GH601: Various spelling fixes.

Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2025-02-17 14:32:04 +08:00 · 2016-02-05 15:23:54 -05:00 · 2016-02-05 15:23:54 -05:00 · 0d4fb84390
commit 0d4fb84390
parent 2b52de9a37
96 changed files with 147 additions and 147 deletions
--- a/12
+++ b/12
@ -2750,7 +2750,7 @@

  *) New option -sigopt to dgst utility. Update dgst to use
     EVP_Digest{Sign,Verify}*. These two changes make it possible to use
-     alternative signing paramaters such as X9.31 or PSS in the dgst 
+     alternative signing parameters such as X9.31 or PSS in the dgst 
     utility.
     [Steve Henson]

@ -3957,7 +3957,7 @@
     unofficial, and the ID has long expired.
     [Bodo Moeller]

-  *) Fix RSA blinding Heisenbug (problems sometimes occured on
+  *) Fix RSA blinding Heisenbug (problems sometimes occurred on
     dual-core machines) and other potential thread-safety issues.
     [Bodo Moeller]

@ -4972,7 +4972,7 @@
     unofficial, and the ID has long expired.
     [Bodo Moeller]

-  *) Fix RSA blinding Heisenbug (problems sometimes occured on
+  *) Fix RSA blinding Heisenbug (problems sometimes occurred on
     dual-core machines) and other potential thread-safety issues.
     [Bodo Moeller]

@ -5077,7 +5077,7 @@

  *) Added support for proxy certificates according to RFC 3820.
     Because they may be a security thread to unaware applications,
-     they must be explicitely allowed in run-time.  See
+     they must be explicitly allowed in run-time.  See
     docs/HOWTO/proxy_certificates.txt for further information.
     [Richard Levitte]

@ -7654,7 +7654,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k

  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
     reveal whether illegal block cipher padding was found or a MAC
-     verification error occured.  (Neither SSLerr() codes nor alerts
+     verification error occurred.  (Neither SSLerr() codes nor alerts
     are directly visible to potential attackers, but the information
     may leak via logfiles.)

@ -10061,7 +10061,7 @@ des-cbc           3624.96k     5258.21k     5530.91k     5624.30k     5628.26k
  *) Bugfix: ssl23_get_client_hello did not work properly when called in
     state SSL23_ST_SR_CLNT_HELLO_B, i.e. when the first 7 bytes of
     a SSLv2-compatible client hello for SSLv3 or TLSv1 could be read,
-     but a retry condition occured while trying to read the rest.
+     but a retry condition occurred while trying to read the rest.
     [Bodo Moeller]

  *) The PKCS7_ENC_CONTENT_new() function was setting the content type as
--- a/Netware/set_env.bat
+++ b/Netware/set_env.bat
@ -1,7 +1,7 @@
@echo off

 rem ========================================================================
-rem   Batch file to assist in setting up the necessary enviroment for
+rem   Batch file to assist in setting up the necessary environment for
 rem   building OpenSSL for NetWare.
 rem
 rem   usage:
@ -84,10 +84,10 @@ echo using GNU GCC Compiler
 :info
 echo.

-if "%LIBC_BUILD%" == "Y" echo Enviroment configured for LibC build
+if "%LIBC_BUILD%" == "Y" echo Environment configured for LibC build
 if "%LIBC_BUILD%" == "Y" echo use "netware\build.bat netware-libc ..." 

-if "%CLIB_BUILD%" == "Y" echo Enviroment configured for CLib build
+if "%CLIB_BUILD%" == "Y" echo Environment configured for CLib build
 if "%CLIB_BUILD%" == "Y" echo use "netware\build.bat netware-clib ..." 

 goto end
--- a/apps/dgst.c
+++ b/apps/dgst.c
@ -107,7 +107,7 @@ OPTIONS dgst_options[] = {
    {"debug", OPT_DEBUG, '-'},
    {"fips-fingerprint", OPT_FIPS_FINGERPRINT, '-'},
    {"hmac", OPT_HMAC, 's', "Create hashed MAC with key"},
-    {"mac", OPT_MAC, 's', "Create MAC (not neccessarily HMAC)"},
+    {"mac", OPT_MAC, 's', "Create MAC (not necessarily HMAC)"},
    {"sigopt", OPT_SIGOPT, 's', "Signature parameter in n:v form"},
    {"macopt", OPT_MACOPT, 's', "MAC algorithm parameters in n:v form or key"},
    {"", OPT_DIGEST, '-', "Any supported digest"},
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@ -831,7 +831,7 @@ static STRINT_PAIR chain_flags[] = {
    {"CA signature", CERT_PKEY_CA_SIGNATURE},
    {"EE key parameters", CERT_PKEY_EE_PARAM},
    {"CA key parameters", CERT_PKEY_CA_PARAM},
-    {"Explicity sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
+    {"Explicitly sign with EE key", CERT_PKEY_EXPLICIT_SIGN},
    {"Issuer Name", CERT_PKEY_ISSUER_NAME},
    {"Certificate Type", CERT_PKEY_CERT_TYPE},
    {NULL}
--- a/crypto/aes/asm/aes-armv4.pl
+++ b/crypto/aes/asm/aes-armv4.pl
@ -767,7 +767,7 @@ _armv4_AES_set_enc2dec_key:
 	ldr	$rounds,[r0,#240]
 	mov	$i1,r0			@ input
 	add	$i2,r0,$rounds,lsl#4
-	mov	$key,r1			@ ouput
+	mov	$key,r1			@ output
 	add	$tbl,r1,$rounds,lsl#4
 	str	$rounds,[r1,#240]

--- a/crypto/aes/asm/aes-c64xplus.pl
+++ b/crypto/aes/asm/aes-c64xplus.pl
@ -566,7 +566,7 @@ __set_encrypt_key:
 	NOP

 	BNOP	RA,5
-||	MVK	-2,RET				; unknown bit lenght
+||	MVK	-2,RET				; unknown bit length
 ||	MVK	0,B0				; redundant
 ;;====================================================================
 ;;====================================================================
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@ -186,7 +186,7 @@ static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,

 /*
 * convert content octets into a big endian buffer. Returns the length
- * of buffer or 0 on error: for malformed INTEGER. If output bufer is
+ * of buffer or 0 on error: for malformed INTEGER. If output buffer is
 * NULL just return length.
 */

--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@ -364,7 +364,7 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
    int rv = 1;

    /*
-     * If data is not deteched or resigning then the output BIO is already
+     * If data is not detached or resigning then the output BIO is already
     * set up to finalise when it is written through.
     */
    if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
--- a/crypto/asn1/asn_mstbl.c
+++ b/crypto/asn1/asn_mstbl.c
@ -59,7 +59,7 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>

-/* Multi string module: add table enstries from a given section */
+/* Multi string module: add table entries from a given section */

 static int do_tcreate(char *value, char *name);

--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@ -984,7 +984,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
 }

 /*
- * This function collects the asn1 data from a constructred string type into
+ * This function collects the asn1 data from a constructed string type into
 * a buffer. The values of 'in' and 'len' should refer to the contents of the
 * constructed type and 'inf' should be set if it is indefinite length.
 */
--- a/crypto/bio/b_sock.c
+++ b/crypto/bio/b_sock.c
@ -195,7 +195,7 @@ int BIO_sock_init(void)
        memset(&wsa_state, 0, sizeof(wsa_state));
        /*
         * Not making wsa_state available to the rest of the code is formally
-         * wrong. But the structures we use are [beleived to be] invariable
+         * wrong. But the structures we use are [believed to be] invariable
         * among Winsock DLLs, while API availability is [expected to be]
         * probed at run-time with DSO_global_lookup.
         */
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@ -299,7 +299,7 @@ static void dgram_adjust_rcv_timeout(BIO *b)
        }

        /*
-         * Adjust socket timeout if next handhake message timer will expire
+         * Adjust socket timeout if next handshake message timer will expire
         * earlier.
         */
        if ((data->socket_timeout.tv_sec == 0
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@ -196,8 +196,8 @@ BIO *BIO_new_fp(FILE *stream, int close_flag)
    if ((ret = BIO_new(BIO_s_file())) == NULL)
        return (NULL);

-    BIO_set_flags(ret, BIO_FLAGS_UPLINK); /* redundant, left for
-                                           * documentation puposes */
+    /* redundant flag, left for documentation purposes */
+    BIO_set_flags(ret, BIO_FLAGS_UPLINK);
    BIO_set_fp(ret, stream, close_flag);
    return (ret);
 }
--- a/crypto/bn/asm/ia64.S
+++ b/crypto/bn/asm/ia64.S
@ -495,7 +495,7 @@ bn_sqr_words:
 // scalability. The decision will very likely be reconsidered after the
 // benchmark program is profiled. I.e. if perfomance gain on Itanium
 // will appear larger than loss on "wider" IA-64, then the loop should
-// be explicitely split and the epilogue compressed.
+// be explicitly split and the epilogue compressed.
 .L_bn_sqr_words_ctop:
 { .mfi;	(p16)	ldf8		f32=[r33],8
 	(p25)	xmpy.lu		f42=f41,f41
--- a/crypto/bn/asm/parisc-mont.pl
+++ b/crypto/bn/asm/parisc-mont.pl
@ -126,7 +126,7 @@ $fp="%r3";
 $hi1="%r2";
 $hi0="%r1";

-$xfer=$n0;	# accomodates [-16..15] offset in fld[dw]s
+$xfer=$n0;	# accommodates [-16..15] offset in fld[dw]s

 $fm0="%fr4";	$fti=$fm0;
 $fbi="%fr5L";
--- a/crypto/bn/asm/rsaz-x86_64.pl
+++ b/crypto/bn/asm/rsaz-x86_64.pl
@ -1671,7 +1671,7 @@ ___
 {	# __rsaz_512_mul
 	#
 	# input: %rsi - ap, %rbp - bp
-	# ouput:
+	# output:
 	# clobbers: everything
 my ($ap,$bp) = ("%rsi","%rbp");
 $code.=<<___;
@ -1823,7 +1823,7 @@ if ($addx) {
 	# __rsaz_512_mulx
 	#
 	# input: %rsi - ap, %rbp - bp
-	# ouput:
+	# output:
 	# clobbers: everything
 my ($ap,$bp,$zero) = ("%rsi","%rbp","%rdi");
 $code.=<<___;
--- a/crypto/bn/bn_gcd.c
+++ b/crypto/bn/bn_gcd.c
@ -294,7 +294,7 @@ BIGNUM *int_bn_mod_inverse(BIGNUM *in,
        /*
         * Binary inversion algorithm; requires odd modulus. This is faster
         * than the general algorithm if the modulus is sufficiently small
-         * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit
+         * (about 400 .. 500 bits on 32-bit systems, but much more on 64-bit
         * systems)
         */
        int shift;
--- a/crypto/bn/bn_kron.c
+++ b/crypto/bn/bn_kron.c
@ -91,7 +91,7 @@ int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
        goto end;

    /*
-     * Kronecker symbol, imlemented according to Henri Cohen,
+     * Kronecker symbol, implemented according to Henri Cohen,
     * "A Course in Computational Algebraic Number Theory"
     * (algorithm 1.4.10).
     */
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@ -330,7 +330,7 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
             * The fact that the loop is unrolled
             * 4-wise is a tribute to Intel. It's
             * the one that doesn't have enough
-             * registers to accomodate more data.
+             * registers to accommodate more data.
             * I'd unroll it 8-wise otherwise:-)
             *
             *              <appro@fy.chalmers.se>
--- a/crypto/bn/bn_mul.c
+++ b/crypto/bn/bn_mul.c
@ -69,7 +69,7 @@
 * Here follows specialised variants of bn_add_words() and bn_sub_words().
 * They have the property performing operations on arrays of different sizes.
 * The sizes of those arrays is expressed through cl, which is the common
- * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta
+ * length ( basically, min(len(a),len(b)) ), and dl, which is the delta
 * between the two lengths, calculated as len(a)-len(b). All lengths are the
 * number of BN_ULONGs...  For the operations that require a result array as
 * parameter, it must have the length cl+abs(dl). These functions should
--- a/crypto/bn/bn_nist.c
+++ b/crypto/bn/bn_nist.c
@ -644,7 +644,7 @@ int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
 #endif
    } else if (carry < 0) {
        /*
-         * it's a bit more comlicated logic in this case. if bn_add_words
+         * it's a bit more complicated logic in this case. if bn_add_words
         * yields no carry, then result has to be adjusted by unconditionally
         * *adding* the modulus. but if it does, then result has to be
         * compared to the modulus and conditionally adjusted by
--- a/crypto/bn/bn_x931p.c
+++ b/crypto/bn/bn_x931p.c
@ -78,7 +78,7 @@ static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
    for (;;) {
        i++;
        BN_GENCB_call(cb, 0, i);
-        /* NB 27 MR is specificed in X9.31 */
+        /* NB 27 MR is specified in X9.31 */
        if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
            break;
        if (!BN_add_word(pi, 2))
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@ -156,7 +156,7 @@ int CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
        ctx->nlast_block = 0;
        return 1;
    }
-    /* Initialiase context */
+    /* Initialise context */
    if (cipher && !EVP_EncryptInit_ex(ctx->cctx, cipher, impl, NULL, NULL))
        return 0;
    /* Non-NULL key means initialisation complete */
@ -257,9 +257,9 @@ int CMAC_resume(CMAC_CTX *ctx)
    if (ctx->nlast_block == -1)
        return 0;
    /*
-     * The buffer "tbl" containes the last fully encrypted block which is the
+     * The buffer "tbl" contains the last fully encrypted block which is the
     * last IV (or all zeroes if no last encrypted block). The last block has
-     * not been modified since CMAC_final(). So reinitliasing using the last
+     * not been modified since CMAC_final(). So reinitialising using the last
     * decrypted block will allow CMAC to continue after calling
     * CMAC_Final().
     */
--- a/crypto/cms/cms_kari.c
+++ b/crypto/cms/cms_kari.c
@ -422,7 +422,7 @@ int cms_RecipientInfo_kari_encrypt(CMS_ContentInfo *cms,
    if (!cms_wrap_init(kari, ec->cipher))
        return 0;
    /*
-     * If no orignator key set up initialise for ephemeral key the public key
+     * If no originator key set up initialise for ephemeral key the public key
     * ASN1 structure will set the actual public key value.
     */
    if (kari->originator->type == -1) {
--- a/crypto/cms/cms_lib.c
+++ b/crypto/cms/cms_lib.c
@ -153,7 +153,7 @@ int CMS_dataFinal(CMS_ContentInfo *cms, BIO *cmsbio)
    ASN1_OCTET_STRING **pos = CMS_get0_content(cms);
    if (!pos)
        return 0;
-    /* If ebmedded content find memory BIO and set content */
+    /* If embedded content find memory BIO and set content */
    if (*pos && ((*pos)->flags & ASN1_STRING_FLAG_CONT)) {
        BIO *mbio;
        unsigned char *cont;
--- a/crypto/cms/cms_sd.c
+++ b/crypto/cms/cms_sd.c
@ -92,7 +92,7 @@ static CMS_SignedData *cms_signed_data_init(CMS_ContentInfo *cms)
    return cms_get0_signed(cms);
 }

-/* Just initialize SignedData e.g. for certs only structure */
+/* Just initialise SignedData e.g. for certs only structure */

 int CMS_SignedData_init(CMS_ContentInfo *cms)
 {
@ -351,7 +351,7 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
        goto err;
    if (!(flags & CMS_NOATTR)) {
        /*
-         * Initialialize signed attributes strutucture so other attributes
+         * Initialize signed attributes structure so other attributes
         * such as signing time etc are added later even if we add none here.
         */
        if (!si->signedAttrs) {
@ -593,7 +593,7 @@ static int cms_SignerInfo_content_sign(CMS_ContentInfo *cms,

    if (!cms_DigestAlgorithm_find_ctx(mctx, chain, si->digestAlgorithm))
        goto err;
-    /* Set SignerInfo algortihm details if we used custom parametsr */
+    /* Set SignerInfo algorithm details if we used custom parameter */
    if (si->pctx && !cms_sd_asn1_ctrl(si, 0))
        goto err;

--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@ -86,7 +86,7 @@ static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
                                      unsigned int olen, unsigned char *in,
                                      unsigned int ilen);

-/* memory allocations functions for zlib intialization */
+/* memory allocations functions for zlib initialisation */
 static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size)
 {
    void *p;
--- a/crypto/des/ofb_enc.c
+++ b/crypto/des/ofb_enc.c
@ -59,7 +59,7 @@

 /*
 * The input and output are loaded in multiples of 8 bits. What this means is
- * that if you hame numbits=12 and length=2 the first 12 bits will be
+ * that if you have numbits=12 and length=2 the first 12 bits will be
 * retrieved from the first byte and half the second.  The second 12 bits
 * will come from the 3rd and half the 4th byte.
 */
--- a/crypto/dh/dh_ameth.c
+++ b/crypto/dh/dh_ameth.c
@ -195,7 +195,7 @@ static int dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 /*
 * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in that
 * the AlgorithmIdentifier contains the parameters, the private key is
- * explcitly included and the pubkey must be recalculated.
+ * explicitly included and the pubkey must be recalculated.
 */

 static int dh_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
@ -861,7 +861,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri)
                        V_ASN1_UNDEF, NULL);
    }

-    /* See if custom paraneters set */
+    /* See if custom parameters set */
    kdf_type = EVP_PKEY_CTX_get_dh_kdf_type(pctx);
    if (kdf_type <= 0)
        goto err;
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@ -125,7 +125,7 @@ int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);

 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(int_dhx942_dh, DHxparams, int_dhx)

-/* Application leve function: read in X9.42 DH parameters into DH structure */
+/* Application public function: read in X9.42 DH parameters into DH structure */

 DH *d2i_DHxparams(DH **a, const unsigned char **pp, long length)
 {
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@ -257,7 +257,7 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
 {
    /*
     * If a is only one word long and constant time is false, use the faster
-     * exponenentiation function.
+     * exponentiation function.
     */
    if (bn_get_top(a) == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {
        BN_ULONG A = bn_get_words(a)[0];
--- a/crypto/dsa/dsa_gen.c
+++ b/crypto/dsa/dsa_gen.c
@ -375,7 +375,7 @@ int dsa_builtin_paramgen2(DSA *ret, size_t L, size_t N,
    }

    mdsize = EVP_MD_size(evpmd);
-    /* If unverificable g generation only don't need seed */
+    /* If unverifiable g generation only don't need seed */
    if (!ret->p || !ret->q || idx >= 0) {
        if (seed_len == 0)
            seed_len = mdsize;
--- a/crypto/ebcdic.c
+++ b/crypto/ebcdic.c
@ -172,7 +172,7 @@ const unsigned char os_toebcdic[256] = {
 * systems. It is a modified version of the BS2000 table.
 *
 * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is
- * bijective - there are no ambigous or duplicate characters.
+ * bijective - there are no ambiguous or duplicate characters.
 */
 const unsigned char os_toascii[256] = {
    0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */
--- a/crypto/ec/asm/ecp_nistz256-avx2.pl
+++ b/crypto/ec/asm/ecp_nistz256-avx2.pl
@ -149,7 +149,7 @@ $code.=<<___;
 ___

 {
-# This function recieves a pointer to an array of four affine points
+# This function receives a pointer to an array of four affine points
 # (X, Y, <1>) and rearanges the data for AVX2 execution, while
 # converting it to 2^29 radix redundant form

@ -301,7 +301,7 @@ ___
 }
 {
 ################################################################################
-# This function recieves a pointer to an array of four AVX2 formatted points
+# This function receives a pointer to an array of four AVX2 formatted points
 # (X, Y, Z) convert the data to normal representation, and rearanges the data

 my ($D0,$D1,$D2,$D3, $D4,$D5,$D6,$D7, $D8)=map("%ymm$_",(0..8));
--- a/crypto/ec/ec_ameth.c
+++ b/crypto/ec/ec_ameth.c
@ -819,7 +819,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
                        V_ASN1_UNDEF, NULL);
    }

-    /* See if custom paraneters set */
+    /* See if custom parameters set */
    kdf_type = EVP_PKEY_CTX_get_ecdh_kdf_type(pctx);
    if (kdf_type <= 0)
        goto err;
@ -838,7 +838,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri)
        if (EVP_PKEY_CTX_set_ecdh_kdf_type(pctx, kdf_type) <= 0)
            goto err;
    } else
-        /* Uknown KDF */
+        /* Unknown KDF */
        goto err;
    if (kdf_md == NULL) {
        /* Fixme later for better MD */
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@ -645,7 +645,7 @@ ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
            if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
                ok = 0;
        } else
-            /* we don't kmow the nid => ERROR */
+            /* we don't know the nid => ERROR */
            ok = 0;
    } else {
        /* use the ECPARAMETERS structure */
@ -1189,7 +1189,7 @@ EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)

    if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
        /*
-         * sorry, but a EC_GROUP-structur is necessary to set the public key
+         * sorry, but a EC_GROUP-structure is necessary to set the public key
         */
        ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
--- a/crypto/ec/ec_curve.c
+++ b/crypto/ec/ec_curve.c
@ -2981,7 +2981,7 @@ static const ec_list_element curve_list[] = {
     "NIST/SECG/WTLS curve over a 233 bit binary field"},
 #endif
    {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
-     "WTLS curvs over a 224 bit prime field"},
+     "WTLS curve over a 224 bit prime field"},
 #ifndef OPENSSL_NO_EC2M
    /* IPSec curves */
    {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
--- a/crypto/ec/ec_mult.c
+++ b/crypto/ec/ec_mult.c
@ -67,7 +67,7 @@
 #include "ec_lcl.h"

 /*
- * This file implements the wNAF-based interleaving multi-exponentation method
+ * This file implements the wNAF-based interleaving multi-exponentiation method
 * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>);
 * for multiplication with precomputation, we use wNAF splitting
 * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>).
--- a/crypto/ec/ecp_nistp256.c
+++ b/crypto/ec/ecp_nistp256.c
@ -1226,7 +1226,7 @@ static void copy_small_conditional(felem out, const smallfelem in, limb mask)
 }

 /*-
- * point_add calcuates (x1, y1, z1) + (x2, y2, z2)
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
 *
 * The method is taken from:
 *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
--- a/crypto/ec/ecp_nistp521.c
+++ b/crypto/ec/ecp_nistp521.c
@ -1032,7 +1032,7 @@ static void felem_contract(felem out, const felem in)
 * coordinates */

 /*-
- * point_double calcuates 2*(x_in, y_in, z_in)
+ * point_double calculates 2*(x_in, y_in, z_in)
 *
 * The method is taken from:
 *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
@ -1148,7 +1148,7 @@ static void copy_conditional(felem out, const felem in, limb mask)
 }

 /*-
- * point_add calcuates (x1, y1, z1) + (x2, y2, z2)
+ * point_add calculates (x1, y1, z1) + (x2, y2, z2)
 *
 * The method is taken from
 *   http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#addition-add-2007-bl,
--- a/crypto/engine/eng_cryptodev.c
+++ b/crypto/engine/eng_cryptodev.c
@ -364,12 +364,12 @@ static int get_cryptodev_digests(const int **cnids)
 * Find the useable ciphers|digests from dev/crypto - this is the first
 * thing called by the engine init crud which determines what it
 * can use for ciphers from this engine. We want to return
- * only what we can do, anythine else is handled by software.
+ * only what we can do, anything else is handled by software.
 *
 * If we can't initialize the device to do anything useful for
 * any reason, we want to return a NULL array, and 0 length,
 * which forces everything to be done is software. By putting
- * the initalization of the device in here, we ensure we can
+ * the initialization of the device in here, we ensure we can
 * use this engine as the default, and if for whatever reason
 * /dev/crypto won't do what we want it will just be done in
 * software
@ -400,7 +400,7 @@ static int cryptodev_usable_digests(const int **nids)
     * suck moose gonads - would be nice to be able to decide something
     * as reasonable default without having hackery that's card dependent.
     * of course, the default should probably be just do everything,
-     * with perhaps a sysctl to turn algoritms off (or have them off
+     * with perhaps a sysctl to turn algorithms off (or have them off
     * by default) on cards that generally suck like the hifn.
     */
    *nids = NULL;
@ -447,7 +447,7 @@ cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,

    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
        /*
-         * XXX need better errror handling this can fail for a number of
+         * XXX need better error handling this can fail for a number of
         * different reasons.
         */
        return (0);
@ -503,7 +503,7 @@ cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
 }

 /*
- * free anything we allocated earlier when initting a
+ * free anything we allocated earlier when initing a
 * session, and close the session.
 */
 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
@ -516,7 +516,7 @@ static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
        return (0);

    /*
-     * XXX if this ioctl fails, someting's wrong. the invoker may have called
+     * XXX if this ioctl fails, something's wrong. the invoker may have called
     * us with a bogus ctx, or we could have a device that for whatever
     * reason just doesn't want to play ball - it's not clear what's right
     * here - should this be an error? should it just increase a counter,
--- a/crypto/engine/eng_ctrl.c
+++ b/crypto/engine/eng_ctrl.c
@ -133,7 +133,7 @@ static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
        return e->cmd_defns[idx].cmd_num;
    }
    /*
-     * For the rest of the commands, the 'long' argument must specify a valie
+     * For the rest of the commands, the 'long' argument must specify a valid
     * command number - so we need to conduct a search.
     */
    if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@ -316,7 +316,7 @@ void ENGINE_load_dynamic(void)
 static int dynamic_init(ENGINE *e)
 {
    /*
-     * We always return failure - the "dyanamic" engine itself can't be used
+     * We always return failure - the "dynamic" engine itself can't be used
     * for anything.
     */
    return 0;
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@ -219,7 +219,7 @@ ENGINE *ENGINE_get_next(ENGINE *e)
    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
    ret = e->next;
    if (ret) {
-        /* Return a valid structural refernce to the next ENGINE */
+        /* Return a valid structural reference to the next ENGINE */
        ret->struct_ref++;
        engine_ref_debug(ret, 0, 1);
    }
@ -353,7 +353,7 @@ ENGINE *ENGINE_by_id(const char *id)
    if (iterator != NULL)
        return iterator;
    /*
-     * Prevent infinite recusrion if we're looking for the dynamic engine.
+     * Prevent infinite recursion if we're looking for the dynamic engine.
     */
    if (strcmp(id, "dynamic")) {
 # ifdef OPENSSL_SYS_VMS
--- a/crypto/engine/eng_table.c
+++ b/crypto/engine/eng_table.c
@ -155,7 +155,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
            fnd->funct = NULL;
            (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
        }
-        /* A registration shouldn't add duplciate entries */
+        /* A registration shouldn't add duplicate entries */
        (void)sk_ENGINE_delete_ptr(fnd->sk, e);
        /*
         * if 'setdefault', this ENGINE goes to the head of the list
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@ -174,7 +174,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
     * this context may already have an ENGINE! Try to avoid releasing the
     * previous handle, re-querying for an ENGINE, and having a
-     * reinitialisation, when it may all be unecessary.
+     * reinitialisation, when it may all be unnecessary.
     */
    if (ctx->engine && ctx->digest && (!type ||
                                       (type
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@ -605,7 +605,7 @@ void aes_t4_decrypt(const unsigned char *in, unsigned char *out,
 * non-key-length specific routines would require conditional branches
 * either in inner loops or on subroutines' entries. Former is hardly
 * acceptable, while latter means code size increase to size occupied
- * by multiple key-length specfic subroutines, so why fight?
+ * by multiple key-length specific subroutines, so why fight?
 */
 void aes128_t4_cbc_encrypt(const unsigned char *in, unsigned char *out,
                           size_t len, const AES_KEY *key,
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@ -124,7 +124,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
     * this context may already have an ENGINE! Try to avoid releasing the
     * previous handle, re-querying for an ENGINE, and having a
-     * reinitialisation, when it may all be unecessary.
+     * reinitialisation, when it may all be unnecessary.
     */
    if (ctx->engine && ctx->cipher
        && (!cipher || (cipher && (cipher->nid == ctx->cipher->nid))))
@ -159,7 +159,7 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
                /*
                 * One positive side-effect of US's export control history,
                 * is that we should at least be able to avoid using US
-                 * mispellings of "initialisation"?
+                 * misspellings of "initialisation"?
                 */
                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
                return 0;
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@ -144,7 +144,7 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
        e = ENGINE_get_pkey_meth_engine(id);

    /*
-     * If an ENGINE handled this method look it up. Othewise use internal
+     * If an ENGINE handled this method look it up. Otherwise use internal
     * tables.
     */

--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@ -116,8 +116,8 @@
 * exdata has a stack of callbacks for each instance.
 */
 struct ex_callback_st {
-    long argl;                  /* Arbitary long */
-    void *argp;                 /* Arbitary void * */
+    long argl;                  /* Arbitrary long */
+    void *argp;                 /* Arbitrary void * */
    CRYPTO_EX_new *new_func;
    CRYPTO_EX_free *free_func;
    CRYPTO_EX_dup *dup_func;
--- a/crypto/modes/cfb128.c
+++ b/crypto/modes/cfb128.c
@ -190,7 +190,7 @@ static void cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
                               block128_f block)
 {
    int n, rem, num;
-    unsigned char ovec[16 * 2 + 1]; /* +1 because we dererefence (but don't
+    unsigned char ovec[16 * 2 + 1]; /* +1 because we dereference (but don't
                                     * use) one byte off the end */

    if (nbits <= 0 || nbits > 128)
--- a/crypto/modes/ctr128.c
+++ b/crypto/modes/ctr128.c
@ -117,7 +117,7 @@ static void ctr128_inc_aligned(unsigned char *counter)
 * before the first call to CRYPTO_ctr128_encrypt(). This algorithm assumes
 * that the counter is in the x lower bits of the IV (ivec), and that the
 * application has full control over overflow and the rest of the IV.  This
- * implementation takes NO responsability for checking that the counter
+ * implementation takes NO responsibility for checking that the counter
 * doesn't overflow into the rest of the IV when incremented.
 */
 void CRYPTO_ctr128_encrypt(const unsigned char *in, unsigned char *out,
@ -245,7 +245,7 @@ void CRYPTO_ctr128_encrypt_ctr32(const unsigned char *in, unsigned char *out,
        (*func) (in, out, blocks, key, ivec);
        /* (*ctr) does not update ivec, caller does: */
        PUTU32(ivec + 12, ctr32);
-        /* ... overflow was detected, propogate carry. */
+        /* ... overflow was detected, propagate carry. */
        if (ctr32 == 0)
            ctr96_inc(ivec);
        blocks *= 16;
--- a/crypto/o_time.c
+++ b/crypto/o_time.c
@ -161,7 +161,7 @@ struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
            /*-
             * The VMS epoch is the astronomical Smithsonian date,
               if I remember correctly, which is November 17, 1858.
-               Furthermore, time is measure in thenths of microseconds
+               Furthermore, time is measure in tenths of microseconds
               and stored in quadwords (64 bit integers).  unix_epoch
               below is January 1st 1970 expressed as a VMS time.  The
               following code was used to get this number:
@ -253,7 +253,7 @@ int OPENSSL_gmtime_adj(struct tm *tm, int off_day, long offset_sec)
    int time_sec, time_year, time_month, time_day;
    long time_jd;

-    /* Convert time and offset into julian day and seconds */
+    /* Convert time and offset into Julian day and seconds */
    if (!julian_adj(tm, off_day, offset_sec, &time_jd, &time_sec))
        return 0;

--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@ -10,7 +10,7 @@
 #include "obj_lcl.h"

 /*
- * Later versions of DEC C has started to add lnkage information to certain
+ * Later versions of DEC C has started to add linkage information to certain
 * functions, which makes it tricky to use them as values to regular function
 * pointers.  One way is to define a macro that takes care of casting them
 * correctly.
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@ -4,7 +4,7 @@
 */

 /*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * History: This file was transferred to Richard Levitte from CertCo by Kathy
 * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
 * patch kit.
 */
@ -142,7 +142,7 @@ int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
 }

 /*
- * Sign an OCSP request set the requestorName to the subjec name of an
+ * Sign an OCSP request set the requestorName to the subject name of an
 * optional signers certificate and include one or more optional certificates
 * in the request. Behaves like PKCS7_sign().
 */
@ -222,7 +222,7 @@ ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs)
 }

 /*
- * Return number of OCSP_SINGLERESP reponses present in a basic response.
+ * Return number of OCSP_SINGLERESP responses present in a basic response.
 */

 int OCSP_resp_count(OCSP_BASICRESP *bs)
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@ -4,7 +4,7 @@
 */

 /*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * History: This file was transferred to Richard Levitte from CertCo by Kathy
 * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
 * patch kit.
 */
@ -291,7 +291,7 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
 /* Nonce handling functions */

 /*
- * Add a nonce to an extension stack. A nonce can be specificed or if NULL a
+ * Add a nonce to an extension stack. A nonce can be specified or if NULL a
 * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an
 * OCTET STRING containing the nonce, previous versions used the raw nonce.
 */
--- a/crypto/ocsp/ocsp_lcl.h
+++ b/crypto/ocsp/ocsp_lcl.h
@ -4,7 +4,7 @@
 */

 /*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * History: This file was transferred to Richard Levitte from CertCo by Kathy
 * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
 * patch kit.
 */
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@ -4,7 +4,7 @@
 */

 /*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * History: This file was transferred to Richard Levitte from CertCo by Kathy
 * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
 * patch kit.
 */
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@ -4,7 +4,7 @@
 */

 /*
- * History: This file was originally part of ocsp.c and was transfered to
+ * History: This file was originally part of ocsp.c and was transferred to
 * Richard Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be
 * included in OpenSSL or released as a patch kit.
 */
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@ -288,7 +288,7 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
        tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
        /* Check to see if IDs match */
        if (OCSP_id_issuer_cmp(cid, tmpid)) {
-            /* If algoritm mismatch let caller deal with it */
+            /* If algorithm mismatch let caller deal with it */
            if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
                        cid->hashAlgorithm.algorithm))
                return 2;
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@ -302,7 +302,7 @@ my %globals;
 }
 { package register;	# pick up registers, which start with %.
    sub re {
-	my	$class = shift;	# muliple instances...
+	my	$class = shift;	# multiple instances...
 	my	$self = {};
 	local	*line = shift;
 	undef	$ret;
@ -950,7 +950,7 @@ close STDOUT;
 # (#)	Nth argument, volatile
 #
 # In Unix terms top of stack is argument transfer area for arguments
-# which could not be accomodated in registers. Or in other words 7th
+# which could not be accommodated in registers. Or in other words 7th
 # [integer] argument resides at 8(%rsp) upon function entry point.
 # 128 bytes above %rsp constitute a "red zone" which is not touched
 # by signal handlers and can be used as temporal storage without
--- a/crypto/pkcs12/p12_kiss.c
+++ b/crypto/pkcs12/p12_kiss.c
@ -75,7 +75,7 @@ static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
 * Parse and decrypt a PKCS#12 structure returning user key, user cert and
 * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it
 * should point to a valid STACK structure. pkey and cert can be passed
- * unitialised.
+ * uninitialised.
 */

 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@ -323,7 +323,7 @@ static int rand_add(const void *buf, int num, double add)
            /*
             * Parallel threads may interfere with this, but always each byte
             * of the new state is the XOR of some previous value of its and
-             * local_md (itermediate values may be lost). Alway using locking
+             * local_md (intermediate values may be lost). Alway using locking
             * could hurt performance more than necessary given that
             * conflicts occur only when the total seeding is longer than the
             * random state.
--- a/crypto/rand/rand_win.c
+++ b/crypto/rand/rand_win.c
@ -122,7 +122,7 @@

 /*
 * Limit the time spent walking through the heap, processes, threads and
- * modules to a maximum of 1000 miliseconds each, unless CryptoGenRandom
+ * modules to a maximum of 1000 milliseconds each, unless CryptoGenRandom
 * failed
 */
 # define MAXDELAY 1000
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@ -569,7 +569,7 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)

 /*
 * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
- * then the EVP_MD_CTX is setup and initalised. If it is NULL parameters are
+ * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
 * passed to pkctx instead.
 */

--- a/crypto/rsa/rsa_ossl.c
+++ b/crypto/rsa/rsa_ossl.c
@ -729,7 +729,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
        BIGNUM *p = NULL, *q = NULL;

        /*
-         * Make sure BN_mod_inverse in Montgomery intialization uses the
+         * Make sure BN_mod_inverse in Montgomery initialization uses the
         * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
         */
        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
--- a/crypto/sha/asm/sha1-mb-x86_64.pl
+++ b/crypto/sha/asm/sha1-mb-x86_64.pl
@ -479,7 +479,7 @@ $code.=<<___;
 	jnz	.Loop_grande

 .Ldone:
-	mov	`$REG_SZ*17`(%rsp),%rax		# orignal %rsp
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
 ___
 $code.=<<___ if ($win64);
 	movaps	-0xb8(%rax),%xmm6
@ -539,7 +539,7 @@ $code.=<<___;
 	movdqa	K_XX_XX+0x80(%rip),$BSWAP	# byte-n-word swap

 .Loop_grande_shaext:
-	mov	$num,`$REG_SZ*17+8`(%rsp)	# orignal $num
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
 	xor	$num,$num
 ___
 for($i=0;$i<2;$i++) {
@ -1117,7 +1117,7 @@ $code.=<<___;
 	jnz	.Loop_grande_avx

 .Ldone_avx:
-	mov	`$REG_SZ*17`(%rsp),%rax		# orignal %rsp
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
@ -1272,7 +1272,7 @@ $code.=<<___;
 	#jnz	.Loop_grande_avx2

 .Ldone_avx2:
-	mov	`$REG_SZ*17`(%rsp),%rax		# orignal %rsp
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
--- a/crypto/sha/asm/sha1-mips.pl
+++ b/crypto/sha/asm/sha1-mips.pl
@ -325,7 +325,7 @@ $code.=<<___ if ($i<79);
 ___
 }

-$FRAMESIZE=16;	# large enough to accomodate NUBI saved registers
+$FRAMESIZE=16;	# large enough to accommodate NUBI saved registers
 $SAVED_REGS_MASK = ($flavour =~ /nubi/i) ? 0xc0fff008 : 0xc0ff0000;

 $code=<<___;
--- a/crypto/sha/asm/sha256-mb-x86_64.pl
+++ b/crypto/sha/asm/sha256-mb-x86_64.pl
@ -383,7 +383,7 @@ $code.=<<___;
 	jnz	.Loop_grande

 .Ldone:
-	mov	`$REG_SZ*17`(%rsp),%rax		# orignal %rsp
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
 ___
 $code.=<<___ if ($win64);
 	movaps	-0xb8(%rax),%xmm6
@ -443,7 +443,7 @@ $code.=<<___;
 	lea	K256_shaext+0x80(%rip),$Tbl

 .Loop_grande_shaext:
-	mov	$num,`$REG_SZ*17+8`(%rsp)	# orignal $num
+	mov	$num,`$REG_SZ*17+8`(%rsp)	# original $num
 	xor	$num,$num
 ___
 for($i=0;$i<2;$i++) {
@ -1062,7 +1062,7 @@ $code.=<<___;
 	jnz	.Loop_grande_avx

 .Ldone_avx:
-	mov	`$REG_SZ*17`(%rsp),%rax		# orignal %rsp
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
@ -1238,7 +1238,7 @@ $code.=<<___;
 	#jnz	.Loop_grande_avx2

 .Ldone_avx2:
-	mov	`$REG_SZ*17`(%rsp),%rax		# orignal %rsp
+	mov	`$REG_SZ*17`(%rsp),%rax		# original %rsp
 	vzeroupper
 ___
 $code.=<<___ if ($win64);
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@ -91,7 +91,7 @@ int SHA224_Final(unsigned char *md, SHA256_CTX *c)
 * default: case below covers for it. It's not clear however if it's
 * permitted to truncate to amount of bytes not divisible by 4. I bet not,
 * but if it is, then default: case shall be extended. For reference.
- * Idea behind separate cases for pre-defined lenghts is to let the
+ * Idea behind separate cases for pre-defined lengths is to let the
 * compiler decide if it's appropriate to unroll small loops.
 */
 #define HASH_MAKE_STRING(c,s)   do {    \
--- a/crypto/sha/sha_locl.h
+++ b/crypto/sha/sha_locl.h
@ -163,7 +163,7 @@ int HASH_INIT(SHA_CTX *c)
 # ifndef MD32_XARRAY
  /*
   * Originally X was an array. As it's automatic it's natural
-   * to expect RISC compiler to accomodate at least part of it in
+   * to expect RISC compiler to accommodate at least part of it in
   * the register bank, isn't it? Unfortunately not all compilers
   * "find" this expectation reasonable:-( On order to make such
   * compilers generate better code I replace X[] with a bunch of
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@ -333,7 +333,7 @@ static SRP_gN knowngN[] = {
 # define KNOWN_GN_NUMBER sizeof(knowngN) / sizeof(SRP_gN)

 /*
- * Check if G and N are kwown parameters. The values have been generated
+ * Check if G and N are known parameters. The values have been generated
 * from the ietf-tls-srp draft version 8
 */
 char *SRP_check_known_gN_param(BIGNUM *g, BIGNUM *N)
--- a/crypto/ui/ui_lib.c
+++ b/crypto/ui/ui_lib.c
@ -163,7 +163,7 @@ static int general_allocate_string(UI *ui, const char *prompt,
            s->_.string_data.result_maxsize = maxsize;
            s->_.string_data.test_buf = test_buf;
            ret = sk_UI_STRING_push(ui->strings, s);
-            /* sk_push() returns 0 on error.  Let's addapt that */
+            /* sk_push() returns 0 on error.  Let's adapt that */
            if (ret <= 0)
                ret--;
        } else
@ -207,7 +207,7 @@ static int general_allocate_boolean(UI *ui,
                s->_.boolean_data.cancel_chars = cancel_chars;
                ret = sk_UI_STRING_push(ui->strings, s);
                /*
-                 * sk_push() returns 0 on error. Let's addapt that
+                 * sk_push() returns 0 on error. Let's adapt that
                 */
                if (ret <= 0)
                    ret--;
--- a/crypto/whrlpool/wp_block.c
+++ b/crypto/whrlpool/wp_block.c
@ -146,7 +146,7 @@ typedef unsigned long long u64;
 * one quadword load. One can argue that that many single-byte loads
 * is too excessive, as one could load a quadword and "milk" it for
 * eight 8-bit values instead. Well, yes, but in order to do so *and*
- * avoid excessive loads you have to accomodate a handful of 64-bit
+ * avoid excessive loads you have to accommodate a handful of 64-bit
 * values in the register bank and issue a bunch of shifts and mask.
 * It's a tradeoff: loads vs. shift and mask in big register bank[!].
 * On most CPUs eight single-byte loads are faster and I let other
--- a/crypto/whrlpool/wp_dgst.c
+++ b/crypto/whrlpool/wp_dgst.c
@ -48,7 +48,7 @@
 *
 * Unlike authors' reference implementation, block processing
 * routine whirlpool_block is designed to operate on multi-block
- * input. This is done for perfomance.
+ * input. This is done for performance.
 */

 #include "wp_locl.h"
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@ -458,7 +458,7 @@ int X509_chain_check_suiteb(int *perror_depth, X509 *x, STACK_OF(X509) *chain,
            i--;
        /*
         * If we have LOS error and flags changed then we are signing P-384
-         * with P-256. Use more meaninggul error.
+         * with P-256. Use more meaningful error.
         */
        if (rv == X509_V_ERR_SUITE_B_LOS_NOT_ALLOWED && flags != tflags)
            rv = X509_V_ERR_SUITE_B_CANNOT_SIGN_P_384_WITH_P_256;
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@ -2474,7 +2474,7 @@ static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)

    /*
     * If we've previously matched a PKIX-?? record, no need to test any
-     * furher PKIX-?? records,  it remains to just build the PKIX chain.
+     * further PKIX-?? records,  it remains to just build the PKIX chain.
     * Had the match been a DANE-?? record, we'd be done already.
     */
    if (dane->mdpth >= 0)
@ -2505,7 +2505,7 @@ static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
     *
     * As soon as we find a match at any given depth, we stop, because either
     * we've matched a DANE-?? record and the peer is authenticated, or, after
-     * exhausing all DANE-?? records, we've matched a PKIX-?? record, which is
+     * exhausting all DANE-?? records, we've matched a PKIX-?? record, which is
     * sufficient for DANE, and what remains to do is ordinary PKIX validation.
     */
    recnum = (dane->umask & mask) ? sk_danetls_record_num(dane->trecs) : 0;
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@ -109,7 +109,7 @@ int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
    return (X509_NAME_get_index_by_OBJ(name, obj, lastpos));
 }

-/* NOTE: you should be passsing -1, not 0 as lastpos */
+/* NOTE: you should be passing -1, not 0 as lastpos */
 int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos)
 {
    int n;
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@ -324,7 +324,7 @@ static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
 * it all strings are converted to UTF8, leading, trailing and multiple
 * spaces collapsed, converted to lower case and the leading SEQUENCE header
 * removed. In future we could also normalize the UTF8 too. By doing this
- * comparison of Name structures can be rapidly perfomed by just using
+ * comparison of Name structures can be rapidly performed by just using
 * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
 * constraints of type dirName can also be checked with a simple memcmp().
 */
--- a/crypto/x509v3/v3_addr.c
+++ b/crypto/x509v3/v3_addr.c
@ -360,7 +360,7 @@ static int IPAddressOrRange_cmp(const IPAddressOrRange *a,

 /*
 * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
+ * comparison routines are only allowed two arguments.
 */
 static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
                                  const IPAddressOrRange *const *b)
@ -370,7 +370,7 @@ static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,

 /*
 * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
- * comparision routines are only allowed two arguments.
+ * comparison routines are only allowed two arguments.
 */
 static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
                                  const IPAddressOrRange *const *b)
@ -704,7 +704,7 @@ int v3_addr_get_range(IPAddressOrRange *aor,
 }

 /*
- * Sort comparision function for a sequence of IPAddressFamily.
+ * Sort comparison function for a sequence of IPAddressFamily.
 *
 * The last paragraph of RFC 3779 2.2.3.3 is slightly ambiguous about
 * the ordering: I can read it as meaning that IPv6 without a SAFI
--- a/crypto/x509v3/v3_asid.c
+++ b/crypto/x509v3/v3_asid.c
@ -164,7 +164,7 @@ static int i2r_ASIdentifiers(const X509V3_EXT_METHOD *method,
 }

 /*
- * Sort comparision function for a sequence of ASIdOrRange elements.
+ * Sort comparison function for a sequence of ASIdOrRange elements.
 */
 static int ASIdOrRange_cmp(const ASIdOrRange *const *a_,
                           const ASIdOrRange *const *b_)
@ -720,7 +720,7 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
 }

 /*
- * Test whether a is a subet of b.
+ * Test whether a is a subset of b.
 */
 int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
 {
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@ -405,7 +405,7 @@ static int nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
    const char *emlat = strchr(emlptr, '@');
    if (!emlat)
        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-    /* Special case: inital '.' is RHS match */
+    /* Special case: initial '.' is RHS match */
    if (!baseat && (*baseptr == '.')) {
        if (eml->length > base->length) {
            emlptr += eml->length - base->length;
@ -465,7 +465,7 @@ static int nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
    if (hostlen == 0)
        return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;

-    /* Special case: inital '.' is RHS match */
+    /* Special case: initial '.' is RHS match */
    if (*baseptr == '.') {
        if (hostlen > base->length) {
            p = hostptr + hostlen - base->length;
--- a/demos/x509/README
+++ b/demos/x509/README
@ -1,3 +1,3 @@
-This directory contains examples of how to contruct
+This directory contains examples of how to construct
 various X509 structures. Certificates, certificate requests
 and CRLs.
--- a/doc/apps/x509.pod
+++ b/doc/apps/x509.pod
@ -467,7 +467,7 @@ B<sep_comma_plus>, B<dn_rev> and B<sname>.
 a oneline format which is more readable than RFC2253. It is equivalent to
 specifying the  B<esc_2253>, B<esc_ctrl>, B<esc_msb>, B<utf8>, B<dump_nostr>,
 B<dump_der>, B<use_quote>, B<sep_comma_plus_space>, B<space_eq> and B<sname>
-options.  This is the I<default> of no name options are given explicitely.
+options.  This is the I<default> of no name options are given explicitly.

 =item B<multiline>

--- a/doc/crypto/ASN1_INTEGER_get_int64.pod
+++ b/doc/crypto/ASN1_INTEGER_get_int64.pod
@ -85,9 +85,9 @@ an appropriate C integer type.

 =head1 BUGS

-The ambigious return values of ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
+The ambiguous return values of ASN1_INTEGER_get() and ASN1_ENUMERATED_get()
 mean these functions should be avoided if possible. They are retained for
-compatibility. Normally the ambigious return values are not legitimate
+compatibility. Normally the ambiguous return values are not legitimate
 values for the fields they represent.

 =head1 RETURN VALUES
--- a/doc/crypto/ASYNC_start_job.pod
+++ b/doc/crypto/ASYNC_start_job.pod
@ -139,9 +139,9 @@ ASYNC_block_pause() twice then you must call ASYNC_unblock_pause() twice in
 order to reenable pausing. If these functions are called while there is no
 currently active job then they have no effect. This functionality can be useful
 to avoid deadlock scenarios. For example during the execution of an ASYNC_JOB an
-application aquires a lock. It then calls some cryptographic function which
+application acquires a lock. It then calls some cryptographic function which
 invokes ASYNC_pause_job(). This returns control back to the code that created
-the ASYNC_JOB. If that code then attempts to aquire the same lock before
+the ASYNC_JOB. If that code then attempts to acquire the same lock before
 resuming the original job then a deadlock can occur. By calling
 ASYNC_block_pause() immediately after aquiring the lock and
 ASYNC_unblock_pause() immediately before releasing it then this situation cannot
@ -154,7 +154,7 @@ ASYNC_init and ASYNC_init_thread return 1 on success or 0 otherwise.
 ASYNC_start_job returns one of ASYNC_ERR, ASYNC_NO_JOBS, ASYNC_PAUSE or
 ASYNC_FINISH as described above.

-ASYNC_pause_job returns 0 if an error occured or 1 on success. If called when
+ASYNC_pause_job returns 0 if an error occurred or 1 on success. If called when
 not within the context of an ASYNC_JOB then this is counted as success so 1 is
 returned.

--- a/doc/crypto/EC_GROUP_copy.pod
+++ b/doc/crypto/EC_GROUP_copy.pod
@ -58,8 +58,8 @@ EC_GROUP object.

 EC_GROUP_method_of obtains the EC_METHOD of B<group>.

-EC_GROUP_set_generator sets curve paramaters that must be agreed by all participants using the curve. These
-paramaters include the B<generator>, the B<order> and the B<cofactor>. The B<generator> is a well defined point on the
+EC_GROUP_set_generator sets curve parameters that must be agreed by all participants using the curve. These
+parameters include the B<generator>, the B<order> and the B<cofactor>. The B<generator> is a well defined point on the
 curve chosen for cryptographic operations. Integers used for point multiplications will be between 0 and
 n-1 where n is the B<order>. The B<order> multiplied by the B<cofactor> gives the number of points on the curve.

--- a/doc/crypto/OCSP_cert_to_id.pod
+++ b/doc/crypto/OCSP_cert_to_id.pod
@ -55,7 +55,7 @@ otherwise.

 OCSP_CERTID_free() does not return a value.

-OCSP_id_get0_info() returns 1 for sucess and 0 for failure.
+OCSP_id_get0_info() returns 1 for success and 0 for failure.

 =head1 NOTES

--- a/doc/crypto/X509V3_get_d2i.pod
+++ b/doc/crypto/X509V3_get_d2i.pod
@ -77,7 +77,7 @@ of a certificate a CRL or a CRL entry respectively.
 =head1 NOTES

 In almost all cases an extension can occur at most once and multiple
-occurences is an error. Therefore the B<idx> parameter is usually B<NULL>.
+occurrences is an error. Therefore the B<idx> parameter is usually B<NULL>.

 The B<flags> parameter may be one of the following values.

--- a/doc/openssl-c-indent.el
+++ b/doc/openssl-c-indent.el
@ -28,7 +28,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Note, it could be easy to inherit from the "gnu" style...  however,
 ;; one never knows if that style will change somewhere in the future,
-;; so I've chosen to copy the "gnu" style values explicitely instead
+;; so I've chosen to copy the "gnu" style values explicitly instead
 ;; and mark them with a comment.                // RLevitte 2015-08-31
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

--- a/doc/ssl/SSL_CTX_set1_sigalgs.pod
+++ b/doc/ssl/SSL_CTX_set1_sigalgs.pod
@ -80,14 +80,14 @@ The use of MD5 as a digest is strongly discouraged due to security weaknesses.

 =head1 EXAMPLES

-Set supported signature algoritms to SHA256 with ECDSA and SHA256 with RSA
+Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA
 using an array:

    const int slist[] = {NID_sha256, EVP_PKEY_EC, NID_sha256, EVP_PKEY_RSA};

    SSL_CTX_set1_sigalgs(ctx, slist, 4);

-Set supported signature algoritms to SHA256 with ECDSA and SHA256 with RSA
+Set supported signature algorithms to SHA256 with ECDSA and SHA256 with RSA
 using a string:

    SSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:RSA+SHA256");
--- a/include/openssl/dso.h
+++ b/include/openssl/dso.h
@ -338,7 +338,7 @@ DSO_METHOD *DSO_METHOD_vms(void);
 * 'addr' into 'sz' large caller-provided 'path' and returns the number of
 * characters [including trailing zero] written to it. If 'sz' is 0 or
 * negative, 'path' is ignored and required amount of charachers [including
- * trailing zero] to accomodate pathname is returned. If 'addr' is NULL, then
+ * trailing zero] to accommodate pathname is returned. If 'addr' is NULL, then
 * pathname of cryptolib itself is returned. Negative or zero return value
 * denotes error.
 */
--- a/include/openssl/e_os2.h
+++ b/include/openssl/e_os2.h
@ -206,8 +206,8 @@ extern "C" {
 /*-
 * Definitions of OPENSSL_GLOBAL and OPENSSL_EXTERN, to define and declare
 * certain global symbols that, with some compilers under VMS, have to be
- * defined and declared explicitely with globaldef and globalref.
- * Definitions of OPENSSL_EXPORT and OPENSSL_EXTERN, to define and declare
+ * defined and declared explicitly with globaldef and globalref.
+ * Definitions of OPENSSL_EXPORT and OPENSSL_IMPORT, to define and declare
 * DLL exports and imports for compilers under Win32.  These are a little
 * more complicated to use.  Basically, for any library that exports some
 * global variables, the following code must be present in the header file
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@ -4,7 +4,7 @@
 */

 /*
- * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * History: This file was transferred to Richard Levitte from CertCo by Kathy
 * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
 * patch kit.
 */
--- a/include/openssl/ui.h
+++ b/include/openssl/ui.h
@ -128,7 +128,7 @@ void UI_free(UI *ui);
   added, so the result is *not* a string.

   On success, the all return an index of the added information.  That index
-   is usefull when retrieving results with UI_get0_result(). */
+   is useful when retrieving results with UI_get0_result(). */
 int UI_add_input_string(UI *ui, const char *prompt, int flags,
                        char *result_buf, int minsize, int maxsize);
 int UI_dup_input_string(UI *ui, const char *prompt, int flags,
--- a/ssl/statem/statem.c
+++ b/ssl/statem/statem.c
@ -511,7 +511,7 @@ static void init_read_state_machine(SSL *s)
 * READ_STATE_POST_PROCESS is an optional step that may occur if some post
 * processing activity performed on the message may block.
 *
- * Any of the above states could result in an NBIO event occuring in which case
+ * Any of the above states could result in an NBIO event occurring in which case
 * control returns to the calling application. When this function is recalled we
 * will resume in the same state where we left off.
 */
@ -702,7 +702,7 @@ static void init_write_state_machine(SSL *s)
 * WRITE_STATE_TRANSITION transitions the state of the handshake state machine

 * WRITE_STATE_PRE_WORK performs any work necessary to prepare the later
- * sending of the message. This could result in an NBIO event occuring in
+ * sending of the message. This could result in an NBIO event occurring in
 * which case control returns to the calling application. When this function
 * is recalled we will resume in the same state where we left off.
 *