diff --git a/CONTRIBUTING b/CONTRIBUTING index 07115e5a75..0f11362492 100644 --- a/CONTRIBUTING +++ b/CONTRIBUTING @@ -62,7 +62,7 @@ the acceptance and review process faster: 4. Patches should follow our coding style (see https://www.openssl.org/policies/codingstyle.html) and compile without - warnings. Where gcc or clang is availble you should use the + warnings. Where gcc or clang is available you should use the --strict-warnings Configure option. OpenSSL compiles on many varied platforms: try to ensure you only use portable features. diff --git a/Configure b/Configure index 85e6bdf3b7..ee0b4a7f42 100755 --- a/Configure +++ b/Configure @@ -87,7 +87,7 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # DEBUG_UNUSED enables __owur (warn unused result) checks. my $gcc_devteam_warn = "-DDEBUG_UNUSED" # -DPEDANTIC complements -pedantic and is meant to mask code that - # is not strictly standard-compliant and/or implementation-specifc, + # is not strictly standard-compliant and/or implementation-specific, # e.g. inline assembly, disregards to alignment requirements, such # that -pedantic would complain about. Incidentally -DPEDANTIC has # to be used even in sanitized builds, because sanitizer too is @@ -144,7 +144,7 @@ my $strict_warnings = 0; our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT"; # -# API compability name to version number mapping. +# API compatibility name to version number mapping. # my $maxapi = "1.1.0"; # API for "no-deprecated" builds my $apitable = { @@ -1059,7 +1059,7 @@ unless ($disabled{asan}) { } unless ($disabled{ubsan}) { - # -DPEDANTIC or -fnosanitize=aligmnent may also be required on some + # -DPEDANTIC or -fnosanitize=alignment may also be required on some # platforms. $config{cflags} .= "-fsanitize=undefined -fno-sanitize-recover=all "; } diff --git a/INSTALL b/INSTALL index b5cfa71c7a..29db22ea75 100644 --- a/INSTALL +++ b/INSTALL @@ -151,7 +151,7 @@ on a platform that does not support AFALG. enable-asan - Build with the Address sanitser. This is a developer option + Build with the Address sanitiser. This is a developer option only. It may not work on all platforms and should never be used in production environments. It will only work when used with gcc or clang and should be used in conjunction with the @@ -326,7 +326,7 @@ "illegal instruction" exception. There might be a way to enable support in kernel, e.g. FreeBSD kernel can be compiled with CPU_ENABLE_SSE, and there is a way to - disengage SSE2 code pathes upon application start-up, + disengage SSE2 code paths upon application start-up, but if you aim for wider "audience" running such kernel, consider no-sse2. Both the 386 and no-asm options imply no-sse2. @@ -361,7 +361,7 @@ Don't build Time Stamping Authority support. enable-ubsan - Build with the Undefined Behaviour sanitser. This is a + Build with the Undefined Behaviour sanitiser. This is a developer option only. It may not work on all platforms and should never be used in production environments. It will only work when used with gcc or clang and should be used in @@ -566,7 +566,7 @@ $ nmake test # Windows NOTE: you MUST run the tests from an unprivileged account (or - disable your privileges temporarly if your platform allows it). + disable your privileges temporarily if your platform allows it). If some tests fail, look at the output. There may be reasons for the failure that isn't a problem in OpenSSL itself (like a diff --git a/NEWS b/NEWS index c3f749778e..a6ac0eb193 100644 --- a/NEWS +++ b/NEWS @@ -430,8 +430,8 @@ o New STORE structure and library to provide an interface to all sorts of data repositories. Supports storage of public and private keys, certificates, CRLs, numbers and arbitrary blobs. - This library is unfortunately unfinished and unused withing - OpenSSL. + This library is unfortunately unfinished and unused within + OpenSSL. o New control functions for the error stack. o Changed the PKCS#7 library to support one-pass S/MIME processing. @@ -447,7 +447,7 @@ o Major overhaul of RC4 performance on Intel P4, IA-64 and AMD64. o Changed the Configure script to have some algorithms disabled - by default. Those can be explicitely enabled with the new + by default. Those can be explicitly enabled with the new argument form 'enable-xxx'. o Change the default digest in 'openssl' commands from MD5 to SHA-1. diff --git a/NOTES.WIN b/NOTES.WIN index 8c589e6d3a..3a149faf2c 100644 --- a/NOTES.WIN +++ b/NOTES.WIN @@ -97,7 +97,7 @@ "Matching Perl" refers to chosen "shell environment", i.e. if built under MSYS, then Perl compiled for MSYS must be used. - Alternativelly, one can use MSYS2 from https://msys2.github.io/, + Alternatively, one can use MSYS2 from https://msys2.github.io/, which includes MingW (32-bit and 64-bit). * It is also possible to cross-compile it on Linux by configuring diff --git a/README b/README index aa8fe68511..7e623a13e0 100644 --- a/README +++ b/README @@ -82,7 +82,7 @@ In order to avoid spam, this is a moderated mailing list, and it might take a couple of days for the ticket to show up. (We also scan posts to make - sure that security disclosures aren't publically posted by mistake.) Mail + sure that security disclosures aren't publicly posted by mistake.) Mail to this address is recorded in the public RT (request tracker) database (see https://www.openssl.org/community/index.html#bugs for details) and also forwarded the public openssl-dev mailing list. Confidential mail diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index 5ae19ed78a..7a570ee823 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -31,7 +31,7 @@ int ASN1_buf_print(BIO *bp, unsigned char *buf, size_t buflen, int indent) } /* * Use colon separators for each octet for compatibility as - * this fuction is used to print out key components. + * this function is used to print out key components. */ if (BIO_printf(bp, "%02x%s", buf[i], (i == buflen - 1) ? "" : ":") <= 0) diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 425810b421..9f4c81e005 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -169,7 +169,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, return 0; break; } - /* fall thru */ + /* fall through */ case ASN1_ITYPE_MSTRING: if (!asn1_primitive_print(out, fld, it, indent, fname, sname, pctx)) return 0; diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index 46f98cb0ff..bb50f63c0a 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -199,7 +199,7 @@ int OBJ_add_object(const ASN1_OBJECT *obj) ao[i]->type = i; ao[i]->obj = o; aop = lh_ADDED_OBJ_insert(added, ao[i]); - /* memory leak, buit should not normally matter */ + /* memory leak, but should not normally matter */ OPENSSL_free(aop); } } diff --git a/doc/apps/openssl.pod b/doc/apps/openssl.pod index 8299d2a26a..3014bb31c7 100644 --- a/doc/apps/openssl.pod +++ b/doc/apps/openssl.pod @@ -156,7 +156,7 @@ Generation of RSA Private Key. Superseded by L|genpkey(1)>. =item L|nseq(1)> -Create or examine a netscape certificate sequence +Create or examine a Netscape certificate sequence =item L|ocsp(1)> diff --git a/doc/crypto/EVP_EncodeInit.pod b/doc/crypto/EVP_EncodeInit.pod index 4f62e71ec6..52c97d5a50 100644 --- a/doc/crypto/EVP_EncodeInit.pod +++ b/doc/crypto/EVP_EncodeInit.pod @@ -66,7 +66,7 @@ any remainder). This gives the number of blocks of data that will be processed. Ensure the output buffer contains 65 bytes of storage for each block, plus an additional byte for a NUL terminator. EVP_EncodeUpdate() may be called repeatedly to process large amounts of input data. In the event of an error -EVP_EncodeUpdate() will set B<*outl> to 0 and return 0. On success 1 wil be +EVP_EncodeUpdate() will set B<*outl> to 0 and return 0. On success 1 will be returned. EVP_EncodeFinal() must be called at the end of an encoding operation. It will @@ -116,7 +116,7 @@ in this case. Otherwise the function returns 1 on success. EVP_DecodeBlock() will decode the block of B characters of base 64 data contained in B and store the result in B. Any leading whitespace will be trimmed as will any trailing whitespace, newlines, carriage returns or EOF -characters. After such trimming the length of the data in B must be divisbile +characters. After such trimming the length of the data in B must be divisible by 4. For every 4 input bytes exactly 3 output bytes will be produced. The output will be padded with 0 bits if necessary to ensure that the output is always 3 bytes for every 4 input bytes. This function will return the length of diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index 4bae492f06..5bce404c0b 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h @@ -752,7 +752,7 @@ int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump); const char *ASN1_tag2str(int tag); -/* Used to load and write netscape format cert */ +/* Used to load and write Netscape format cert */ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 881c6bbd02..f02e416db8 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -2335,7 +2335,7 @@ void ERR_load_SSL_strings(void); # define SSL_R_NO_RENEGOTIATION 339 # define SSL_R_NO_REQUIRED_DIGEST 324 # define SSL_R_NO_SHARED_CIPHER 193 -# define SSL_R_NO_SHARED_SIGATURE_ALGORITHMS 376 +# define SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS 376 # define SSL_R_NO_SRTP_PROFILES 359 # define SSL_R_NO_VALID_SCTS 216 # define SSL_R_NO_VERIFY_COOKIE_CALLBACK 403 diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c index 42a02780c5..ea1e3d5ae9 100644 --- a/ssl/d1_lib.c +++ b/ssl/d1_lib.c @@ -278,7 +278,7 @@ struct timeval *dtls1_get_timeout(SSL *s, struct timeval *timeleft) /* * If remaining time is less than 15 ms, set it to 0 to prevent issues - * because of small devergences with socket timeouts. + * because of small divergences with socket timeouts. */ if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) { memset(timeleft, 0, sizeof(*timeleft)); @@ -952,7 +952,7 @@ int dtls1_heartbeat(SSL *s) /*- * Create HeartBeat message, we just use a sequence number - * as payload to distuingish different messages and add + * as payload to distinguish different messages and add * some random stuff. */ size = HEARTBEAT_SIZE(payload, padding); diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c index 7b462aade2..890b0af795 100644 --- a/ssl/ssl_conf.c +++ b/ssl/ssl_conf.c @@ -14,7 +14,7 @@ #include /* - * structure holding name tables. This is used for pemitted elements in lists + * structure holding name tables. This is used for permitted elements in lists * such as TLSv1. */ diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 5741bb8255..1b1f4bcc1d 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -443,8 +443,8 @@ static ERR_STRING_DATA SSL_str_reasons[] = { {ERR_REASON(SSL_R_NO_RENEGOTIATION), "no renegotiation"}, {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST), "no required digest"}, {ERR_REASON(SSL_R_NO_SHARED_CIPHER), "no shared cipher"}, - {ERR_REASON(SSL_R_NO_SHARED_SIGATURE_ALGORITHMS), - "no shared sigature algorithms"}, + {ERR_REASON(SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS), + "no shared signature algorithms"}, {ERR_REASON(SSL_R_NO_SRTP_PROFILES), "no srtp profiles"}, {ERR_REASON(SSL_R_NO_VALID_SCTS), "no valid scts"}, {ERR_REASON(SSL_R_NO_VERIFY_COOKIE_CALLBACK), diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 359260e1f5..08e36733fc 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2041,7 +2041,7 @@ int SSL_get_servername_type(const SSL *s) * is indicated to the callback. In this case, the client application has to * abort the connection or have a default application level protocol. 2) If * the server supports NPN, but advertises an empty list then the client - * selects the first protcol in its list, but indicates via the API that this + * selects the first protocol in its list, but indicates via the API that this * fallback case was enacted. 3) Otherwise, the client finds the first * protocol in the server's list that it supports and selects this protocol. * This is because it's assumed that the server has better information about @@ -4116,7 +4116,7 @@ int ssl_validate_ct(SSL *s) * value is negative. * * XXX: One might well argue that the return value of this function is an - * unforunate design choice. Its job is only to determine the validation + * unfortunate design choice. Its job is only to determine the validation * status of each of the provided SCTs. So long as it correctly separates * the wheat from the chaff it should return success. Failure in this case * ought to correspond to an inability to carry out its duties. diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 920a178513..124a53c5a8 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -141,7 +141,7 @@ int tls1_change_cipher_state(SSL *s, int which) goto err; else /* - * make sure it's intialized in case we exit later with an error + * make sure it's initialised in case we exit later with an error */ EVP_CIPHER_CTX_reset(s->enc_read_ctx); dd = s->enc_read_ctx; diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 3e5e9fbda6..3e27d65039 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2648,7 +2648,7 @@ int tls1_set_server_sigalgs(SSL *s) /* Fatal error is no shared signature algorithms */ if (!s->cert->shared_sigalgs) { SSLerr(SSL_F_TLS1_SET_SERVER_SIGALGS, - SSL_R_NO_SHARED_SIGATURE_ALGORITHMS); + SSL_R_NO_SHARED_SIGNATURE_ALGORITHMS); al = SSL_AD_ILLEGAL_PARAMETER; goto err; }