c
@@ -121,7 +121,7 @@ static int tls1_set_crypto_state(OSSL_RECORD_LAYER *rl, int level,
             && !ossl_set_tls_provider_parameters(rl, ciph_ctx, ciph, md))
         return OSSL_RECORD_RETURN_FATAL;
 
-    /* Calculate the explict IV length */
+    /* Calculate the explicit IV length */
     if (RLAYER_USE_EXPLICIT_IV(rl)) {
         int mode = EVP_CIPHER_CTX_get_mode(ciph_ctx);
         int eivlen = 0;
diff --git a/ssl/statem/statem_lib.c b/ssl/statem/statem_lib.c
index c2fca8bb12..635e84a764 100644
--- a/ssl/statem/statem_lib.c
+++ b/ssl/statem/statem_lib.c
@@ -1355,7 +1355,7 @@ unsigned long tls_output_rpk(SSL_CONNECTION *sc, WPACKET *pkt, CERT_PKEY *cpk)
 
     if (SSL_CONNECTION_IS_TLS13(sc)) {
         /*
-         * Only send extensions relevent to raw public keys. Until such
+         * Only send extensions relevant to raw public keys. Until such
          * extensions are defined, this will be an empty set of extensions.
          * |x509| may be NULL, which raw public-key extensions need to handle.
          */
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index 6eb98040e8..b1ece8dd97 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -379,7 +379,7 @@ static int send_server_key_exchange(SSL_CONNECTION *s)
 }
 
 /*
- * Used to determine if we shoud send a CompressedCertificate message
+ * Used to determine if we should send a CompressedCertificate message
  *
  * Returns the algorithm to use, TLSEXT_comp_cert_none means no compression
  */