From 0aaa71b90a9460e0e57c8e45163d1b2ba16e2d64 Mon Sep 17 00:00:00 2001 From: Dimitris Apostolou Date: Mon, 3 Jan 2022 01:00:27 +0200 Subject: Fix typos Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/17392) (cherry picked from commit e304aa87b35fac5ea97c405dd3c21549faa45e78) --- Configure | 4 ++-- INSTALL.md | 2 +- README-ENGINES.md | 2 +- apps/cmp.c | 2 +- apps/include/http_server.h | 2 +- configdata.pm.in | 4 ++-- crypto/aes/asm/aesv8-armx.pl | 6 +++--- crypto/bn/asm/rsaz-2k-avx512.pl | 2 +- crypto/bn/asm/rsaz-3k-avx512.pl | 2 +- crypto/bn/asm/rsaz-4k-avx512.pl | 2 +- crypto/cmp/cmp_vfy.c | 6 +++--- crypto/context.c | 2 +- crypto/ec/ec2_oct.c | 2 +- crypto/encode_decode/encoder_lib.c | 2 +- crypto/evp/ctrl_params_translate.c | 2 +- crypto/evp/m_sigver.c | 2 +- crypto/ffc/ffc_params_generate.c | 2 +- crypto/rsa/rsa_lib.c | 2 +- crypto/x509/v3_ist.c | 2 +- crypto/x509/v3_utf8.c | 2 +- crypto/x509/v3_utl.c | 2 +- crypto/x509/x_pubkey.c | 2 +- demos/mac/gmac.c | 2 +- dev/release-aux/README.md | 2 +- dev/release.sh | 4 ++-- doc/internal/man3/OPTIONS.pod | 2 +- doc/internal/man3/ossl_random_add_conf_module.pod | 2 +- doc/internal/man7/EVP_PKEY.pod | 2 +- doc/man1/openssl-genpkey.pod.in | 4 ++-- doc/man1/openssl-s_client.pod.in | 2 +- doc/man1/openssl-verification-options.pod | 2 +- doc/man3/ASN1_aux_cb.pod | 4 ++-- doc/man3/ASN1_item_sign.pod | 4 ++-- doc/man3/BIO_s_core.pod | 2 +- doc/man3/BN_rand.pod | 2 +- doc/man3/CONF_modules_load_file.pod | 2 +- doc/man3/DH_get0_pqg.pod | 2 +- doc/man3/EVP_EncryptInit.pod | 2 +- doc/man3/EVP_KEYMGMT.pod | 2 +- doc/man3/EVP_PKEY2PKCS8.pod | 2 +- doc/man3/EVP_PKEY_derive.pod | 2 +- doc/man3/EVP_PKEY_gettable_params.pod | 2 +- doc/man3/EVP_PKEY_new.pod | 2 +- doc/man3/EVP_PKEY_todata.pod | 2 +- doc/man3/OCSP_resp_find_status.pod | 2 +- doc/man3/OCSP_sendreq_new.pod | 2 +- doc/man3/OSSL_CMP_log_open.pod | 2 +- doc/man3/OSSL_DECODER.pod | 2 +- doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod | 4 ++-- doc/man3/OSSL_ENCODER.pod | 2 +- doc/man3/OSSL_ENCODER_CTX.pod | 4 ++-- doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod | 2 +- doc/man3/OSSL_ESS_check_signing_certs.pod | 2 +- doc/man3/OSSL_HTTP_REQ_CTX.pod | 2 +- doc/man3/OSSL_HTTP_parse_url.pod | 2 +- doc/man3/OSSL_PARAM.pod | 2 +- doc/man3/OSSL_PARAM_int.pod | 6 +++--- doc/man3/OSSL_STORE_LOADER.pod | 2 +- doc/man3/OSSL_trace_set_channel.pod | 2 +- doc/man3/PKCS12_decrypt_skey.pod | 2 +- doc/man3/PKCS12_gen_mac.pod | 2 +- doc/man3/RAND_bytes.pod | 2 +- doc/man3/RSA_get0_key.pod | 2 +- doc/man3/SSL_CTX_set_tmp_dh_callback.pod | 4 ++-- doc/man3/X509_VERIFY_PARAM_set_flags.pod | 2 +- doc/man3/X509_add_cert.pod | 2 +- doc/man3/X509_digest.pod | 4 ++-- doc/man3/X509_dup.pod | 2 +- doc/man5/config.pod | 2 +- doc/man7/EVP_PKEY-EC.pod | 6 +++--- doc/man7/crypto.pod | 2 +- doc/man7/fips_module.pod | 2 +- doc/man7/life_cycle-pkey.pod | 4 ++-- doc/man7/migration_guide.pod | 10 +++++----- doc/man7/openssl-glossary.pod | 6 +++--- doc/man7/provider-kdf.pod | 2 +- doc/man7/provider-object.pod | 2 +- include/openssl/core_dispatch.h | 2 +- providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc | 2 +- providers/implementations/encode_decode/encode_key2any.c | 2 +- providers/implementations/keymgmt/kdf_legacy_kmgmt.c | 2 +- providers/implementations/keymgmt/mac_legacy_kmgmt.c | 2 +- providers/implementations/signature/sm2_sig.c | 6 +++--- ssl/statem/statem_srvr.c | 2 +- test/cmp_vfy_test.c | 2 +- test/evp_extra_test.c | 4 ++-- test/param_build_test.c | 4 ++-- test/params_api_test.c | 2 +- test/params_test.c | 2 +- test/recipes/70-test_sslrecords.t | 2 +- test/recipes/90-test_threads.t | 2 +- test/ssl-tests/28-seclevel.cnf.in | 4 ++-- test/sslapitest.c | 2 +- test/tls-provider.c | 6 +++--- util/add-depends.pl | 2 +- 95 files changed, 127 insertions(+), 127 deletions(-) diff --git a/Configure b/Configure index d00315a3dc..e79fbd669f 100755 --- a/Configure +++ b/Configure @@ -603,7 +603,7 @@ my @disable_cascades = ( # Without shared libraries, dynamic engines aren't possible. # This is due to them having to link with libcrypto and register features # using the ENGINE functionality, and since that relies on global tables, - # those *have* to be exacty the same as the ones accessed from the app, + # those *have* to be exactly the same as the ones accessed from the app, # which cannot be guaranteed if shared libraries aren't present. # (note that even with shared libraries, both the app and dynamic engines # must be linked with the same library) @@ -1791,7 +1791,7 @@ my %skipdir = (); my %disabled_info = (); # For configdata.pm foreach my $what (sort keys %disabled) { # There are deprecated disablables that translate to themselves. - # They cause disabling cascades, but should otherwise not regiter. + # They cause disabling cascades, but should otherwise not register. next if $deprecated_disablables{$what}; # The generated $disabled{"deprecated-x.y"} entries are special # and treated properly elsewhere diff --git a/INSTALL.md b/INSTALL.md index 81ce117528..1812e5d5bb 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -1606,7 +1606,7 @@ working incorrectly. If you think you encountered a bug, please Along with a short description of the bug, please provide the complete configure command line and the relevant output including the error message. -Note: To make the output readable, pleace add a 'code fence' (three backquotes +Note: To make the output readable, please add a 'code fence' (three backquotes ` ``` ` on a separate line) before and after your output: ``` diff --git a/README-ENGINES.md b/README-ENGINES.md index 9874276f13..3a702db81e 100644 --- a/README-ENGINES.md +++ b/README-ENGINES.md @@ -8,7 +8,7 @@ The ENGINE API was introduced in OpenSSL version 0.9.6 as a low level interface for adding alternative implementations of cryptographic primitives, most notably for integrating hardware crypto devices. -The ENGINE interface has its limitations and it has been superseeded +The ENGINE interface has its limitations and it has been superseded by the [PROVIDER API](README-PROVIDERS.md), it is deprecated in OpenSSL version 3.0. The following documentation is retained as an aid for users who need to maintain or support existing ENGINE implementations. diff --git a/apps/cmp.c b/apps/cmp.c index f98e5ab938..cb09fa2a2c 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -1101,7 +1101,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine) if (opt_grant_implicitconf) (void)OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(srv_ctx, 1); - if (opt_failure != INT_MIN) { /* option has been set explicity */ + if (opt_failure != INT_MIN) { /* option has been set explicitly */ if (opt_failure < 0 || OSSL_CMP_PKIFAILUREINFO_MAX < opt_failure) { CMP_err1("-failure out of range, should be >= 0 and <= %d", OSSL_CMP_PKIFAILUREINFO_MAX); diff --git a/apps/include/http_server.h b/apps/include/http_server.h index 8c339660a6..5ad8ed5e86 100644 --- a/apps/include/http_server.h +++ b/apps/include/http_server.h @@ -93,7 +93,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq, * Send an ASN.1-formatted HTTP response * cbio: destination BIO (typically as returned by http_server_get_asn1_req()) * note: cbio should not do an encoding that changes the output length - * keep_alive: grant persistent connnection + * keep_alive: grant persistent connection * content_type: string identifying the type of the response * it: the response ASN.1 type * resp: the response to send diff --git a/configdata.pm.in b/configdata.pm.in index bef9060846..840e23b6c1 100644 --- a/configdata.pm.in +++ b/configdata.pm.in @@ -20,7 +20,7 @@ # Unix form /VOLUME/DIR1/DIR2/FILE, which is what VMS perl supports # for 'use lib'. - # Start with spliting the native path + # Start with splitting the native path (my $vol, my $dirs, my $file) = File::Spec->splitpath($path); my @dirs = File::Spec->splitdir($dirs); @@ -89,7 +89,7 @@ unless (caller) { if (scalar @ARGV == 0) { # With no arguments, re-create the build file # We do that in two steps, where the first step emits perl - # snipets. + # snippets. my $buildfile = $target{build_file}; my $buildfile_template = "$buildfile.in"; diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl index ed5ae4207c..835bd49c11 100755 --- a/crypto/aes/asm/aesv8-armx.pl +++ b/crypto/aes/asm/aesv8-armx.pl @@ -417,7 +417,7 @@ ___ # If lsize < 3*16 bytes, treat them as the tail, interleave the # two blocks AES instructions. # There is one special case, if the original input data size dsize -# = 16 bytes, we will treat it seperately to improve the +# = 16 bytes, we will treat it separately to improve the # performance: one independent code block without LR, FP load and # store, just looks like what the original ECB implementation does. @@ -2222,7 +2222,7 @@ ___ # will be processed specially, which be integrated into the 5*16 bytes # loop to improve the efficiency. # There is one special case, if the original input data size dsize -# = 16 bytes, we will treat it seperately to improve the +# = 16 bytes, we will treat it separately to improve the # performance: one independent code block without LR, FP load and # store. # Encryption will process the (length -tailcnt) bytes as mentioned @@ -3555,7 +3555,7 @@ $code.=<<___ if ($flavour =~ /64/); cbnz x2,.Lxts_dec_1st_done vld1.32 {$dat0},[$inp],#16 - // Decrypt the last secod block to get the last plain text block + // Decrypt the last second block to get the last plain text block .Lxts_dec_1st_done: eor $tmpin,$dat0,$iv1 ldr $rounds,[$key1,#240] diff --git a/crypto/bn/asm/rsaz-2k-avx512.pl b/crypto/bn/asm/rsaz-2k-avx512.pl index 80bc4a51b2..2ae7f70b72 100644 --- a/crypto/bn/asm/rsaz-2k-avx512.pl +++ b/crypto/bn/asm/rsaz-2k-avx512.pl @@ -97,7 +97,7 @@ ___ # specified in the original algorithm as according to the Lemma 1 from the paper # [2], the result will be always < 2*m and can be used as a direct input to # the next AMM iteration. This post-condition is true, provided the correct -# parameter |s| (notion of the Lemma 1 from [2]) is choosen, i.e. s >= n + 2 * k, +# parameter |s| (notion of the Lemma 1 from [2]) is chosen, i.e. s >= n + 2 * k, # which matches our case: 1040 > 1024 + 2 * 1. # # [1] Gueron, S. Efficient software implementations of modular exponentiation. diff --git a/crypto/bn/asm/rsaz-3k-avx512.pl b/crypto/bn/asm/rsaz-3k-avx512.pl index e294afd294..5e8fa4b35b 100644 --- a/crypto/bn/asm/rsaz-3k-avx512.pl +++ b/crypto/bn/asm/rsaz-3k-avx512.pl @@ -75,7 +75,7 @@ if ($avx512ifma>0) {{{ # specified in the original algorithm as according to the Lemma 1 from the paper # [2], the result will be always < 2*m and can be used as a direct input to # the next AMM iteration. This post-condition is true, provided the correct -# parameter |s| (notion of the Lemma 1 from [2]) is choosen, i.e. s >= n + 2 * k, +# parameter |s| (notion of the Lemma 1 from [2]) is chosen, i.e. s >= n + 2 * k, # which matches our case: 1560 > 1536 + 2 * 1. # # [1] Gueron, S. Efficient software implementations of modular exponentiation. diff --git a/crypto/bn/asm/rsaz-4k-avx512.pl b/crypto/bn/asm/rsaz-4k-avx512.pl index fb5bf10198..417e6dc809 100644 --- a/crypto/bn/asm/rsaz-4k-avx512.pl +++ b/crypto/bn/asm/rsaz-4k-avx512.pl @@ -72,7 +72,7 @@ if ($avx512ifma>0) {{{ # specified in the original algorithm as according to the Lemma 1 from the paper # [2], the result will be always < 2*m and can be used as a direct input to # the next AMM iteration. This post-condition is true, provided the correct -# parameter |s| (notion of the Lemma 1 from [2]) is choosen, i.e. s >= n + 2 * k, +# parameter |s| (notion of the Lemma 1 from [2]) is chosen, i.e. s >= n + 2 * k, # which matches our case: 2080 > 2048 + 2 * 1. # # [1] Gueron, S. Efficient software implementations of modular exponentiation. diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index b9d6fc2bdd..1696685ae9 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -598,7 +598,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) break; } ossl_cmp_debug(ctx, - "sucessfully validated PBM-based CMP message protection"); + "successfully validated PBM-based CMP message protection"); return 1; } ossl_cmp_warn(ctx, "verifying PBM-based CMP message protection failed"); @@ -628,7 +628,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) /* use ctx->srvCert for signature check even if not acceptable */ if (verify_signature(ctx, msg, scrt)) { ossl_cmp_debug(ctx, - "sucessfully validated signature-based CMP message protection"); + "successfully validated signature-based CMP message protection"); return 1; } @@ -646,7 +646,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg) * Any msg->extraCerts are prepended to ctx->untrusted. * * Ensures that: - * its sender is of appropriate type (curently only X509_NAME) and + * its sender is of appropriate type (currently only X509_NAME) and * matches any expected sender or srvCert subject given in the ctx * it has a valid body type * its protection is valid (or invalid/absent, but only if a callback function diff --git a/crypto/context.c b/crypto/context.c index bdfc4d02a3..1647371bb7 100644 --- a/crypto/context.c +++ b/crypto/context.c @@ -404,7 +404,7 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index, * The alloc call ensures there's a value there. We release the ctx->lock * for this, because the allocation itself may recursively call * ossl_lib_ctx_get_data for other indexes (never this one). The allocation - * will itself aquire the ctx->lock when it actually comes to store the + * will itself acquire the ctx->lock when it actually comes to store the * allocated data (see ossl_lib_ctx_generic_new() above). We call * ossl_crypto_alloc_ex_data_intern() here instead of CRYPTO_alloc_ex_data(). * They do the same thing except that the latter calls CRYPTO_get_ex_data() diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c index 10a4932591..0b37c4f802 100644 --- a/crypto/ec/ec2_oct.c +++ b/crypto/ec/ec2_oct.c @@ -272,7 +272,7 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point, } /* - * The first octet is the point converison octet PC, see X9.62, page 4 + * The first octet is the point conversion octet PC, see X9.62, page 4 * and section 4.4.2. It must be: * 0x00 for the point at infinity * 0x02 or 0x03 for compressed form diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c index 7a55c7ab9a..7868da79b7 100644 --- a/crypto/encode_decode/encoder_lib.c +++ b/crypto/encode_decode/encoder_lib.c @@ -522,7 +522,7 @@ static int encoder_process(struct encoder_process_data_st *data) OSSL_TRACE_BEGIN(ENCODER) { BIO_printf(trc_out, - "[%d] Skipping because recusion level %d failed\n", + "[%d] Skipping because recursion level %d failed\n", data->level, new_data.level); } OSSL_TRACE_END(ENCODER); } diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index c767c31643..47a935ce9c 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -2192,7 +2192,7 @@ static const struct translation_st evp_pkey_ctx_translations[] = { OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, /* * The "rsa_oaep_label" ctrl_str expects the value to always be hex. - * This is accomodated by default_fixup_args() above, which mimics that + * This is accommodated by default_fixup_args() above, which mimics that * expectation for any translation item where |ctrl_str| is NULL and * |ctrl_hexstr| is non-NULL. */ diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index 76a6814b42..fc087d2cb6 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -239,7 +239,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, * This might be requested by a later call to EVP_MD_CTX_get0_md(). * In that case the "explicit fetch" rules apply for that * function (as per man pages), i.e. the ref count is not updated - * so the EVP_MD should not be used beyound the lifetime of the + * so the EVP_MD should not be used beyond the lifetime of the * EVP_MD_CTX. */ ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props); diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c index f0601e1644..3431ac7ddd 100644 --- a/crypto/ffc/ffc_params_generate.c +++ b/crypto/ffc/ffc_params_generate.c @@ -435,7 +435,7 @@ static int generate_q_fips186_2(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd, } if (r != 0) goto err; /* Exit if error */ - /* Try another iteration if it wasnt prime - was in old code.. */ + /* Try another iteration if it wasn't prime - was in old code.. */ generate_seed = 1; } err: diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 449097b8b2..9588a75964 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -1105,7 +1105,7 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen) if (ret <= 0) return ret; - /* Ownership is supposed to be transfered to the callee. */ + /* Ownership is supposed to be transferred to the callee. */ OPENSSL_free(label); return 1; } diff --git a/crypto/x509/v3_ist.c b/crypto/x509/v3_ist.c index 0de281f668..069ae0def4 100644 --- a/crypto/x509/v3_ist.c +++ b/crypto/x509/v3_ist.c @@ -17,7 +17,7 @@ /* * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE) - * This extention is required to obtain the status of a qualified certificate at Russian Federation. + * This extension is required to obtain the status of a qualified certificate at Russian Federation. * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5 * Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/ */ diff --git a/crypto/x509/v3_utf8.c b/crypto/x509/v3_utf8.c index 1c4f79c4cd..ab158c2fa0 100644 --- a/crypto/x509/v3_utf8.c +++ b/crypto/x509/v3_utf8.c @@ -16,7 +16,7 @@ /* * Subject Sign Tool (1.2.643.100.111) The name of the tool used to signs the subject (UTF8String) - * This extention is required to obtain the status of a qualified certificate at Russian Federation. + * This extension is required to obtain the status of a qualified certificate at Russian Federation. * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5 * Russian Federal Law 63 "Digital Sign" is available here: http://www.consultant.ru/document/cons_doc_LAW_112701/ */ diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c index 6e4ef26ed6..ba76253029 100644 --- a/crypto/x509/v3_utl.c +++ b/crypto/x509/v3_utl.c @@ -47,7 +47,7 @@ static int x509v3_add_len_value(const char *name, const char *value, if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL) goto err; if (value != NULL) { - /* We don't allow embeded NUL characters */ + /* We don't allow embedded NUL characters */ if (memchr(value, 0, vallen) != NULL) goto err; tvalue = OPENSSL_strndup(value, vallen); diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c index bc90ddd89b..a2855340b8 100644 --- a/crypto/x509/x_pubkey.c +++ b/crypto/x509/x_pubkey.c @@ -170,7 +170,7 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval, /* * Try to decode with legacy method first. This ensures that engines - * aren't overriden by providers. + * aren't overridden by providers. */ if ((ret = x509_pubkey_decode(&pubkey->pkey, pubkey)) == -1) { /* -1 indicates a fatal error, like malloc failure */ diff --git a/demos/mac/gmac.c b/demos/mac/gmac.c index bdaa9b1daa..6866a53ff5 100644 --- a/demos/mac/gmac.c +++ b/demos/mac/gmac.c @@ -85,7 +85,7 @@ int main(int argc, char **argv) goto end; } - /* GMAC requries a GCM mode cipher to be specified */ + /* GMAC requires a GCM mode cipher to be specified */ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER, "AES-128-GCM", 0); diff --git a/dev/release-aux/README.md b/dev/release-aux/README.md index 01c5a20773..a0438f06b2 100644 --- a/dev/release-aux/README.md +++ b/dev/release-aux/README.md @@ -1,4 +1,4 @@ -Auxilliary files for dev/release.sh +Auxillary files for dev/release.sh =================================== - release-state-fn.sh diff --git a/dev/release.sh b/dev/release.sh index a1ddfa4b85..ede8bc2616 100755 --- a/dev/release.sh +++ b/dev/release.sh @@ -228,7 +228,7 @@ elif $force; then : else echo >&2 "Not in master or any recognised release branch" - echo >&2 "Please 'git checkout' an approprite branch" + echo >&2 "Please 'git checkout' an appropriate branch" exit 1 fi orig_HEAD=$(git rev-parse HEAD) @@ -373,7 +373,7 @@ for fixup in "$HERE/dev/release-aux"/fixup-*-release.pl; do perl -pi $fixup $file done -$VERBOSE "== Comitting updates and tagging" +$VERBOSE "== Committing updates and tagging" git add -u git commit $git_quiet -m "Prepare for release of $release_text"$'\n\nRelease: yes' if [ -n "$reviewers" ]; then diff --git a/doc/internal/man3/OPTIONS.pod b/doc/internal/man3/OPTIONS.pod index 90593ca46f..fed879e528 100644 --- a/doc/internal/man3/OPTIONS.pod +++ b/doc/internal/man3/OPTIONS.pod @@ -155,7 +155,7 @@ on multiple lines; each entry should use B, like this: {OPT_MORE_STR, 0, 0, "This flag is not really needed on Unix systems"}, {OPT_MORE_STR, 0, 0, - "(Unix and descendents for ths win!)"} + "(Unix and descendents for the win!)"} Each subsequent line will be indented the correct amount. diff --git a/doc/internal/man3/ossl_random_add_conf_module.pod b/doc/internal/man3/ossl_random_add_conf_module.pod index 6d4f5810dc..f1ea37a68c 100644 --- a/doc/internal/man3/ossl_random_add_conf_module.pod +++ b/doc/internal/man3/ossl_random_add_conf_module.pod @@ -15,7 +15,7 @@ ossl_random_add_conf_module - internal random configuration module ossl_random_add_conf_module() adds the random configuration module for providers. -This allows the type and parameters of the stardard setup of random number +This allows the type and parameters of the standard setup of random number generators to be configured with an OpenSSL L file. =head1 RETURN VALUES diff --git a/doc/internal/man7/EVP_PKEY.pod b/doc/internal/man7/EVP_PKEY.pod index cc738b9c28..ffaff36553 100644 --- a/doc/internal/man7/EVP_PKEY.pod +++ b/doc/internal/man7/EVP_PKEY.pod @@ -19,7 +19,7 @@ private/public key pairs, but has had other uses as well. =for comment "uses" could as well be "abuses"... -The private/public key pair that an B contains is refered to +The private/public key pair that an B contains is referred to as its "internal key" or "origin" (the reason for "origin" is explained further down, in L), and it can take one of the following forms: diff --git a/doc/man1/openssl-genpkey.pod.in b/doc/man1/openssl-genpkey.pod.in index 1815306708..1a5bedc22c 100644 --- a/doc/man1/openssl-genpkey.pod.in +++ b/doc/man1/openssl-genpkey.pod.in @@ -278,7 +278,7 @@ RFC5114 names "dh_1024_160", "dh_2048_224", "dh_2048_256". If this option is set, then the appropriate RFC5114 parameters are used instead of generating new parameters. The value I can be one of -1, 2 or 3 that are equivalant to using the option B with one of +1, 2 or 3 that are equivalent to using the option B with one of "dh_1024_160", "dh_2048_224" or "dh_2048_256". All other options will be ignored if this value is set. @@ -333,7 +333,7 @@ The B option must be B<"DH">. =item "default" Selects a default type based on the B. This is used by the -OpenSSL default provider to set the type for backwards compatability. +OpenSSL default provider to set the type for backwards compatibility. If B is B<"DH"> then B<"generator"> is used. If B is B<"DHX"> then B<"fips186_2"> is used. diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in index c921e3b4a2..b8ba2fc54f 100644 --- a/doc/man1/openssl-s_client.pod.in +++ b/doc/man1/openssl-s_client.pod.in @@ -274,7 +274,7 @@ See L for details. =item B<-pass> I -the private key and certifiate file password source. +the private key and certificate file password source. For more information about the format of I see L. diff --git a/doc/man1/openssl-verification-options.pod b/doc/man1/openssl-verification-options.pod index 5fa3907c28..2542afece5 100644 --- a/doc/man1/openssl-verification-options.pod +++ b/doc/man1/openssl-verification-options.pod @@ -92,7 +92,7 @@ It does not have a negative trust attribute rejecting the given use. =item * It has a positive trust attribute accepting the given use -or (by default) one of the following compatibilty conditions apply: +or (by default) one of the following compatibility conditions apply: It is self-signed or the B<-partial_chain> option is given (which corresponds to the B flag being set). diff --git a/doc/man3/ASN1_aux_cb.pod b/doc/man3/ASN1_aux_cb.pod index 12f7ddf82d..f14b8ca5cd 100644 --- a/doc/man3/ASN1_aux_cb.pod +++ b/doc/man3/ASN1_aux_cb.pod @@ -3,7 +3,7 @@ =head1 NAME ASN1_AUX, ASN1_PRINT_ARG, ASN1_STREAM_ARG, ASN1_aux_cb, ASN1_aux_const_cb -- ASN.1 auxilliary data +- ASN.1 auxiliary data =head1 SYNOPSIS @@ -45,7 +45,7 @@ ASN.1 data structures can be associated with an B object to supply additional information about the ASN.1 structure. An B structure is associated with the structure during the definition of the ASN.1 template. For example an B structure will be associated by using one of the various -ASN.1 template definition macros that supply auxilliary information such as +ASN.1 template definition macros that supply auxiliary information such as ASN1_SEQUENCE_enc(), ASN1_SEQUENCE_ref(), ASN1_SEQUENCE_cb_const_cb(), ASN1_SEQUENCE_const_cb(), ASN1_SEQUENCE_cb() or ASN1_NDEF_SEQUENCE_cb(). diff --git a/doc/man3/ASN1_item_sign.pod b/doc/man3/ASN1_item_sign.pod index 407268bf17..3e454c25b7 100644 --- a/doc/man3/ASN1_item_sign.pod +++ b/doc/man3/ASN1_item_sign.pod @@ -62,7 +62,7 @@ I are ignored if they are NULL. ASN1_item_sign() is similar to ASN1_item_sign_ex() but uses default values of NULL for the I, I and I. -ASN1_item_sign_ctx() is similiar to ASN1_item_sign() but uses the parameters +ASN1_item_sign_ctx() is similar to ASN1_item_sign() but uses the parameters contained in digest context I. ASN1_item_verify_ex() is used to verify the signature I of internal @@ -77,7 +77,7 @@ See EVP_PKEY_CTX_set1_id() for further info. ASN1_item_verify() is similar to ASN1_item_verify_ex() but uses default values of NULL for the I, I and I. -ASN1_item_verify_ctx() is similiar to ASN1_item_verify() but uses the parameters +ASN1_item_verify_ctx() is similar to ASN1_item_verify() but uses the parameters contained in digest context I. diff --git a/doc/man3/BIO_s_core.pod b/doc/man3/BIO_s_core.pod index fbcd0b5c9c..041f126c54 100644 --- a/doc/man3/BIO_s_core.pod +++ b/doc/man3/BIO_s_core.pod @@ -22,7 +22,7 @@ libcrypto into a provider supply an OSSL_CORE_BIO parameter. This represents a BIO within libcrypto, but cannot be used directly by a provider. Instead it should be wrapped using a BIO_s_core(). -Once a BIO is contructed based on BIO_s_core(), the associated OSSL_CORE_BIO +Once a BIO is constructed based on BIO_s_core(), the associated OSSL_CORE_BIO object should be set on it using BIO_set_data(3). Note that the BIO will only operate correctly if it is associated with a library context constructed using OSSL_LIB_CTX_new_from_dispatch(3). To associate the BIO with a library context diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod index aebad1e72e..c6f528a623 100644 --- a/doc/man3/BN_rand.pod +++ b/doc/man3/BN_rand.pod @@ -59,7 +59,7 @@ BN_rand() is the same as BN_rand_ex() except that the default library context is always used. BN_rand_range_ex() generates a cryptographically strong pseudo-random -number I, of security stength at least I bits, +number I, of security strength at least I bits, in the range 0 E= I E I using the random number generator for the library context associated with I. The parameter I may be NULL in which case the default library context is used. diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod index f96d9a1293..968317789a 100644 --- a/doc/man3/CONF_modules_load_file.pod +++ b/doc/man3/CONF_modules_load_file.pod @@ -34,7 +34,7 @@ as determined by calling CONF_get1_default_config_file(). If B is NULL the standard OpenSSL application name B is used. The behaviour can be customized using B. Note that, the error suppressing -can be overriden by B as described in L. +can be overridden by B as described in L. CONF_modules_load_file() is the same as CONF_modules_load_file_ex() but has a NULL library context. diff --git a/doc/man3/DH_get0_pqg.pod b/doc/man3/DH_get0_pqg.pod index 2afc35c77f..245b413eb6 100644 --- a/doc/man3/DH_get0_pqg.pod +++ b/doc/man3/DH_get0_pqg.pod @@ -40,7 +40,7 @@ see L: All of the functions described on this page are deprecated. Applications should instead use L for any methods that -return a B. Refer to L for more infomation. +return a B. Refer to L for more information. A DH object contains the parameters I

, I and I. Note that the I parameter is optional. It also contains a public key (I) and diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod index 15834349f0..cd87360d14 100644 --- a/doc/man3/EVP_EncryptInit.pod +++ b/doc/man3/EVP_EncryptInit.pod @@ -668,7 +668,7 @@ Note that the block size for a cipher may be different to the block size for the underlying encryption/decryption primitive. For example AES in CTR mode has a block size of 1 (because it operates like a stream cipher), even though AES has a block size of 16. -Use EVP_CIPHER_get_block_size() to retreive the cached value. +Use EVP_CIPHER_get_block_size() to retrieve the cached value. =item "aead" (B) diff --git a/doc/man3/EVP_KEYMGMT.pod b/doc/man3/EVP_KEYMGMT.pod index 6b6e117369..b3a5a7a8d5 100644 --- a/doc/man3/EVP_KEYMGMT.pod +++ b/doc/man3/EVP_KEYMGMT.pod @@ -124,7 +124,7 @@ otherwise 0. EVP_KEYMGMT_get0_name() returns the algorithm name, or NULL on error. -EVP_KEYMGMT_get0_description() returns a pointer to a decription, or NULL if +EVP_KEYMGMT_get0_description() returns a pointer to a description, or NULL if there isn't one. EVP_KEYMGMT_gettable_params(), EVP_KEYMGMT_settable_params() and diff --git a/doc/man3/EVP_PKEY2PKCS8.pod b/doc/man3/EVP_PKEY2PKCS8.pod index 290a3ba359..85e50b277e 100644 --- a/doc/man3/EVP_PKEY2PKCS8.pod +++ b/doc/man3/EVP_PKEY2PKCS8.pod @@ -21,7 +21,7 @@ EVP_PKEY2PKCS8() converts a private key I into a returned PKCS8 object. EVP_PKCS82PKEY_ex() converts a PKCS8 object I into a returned private key. It uses I and I when fetching algorithms. -EVP_PKCS82PKEY() is similiar to EVP_PKCS82PKEY_ex() but uses default values of +EVP_PKCS82PKEY() is similar to EVP_PKCS82PKEY_ex() but uses default values of NULL for the I and I. =head1 RETURN VALUES diff --git a/doc/man3/EVP_PKEY_derive.pod b/doc/man3/EVP_PKEY_derive.pod index d61bb5512f..9a59a99218 100644 --- a/doc/man3/EVP_PKEY_derive.pod +++ b/doc/man3/EVP_PKEY_derive.pod @@ -32,7 +32,7 @@ EVP_PKEY_derive_set_peer_ex() sets the peer key: this will normally be a public key. The I will validate the public key if this value is non zero. -EVP_PKEY_derive_set_peer() is similiar to EVP_PKEY_derive_set_peer_ex() with +EVP_PKEY_derive_set_peer() is similar to EVP_PKEY_derive_set_peer_ex() with I set to 1. EVP_PKEY_derive() derives a shared secret using I. diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod index 1afda9c19b..ba87289937 100644 --- a/doc/man3/EVP_PKEY_gettable_params.pod +++ b/doc/man3/EVP_PKEY_gettable_params.pod @@ -60,7 +60,7 @@ is allocated by the method. EVP_PKEY_get_utf8_string_param() get a key I UTF8 string value into a buffer I of maximum size I associated with a name of -I. The maximum size must be large enough to accomodate the string +I. The maximum size must be large enough to accommodate the string value including a terminating NUL byte, or this function will fail. If I is not NULL, I<*out_len> is set to the length of the string not including the terminating NUL byte. The required buffer size not including diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod index 0ea7062f01..5b83aec308 100644 --- a/doc/man3/EVP_PKEY_new.pod +++ b/doc/man3/EVP_PKEY_new.pod @@ -62,7 +62,7 @@ see L: B is a generic structure to hold diverse types of asymmetric keys (also known as "key pairs"), and can be used for diverse operations, like signing, verifying signatures, key derivation, etc. The asymmetric keys -themselves are often refered to as the "internal key", and are handled by +themselves are often referred to as the "internal key", and are handled by backends, such as providers (through L) or Bs. Conceptually, an B internal key may hold a private key, a public diff --git a/doc/man3/EVP_PKEY_todata.pod b/doc/man3/EVP_PKEY_todata.pod index 98ae484755..df1fccd7f0 100644 --- a/doc/man3/EVP_PKEY_todata.pod +++ b/doc/man3/EVP_PKEY_todata.pod @@ -23,7 +23,7 @@ I is described in L. L should be used to free the returned parameters in I<*params>. -EVP_PKEY_export() is similiar to EVP_PKEY_todata() but uses a callback +EVP_PKEY_export() is similar to EVP_PKEY_todata() but uses a callback I that gets passed the value of I. See L for more information about the callback. Note that the B array that is passed to the callback is not persistent after the diff --git a/doc/man3/OCSP_resp_find_status.pod b/doc/man3/OCSP_resp_find_status.pod index f4afddcdef..49d9cbcafc 100644 --- a/doc/man3/OCSP_resp_find_status.pod +++ b/doc/man3/OCSP_resp_find_status.pod @@ -131,7 +131,7 @@ in L. If I contains B it ignores all certificates in I and in I, else it takes them as untrusted intermediate CA certificates and uses them for constructing the validation path for the signer certificate. -Certicate revocation status checks using CRLs is disabled during path validation +Certificate revocation status checks using CRLs is disabled during path validation if the signer certificate contains the B extension. After successful path validation the function returns success if the B flag is set. diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod index 6e4c8110f1..d2e2e3b42c 100644 --- a/doc/man3/OCSP_sendreq_new.pod +++ b/doc/man3/OCSP_sendreq_new.pod @@ -40,7 +40,7 @@ These functions perform an OCSP POST request / response transfer over HTTP, using the HTTP request functions described in L. The function OCSP_sendreq_new() builds a complete B structure -with the B I to be used for requests and reponse, the URL path I, +with the B I to be used for requests and response, the URL path I, optionally the OCSP request I, and a response header maximum line length of I. If I is zero a default value of 4KiB is used. The I may be set to NULL and provided later using OCSP_REQ_CTX_set1_req() diff --git a/doc/man3/OSSL_CMP_log_open.pod b/doc/man3/OSSL_CMP_log_open.pod index 9a55370e3c..895b98fc65 100644 --- a/doc/man3/OSSL_CMP_log_open.pod +++ b/doc/man3/OSSL_CMP_log_open.pod @@ -89,7 +89,7 @@ As long as neither if the two is used any logging output is ignored. OSSL_CMP_log_close() may be called when all activities are finished to flush any pending CMP-specific log output and deallocate related resources. -It may be called multiple times. It does get called at OpenSSL stutdown. +It may be called multiple times. It does get called at OpenSSL shutdown. OSSL_CMP_print_to_bio() prints the given component info, filename, line number, severity level, and log message or error queue message to the given I. diff --git a/doc/man3/OSSL_DECODER.pod b/doc/man3/OSSL_DECODER.pod index 334f955e16..3f8bbfa537 100644 --- a/doc/man3/OSSL_DECODER.pod +++ b/doc/man3/OSSL_DECODER.pod @@ -116,7 +116,7 @@ multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained by the I object and should not be freed by the caller. -OSSL_DECODER_get0_description() returns a pointer to a decription, or NULL if +OSSL_DECODER_get0_description() returns a pointer to a description, or NULL if there isn't one. OSSL_DECODER_names_do_all() returns 1 if the callback was called for all diff --git a/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod b/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod index 5a01a19ebe..88651198e4 100644 --- a/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod +++ b/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod @@ -41,7 +41,7 @@ them up, so all the caller has to do next is call functions like L. The caller may use the optional I, I, I and I to specify what the input is expected to contain. The I must reference an B variable -that will be set to the newly created B on succesfull decoding. +that will be set to the newly created B on successful decoding. The referenced variable must be initialized to NULL before calling the function. @@ -78,7 +78,7 @@ callback may be specified with the following functions. OSSL_DECODER_CTX_set_pem_password_cb(), OSSL_DECODER_CTX_set_passphrase_ui() and OSSL_DECODER_CTX_set_passphrase_cb() set up a callback method that the implementation can use to prompt for a pass phrase, giving the caller the -choice of prefered pass phrase callback form. These are called indirectly, +choice of preferred pass phrase callback form. These are called indirectly, through an internal B function. The internal B function caches the pass phrase, to diff --git a/doc/man3/OSSL_ENCODER.pod b/doc/man3/OSSL_ENCODER.pod index cfabba2e1d..29ea6c8c8b 100644 --- a/doc/man3/OSSL_ENCODER.pod +++ b/doc/man3/OSSL_ENCODER.pod @@ -117,7 +117,7 @@ multiple synonyms associated with it. In this case the first name from the algorithm definition is returned. Ownership of the returned string is retained by the I object and should not be freed by the caller. -OSSL_ENCODER_get0_description() returns a pointer to a decription, or NULL if +OSSL_ENCODER_get0_description() returns a pointer to a description, or NULL if there isn't one. OSSL_ENCODER_names_do_all() returns 1 if the callback was called for all diff --git a/doc/man3/OSSL_ENCODER_CTX.pod b/doc/man3/OSSL_ENCODER_CTX.pod index 2d7a6a298f..005d0dacb5 100644 --- a/doc/man3/OSSL_ENCODER_CTX.pod +++ b/doc/man3/OSSL_ENCODER_CTX.pod @@ -80,7 +80,7 @@ as DER to PEM, as well as more specialized encoders like RSA to DER. The final output type must be given, and a chain of encoders must end with an implementation that produces that output type. -At the beginning of the encoding process, a contructor provided by the +At the beginning of the encoding process, a constructor provided by the caller is called to ensure that there is an appropriate provider-side object to start with. The constructor is set with OSSL_ENCODER_CTX_set_construct(). @@ -148,7 +148,7 @@ The pointer that was set with OSSL_ENCODE_CTX_set_construct_data(). The constructor is expected to return a valid (non-NULL) pointer to a provider-native object that can be used as first input of an encoding chain, -or NULL to indicate that an error has occured. +or NULL to indicate that an error has occurred. These utility functions may be used by a constructor: diff --git a/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod b/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod index 9db6e3d2a4..b31d28029a 100644 --- a/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod +++ b/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod @@ -78,7 +78,7 @@ following functions. OSSL_ENCODER_CTX_set_pem_password_cb(), OSSL_ENCODER_CTX_set_passphrase_ui() and OSSL_ENCODER_CTX_set_passphrase_cb() sets up a callback method that the implementation can use to prompt for a pass phrase, giving the caller the -choice of prefered pass phrase callback form. These are called indirectly, +choice of preferred pass phrase callback form. These are called indirectly, through an internal B function. =head2 Output types diff --git a/doc/man3/OSSL_ESS_check_signing_certs.pod b/doc/man3/OSSL_ESS_check_signing_certs.pod index bff26193d7..caebcae733 100644 --- a/doc/man3/OSSL_ESS_check_signing_certs.pod +++ b/doc/man3/OSSL_ESS_check_signing_certs.pod @@ -46,7 +46,7 @@ while the list contained in I is of type B. As far as these lists are present, they must be nonempty. The certificate identified by their first entry must be the first element of I, i.e. the signer certificate. -Any further certficates referenced in the list must also be found in I. +Any further certificates referenced in the list must also be found in I. The matching is done using the given certificate hash algorithm and value. In addition to the checks required by RFCs 2624 and 5035, if the B field is included in an B or B diff --git a/doc/man3/OSSL_HTTP_REQ_CTX.pod b/doc/man3/OSSL_HTTP_REQ_CTX.pod index fbe1a152b8..bb4b942212 100644 --- a/doc/man3/OSSL_HTTP_REQ_CTX.pod +++ b/doc/man3/OSSL_HTTP_REQ_CTX.pod @@ -133,7 +133,7 @@ The function may need to be called again if its result is -1, which indicates L. In such a case it is advisable to sleep a little in between, using L on the read BIO to prevent a busy loop. -OSSL_HTTP_REQ_CTX_nbio_d2i() is like OSSL_HTTP_REQ_CTX_nbio() but on successs +OSSL_HTTP_REQ_CTX_nbio_d2i() is like OSSL_HTTP_REQ_CTX_nbio() but on success in addition parses the response, which must be a DER-encoded ASN.1 structure, using the ASN.1 template I and places the result in I<*pval>. diff --git a/doc/man3/OSSL_HTTP_parse_url.pod b/doc/man3/OSSL_HTTP_parse_url.pod index 945e981a73..5c422d3d36 100644 --- a/doc/man3/OSSL_HTTP_parse_url.pod +++ b/doc/man3/OSSL_HTTP_parse_url.pod @@ -57,7 +57,7 @@ The path component is also optional and defaults to C. Each non-NULL result pointer argument I, I, I, I, I, I, and I, is assigned the respective url component. On success, they are guaranteed to contain non-NULL string pointers, else NULL. -It is the reponsibility of the caller to free them using L. +It is the responsibility of the caller to free them using L. If I is NULL, any given query component is handled as part of the path. A string returned via I<*ppath> is guaranteed to begin with a C character. For absent scheme, userinfo, port, query, and fragment components diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod index 0aad61924f..db669c28ea 100644 --- a/doc/man3/OSSL_PARAM.pod +++ b/doc/man3/OSSL_PARAM.pod @@ -108,7 +108,7 @@ B in relation to C strings. When setting parameters, the size should be set to the length of the string, not counting the terminating NUL byte. When requesting parameters, the size should be set to the size of the buffer to be populated, which -should accomodate enough space for a terminating NUL byte. +should accommodate enough space for a terminating NUL byte. When I, it's acceptable for I to be NULL. This can be used by the I to figure out dynamically exactly diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index 9ca725d120..9e03ec4ddc 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -241,7 +241,7 @@ will be assigned the size the parameter's I buffer should have. OSSL_PARAM_get_utf8_string() retrieves a UTF8 string from the parameter pointed to by I

. The string is stored into I<*val> with a size limit of I, -which must be large enough to accomodate a terminating NUL byte, +which must be large enough to accommodate a terminating NUL byte, otherwise this function will fail. If I<*val> is NULL, memory is allocated for the string (including the terminating NUL byte) and I is ignored. @@ -250,14 +250,14 @@ If memory is allocated by this function, it must be freed by the caller. OSSL_PARAM_set_utf8_string() sets a UTF8 string from the parameter pointed to by I

to the value referenced by I. If the parameter's I field isn't NULL, its I must indicate -that the buffer is large enough to accomodate the string that I points at, +that the buffer is large enough to accommodate the string that I points at, not including the terminating NUL byte, or this function will fail. A terminating NUL byte is added only if the parameter's I indicates the buffer is longer than the string length, otherwise the string will not be NUL terminated. If the parameter's I field is NULL, then only its I field will be assigned the minimum size the parameter's I buffer should have -to accomodate the string, not including a terminating NUL byte. +to accommodate the string, not including a terminating NUL byte. OSSL_PARAM_get_octet_string() retrieves an OCTET string from the parameter pointed to by I

. diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod index b1d838604b..03b00e4f6a 100644 --- a/doc/man3/OSSL_STORE_LOADER.pod +++ b/doc/man3/OSSL_STORE_LOADER.pod @@ -327,7 +327,7 @@ definition string, or NULL on error. OSSL_STORE_LOADER_is_a() returns 1 if I was identifiable, otherwise 0. -OSSL_STORE_LOADER_get0_description() returns a pointer to a decription, or NULL if +OSSL_STORE_LOADER_get0_description() returns a pointer to a description, or NULL if there isn't one. The functions with the types B, diff --git a/doc/man3/OSSL_trace_set_channel.pod b/doc/man3/OSSL_trace_set_channel.pod index 56b02ad34f..640f53753c 100644 --- a/doc/man3/OSSL_trace_set_channel.pod +++ b/doc/man3/OSSL_trace_set_channel.pod @@ -46,7 +46,7 @@ by attaching the B I object as (simple) trace channel. OSSL_trace_set_prefix() and OSSL_trace_set_suffix() can be used to add an extra line for each channel, to be output before and after group of tracing output. -What constitues an output group is decided by the code that produces +What constitutes an output group is decided by the code that produces the output. The lines given here are considered immutable; for more dynamic tracing prefixes, consider setting a callback with diff --git a/doc/man3/PKCS12_decrypt_skey.pod b/doc/man3/PKCS12_decrypt_skey.pod index 7a41b2b06c..022067c3b4 100644 --- a/doc/man3/PKCS12_decrypt_skey.pod +++ b/doc/man3/PKCS12_decrypt_skey.pod @@ -21,7 +21,7 @@ decrypt functions PKCS12_decrypt_skey() Decrypt the PKCS#8 shrouded keybag contained within I using the supplied password I of length I. -PKCS12_decrypt_skey_ex() is similar to the above but allows for a library contex +PKCS12_decrypt_skey_ex() is similar to the above but allows for a library context I and property query I to be used to select algorithm implementations. =head1 RETURN VALUES diff --git a/doc/man3/PKCS12_gen_mac.pod b/doc/man3/PKCS12_gen_mac.pod index 53b55e8703..1e72cfabd0 100644 --- a/doc/man3/PKCS12_gen_mac.pod +++ b/doc/man3/PKCS12_gen_mac.pod @@ -21,7 +21,7 @@ PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure =head1 DESCRIPTION PKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the -supplied password along with a set of already configured paramters. +supplied password along with a set of already configured parameters. PKCS12_verify_mac() verifies the PKCS#12 object's HMAC using the supplied password. diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod index ee7ed4af86..df63f786e5 100644 --- a/doc/man3/RAND_bytes.pod +++ b/doc/man3/RAND_bytes.pod @@ -37,7 +37,7 @@ and L. RAND_bytes_ex() and RAND_priv_bytes_ex() are the same as RAND_bytes() and RAND_priv_bytes() except that they both take additional I and -I parameters. The bytes genreated will have a security strength of at +I parameters. The bytes generated will have a security strength of at least I bits. The DRBG used for the operation is the public or private DRBG associated with the specified I. The parameter can be NULL, in which case diff --git a/doc/man3/RSA_get0_key.pod b/doc/man3/RSA_get0_key.pod index 0a0f79125a..90dca47474 100644 --- a/doc/man3/RSA_get0_key.pod +++ b/doc/man3/RSA_get0_key.pod @@ -54,7 +54,7 @@ see L: All of the functions described on this page are deprecated. Applications should instead use L for any methods that -return a B. Refer to L for more infomation. +return a B. Refer to L for more information. An RSA object contains the components for the public and private key, B, B, B, B

, B, B, B and B. B is diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod index 4daf78b8d3..c0d69f6f6a 100644 --- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod +++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod @@ -73,9 +73,9 @@ the built-in parameter support described above. Applications wishing to supply their own DH parameters should call SSL_CTX_set0_tmp_dh_pkey() or SSL_set0_tmp_dh_pkey() to supply the parameters for the B or B respectively. The parameters should be supplied in the I argument as -an B containg DH parameters. Ownership of the I value is +an B containing DH parameters. Ownership of the I value is passed to the B or B object as a result of this call, and so the -caller should not free it if the function call is succesful. +caller should not free it if the function call is successful. The deprecated macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do the same thing as SSL_CTX_set0_tmp_dh_pkey() and SSL_set0_tmp_dh_pkey() except that the diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod index 5c0ca3075b..149cc00d01 100644 --- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod +++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod @@ -221,7 +221,7 @@ X509_VERIFY_PARAM_set1_ip_asc() return 1 for success and 0 for failure. X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), and -X509_VERIFY_PARAM_get1_ip_asc(), return the string pointers pecified above +X509_VERIFY_PARAM_get1_ip_asc(), return the string pointers specified above or NULL if the respective value has not been set or on error. X509_VERIFY_PARAM_get_flags() returns the current verification flags. diff --git a/doc/man3/X509_add_cert.pod b/doc/man3/X509_add_cert.pod index 1512d81701..f6dcc03258 100644 --- a/doc/man3/X509_add_cert.pod +++ b/doc/man3/X509_add_cert.pod @@ -31,7 +31,7 @@ The value B, which equals 0, means no special semantics. If B is set then the reference counts of those certificates added successfully are increased. -If B is set then the certifcates are prepended to I. +If B is set then the certificates are prepended to I. By default they are appended to I. In both cases the original order of the added certificates is preserved. diff --git a/doc/man3/X509_digest.pod b/doc/man3/X509_digest.pod index f4921dbc18..ed58932505 100644 --- a/doc/man3/X509_digest.pod +++ b/doc/man3/X509_digest.pod @@ -44,9 +44,9 @@ X509_digest_sig() calculates a digest of the given certificate I using the same hash algorithm as in its signature, if the digest is an integral part of the certificate signature algorithm identifier. Otherwise, a fallback hash algorithm is determined as follows: -SHA512 if the signature alorithm is ED25519, +SHA512 if the signature algorithm is ED25519, SHAKE256 if it is ED448, otherwise SHA256. -The output parmeters are assigned as follows. +The output parameters are assigned as follows. Unless I is NULL, the hash algorithm used is provided in I<*md_used> and must be freed by the caller (if it is not NULL). Unless I is NULL, diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index 9fc355c7ce..179b887543 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -350,7 +350,7 @@ to generate the function bodies. B_new>() allocates an empty object of the indicated type. The object returned must be released by calling B_free>(). -B_new_ex>() is similiar to B_new>() but also passes the +B_new_ex>() is similar to B_new>() but also passes the library context I and the property query I to use when retrieving algorithms from providers. This created object can then be used when loading binary data using B>(). diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 77a8055e81..1ff76c633f 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -415,7 +415,7 @@ For example: =head2 Random Configuration The name B in the initialization section names the section -containing the random number generater settings. +containing the random number generator settings. Within the random section, the following names have meaning: diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod index d9b1666b2e..d4c8d9e36e 100644 --- a/doc/man7/EVP_PKEY-EC.pod +++ b/doc/man7/EVP_PKEY-EC.pod @@ -15,7 +15,7 @@ The B keytype is implemented in OpenSSL's default provider. The normal way of specifying domain parameters for an EC curve is via the curve name "group". For curves with no curve name, explicit parameters can be used that specify "field-type", "p", "a", "b", "generator" and "order". -Explicit parameters are supported for backwards compability reasons, but they +Explicit parameters are supported for backwards compatibility reasons, but they are not compliant with multiple standards (including RFC5915) which only allow named curves. @@ -70,7 +70,7 @@ I multiplied by the I gives the number of points on the curve. =item "decoded-from-explicit" (B) -Gets a flag indicating wether the key or parameters were decoded from explicit +Gets a flag indicating whether the key or parameters were decoded from explicit curve parameters. Set to 1 if so or 0 if a named curve was used. =item "use-cofactor-flag" (B) @@ -95,7 +95,7 @@ point_conversion_forms please see L. Valid values are Sets or Gets the type of group check done when EVP_PKEY_param_check() is called. Valid values are "default", "named" and "named-nist". The "named" type checks that the domain parameters match the inbuilt curve parameters, -"named-nist" is similiar but also checks that the named curve is a nist curve. +"named-nist" is similar but also checks that the named curve is a nist curve. The "default" type does domain parameter validation for the OpenSSL default provider, but is equivalent to "named-nist" for the OpenSSL FIPS provider. diff --git a/doc/man7/crypto.pod b/doc/man7/crypto.pod index d6c80fbf75..e114fb226e 100644 --- a/doc/man7/crypto.pod +++ b/doc/man7/crypto.pod @@ -206,7 +206,7 @@ If anything in this step fails, the next step is used as a fallback. As a fallback, try to fetch the operation type implementation from the same provider as the original L's L, still using the -propery string from the B. +property string from the B. =back diff --git a/doc/man7/fips_module.pod b/doc/man7/fips_module.pod index 3736aa1dae..36b9107b89 100644 --- a/doc/man7/fips_module.pod +++ b/doc/man7/fips_module.pod @@ -92,7 +92,7 @@ Obviously the include file location above should match the path and name of the FIPS module config file that you installed earlier. See L. -For FIPS usage, it is recommened that the B option is +For FIPS usage, it is recommended that the B option is enabled to prevent accidental use of non-FIPS validated algorithms via broken or mistaken configuration. See L. diff --git a/doc/man7/life_cycle-pkey.pod b/doc/man7/life_cycle-pkey.pod index 6768750f48..0300203551 100644 --- a/doc/man7/life_cycle-pkey.pod +++ b/doc/man7/life_cycle-pkey.pod @@ -22,7 +22,7 @@ This state represents the PKEY after it has been allocated. =item decapsulate This state represents the PKEY when it is ready to perform a private key decapsulation -opeartion. +operation. =item decrypt @@ -40,7 +40,7 @@ operation. =item encapsulate This state represents the PKEY when it is ready to perform a public key encapsulation -opeartion. +operation. =item encrypt diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod index c2d885d492..bdbecf1528 100644 --- a/doc/man7/migration_guide.pod +++ b/doc/man7/migration_guide.pod @@ -130,7 +130,7 @@ New algorithms provided via engines will still work. Engine-backed keys can be loaded via custom B implementation. In this case the B objects created via L -will be concidered legacy and will continue to work. +will be considered legacy and will continue to work. To ensure the future compatibility, the engines should be turned to providers. To prefer the provider-based hardware offload, you can specify the default @@ -624,7 +624,7 @@ set up with the default library context. Use L, L, L and L if a library context is required. -All functions listed below with a I have a replacment function I +All functions listed below with a I have a replacement function I that takes B as an additional argument. Functions that have other mappings are listed along with the respective name. @@ -982,7 +982,7 @@ that refer to these categories. Any accessor that uses an ENGINE is deprecated (such as EVP_PKEY_set1_engine()). Applications using engines should instead use providers. -Before providers were added algorithms were overriden by changing the methods +Before providers were added algorithms were overridden by changing the methods used by algorithms. All these methods such as RSA_new_method() and RSA_meth_new() are now deprecated and can be replaced by using providers instead. @@ -1074,7 +1074,7 @@ See L, L, L, L, L, L, L and L for additional information. -Note that the one-shot method HMAC() is still available for compatability purposes. +Note that the one-shot method HMAC() is still available for compatibility purposes. =head4 Deprecated low-level validation functions @@ -1530,7 +1530,7 @@ See L