misspellings fixes by https://github.com/vlajos/misspell_fixer

CHANGES

@@ -1402,7 +1402,7 @@
 
   *) New option -sigopt to dgst utility. Update dgst to use
      EVP_Digest{Sign,Verify}*. These two changes make it possible to use
-     alternative signing paramaters such as X9.31 or PSS in the dgst 
+     alternative signing parameters such as X9.31 or PSS in the dgst 
      utility.
      [Steve Henson]
 
@@ -6448,7 +6448,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
 
   *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
      reveal whether illegal block cipher padding was found or a MAC
-     verification error occured.  (Neither SSLerr() codes nor alerts
+     verification error occurred.  (Neither SSLerr() codes nor alerts
      are directly visible to potential attackers, but the information
      may leak via logfiles.)
 
@@ -8855,7 +8855,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
   *) Bugfix: ssl23_get_client_hello did not work properly when called in
      state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
      a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
-     but a retry condition occured while trying to read the rest.
+     but a retry condition occurred while trying to read the rest.
      [Bodo Moeller]
 
   *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
@@ -9780,7 +9780,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
      other platforms details on the command line without having to patch the
      Configure script everytime: One now can use ``perl Configure
      <id>:<details>'', i.e. platform ids are allowed to have details appended
-     to them (seperated by colons). This is treated as there would be a static
+     to them (separated by colons). This is treated as there would be a static
      pre-configured entry in Configure's %table under key <id> with value
      <details> and ``perl Configure <id>'' is called.  So, when you want to
      perform a quick test-compile under FreeBSD 3.1 with pgcc and without

CHANGES.SSLeay

@@ -29,7 +29,7 @@ eric (about to go bushwalking for the 4 day easter break :-)
 7-Jan-98
     - Finally reworked the cipher string to ciphers again, so it
       works correctly
-    - All the app_data stuff is now ex_data with funcion calls to access.
+    - All the app_data stuff is now ex_data with function calls to access.
       The index is supplied by a function and 'methods' can be setup
       for the types that are called on XXX_new/XXX_free.  This lets
       applications get notified on creation and destruction.  Some of
@@ -937,7 +937,7 @@ Reasons to start playing with version 0.5.0
   certificate, it is my aim to use perl5/Tk but I don't have time to do
   this right now.  It will generate the certificates but the management
   scripts still need to be written.  This is not a hard task.
-- Things have been cleaned up alot.
+- Things have been cleaned up a lot.
 - Have a look at the enc and dgst programs in the apps directory.
 - It supports v3 of x509 certiticates.
 

Configure

@@ -1590,7 +1590,7 @@ if ($aes_obj =~ /\.o$/)
 	# aes-ctr.o is not a real file, only indication that assembler
 	# module implements AES_ctr32_encrypt...
 	$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
-	# aes-xts.o indicates presense of AES_xts_[en|de]crypt...
+	# aes-xts.o indicates presence of AES_xts_[en|de]crypt...
 	$cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
 	$aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
 	$aes_obj =~ s/\s*(vp|bs)aes-\w*\.o//g if ($fipscanisterinternal eq "y");

FAQ

@@ -721,7 +721,7 @@ working across wider range of *BSD branches, not just OpenBSD.
 If the test program in question fails withs SIGILL, Illegal Instruction
 exception, then you more than likely to run SSE2-capable CPU, such as
 Intel P4, under control of kernel which does not support SSE2
-instruction extentions. See accompanying INSTALL file and
+instruction extensions. See accompanying INSTALL file and
 OPENSSL_ia32cap(3) documentation page for further information.
 
 * Why does compiler fail to compile sha512.c?

INSTALL

@@ -79,7 +79,7 @@
                 compiler flags for any other CPU specific configuration,
                 e.g. "-m32" to build x86 code on an x64 system.
 
-  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extention is
+  no-sse2	Exclude SSE2 code pathes. Normally SSE2 extension is
 		detected at run-time, but the decision whether or not the
 		machine code will be executed is taken solely on CPU
 		capability vector. This means that if you happen to run OS

INSTALL.NW

@@ -378,7 +378,7 @@ The openssl program has numerous options and can be used for many different
 things.  Many of the options operate in an interactive mode requiring the
 user to enter data.  Because of this, a default screen is created for the
 program.  However, when running the test script it is not desirable to
-have a seperate screen.  Therefore, the build also creates openssl2.nlm.
+have a separate screen.  Therefore, the build also creates openssl2.nlm.
 Openssl2.nlm is functionally identical but uses the console screen.
 Openssl2 can be used when a non-interactive mode is desired.
 

Netware/globals.txt

@@ -66,7 +66,7 @@ static LHASH *error_hash=NULL;
 static LHASH *thread_hash=NULL;
 
 several files have routines with static "init" to track if error strings
-   have been loaded ( may not want seperate error strings for each process )
+   have been loaded ( may not want separate error strings for each process )
    The "init" variable can't be left "global" because the error has is a ptr
    that is malloc'ed.  The malloc'ed error has is dependant on the "init"
    vars.

apps/ca.c

@@ -148,7 +148,7 @@
 static const char *ca_usage[]={
 "usage: ca args\n",
 "\n",
-" -verbose        - Talk alot while doing things\n",
+" -verbose        - Talk a lot while doing things\n",
 " -config file    - A config file\n",
 " -name arg       - The particular CA definition to use\n",
 " -gencrl         - Generate a new CRL\n",
@@ -179,7 +179,7 @@ static const char *ca_usage[]={
 " -utf8           - input characters are UTF8 (default ASCII)\n",
 " -multivalue-rdn - enable support for multivalued RDNs\n",
 " -extensions ..  - Extension section (override value in config file)\n",
-" -extfile file   - Configuration file with X509v3 extentions to add\n",
+" -extfile file   - Configuration file with X509v3 extensions to add\n",
 " -crlexts ..     - CRL extension section (override value in config file)\n",
 #ifndef OPENSSL_NO_ENGINE
 " -engine e       - use engine e, possibly a hardware device.\n",
@@ -994,7 +994,7 @@ bad:
 	  	}
 
  	/*****************************************************************/
-	/* Read extentions config file                                   */
+	/* Read extensions config file                                   */
 	if (extfile)
 		{
 		extconf = NCONF_new(NULL);

apps/openssl-vms.cnf

@@ -55,7 +55,7 @@ crl		= $dir]crl.pem 		# The current CRL
 private_key	= $dir.private]cakey.pem# The private key
 RANDFILE	= $dir.private].rand	# private random number file
 
-x509_extensions	= usr_cert		# The extentions to add to the cert
+x509_extensions	= usr_cert		# The extensions to add to the cert
 
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@@ -107,7 +107,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret

apps/openssl.cnf

@@ -55,7 +55,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
 
-x509_extensions	= usr_cert		# The extentions to add to the cert
+x509_extensions	= usr_cert		# The extensions to add to the cert
 
 # Comment out the following two lines for the "traditional"
 # (and highly broken) format.
@@ -107,7 +107,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 
 # Passwords for private keys if not present they will be prompted for
 # input_password = secret

apps/s_client.c

@@ -1866,7 +1866,7 @@ SSL_set_tlsext_status_ids(con, ids);
 
 		if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
 			{
-			BIO_printf(bio_err,"TIMEOUT occured\n");
+			BIO_printf(bio_err,"TIMEOUT occurred\n");
 			}
 
 		if (!ssl_pending && FD_ISSET(SSL_get_fd(con),&writefds))

apps/s_server.c

@@ -2359,7 +2359,7 @@ static int sv_body(char *hostname, int s, int stype, unsigned char *context)
 
 			if ((SSL_version(con) == DTLS1_VERSION) && DTLSv1_handle_timeout(con) > 0)
 				{
-				BIO_printf(bio_err,"TIMEOUT occured\n");
+				BIO_printf(bio_err,"TIMEOUT occurred\n");
 				}
 
 			if (i <= 0) continue;

apps/srp.c

@@ -84,7 +84,7 @@
 static char *srp_usage[]={
 "usage: srp [args] [user] \n",
 "\n",
-" -verbose        Talk alot while doing things\n",
+" -verbose        Talk a lot while doing things\n",
 " -config file    A config file\n",
 " -name arg       The particular srp definition to use\n",
 " -srpvfile arg   The srp verifier file name\n",

bugs/sslref.dif

@@ -17,10 +17,10 @@ is returned as 1.
 =====
 I have not tested the following but it is reported by holtzman@mit.edu.
 
-SSLref clients wait to recieve a server-verify before they send a
+SSLref clients wait to receive a server-verify before they send a
 client-finished.  Besides this not being evident from the examples in
 2.2.1, it makes more sense to always send all packets you can before
-reading.  SSLeay was waiting in the server to recieve a client-finish
+reading.  SSLeay was waiting in the server to receive a client-finish
 before sending the server-verify :-).  I have changed SSLeay to send a
 server-verify before trying to read the client-finished.
 

config

@@ -382,7 +382,7 @@ esac
 #
 
 # Do the Apollo stuff first. Here, we just simply assume
-# that the existance of the /usr/apollo directory is proof
+# that the existence of the /usr/apollo directory is proof
 # enough
 if [ -d /usr/apollo ]; then
     echo "whatever-apollo-whatever"
@@ -862,7 +862,7 @@ case "$GUESSOS" in
   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
 esac
 
-# NB: This atalla support has been superceded by the ENGINE support
+# NB: This atalla support has been superseded by the ENGINE support
 # That contains its own header and definitions anyway. Support can
 # be enabled or disabled on any supported platform without external
 # headers, eg. by adding the "hw-atalla" switch to ./config or

crypto/asn1/tasn_utl.c

@@ -95,7 +95,7 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
 /* Do reference counting. The value 'op' decides what to do. 
  * if it is +1 then the count is incremented. If op is 0 count is
  * set to 1. If op is -1 count is decremented and the return value
- * is the current refrence count or 0 if no reference count exists.
+ * is the current reference count or 0 if no reference count exists.
  */
 
 int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)

crypto/bn/asm/README

@@ -19,7 +19,7 @@ a 2 times speedup :-).
 
 There are 3 versions of assember for the HP PA-RISC.
 
-pa-risc.s is the origional one which works fine and generated using gcc :-)
+pa-risc.s is the original one which works fine and generated using gcc :-)
 
 pa-risc2W.s and pa-risc2.s are 64 and 32-bit PA-RISC 2.0 implementations
 by Chris Ruemmler from HP (with some help from the HP C compiler).

crypto/bn/asm/sparcv8plus.S

@@ -71,7 +71,7 @@
  *
  * Q. 64-bit registers under 32-bit kernels? Didn't you just say it
  *    doesn't work?
- * A. You can't adress *all* registers as 64-bit wide:-( The catch is
+ * A. You can't address *all* registers as 64-bit wide:-( The catch is
  *    that you actually may rely upon %o0-%o5 and %g1-%g4 being fully
  *    preserved if you're in a leaf function, i.e. such never calling
  *    any other functions. All functions in this module are leaf and

crypto/bn/asm/sparcv9a-mont.pl

@@ -867,7 +867,7 @@ ___
 $code =~ s/\`([^\`]*)\`/eval($1)/gem;
 
 # Below substitution makes it possible to compile without demanding
-# VIS extentions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I
+# VIS extensions on command line, e.g. -xarch=v9 vs. -xarch=v9a. I
 # dare to do this, because VIS capability is detected at run-time now
 # and this routine is not called on CPU not capable to execute it. Do
 # note that fzeros is not the only VIS dependency! Another dependency

crypto/bn/asm/vis3-mont.pl

@@ -333,7 +333,7 @@ ___
 
 # Purpose of these subroutines is to explicitly encode VIS instructions,
 # so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
 # Idea is to reserve for option to produce "universal" binary and let
 # programmer detect if current CPU is VIS capable at run-time.
 sub unvis3 {

crypto/bn/todo

@@ -1,3 +1,3 @@
 Cache RECP_CTX values
-make the result argument independant of the inputs.
+make the result argument independent of the inputs.
 split up the _exp_ functions

crypto/des/VERSION

@@ -68,7 +68,7 @@ Version 3.26
 	Thanks to Jens Kupferschmidt <bt1cu@hpboot.rz.uni-leipzig.de>. */
 
 	SIGWINCH case put in des_read_passwd() so the function does not
-	'exit' if this function is recieved.
+	'exit' if this function is received.
 
 Version 3.25 17/07/96
 	Modified read_pwd.c so that stdin can be read if not a tty.

crypto/des/asm/des_enc.m4

@@ -272,7 +272,7 @@ define(ip_macro, {
 ! other half (use).
 !
 ! In this version we do two rounds in a loop repeated 7 times
-! and two rounds seperately.
+! and two rounds separately.
 !
 ! One half has the bits for the sboxes in the following positions:
 !
@@ -1542,7 +1542,7 @@ DES_ncbc_encrypt:
 	xor	global4, local1, out5     ! iv xor next block
 
 	ba	.ncbc.enc.next.block_2
-	add	in1, 8, in1               ! output adress
+	add	in1, 8, in1               ! output address
 
 .ncbc.enc.next.block_fp:
 

crypto/des/makefile.bc

@@ -1,5 +1,5 @@
 #
-# Origional BC Makefile from Teun <Teun.Nijssen@kub.nl>
+# Original BC Makefile from Teun <Teun.Nijssen@kub.nl>
 #
 #
 CC      = bcc

crypto/dh/dh_ameth.c

@@ -200,7 +200,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 
 
 /* PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
- * that the AlgorithmIdentifier contains the paramaters, the private key
+ * that the AlgorithmIdentifier contains the parameters, the private key
  * is explcitly included and the pubkey must be recalculated.
  */
 	

crypto/dsa/fips186a.txt

@@ -1,4 +1,4 @@
-The origional FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
+The original FIPE 180 used SHA-0 (FIPS 180) for its appendix 5
 examples.  This is an updated version that uses SHA-1 (FIPS 180-1)
 supplied to me by Wei Dai
 --

crypto/dso/dso.h

@@ -109,14 +109,14 @@ typedef struct dso_st DSO;
 
 /* The function prototype used for method functions (or caller-provided
  * callbacks) that transform filenames. They are passed a DSO structure pointer
- * (or NULL if they are to be used independantly of a DSO object) and a
+ * (or NULL if they are to be used independently of a DSO object) and a
  * filename to transform. They should either return NULL (if there is an error
  * condition) or a newly allocated string containing the transformed form that
  * the caller will need to free with OPENSSL_free() when done. */
 typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *);
 /* The function prototype used for method functions (or caller-provided
  * callbacks) that merge two file specifications. They are passed a
- * DSO structure pointer (or NULL if they are to be used independantly of
+ * DSO structure pointer (or NULL if they are to be used independently of
  * a DSO object) and two file specifications to merge. They should
  * either return NULL (if there is an error condition) or a newly allocated
  * string containing the result of merging that the caller will need
@@ -202,7 +202,7 @@ struct dso_st
 	 * be used in DSO_load() in place of meth->dso_merger. NB: This
 	 * should normally set using DSO_set_merger(). */
 	DSO_MERGER_FUNC merger;
-	/* This is populated with (a copy of) the platform-independant
+	/* This is populated with (a copy of) the platform-independent
 	 * filename used for this DSO. */
 	char *filename;
 	/* This is populated with (a copy of) the translated filename by which
@@ -231,7 +231,7 @@ long	DSO_ctrl(DSO *dso, int cmd, long larg, void *parg);
  * replaced. Return value is non-zero for success. */
 int	DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
 				DSO_NAME_CONVERTER_FUNC *oldcb);
-/* These functions can be used to get/set the platform-independant filename
+/* These functions can be used to get/set the platform-independent filename
  * used for a DSO. NB: set will fail if the DSO is already loaded. */
 const char *DSO_get_filename(DSO *dso);
 int	DSO_set_filename(DSO *dso, const char *filename);

crypto/dso/dso_dl.c

@@ -124,7 +124,7 @@ static int dl_load(DSO *dso)
 	shl_t ptr = NULL;
 	/* We don't do any fancy retries or anything, just take the method's
 	 * (or DSO's if it has the callback set) best translation of the
-	 * platform-independant filename and try once with that. */
+	 * platform-independent filename and try once with that. */
 	char *filename= DSO_convert_filename(dso, NULL);
 
 	if(filename == NULL)
@@ -315,7 +315,7 @@ static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
  * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the
  * same time, there's no great duplicating the code. Figuring out an elegant 
  * way to share one copy of the code would be more difficult and would not
- * leave the implementations independant. */
+ * leave the implementations independent. */
 #if defined(__hpux)
 static const char extension[] = ".sl";
 #else

crypto/ec/ec.h

@@ -235,7 +235,7 @@ int EC_METHOD_get_field_type(const EC_METHOD *meth);
  *  \param  order      the order of the group generated by the generator.
  *  \param  cofactor   the index of the sub-group generated by the generator
  *                     in the group of all points on the elliptic curve.
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor);
 
@@ -249,7 +249,7 @@ const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group);
  *  \param  group  EC_GROUP object
  *  \param  order  BIGNUM to which the order is copied
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
 
@@ -257,7 +257,7 @@ int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx);
  *  \param  group     EC_GROUP object
  *  \param  cofactor  BIGNUM to which the cofactor is copied
  *  \param  ctx       BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx);
 
@@ -289,7 +289,7 @@ size_t EC_GROUP_set_seed(EC_GROUP *, const unsigned char *, size_t len);
  *  \param  a      BIGNUM with parameter a of the equation
  *  \param  b      BIGNUM with parameter b of the equation
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
 
@@ -299,7 +299,7 @@ int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, co
  *  \param  a      BIGNUM for parameter a of the equation
  *  \param  b      BIGNUM for parameter b of the equation
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
 
@@ -310,7 +310,7 @@ int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *
  *  \param  a      BIGNUM with parameter a of the equation
  *  \param  b      BIGNUM with parameter b of the equation
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
 
@@ -320,7 +320,7 @@ int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, c
  *  \param  a      BIGNUM for parameter a of the equation
  *  \param  b      BIGNUM for parameter b of the equation
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
 #endif
@@ -424,7 +424,7 @@ void EC_POINT_clear_free(EC_POINT *point);
 /** Copies EC_POINT object
  *  \param  dst  destination EC_POINT object
  *  \param  src  source EC_POINT object
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src);
 
@@ -445,7 +445,7 @@ const EC_METHOD *EC_POINT_method_of(const EC_POINT *point);
 /** Sets a point to infinity (neutral element)
  *  \param  group  underlying EC_GROUP object
  *  \param  point  EC_POINT to set to infinity
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
 
@@ -456,7 +456,7 @@ int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point);
  *  \param  y      BIGNUM with the y-coordinate
  *  \param  z      BIGNUM with the z-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
 	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx);
@@ -468,7 +468,7 @@ int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
  *  \param  y      BIGNUM for the y-coordinate
  *  \param  z      BIGNUM for the z-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
 	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx);
@@ -479,7 +479,7 @@ int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
  *  \param  x      BIGNUM with the x-coordinate
  *  \param  y      BIGNUM with the y-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
 	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
@@ -490,7 +490,7 @@ int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
  *  \param  x      BIGNUM for the x-coordinate
  *  \param  y      BIGNUM for the y-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
 	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
@@ -501,7 +501,7 @@ int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
  *  \param  x      BIGNUM with x-coordinate
  *  \param  y_bit  integer with the y-Bit (either 0 or 1)
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
 	const BIGNUM *x, int y_bit, BN_CTX *ctx);
@@ -512,7 +512,7 @@ int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *p,
  *  \param  x      BIGNUM with the x-coordinate
  *  \param  y      BIGNUM with the y-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
 	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx);
@@ -523,7 +523,7 @@ int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
  *  \param  x      BIGNUM for the x-coordinate
  *  \param  y      BIGNUM for the y-coordinate
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
 	const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx);
@@ -534,7 +534,7 @@ int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
  *  \param  x      BIGNUM with x-coordinate
  *  \param  y_bit  integer with the y-Bit (either 0 or 1)
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p,
 	const BIGNUM *x, int y_bit, BN_CTX *ctx);
@@ -559,7 +559,7 @@ size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p,
  *  \param  buf    memory buffer with the encoded ec point
  *  \param  len    length of the encoded ec point
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p,
         const unsigned char *buf, size_t len, BN_CTX *ctx);
@@ -585,7 +585,7 @@ EC_POINT *EC_POINT_hex2point(const EC_GROUP *, const char *,
  *  \param  a      EC_POINT object with the first summand
  *  \param  b      EC_POINT object with the second summand
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx);
 
@@ -594,7 +594,7 @@ int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC
  *  \param  r      EC_POINT object for the result (r = 2 * a)
  *  \param  a      EC_POINT object 
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx);
 
@@ -602,7 +602,7 @@ int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *
  *  \param  group  underlying EC_GROUP object
  *  \param  a      EC_POINT object to be inverted (it's used for the result as well)
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx);
 
@@ -641,7 +641,7 @@ int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[],
  *  \param  p      array of size num of EC_POINT objects
  *  \param  m      array of size num of BIGNUM objects
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t num, const EC_POINT *p[], const BIGNUM *m[], BN_CTX *ctx);
 
@@ -652,14 +652,14 @@ int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, size_t nu
  *  \param  q      EC_POINT object with the first factor of the second summand
  *  \param  m      BIGNUM with the second factor of the second summand
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *n, const EC_POINT *q, const BIGNUM *m, BN_CTX *ctx);
 
 /** Stores multiples of generator for faster point multiplication
  *  \param  group  EC_GROUP object
  *  \param  ctx    BN_CTX object (optional)
- *  \return 1 on success and 0 if an error occured
+ *  \return 1 on success and 0 if an error occurred
  */
 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx);
 
@@ -844,7 +844,7 @@ int EC_KEY_generate_key(EC_KEY *key);
 int EC_KEY_check_key(const EC_KEY *key);
 
 /** Sets a public key from affine coordindates performing
- *  neccessary NIST PKV tests.
+ *  necessary NIST PKV tests.
  *  \param  key  the EC_KEY object
  *  \param  x    public key x coordinate
  *  \param  y    public key y coordinate

crypto/engine/README

@@ -122,7 +122,7 @@ use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
 ENGINE_TABLE essentially provide linker-separation of the classes so that even
 if ENGINEs implement *all* possible algorithms, an application using only
 EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
-ENGINE code that is independant of class, and of course the ENGINE
+ENGINE code that is independent of class, and of course the ENGINE
 implementation that the application loaded. It will *not* however link any
 class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
 other APIs, such as the RSA/DSA/etc library code.

crypto/engine/eng_table.c

@@ -189,7 +189,7 @@ end:
 static void int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
 	{
 	int n;
-	/* Iterate the 'c->sk' stack removing any occurance of 'e' */
+	/* Iterate the 'c->sk' stack removing any occurrence of 'e' */
 	while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
 		{
 		(void)sk_ENGINE_delete(pile->sk, n);

crypto/err/err.c

@@ -1038,7 +1038,7 @@ ERR_STATE *ERR_get_state(void)
 			ERR_STATE_free(ret); /* could not insert it */
 			return(&fallback);
 			}
-		/* If a race occured in this function and we came second, tmpp
+		/* If a race occurred in this function and we came second, tmpp
 		 * is the first one that we just replaced. */
 		if (tmpp)
 			ERR_STATE_free(tmpp);

crypto/evp/encode.c

@@ -250,7 +250,7 @@ int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
 	/* We parse the input data */
 	for (i=0; i<inl; i++)
 		{
-		/* If the current line is > 80 characters, scream alot */
+		/* If the current line is > 80 characters, scream a lot */
 		if (ln >= 80) { rv= -1; goto end; }
 
 		/* Get char and put it into the buffer */

crypto/md5/asm/md5-sparcv9.pl

@@ -371,7 +371,7 @@ ___
 
 # Purpose of these subroutines is to explicitly encode VIS instructions,
 # so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
 # Idea is to reserve for option to produce "universal" binary and let
 # programmer detect if current CPU is VIS capable at run-time.
 sub unvis {

crypto/modes/asm/ghash-sparcv9.pl

@@ -530,7 +530,7 @@ ___
 
 # Purpose of these subroutines is to explicitly encode VIS instructions,
 # so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
 # Idea is to reserve for option to produce "universal" binary and let
 # programmer detect if current CPU is VIS capable at run-time.
 sub unvis3 {

crypto/objects/obj_dat.c

@@ -207,7 +207,7 @@ static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ)
 static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ)
 
 /* The purpose of obj_cleanup_defer is to avoid EVP_cleanup() attempting
- * to use freed up OIDs. If neccessary the actual freeing up of OIDs is
+ * to use freed up OIDs. If necessary the actual freeing up of OIDs is
  * delayed.
  */
 

crypto/perlasm/readme

@@ -1,5 +1,5 @@
 The perl scripts in this directory are my 'hack' to generate
-multiple different assembler formats via the one origional script.
+multiple different assembler formats via the one original script.
 
 The way to use this library is to start with adding the path to this directory
 and then include it.

crypto/perlasm/sparcv9_modes.pl

@@ -1376,7 +1376,7 @@ ___
 
 # Purpose of these subroutines is to explicitly encode VIS instructions,
 # so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
 # Idea is to reserve for option to produce "universal" binary and let
 # programmer detect if current CPU is VIS capable at run-time.
 sub unvis {

crypto/perlasm/x86_64-xlate.pl

@@ -1092,7 +1092,7 @@ close STDOUT;
 #	.rva	.LSEH_end_function
 #	.rva	function_unwind_info
 #
-# Reference to functon_unwind_info from .xdata segment is the anchor.
+# Reference to function_unwind_info from .xdata segment is the anchor.
 # In case you wonder why references are 32-bit .rvas and not 64-bit
 # .quads. References put into these two segments are required to be
 # *relative* to the base address of the current binary module, a.k.a.

crypto/pkcs7/bio_ber.c

@@ -96,7 +96,7 @@ typedef struct bio_ber_struct
 	int depth;	/* used with indefinite encoding. */
 	int finished;	/* No more read data */
 
-	/* writting */ 
+	/* writing */ 
 	char *w_addr;
 	int w_offset;
 	int w_left;

crypto/pkcs7/example.c

@@ -132,7 +132,7 @@ int get_signed_seq2string(PKCS7_SIGNER_INFO *si, char **str1, char **str2)
 		c.p=ASN1_STRING_data(s);
 		c.max=c.p+ASN1_STRING_length(s);
 		if (!asn1_GetSequence(&c,&length)) goto err;
-		/* Length is the length of the seqence */
+		/* Length is the length of the sequence */
 
 		c.q=c.p;
 		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 
@@ -299,7 +299,7 @@ int sk_get_seq2string(STACK_OF(X509_ATTRIBUTE) *sk, char **str1, char **str2)
 		c.p=ASN1_STRING_data(s);
 		c.max=c.p+ASN1_STRING_length(s);
 		if (!asn1_GetSequence(&c,&length)) goto err;
-		/* Length is the length of the seqence */
+		/* Length is the length of the sequence */
 
 		c.q=c.p;
 		if ((os1=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) 

crypto/pkcs7/pk7_doit.c

@@ -544,7 +544,7 @@ BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
 		if (pcert == NULL)
 			{
 			/* Always attempt to decrypt all rinfo even
-			 * after sucess as a defence against MMA timing
+			 * after success as a defence against MMA timing
 			 * attacks.
 			 */
 			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)

crypto/rand/rand_egd.c

@@ -72,7 +72,7 @@
  *   of entropy bytes are requested. The connection is left open until the
  *   query is competed.
  *   RAND_query_egd_bytes() returns with
- *     -1  if an error occured during connection or communication.
+ *     -1  if an error occurred during connection or communication.
  *     num the number of bytes read from the EGD socket. This number is either
  *         the number of bytes requested or smaller, if the EGD pool is
  *         drained and the daemon signals that the pool is empty.
@@ -84,7 +84,7 @@
  *   RAND_egd_bytes() is a wrapper for RAND_query_egd_bytes() with buf=NULL.
  *   Unlike RAND_query_egd_bytes(), RAND_status() is used to test the
  *   seed status so that the return value can reflect the seed state:
- *     -1  if an error occured during connection or communication _or_
+ *     -1  if an error occurred during connection or communication _or_
  *         if the PRNG has still not received the required seeding.
  *     num the number of bytes read from the EGD socket. This number is either
  *         the number of bytes requested or smaller, if the EGD pool is

crypto/rand/rand_nw.c

@@ -142,7 +142,7 @@ int RAND_poll(void)
        * ThreadSwitchWithDelay() will introduce additional variability into
        * the data returned by rdtsc.
        *
-       * Applications can agument the seed material by adding additional
+       * Applications can argument the seed material by adding additional
        * stuff with RAND_add() and should probably do so.
       */
    l = GetProcessSwitchCount();

crypto/rc2/version

@@ -1,7 +1,7 @@
 1.1 23/08/96 - eay
 	Changed RC2_set_key() so it now takes another argument.  Many
 	thanks to Peter Gutmann <pgut01@cs.auckland.ac.nz> for the
-	clarification and origional specification of RC2.  BSAFE uses
+	clarification and original specification of RC2.  BSAFE uses
 	this last parameter, 'bits'.  It the key is 128 bits, BSAFE
 	also sets this parameter to 128.  The old behaviour can be
 	duplicated by setting this parameter to 1024.

crypto/ripemd/README

@@ -8,7 +8,7 @@ this point I will not bother right now.  I believe the trick will be
 to remove my 'copy X array onto stack' until inside the RIP1() finctions the
 first time round.  To do this I need another register and will only have one
 temporary one.  A bit tricky....  I can also cleanup the saving of the 5 words
-after the first half of the calculation.  I should read the origional
+after the first half of the calculation.  I should read the original
 value, add then write.  Currently I just save the new and read the origioal.
 I then read both at the end.  Bad.
 

crypto/sha/asm/sha1-sparcv9.pl

@@ -368,7 +368,7 @@ ___
 
 # Purpose of these subroutines is to explicitly encode VIS instructions,
 # so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
 # Idea is to reserve for option to produce "universal" binary and let
 # programmer detect if current CPU is VIS capable at run-time.
 sub unvis {

crypto/sha/asm/sha1-sparcv9a.pl

@@ -544,7 +544,7 @@ ___
 
 # Purpose of these subroutines is to explicitly encode VIS instructions,
 # so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
 # Idea is to reserve for option to produce "universal" binary and let
 # programmer detect if current CPU is VIS capable at run-time.
 sub unvis {

crypto/sha/asm/sha512-sparcv9.pl

@@ -791,7 +791,7 @@ ___
 
 # Purpose of these subroutines is to explicitly encode VIS instructions,
 # so that one can compile the module without having to specify VIS
-# extentions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
+# extensions on compiler command line, e.g. -xarch=v9 vs. -xarch=v9a.
 # Idea is to reserve for option to produce "universal" binary and let
 # programmer detect if current CPU is VIS capable at run-time.
 sub unvis {

crypto/x509v3/pcy_tree.c

@@ -132,7 +132,7 @@ static void tree_print(char *str, X509_POLICY_TREE *tree,
 #endif
 
 /* Initialize policy tree. Return values:
- *  0 Some internal error occured.
+ *  0 Some internal error occurred.
  * -1 Inconsistent or invalid extensions in certificates.
  *  1 Tree initialized OK.
  *  2 Policy tree is empty.

demos/certs/apps/apps.cnf

@@ -15,7 +15,7 @@ default_keyfile 	= privkey.pem
 # Don't prompt for fields: use those in section directly
 prompt			= no
 distinguished_name	= req_distinguished_name
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 string_mask = utf8only
 
 # req_extensions = v3_req # The extensions to add to a certificate request

demos/certs/ca.cnf

@@ -16,7 +16,7 @@ default_keyfile 	= privkey.pem
 # Don't prompt for fields: use those in section directly
 prompt			= no
 distinguished_name	= req_distinguished_name
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 string_mask = utf8only
 
 # req_extensions = v3_req # The extensions to add to a certificate request

demos/easy_tls/easy-tls.c

@@ -971,7 +971,7 @@ tls_proxy(int clear_fd, int tls_fd, int info_fd, SSL_CTX *ctx, int client_p)
     
     /* loop finishes as soon as we detect that one side closed;
      * when all (program and OS) buffers have enough space,
-     * the data from the last succesful read in each direction is transferred
+     * the data from the last successful read in each direction is transferred
      * before close */
     do {
 	int clear_read_select = 0, clear_write_select = 0,

demos/engines/zencod/hw_zencod.h

@@ -135,7 +135,7 @@ typedef int t_zencod_sha1_do_final ( ZEN_MD_DATA *data, KEY *output ) ;
 /* key : rc4 key data */
 /* index_1 : value of index x from RC4 key structure */
 /* index_2 : value of index y from RC4 key structure */
-/* Be carefull : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
+/* Be careful : RC4 key should be expanded before calling this method (Should we provide an expand function ??) */
 typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
 		unsigned char *index_1, unsigned char *index_2, int mode ) ;
 
@@ -146,7 +146,7 @@ typedef int t_zencod_rc4_cipher ( KEY *output, const KEY *input, const KEY *key,
 /* key_3 : des third key data */
 /* iv : initial vector */
 /* mode : xdes mode (encrypt or decrypt) */
-/* Be carefull : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
+/* Be careful : In DES mode key_1 = key_2 = key_3 (as far as i can see !!) */
 typedef int t_zencod_xdes_cipher ( KEY *output, const KEY *input, const KEY *key_1,
 		const KEY *key_2, const KEY *key_3, const KEY *iv, int mode ) ;
 

doc/apps/openssl.pod

@@ -153,7 +153,7 @@ Generation of Private Key or Parameters.
 
 =item L<B<genrsa>|genrsa(1)>
 
-Generation of RSA Private Key. Superceded by L<B<genpkey>|genpkey(1)>.
+Generation of RSA Private Key. Superseded by L<B<genpkey>|genpkey(1)>.
 
 =item L<B<nseq>|nseq(1)>
 

doc/apps/req.pod

@@ -159,7 +159,7 @@ B<param:file> generates a key using the parameter file or certificate B<file>,
 the algorithm is determined by the parameters. B<algname:file> use algorithm
 B<algname> and parameter file B<file>: the two algorithms must match or an
 error occurs. B<algname> just uses algorithm B<algname>, and parameters,
-if neccessary should be specified via B<-pkeyopt> parameter.
+if necessary should be specified via B<-pkeyopt> parameter.
 
 B<dsa:filename> generates a DSA key using the parameters
 in the file B<filename>. B<ec:filename> generates EC key (usable both with

doc/apps/x509v3_config.pod

@@ -174,7 +174,7 @@ The IP address used in the B<IP> options can be in either IPv4 or IPv6 format.
 
 The value of B<dirName> should point to a section containing the distinguished
 name to use as a set of name value pairs. Multi values AVAs can be formed by
-preceeding the name with a B<+> character.
+preceding the name with a B<+> character.
 
 otherName can include arbitrary data associated with an OID: the value
 should be the OID followed by a semicolon and the content in standard

doc/crypto/ASN1_generate_nconf.pod

@@ -61,7 +61,7 @@ Encode the B<NULL> type, the B<value> string must not be present.
 =item B<INTEGER>, B<INT>
 
 Encodes an ASN1 B<INTEGER> type. The B<value> string represents
-the value of the integer, it can be preceeded by a minus sign and
+the value of the integer, it can be preceded by a minus sign and
 is normally interpreted as a decimal value unless the prefix B<0x>
 is included.
 

doc/crypto/BN_BLINDING_new.pod

@@ -84,7 +84,7 @@ or NULL in case of an error.
 
 BN_BLINDING_update(), BN_BLINDING_convert(), BN_BLINDING_invert(),
 BN_BLINDING_convert_ex() and BN_BLINDING_invert_ex() return 1 on
-success and 0 if an error occured.
+success and 0 if an error occurred.
 
 BN_BLINDING_thread_id() returns a pointer to the thread id object
 within a B<BN_BLINDING> object.

doc/crypto/EVP_DigestInit.pod

@@ -267,7 +267,7 @@ and EVP_DigestFinal_ex() were added in OpenSSL 0.9.7.
 
 EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(),
 EVP_dss(), EVP_dss1(), EVP_mdc2() and EVP_ripemd160() were
-changed to return truely const EVP_MD * in OpenSSL 0.9.7.
+changed to return truly const EVP_MD * in OpenSSL 0.9.7.
 
 The link between digests and signing algorithms was fixed in OpenSSL 1.0 and
 later, so now EVP_sha1() can be used with RSA and DSA, there is no need to

doc/crypto/EVP_PKEY_cmp.pod

@@ -23,10 +23,10 @@ doesn't use parameters.
 The function EVP_PKEY_copy_parameters() copies the parameters from key
 B<from> to key B<to>.
 
-The funcion EVP_PKEY_cmp_parameters() compares the parameters of keys
+The function EVP_PKEY_cmp_parameters() compares the parameters of keys
 B<a> and B<b>.
 
-The funcion EVP_PKEY_cmp() compares the public key components and paramters
+The function EVP_PKEY_cmp() compares the public key components and paramters
 (if present) of keys B<a> and B<b>.
 
 =head1 NOTES

doc/crypto/X509_NAME_add_entry_by_txt.pod

@@ -44,7 +44,7 @@ B<loc>. The deleted entry is returned and must be freed up.
 =head1 NOTES
 
 The use of string types such as B<MBSTRING_ASC> or B<MBSTRING_UTF8>
-is strongly recommened for the B<type> parameter. This allows the
+is strongly recommend for the B<type> parameter. This allows the
 internal code to correctly determine the type of the field and to
 apply length checks according to the relevant standards. This is
 done using ASN1_STRING_set_by_NID().

doc/crypto/X509_STORE_CTX_get_error.pod

@@ -32,7 +32,7 @@ checks.
 
 X509_STORE_CTX_get_error_depth() returns the B<depth> of the error. This is a
 non-negative integer representing where in the certificate chain the error
-occurred. If it is zero it occured in the end entity certificate, one if
+occurred. If it is zero it occurred in the end entity certificate, one if
 it is the certificate which signed the end entity certificate and so on.
 
 X509_STORE_CTX_get_current_cert() returns the certificate in B<ctx> which
@@ -246,11 +246,11 @@ Some feature of a certificate extension is not supported. Unused.
 
 =item B<X509_V_ERR_PERMITTED_VIOLATION: permitted subtree violation>
 
-A name constraint violation occured in the permitted subtrees.
+A name constraint violation occurred in the permitted subtrees.
 
 =item B<X509_V_ERR_EXCLUDED_VIOLATION: excluded subtree violation>
 
-A name constraint violation occured in the excluded subtrees.
+A name constraint violation occurred in the excluded subtrees.
 
 =item B<X509_V_ERR_SUBTREE_MINMAX: name constraints minimum and maximum not supported>
 
@@ -270,7 +270,7 @@ a garbage extension or some new feature not currently supported.
 
 =item B<X509_V_ERR_CRL_PATH_VALIDATION_ERROR: CRL path validation error>
 
-An error occured when attempting to verify the CRL path. This error can only
+An error occurred when attempting to verify the CRL path. This error can only
 happen if extended CRL checking is enabled.
 
 =item B<X509_V_ERR_APPLICATION_VERIFICATION: application verification failure>

doc/crypto/rand.pod

@@ -39,7 +39,7 @@ Since the introduction of the ENGINE API, the recommended way of controlling
 default implementations is by using the ENGINE API functions. The default
 B<RAND_METHOD>, as set by RAND_set_rand_method() and returned by
 RAND_get_rand_method(), is only used if no ENGINE has been set as the default
-"rand" implementation. Hence, these two functions are no longer the recommened
+"rand" implementation. Hence, these two functions are no longer the recommend
 way to control defaults.
 
 If an alternative B<RAND_METHOD> implementation is being used (either set

doc/ssleay.txt

@@ -539,13 +539,13 @@ int X509_verify_cert(
 The applications
 
 Ok, where to begin....
-In the begining, when SSLeay was small (April 1995), there
+In the beginning, when SSLeay was small (April 1995), there
 were but few applications, they did happily cohabit in
 the one bin directory.  Then over time, they did multiply and grow,
 and they started to look like microsoft software; 500k to print 'hello world'.
 A new approach was needed.  They were coalessed into one 'Monolithic'
 application, ssleay.  This one program is composed of many programs that
-can all be compiled independantly.
+can all be compiled independently.
 
 ssleay has 3 modes of operation.
 1) If the ssleay binary has the name of one of its component programs, it
@@ -1733,7 +1733,7 @@ int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b);
 
 int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
 	Multiply a by a and return the result in 'r'. 'r' must not be
-	'a'.  This function is alot faster than BN_mul(r,a,a).  This is r=a*a.
+	'a'.  This function is a lot faster than BN_mul(r,a,a).  This is r=a*a.
 
 int BN_div(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d, BN_CTX *ctx);
 	Divide 'm' by 'd' and return the result in 'dv' and the remainder
@@ -3797,7 +3797,7 @@ patent law and ITAR restrictions.
 
 Inside the USA there is also the unresolved issue of RC4/RC2 which were
 made public on sci.crypt in Sep 1994 (RC4) and Feb 1996 (RC2).  I have
-copies of the origional postings if people are interested.  RSA I believe 
+copies of the original postings if people are interested.  RSA I believe 
 claim that they were 'trade-secrets' and that some-one broke an NDA in 
 revealing them.  Other claim they reverse engineered the algorithms from 
 compiled binaries.  If the algorithms were reverse engineered, I believe 
@@ -4143,7 +4143,7 @@ CRYPTO_malloc(), CRYPTO_free() and CRYPTO_realloc().
 If it is not defined, they are #defined to malloc(), free() and realloc().
 
 the CRYPTO_malloc() routines by default just call the underlying library
-functons.
+functions.
 
 If CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) is called, memory leak detection is
 turned on.  CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) turns it off.
@@ -4185,7 +4185,7 @@ The ca program uses the ssleay.conf file for most of its configuration
 
 ./ca -help
 
- -verbose        - Talk alot while doing things
+ -verbose        - Talk a lot while doing things
  -config file    - A config file. If you don't want to use the
 		   default config file
  -name arg       - The particular CA definition to use
@@ -4336,7 +4336,7 @@ login password.
 2.) The practical usage
 -----------------------
 
-Unfortunatly since CAPI is a system API you can't access its functions from 
+Unfortunately since CAPI is a system API you can't access its functions from 
 HTML code directly. For this purpose Microsoft provides a wrapper called 
 certenr3.dll. This DLL accesses the CAPI functions and provides an interface 
 usable from Visual Basic Script. One needs to install that library on the 
@@ -4390,7 +4390,7 @@ AcceptCredentials(sessionID, credentials, 0, FALSE)
 
 CRL's and CA certs are not required simply just the client cert. (It seems to 
 me that both are not even checked somehow.) The only format of the base64 
-encoded object I succesfully used was all characters in a very long string 
+encoded object I successfully used was all characters in a very long string 
 without line feeds or carriage returns. (Hey, it doesn't matter, only a 
 computer reads it!)
 
@@ -4537,7 +4537,7 @@ text. I use two templates to have a clearer script.
 site. Grab it from http://www.easterngraphics.com/certs/IX9704/postit2.c. You 
 need utils.c from there too.
 
-2nd note: I'm note quite sure wether the gawk script really handles all 
+2nd note: I'm note quite sure whether the gawk script really handles all 
 possible inputs for the request right! Today I don't use this construction 
 anymore myself.
 
@@ -5103,7 +5103,7 @@ It is of a similar speed to DES and IDEA, so unless it is required for
 meeting some standard (SSLv2, perhaps S/MIME), it would probably be advisable
 to stick to IDEA, or for the paranoid, Tripple DES.
 
-Mind you, having said all that, I should mention that I just read alot and
+Mind you, having said all that, I should mention that I just read a lot and
 implement ciphers, I'm a 'babe in the woods' when it comes to evaluating
 ciphers :-).
 
@@ -6389,7 +6389,7 @@ implementation.  I have tried to make all the routines as general purpose
 as possible.  So you should not think of this library as an SSL
 implemtation, but rather as a library of cryptographic functions
 that also contains SSL.  I refer to each of these function groupings as
-libraries since they are often capable of functioning as independant
+libraries since they are often capable of functioning as independent
 libraries
 
 First up, the general ciphers and message digests supported by the library.
@@ -6441,7 +6441,7 @@ DH	This is an implementation of the
 	to using numbers suplied by others.  I conform to the PKCS#3
 	standard where required.
 
-You may have noticed the preceeding section mentions the 'generation' of
+You may have noticed the preceding section mentions the 'generation' of
 prime numbers.  Now this requries the use of 'random numbers'. 
 
 RAND	This psuedo-random number library is based on MD5 at it's core
@@ -6812,7 +6812,7 @@ all include e_os.h which contains OS/environment specific information.
 If you need to add something todo with a particular environment,
 add it to this file.  It is worth remembering that quite a few libraries,
 like lhash, des, md, sha etc etc do not include crypto/cryptlib.h.  This
-is because these libraries should be 'independantly compilable' and so I
+is because these libraries should be 'independently compilable' and so I
 try to keep them this way.
 e_os.h is not so much a part of SSLeay, as the placing in one spot all the
 evil OS dependant muck.
@@ -6834,7 +6834,7 @@ everthing will work as expected.  Don't edit progs.h by hand.
 make links re-generates the symbolic links that are used.  The reason why
 I keep everything in its own directory, and don't put all the
 test programs and header files in 'test' and 'include' is because I want
-to keep the 'sub-libraries' independant.  I still 'pull' out
+to keep the 'sub-libraries' independent.  I still 'pull' out
 indervidual libraries for use in specific projects where the code is
 required.  I have used the 'lhash' library in just about every software
 project I have worked on :-).

e_os.h

@@ -82,7 +82,7 @@ extern "C" {
 #define DEVRANDOM "/dev/urandom","/dev/random","/dev/srandom"
 #endif
 #ifndef DEVRANDOM_EGD
-/* set this to a comma-seperated list of 'egd' sockets to try out. These
+/* set this to a comma-separated list of 'egd' sockets to try out. These
  * sockets will be tried in the order listed in case accessing the device files
  * listed in DEVRANDOM did not return enough entropy. */
 #define DEVRANDOM_EGD "/var/run/egd-pool","/dev/egd-pool","/etc/egd-pool","/etc/entropy"

engines/ccgost/README.gost

@@ -193,7 +193,7 @@ Russian clients and RSA/DSA ciphersuites for foreign clients.
 
  openssl dgst -mac gost-mac -macopt key:<32 bytes of key> datafile
 
- Note absense of an option that specifies digest algorithm. gost-mac
+ Note absence of an option that specifies digest algorithm. gost-mac
  algorithm supports only one digest (which is actually part of
  implementation of this mac) and OpenSSL is clever enough to find out
  this.

fips/fips_post.c

@@ -300,7 +300,7 @@ int fips_pkey_signature_test(int id, EVP_PKEY *pkey,
 	if (pkey == NULL)
 		{
 		ret = 1;
-		/* Well actually sucess as we've set ret to 1 */
+		/* Well actually success as we've set ret to 1 */
 		goto error;
 		}
 	if (!FIPS_digestinit(&mctx, digest))

openssl.spec

@@ -165,7 +165,7 @@ ldconfig
 - Make sure symlinks are created by using -f flag to ln.
   Otherwise some .so libraries are copied rather than
   linked in the resulting binary RPM. This causes the package
-  to be larger than neccessary and makes ldconfig complain.
+  to be larger than necessary and makes ldconfig complain.
 * Fri Oct 13 2000 Horms <horms@vergenet.net>
 - Make defattr is set for files in all packages so packages built as
   non-root will still be installed with files owned by root.

ssl/d1_enc.c

@@ -133,7 +133,7 @@
  *       short etc).
  *   1: if the record's padding is valid / the encryption was successful.
  *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- *       an internal error occured. */
+ *       an internal error occurred. */
 int dtls1_enc(SSL *s, int send)
 	{
 	SSL3_RECORD *rec;

ssl/s3_cbc.c

@@ -419,7 +419,7 @@ char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
  *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
  *   md_out_size: if non-NULL, the number of output bytes is written here.
  *   header: the 13-byte, TLS record header.
- *   data: the record data itself, less any preceeding explicit IV.
+ *   data: the record data itself, less any preceding explicit IV.
  *   data_plus_mac_size: the secret, reported length of the data and MAC
  *     once the padding has been removed.
  *   data_plus_mac_plus_padding_size: the public length of the whole

ssl/s3_clnt.c

@@ -1753,7 +1753,7 @@ int ssl3_get_key_exchange(SSL *s)
 		 * and the ECParameters in this case is just three bytes.
 		 */
 		param_len=3;
-		/* Check curve is one of our prefrences, if not server has
+		/* Check curve is one of our preferences, if not server has
 		 * sent an invalid curve.
 		 */
 		if (!tls1_check_curve(s, p, param_len))

ssl/s3_enc.c

@@ -494,7 +494,7 @@ void ssl3_cleanup_key_block(SSL *s)
  *       short etc).
  *   1: if the record's padding is valid / the encryption was successful.
  *   -1: if the record's padding is invalid or, if sending, an internal error
- *       occured.
+ *       occurred.
  */
 int ssl3_enc(SSL *s, int send)
 	{

ssl/s3_pkt.c

@@ -485,7 +485,7 @@ printf("\n");
 		/* A separate 'decryption_failed' alert was introduced with TLS 1.0,
 		 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
 		 * failure is directly visible from the ciphertext anyway,
-		 * we should not reveal which kind of error occured -- this
+		 * we should not reveal which kind of error occurred -- this
 		 * might become visible to an attacker (e.g. via a logfile) */
 		al=SSL_AD_BAD_RECORD_MAC;
 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);

ssl/t1_enc.c

@@ -698,7 +698,7 @@ err:
  *       short etc).
  *   1: if the record's padding is valid / the encryption was successful.
  *   -1: if the record's padding/AEAD-authenticator is invalid or, if sending,
- *       an internal error occured.
+ *       an internal error occurred.
  */
 int tls1_enc(SSL *s, int send)
 	{

test/CAss.cnf

@@ -45,7 +45,7 @@ crl		= $dir/crl.pem 		# The current CRL
 private_key	= $dir/private/cakey.pem# The private key
 RANDFILE	= $dir/private/.rand	# private random number file
 
-x509_extensions	= v3_ca			# The extentions to add to the cert
+x509_extensions	= v3_ca			# The extensions to add to the cert
 
 name_opt 	= ca_default		# Subject Name options
 cert_opt 	= ca_default		# Certificate field options

test/CAtsa.cnf

@@ -57,7 +57,7 @@ distinguished_name	= $ENV::TSDNSECT
 encrypt_rsa_key		= no
 prompt 			= no
 # attributes		= req_attributes
-x509_extensions	= v3_ca	# The extentions to add to the self signed cert
+x509_extensions	= v3_ca	# The extensions to add to the self signed cert
 
 string_mask = nombstr