[openssl] master update

tomas at openssl.org tomas at openssl.org
Wed Jan 5 11:37:48 UTC 2022


The branch master has been updated
       via  e304aa87b35fac5ea97c405dd3c21549faa45e78 (commit)
      from  e66c41725f03dae2b295df048312fe6d28729e98 (commit)


- Log -----------------------------------------------------------------
commit e304aa87b35fac5ea97c405dd3c21549faa45e78
Author: Dimitris Apostolou <dimitris.apostolou at icloud.com>
Date:   Mon Jan 3 01:00:27 2022 +0200

    Fix typos
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/17392)

-----------------------------------------------------------------------

Summary of changes:
 Configure                                                     |  4 ++--
 INSTALL.md                                                    |  2 +-
 README-ENGINES.md                                             |  2 +-
 apps/cmp.c                                                    |  2 +-
 apps/include/http_server.h                                    |  2 +-
 configdata.pm.in                                              |  4 ++--
 crypto/aes/asm/aesv8-armx.pl                                  |  6 +++---
 crypto/bn/asm/rsaz-2k-avx512.pl                               |  2 +-
 crypto/bn/asm/rsaz-3k-avx512.pl                               |  2 +-
 crypto/bn/asm/rsaz-4k-avx512.pl                               |  2 +-
 crypto/cmp/cmp_vfy.c                                          |  6 +++---
 crypto/context.c                                              |  2 +-
 crypto/ec/ec2_oct.c                                           |  2 +-
 crypto/encode_decode/encoder_lib.c                            |  2 +-
 crypto/evp/ctrl_params_translate.c                            |  2 +-
 crypto/evp/m_sigver.c                                         |  2 +-
 crypto/ffc/ffc_params_generate.c                              |  2 +-
 crypto/rand/rand_egd.c                                        |  2 +-
 crypto/rsa/rsa_lib.c                                          |  2 +-
 crypto/x509/v3_ist.c                                          |  2 +-
 crypto/x509/v3_utf8.c                                         |  2 +-
 crypto/x509/v3_utl.c                                          |  2 +-
 crypto/x509/x_pubkey.c                                        |  2 +-
 demos/mac/gmac.c                                              |  2 +-
 dev/release-aux/README.md                                     |  2 +-
 dev/release.sh                                                |  4 ++--
 doc/internal/man3/OPTIONS.pod                                 |  2 +-
 doc/internal/man3/ossl_random_add_conf_module.pod             |  2 +-
 doc/internal/man7/EVP_PKEY.pod                                |  2 +-
 doc/man1/openssl-genpkey.pod.in                               |  4 ++--
 doc/man1/openssl-s_client.pod.in                              |  2 +-
 doc/man1/openssl-verification-options.pod                     |  2 +-
 doc/man3/ASN1_aux_cb.pod                                      |  4 ++--
 doc/man3/ASN1_item_sign.pod                                   |  4 ++--
 doc/man3/BIO_s_core.pod                                       |  2 +-
 doc/man3/BN_rand.pod                                          |  2 +-
 doc/man3/CONF_modules_load_file.pod                           |  2 +-
 doc/man3/DH_get0_pqg.pod                                      |  2 +-
 doc/man3/EVP_EncryptInit.pod                                  |  2 +-
 doc/man3/EVP_KEYMGMT.pod                                      |  2 +-
 doc/man3/EVP_PKEY2PKCS8.pod                                   |  2 +-
 doc/man3/EVP_PKEY_derive.pod                                  |  2 +-
 doc/man3/EVP_PKEY_gettable_params.pod                         |  2 +-
 doc/man3/EVP_PKEY_new.pod                                     |  2 +-
 doc/man3/EVP_PKEY_todata.pod                                  |  2 +-
 doc/man3/OCSP_resp_find_status.pod                            |  2 +-
 doc/man3/OCSP_sendreq_new.pod                                 |  2 +-
 doc/man3/OSSL_CMP_log_open.pod                                |  2 +-
 doc/man3/OSSL_DECODER.pod                                     |  2 +-
 doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod                    |  4 ++--
 doc/man3/OSSL_ENCODER.pod                                     |  2 +-
 doc/man3/OSSL_ENCODER_CTX.pod                                 |  4 ++--
 doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod                    |  2 +-
 doc/man3/OSSL_ESS_check_signing_certs.pod                     |  2 +-
 doc/man3/OSSL_HTTP_REQ_CTX.pod                                |  2 +-
 doc/man3/OSSL_HTTP_parse_url.pod                              |  2 +-
 doc/man3/OSSL_PARAM.pod                                       |  2 +-
 doc/man3/OSSL_PARAM_int.pod                                   |  6 +++---
 doc/man3/OSSL_STORE_LOADER.pod                                |  2 +-
 doc/man3/OSSL_trace_set_channel.pod                           |  2 +-
 doc/man3/PKCS12_decrypt_skey.pod                              |  2 +-
 doc/man3/PKCS12_gen_mac.pod                                   |  2 +-
 doc/man3/RAND_bytes.pod                                       |  2 +-
 doc/man3/RSA_get0_key.pod                                     |  2 +-
 doc/man3/SSL_CTX_set_tmp_dh_callback.pod                      |  4 ++--
 doc/man3/X509_VERIFY_PARAM_set_flags.pod                      |  2 +-
 doc/man3/X509_add_cert.pod                                    |  2 +-
 doc/man3/X509_digest.pod                                      |  4 ++--
 doc/man3/X509_dup.pod                                         |  2 +-
 doc/man5/config.pod                                           |  2 +-
 doc/man7/EVP_PKEY-EC.pod                                      |  6 +++---
 doc/man7/crypto.pod                                           |  2 +-
 doc/man7/fips_module.pod                                      |  2 +-
 doc/man7/life_cycle-pkey.pod                                  |  4 ++--
 doc/man7/migration_guide.pod                                  | 10 +++++-----
 doc/man7/openssl-glossary.pod                                 |  6 +++---
 doc/man7/provider-kdf.pod                                     |  2 +-
 doc/man7/provider-object.pod                                  |  2 +-
 include/openssl/core_dispatch.h                               |  2 +-
 providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc |  2 +-
 providers/implementations/encode_decode/encode_key2any.c      |  2 +-
 providers/implementations/keymgmt/kdf_legacy_kmgmt.c          |  2 +-
 providers/implementations/keymgmt/mac_legacy_kmgmt.c          |  2 +-
 providers/implementations/signature/sm2_sig.c                 |  6 +++---
 ssl/statem/statem_srvr.c                                      |  2 +-
 test/cmp_vfy_test.c                                           |  2 +-
 test/evp_extra_test.c                                         |  4 ++--
 test/param_build_test.c                                       |  4 ++--
 test/params_api_test.c                                        |  2 +-
 test/params_test.c                                            |  2 +-
 test/recipes/70-test_sslrecords.t                             |  2 +-
 test/recipes/90-test_threads.t                                |  2 +-
 test/ssl-tests/28-seclevel.cnf.in                             |  4 ++--
 test/sslapitest.c                                             |  2 +-
 test/tls-provider.c                                           |  6 +++---
 util/add-depends.pl                                           |  2 +-
 util/check-format.pl                                          |  8 ++++----
 97 files changed, 132 insertions(+), 132 deletions(-)

diff --git a/Configure b/Configure
index bf6c568a4c..34a487a0a2 100755
--- a/Configure
+++ b/Configure
@@ -603,7 +603,7 @@ my @disable_cascades = (
     # Without shared libraries, dynamic engines aren't possible.
     # This is due to them having to link with libcrypto and register features
     # using the ENGINE functionality, and since that relies on global tables,
-    # those *have* to be exacty the same as the ones accessed from the app,
+    # those *have* to be exactly the same as the ones accessed from the app,
     # which cannot be guaranteed if shared libraries aren't present.
     # (note that even with shared libraries, both the app and dynamic engines
     # must be linked with the same library)
@@ -1800,7 +1800,7 @@ my %skipdir = ();
 my %disabled_info = ();         # For configdata.pm
 foreach my $what (sort keys %disabled) {
     # There are deprecated disablables that translate to themselves.
-    # They cause disabling cascades, but should otherwise not regiter.
+    # They cause disabling cascades, but should otherwise not register.
     next if $deprecated_disablables{$what};
     # The generated $disabled{"deprecated-x.y"} entries are special
     # and treated properly elsewhere
diff --git a/INSTALL.md b/INSTALL.md
index 40ca7090b5..09ea2d678f 100644
--- a/INSTALL.md
+++ b/INSTALL.md
@@ -1597,7 +1597,7 @@ working incorrectly. If you think you encountered a bug, please
 Along with a short description of the bug, please provide the complete
 configure command line and the relevant output including the error message.
 
-Note: To make the output readable, pleace add a 'code fence' (three backquotes
+Note: To make the output readable, please add a 'code fence' (three backquotes
 ` ``` ` on a separate line) before and after your output:
 
      ```
diff --git a/README-ENGINES.md b/README-ENGINES.md
index b05ddaa1b6..9992cebe22 100644
--- a/README-ENGINES.md
+++ b/README-ENGINES.md
@@ -8,7 +8,7 @@ The ENGINE API was introduced in OpenSSL version 0.9.6 as a low level
 interface for adding alternative implementations of cryptographic
 primitives, most notably for integrating hardware crypto devices.
 
-The ENGINE interface has its limitations and it has been superseeded
+The ENGINE interface has its limitations and it has been superseded
 by the [PROVIDER API](README-PROVIDERS.md), it is deprecated in OpenSSL
 version 3.0. The following documentation is retained as an aid for
 users who need to maintain or support existing ENGINE implementations.
diff --git a/apps/cmp.c b/apps/cmp.c
index 2e4867b0db..830e4cb9c8 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1115,7 +1115,7 @@ static OSSL_CMP_SRV_CTX *setup_srv_ctx(ENGINE *engine)
     if (opt_grant_implicitconf)
         (void)OSSL_CMP_SRV_CTX_set_grant_implicit_confirm(srv_ctx, 1);
 
-    if (opt_failure != INT_MIN) { /* option has been set explicity */
+    if (opt_failure != INT_MIN) { /* option has been set explicitly */
         if (opt_failure < 0 || OSSL_CMP_PKIFAILUREINFO_MAX < opt_failure) {
             CMP_err1("-failure out of range, should be >= 0 and <= %d",
                      OSSL_CMP_PKIFAILUREINFO_MAX);
diff --git a/apps/include/http_server.h b/apps/include/http_server.h
index 3a81cbb140..29a0b3d26f 100644
--- a/apps/include/http_server.h
+++ b/apps/include/http_server.h
@@ -94,7 +94,7 @@ int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
  * Send an ASN.1-formatted HTTP response
  * cbio: destination BIO (typically as returned by http_server_get_asn1_req())
  *       note: cbio should not do an encoding that changes the output length
- * keep_alive: grant persistent connnection
+ * keep_alive: grant persistent connection
  * content_type: string identifying the type of the response
  * it: the response ASN.1 type
  * resp: the response to send
diff --git a/configdata.pm.in b/configdata.pm.in
index 14da489cd3..2dfb7d8d70 100644
--- a/configdata.pm.in
+++ b/configdata.pm.in
@@ -20,7 +20,7 @@
          # Unix form /VOLUME/DIR1/DIR2/FILE, which is what VMS perl supports
          # for 'use lib'.
 
-         # Start with spliting the native path
+         # Start with splitting the native path
          (my $vol, my $dirs, my $file) = File::Spec->splitpath($path);
          my @dirs = File::Spec->splitdir($dirs);
 
@@ -88,7 +88,7 @@ unless (caller) {
     if (scalar @ARGV == 0) {
         # With no arguments, re-create the build file
         # We do that in two steps, where the first step emits perl
-        # snipets.
+        # snippets.
 
         my $buildfile = $target{build_file};
         my $buildfile_template = "$buildfile.in";
diff --git a/crypto/aes/asm/aesv8-armx.pl b/crypto/aes/asm/aesv8-armx.pl
index 3ae327b49a..c323179b2b 100755
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@@ -417,7 +417,7 @@ ___
 # If lsize < 3*16 bytes, treat them as the tail, interleave the
 # two blocks AES instructions.
 # There is one special case, if the original input data size dsize
-# = 16 bytes, we will treat it seperately to improve the
+# = 16 bytes, we will treat it separately to improve the
 # performance: one independent code block without LR, FP load and
 # store, just looks like what the original ECB implementation does.
 
@@ -2162,7 +2162,7 @@ ___
 # will be processed specially, which be integrated into the 5*16 bytes
 # loop to improve the efficiency.
 # There is one special case, if the original input data size dsize
-# = 16 bytes, we will treat it seperately to improve the
+# = 16 bytes, we will treat it separately to improve the
 # performance: one independent code block without LR, FP load and
 # store.
 # Encryption will process the (length -tailcnt) bytes as mentioned
@@ -3495,7 +3495,7 @@ $code.=<<___	if ($flavour =~ /64/);
 	cbnz	x2,.Lxts_dec_1st_done
 	vld1.32	{$dat0},[$inp],#16
 
-	// Decrypt the last secod block to get the last plain text block
+	// Decrypt the last second block to get the last plain text block
 .Lxts_dec_1st_done:
 	eor	$tmpin,$dat0,$iv1
 	ldr	$rounds,[$key1,#240]
diff --git a/crypto/bn/asm/rsaz-2k-avx512.pl b/crypto/bn/asm/rsaz-2k-avx512.pl
index aec5470387..46302e890e 100644
--- a/crypto/bn/asm/rsaz-2k-avx512.pl
+++ b/crypto/bn/asm/rsaz-2k-avx512.pl
@@ -88,7 +88,7 @@ ___
 # specified in the original algorithm as according to the Lemma 1 from the paper
 # [2], the result will be always < 2*m and can be used as a direct input to
 # the next AMM iteration.  This post-condition is true, provided the correct
-# parameter |s| (notion of the Lemma 1 from [2]) is choosen, i.e.  s >= n + 2 * k,
+# parameter |s| (notion of the Lemma 1 from [2]) is chosen, i.e.  s >= n + 2 * k,
 # which matches our case: 1040 > 1024 + 2 * 1.
 #
 # [1] Gueron, S. Efficient software implementations of modular exponentiation.
diff --git a/crypto/bn/asm/rsaz-3k-avx512.pl b/crypto/bn/asm/rsaz-3k-avx512.pl
index e294afd294..5e8fa4b35b 100644
--- a/crypto/bn/asm/rsaz-3k-avx512.pl
+++ b/crypto/bn/asm/rsaz-3k-avx512.pl
@@ -75,7 +75,7 @@ if ($avx512ifma>0) {{{
 # specified in the original algorithm as according to the Lemma 1 from the paper
 # [2], the result will be always < 2*m and can be used as a direct input to
 # the next AMM iteration.  This post-condition is true, provided the correct
-# parameter |s| (notion of the Lemma 1 from [2]) is choosen, i.e.  s >= n + 2 * k,
+# parameter |s| (notion of the Lemma 1 from [2]) is chosen, i.e.  s >= n + 2 * k,
 # which matches our case: 1560 > 1536 + 2 * 1.
 #
 # [1] Gueron, S. Efficient software implementations of modular exponentiation.
diff --git a/crypto/bn/asm/rsaz-4k-avx512.pl b/crypto/bn/asm/rsaz-4k-avx512.pl
index fb5bf10198..417e6dc809 100644
--- a/crypto/bn/asm/rsaz-4k-avx512.pl
+++ b/crypto/bn/asm/rsaz-4k-avx512.pl
@@ -72,7 +72,7 @@ if ($avx512ifma>0) {{{
 # specified in the original algorithm as according to the Lemma 1 from the paper
 # [2], the result will be always < 2*m and can be used as a direct input to
 # the next AMM iteration.  This post-condition is true, provided the correct
-# parameter |s| (notion of the Lemma 1 from [2]) is choosen, i.e.  s >= n + 2 * k,
+# parameter |s| (notion of the Lemma 1 from [2]) is chosen, i.e.  s >= n + 2 * k,
 # which matches our case: 2080 > 2048 + 2 * 1.
 #
 # [1] Gueron, S. Efficient software implementations of modular exponentiation.
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c
index e5ca1083d7..00f526229f 100644
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@@ -598,7 +598,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
                 break;
             }
             ossl_cmp_debug(ctx,
-                           "sucessfully validated PBM-based CMP message protection");
+                           "successfully validated PBM-based CMP message protection");
             return 1;
         }
         ossl_cmp_warn(ctx, "verifying PBM-based CMP message protection failed");
@@ -628,7 +628,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
             /* use ctx->srvCert for signature check even if not acceptable */
             if (verify_signature(ctx, msg, scrt)) {
                 ossl_cmp_debug(ctx,
-                               "sucessfully validated signature-based CMP message protection");
+                               "successfully validated signature-based CMP message protection");
 
                 return 1;
             }
@@ -668,7 +668,7 @@ static int check_transactionID_or_nonce(ASN1_OCTET_STRING *expected,
  * Any msg->extraCerts are prepended to ctx->untrusted.
  *
  * Ensures that:
- * its sender is of appropriate type (curently only X509_NAME) and
+ * its sender is of appropriate type (currently only X509_NAME) and
  *     matches any expected sender or srvCert subject given in the ctx
  * it has a valid body type
  * its protection is valid (or invalid/absent, but only if a callback function
diff --git a/crypto/context.c b/crypto/context.c
index a05009a3ef..cc48c92604 100644
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -402,7 +402,7 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index,
      * The alloc call ensures there's a value there. We release the ctx->lock
      * for this, because the allocation itself may recursively call
      * ossl_lib_ctx_get_data for other indexes (never this one). The allocation
-     * will itself aquire the ctx->lock when it actually comes to store the
+     * will itself acquire the ctx->lock when it actually comes to store the
      * allocated data (see ossl_lib_ctx_generic_new() above). We call
      * ossl_crypto_alloc_ex_data_intern() here instead of CRYPTO_alloc_ex_data().
      * They do the same thing except that the latter calls CRYPTO_get_ex_data()
diff --git a/crypto/ec/ec2_oct.c b/crypto/ec/ec2_oct.c
index 10a4932591..0b37c4f802 100644
--- a/crypto/ec/ec2_oct.c
+++ b/crypto/ec/ec2_oct.c
@@ -272,7 +272,7 @@ int ossl_ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
     }
 
     /*
-     * The first octet is the point converison octet PC, see X9.62, page 4
+     * The first octet is the point conversion octet PC, see X9.62, page 4
      * and section 4.4.2.  It must be:
      *     0x00          for the point at infinity
      *     0x02 or 0x03  for compressed form
diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c
index cfd9275172..8d083bd6a6 100644
--- a/crypto/encode_decode/encoder_lib.c
+++ b/crypto/encode_decode/encoder_lib.c
@@ -523,7 +523,7 @@ static int encoder_process(struct encoder_process_data_st *data)
 
         OSSL_TRACE_BEGIN(ENCODER) {
             BIO_printf(trc_out,
-                       "[%d]    Skipping because recusion level %d failed\n",
+                       "[%d]    Skipping because recursion level %d failed\n",
                        data->level, new_data.level);
         } OSSL_TRACE_END(ENCODER);
     }
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
index f6a2d1d0f8..c4589f1416 100644
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@@ -2153,7 +2153,7 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
       OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
     /*
      * The "rsa_oaep_label" ctrl_str expects the value to always be hex.
-     * This is accomodated by default_fixup_args() above, which mimics that
+     * This is accommodated by default_fixup_args() above, which mimics that
      * expectation for any translation item where |ctrl_str| is NULL and
      * |ctrl_hexstr| is non-NULL.
      */
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 9188edbc21..e034189bb5 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -239,7 +239,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
              * This might be requested by a later call to EVP_MD_CTX_get0_md().
              * In that case the "explicit fetch" rules apply for that
              * function (as per man pages), i.e. the ref count is not updated
-             * so the EVP_MD should not be used beyound the lifetime of the
+             * so the EVP_MD should not be used beyond the lifetime of the
              * EVP_MD_CTX.
              */
             ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index 12a5252cfc..d999b235ed 100644
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -435,7 +435,7 @@ static int generate_q_fips186_2(BN_CTX *ctx, BIGNUM *q, const EVP_MD *evpmd,
         }
         if (r != 0)
             goto err; /* Exit if error */
-        /* Try another iteration if it wasnt prime - was in old code.. */
+        /* Try another iteration if it wasn't prime - was in old code.. */
         generate_seed = 1;
     }
 err:
diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
index 4ea6846ccb..fb322f00ef 100644
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -58,7 +58,7 @@ struct sockaddr_un {
 /*
  * HPNS:
  *
- *  Our current MQ 5.3 EGD requies compatability-mode sockets
+ *  Our current MQ 5.3 EGD requires compatability-mode sockets
  *  This code forces the mode to compatibility if required
  *  and then restores the mode.
  *
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index a8a6d6c758..310d91e378 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -1103,7 +1103,7 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen)
     if (!evp_pkey_ctx_set_params_strict(ctx, rsa_params))
         return 0;
 
-    /* Ownership is supposed to be transfered to the callee. */
+    /* Ownership is supposed to be transferred to the callee. */
     OPENSSL_free(label);
     return 1;
 }
diff --git a/crypto/x509/v3_ist.c b/crypto/x509/v3_ist.c
index 0de281f668..069ae0def4 100644
--- a/crypto/x509/v3_ist.c
+++ b/crypto/x509/v3_ist.c
@@ -17,7 +17,7 @@
 
 /*
  * Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE)
- * This extention is required to obtain the status of a qualified certificate at Russian Federation.
+ * This extension is required to obtain the status of a qualified certificate at Russian Federation.
  * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
  * Russian Federal Law 63 "Digital Sign" is available here:  http://www.consultant.ru/document/cons_doc_LAW_112701/
  */
diff --git a/crypto/x509/v3_utf8.c b/crypto/x509/v3_utf8.c
index 1c4f79c4cd..ab158c2fa0 100644
--- a/crypto/x509/v3_utf8.c
+++ b/crypto/x509/v3_utf8.c
@@ -16,7 +16,7 @@
 
 /*
  * Subject Sign Tool (1.2.643.100.111) The name of the tool used to signs the subject (UTF8String)
- * This extention is required to obtain the status of a qualified certificate at Russian Federation.
+ * This extension is required to obtain the status of a qualified certificate at Russian Federation.
  * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
  * Russian Federal Law 63 "Digital Sign" is available here:  http://www.consultant.ru/document/cons_doc_LAW_112701/
  */
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index 5704820e50..72d4d3867d 100644
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -47,7 +47,7 @@ static int x509v3_add_len_value(const char *name, const char *value,
     if (name != NULL && (tname = OPENSSL_strdup(name)) == NULL)
         goto err;
     if (value != NULL) {
-        /* We don't allow embeded NUL characters */
+        /* We don't allow embedded NUL characters */
         if (memchr(value, 0, vallen) != NULL)
             goto err;
         tvalue = OPENSSL_strndup(value, vallen);
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index bc90ddd89b..a2855340b8 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -170,7 +170,7 @@ static int x509_pubkey_ex_d2i_ex(ASN1_VALUE **pval,
 
     /*
      * Try to decode with legacy method first.  This ensures that engines
-     * aren't overriden by providers.
+     * aren't overridden by providers.
      */
     if ((ret = x509_pubkey_decode(&pubkey->pkey, pubkey)) == -1) {
         /* -1 indicates a fatal error, like malloc failure */
diff --git a/demos/mac/gmac.c b/demos/mac/gmac.c
index bdaa9b1daa..6866a53ff5 100644
--- a/demos/mac/gmac.c
+++ b/demos/mac/gmac.c
@@ -85,7 +85,7 @@ int main(int argc, char **argv)
         goto end;
     }
 
-    /* GMAC requries a GCM mode cipher to be specified */
+    /* GMAC requires a GCM mode cipher to be specified */
     *p++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
                                             "AES-128-GCM", 0);
 
diff --git a/dev/release-aux/README.md b/dev/release-aux/README.md
index 01c5a20773..a0438f06b2 100644
--- a/dev/release-aux/README.md
+++ b/dev/release-aux/README.md
@@ -1,4 +1,4 @@
-Auxilliary files for dev/release.sh
+Auxillary files for dev/release.sh
 ===================================
 
 - release-state-fn.sh
diff --git a/dev/release.sh b/dev/release.sh
index 4b778f3b75..bb2728e14f 100755
--- a/dev/release.sh
+++ b/dev/release.sh
@@ -224,7 +224,7 @@ elif $force; then
     :
 else
     echo >&2 "Not in master or any recognised release branch"
-    echo >&2 "Please 'git checkout' an approprite branch"
+    echo >&2 "Please 'git checkout' an appropriate branch"
     exit 1
 fi
 orig_HEAD=$(git rev-parse HEAD)
@@ -369,7 +369,7 @@ for fixup in "$HERE/dev/release-aux"/fixup-*-release.pl; do
         perl -pi $fixup $file
 done
 
-$VERBOSE "== Comitting updates and tagging"
+$VERBOSE "== Committing updates and tagging"
 git add -u
 git commit $git_quiet -m "Prepare for release of $release_text"
 if [ -n "$reviewers" ]; then
diff --git a/doc/internal/man3/OPTIONS.pod b/doc/internal/man3/OPTIONS.pod
index 90593ca46f..fed879e528 100644
--- a/doc/internal/man3/OPTIONS.pod
+++ b/doc/internal/man3/OPTIONS.pod
@@ -155,7 +155,7 @@ on multiple lines; each entry should use B<OPT_MORE_STR>, like this:
         {OPT_MORE_STR, 0, 0,
          "This flag is not really needed on Unix systems"},
         {OPT_MORE_STR, 0, 0,
-         "(Unix and descendents for ths win!)"}
+         "(Unix and descendents for the win!)"}
 
 Each subsequent line will be indented the correct amount.
 
diff --git a/doc/internal/man3/ossl_random_add_conf_module.pod b/doc/internal/man3/ossl_random_add_conf_module.pod
index 6d4f5810dc..f1ea37a68c 100644
--- a/doc/internal/man3/ossl_random_add_conf_module.pod
+++ b/doc/internal/man3/ossl_random_add_conf_module.pod
@@ -15,7 +15,7 @@ ossl_random_add_conf_module - internal random configuration module
 
 ossl_random_add_conf_module() adds the random configuration module
 for providers.
-This allows the type and parameters of the stardard setup of random number
+This allows the type and parameters of the standard setup of random number
 generators to be configured with an OpenSSL L<config(5)> file.
 
 =head1 RETURN VALUES
diff --git a/doc/internal/man7/EVP_PKEY.pod b/doc/internal/man7/EVP_PKEY.pod
index cc738b9c28..ffaff36553 100644
--- a/doc/internal/man7/EVP_PKEY.pod
+++ b/doc/internal/man7/EVP_PKEY.pod
@@ -19,7 +19,7 @@ private/public key pairs, but has had other uses as well.
 
 =for comment "uses" could as well be "abuses"...
 
-The private/public key pair that an B<EVP_PKEY> contains is refered to
+The private/public key pair that an B<EVP_PKEY> contains is referred to
 as its "internal key" or "origin" (the reason for "origin" is
 explained further down, in L</Export cache for provider operations>),
 and it can take one of the following forms:
diff --git a/doc/man1/openssl-genpkey.pod.in b/doc/man1/openssl-genpkey.pod.in
index 1815306708..1a5bedc22c 100644
--- a/doc/man1/openssl-genpkey.pod.in
+++ b/doc/man1/openssl-genpkey.pod.in
@@ -278,7 +278,7 @@ RFC5114 names "dh_1024_160", "dh_2048_224", "dh_2048_256".
 
 If this option is set, then the appropriate RFC5114 parameters are used
 instead of generating new parameters. The value I<num> can be one of
-1, 2 or 3 that are equivalant to using the option B<group> with one of
+1, 2 or 3 that are equivalent to using the option B<group> with one of
 "dh_1024_160", "dh_2048_224" or "dh_2048_256".
 All other options will be ignored if this value is set.
 
@@ -333,7 +333,7 @@ The B<algorithm> option must be B<"DH">.
 =item "default"
 
 Selects a default type based on the B<algorithm>. This is used by the
-OpenSSL default provider to set the type for backwards compatability.
+OpenSSL default provider to set the type for backwards compatibility.
 If B<algorithm> is B<"DH"> then B<"generator"> is used.
 If B<algorithm> is B<"DHX"> then B<"fips186_2"> is used.
 
diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
index 709bc49375..bc6af981dc 100644
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@@ -274,7 +274,7 @@ See L<openssl-format-options(1)> for details.
 
 =item B<-pass> I<arg>
 
-the private key and certifiate file password source.
+the private key and certificate file password source.
 For more information about the format of I<arg>
 see L<openssl-passphrase-options(1)>.
 
diff --git a/doc/man1/openssl-verification-options.pod b/doc/man1/openssl-verification-options.pod
index 5fa3907c28..2542afece5 100644
--- a/doc/man1/openssl-verification-options.pod
+++ b/doc/man1/openssl-verification-options.pod
@@ -92,7 +92,7 @@ It does not have a negative trust attribute rejecting the given use.
 =item *
 
 It has a positive trust attribute accepting the given use
-or (by default) one of the following compatibilty conditions apply:
+or (by default) one of the following compatibility conditions apply:
 It is self-signed or the B<-partial_chain> option is given
 (which corresponds to the B<X509_V_FLAG_PARTIAL_CHAIN> flag being set).
 
diff --git a/doc/man3/ASN1_aux_cb.pod b/doc/man3/ASN1_aux_cb.pod
index 12f7ddf82d..f14b8ca5cd 100644
--- a/doc/man3/ASN1_aux_cb.pod
+++ b/doc/man3/ASN1_aux_cb.pod
@@ -3,7 +3,7 @@
 =head1 NAME
 
 ASN1_AUX, ASN1_PRINT_ARG, ASN1_STREAM_ARG, ASN1_aux_cb, ASN1_aux_const_cb
-- ASN.1 auxilliary data
+- ASN.1 auxiliary data
 
 =head1 SYNOPSIS
 
@@ -45,7 +45,7 @@ ASN.1 data structures can be associated with an B<ASN1_AUX> object to supply
 additional information about the ASN.1 structure. An B<ASN1_AUX> structure is
 associated with the structure during the definition of the ASN.1 template. For
 example an B<ASN1_AUX> structure will be associated by using one of the various
-ASN.1 template definition macros that supply auxilliary information such as
+ASN.1 template definition macros that supply auxiliary information such as
 ASN1_SEQUENCE_enc(), ASN1_SEQUENCE_ref(), ASN1_SEQUENCE_cb_const_cb(),
 ASN1_SEQUENCE_const_cb(), ASN1_SEQUENCE_cb() or ASN1_NDEF_SEQUENCE_cb().
 
diff --git a/doc/man3/ASN1_item_sign.pod b/doc/man3/ASN1_item_sign.pod
index 407268bf17..3e454c25b7 100644
--- a/doc/man3/ASN1_item_sign.pod
+++ b/doc/man3/ASN1_item_sign.pod
@@ -62,7 +62,7 @@ I<algor2> are ignored if they are NULL.
 ASN1_item_sign() is similar to ASN1_item_sign_ex() but uses default values of
 NULL for the I<id>, I<libctx> and I<propq>.
 
-ASN1_item_sign_ctx() is similiar to ASN1_item_sign() but uses the parameters
+ASN1_item_sign_ctx() is similar to ASN1_item_sign() but uses the parameters
 contained in digest context I<ctx>.
 
 ASN1_item_verify_ex() is used to verify the signature I<signature> of internal
@@ -77,7 +77,7 @@ See EVP_PKEY_CTX_set1_id() for further info.
 ASN1_item_verify() is similar to ASN1_item_verify_ex() but uses default values of
 NULL for the I<id>, I<libctx> and I<propq>.
 
-ASN1_item_verify_ctx() is similiar to ASN1_item_verify() but uses the parameters
+ASN1_item_verify_ctx() is similar to ASN1_item_verify() but uses the parameters
 contained in digest context I<ctx>.
 
 
diff --git a/doc/man3/BIO_s_core.pod b/doc/man3/BIO_s_core.pod
index fbcd0b5c9c..041f126c54 100644
--- a/doc/man3/BIO_s_core.pod
+++ b/doc/man3/BIO_s_core.pod
@@ -22,7 +22,7 @@ libcrypto into a provider supply an OSSL_CORE_BIO parameter. This represents
 a BIO within libcrypto, but cannot be used directly by a provider. Instead it
 should be wrapped using a BIO_s_core().
 
-Once a BIO is contructed based on BIO_s_core(), the associated OSSL_CORE_BIO
+Once a BIO is constructed based on BIO_s_core(), the associated OSSL_CORE_BIO
 object should be set on it using BIO_set_data(3). Note that the BIO will only
 operate correctly if it is associated with a library context constructed using
 OSSL_LIB_CTX_new_from_dispatch(3). To associate the BIO with a library context
diff --git a/doc/man3/BN_rand.pod b/doc/man3/BN_rand.pod
index aebad1e72e..c6f528a623 100644
--- a/doc/man3/BN_rand.pod
+++ b/doc/man3/BN_rand.pod
@@ -59,7 +59,7 @@ BN_rand() is the same as BN_rand_ex() except that the default library context
 is always used.
 
 BN_rand_range_ex() generates a cryptographically strong pseudo-random
-number I<rnd>, of security stength at least I<strength> bits,
+number I<rnd>, of security strength at least I<strength> bits,
 in the range 0 E<lt>= I<rnd> E<lt> I<range> using the random number
 generator for the library context associated with I<ctx>. The parameter I<ctx>
 may be NULL in which case the default library context is used.
diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod
index f96d9a1293..968317789a 100644
--- a/doc/man3/CONF_modules_load_file.pod
+++ b/doc/man3/CONF_modules_load_file.pod
@@ -34,7 +34,7 @@ as determined by calling CONF_get1_default_config_file().
 If B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is
 used.
 The behaviour can be customized using B<flags>. Note that, the error suppressing
-can be overriden by B<config_diagnostics> as described in L<config(5)>.
+can be overridden by B<config_diagnostics> as described in L<config(5)>.
 
 CONF_modules_load_file() is the same as CONF_modules_load_file_ex() but
 has a NULL library context.
diff --git a/doc/man3/DH_get0_pqg.pod b/doc/man3/DH_get0_pqg.pod
index 2afc35c77f..245b413eb6 100644
--- a/doc/man3/DH_get0_pqg.pod
+++ b/doc/man3/DH_get0_pqg.pod
@@ -40,7 +40,7 @@ see L<openssl_user_macros(7)>:
 
 All of the functions described on this page are deprecated.
 Applications should instead use L<EVP_PKEY_get_bn_param(3)> for any methods that
-return a B<BIGNUM>. Refer to L<EVP_PKEY-DH(7)> for more infomation.
+return a B<BIGNUM>. Refer to L<EVP_PKEY-DH(7)> for more information.
 
 A DH object contains the parameters I<p>, I<q> and I<g>. Note that the I<q>
 parameter is optional. It also contains a public key (I<pub_key>) and
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index 7f9c44b107..fcaa5d669d 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -668,7 +668,7 @@ Note that the block size for a cipher may be different to the block size for
 the underlying encryption/decryption primitive.
 For example AES in CTR mode has a block size of 1 (because it operates like a
 stream cipher), even though AES has a block size of 16.
-Use EVP_CIPHER_get_block_size() to retreive the cached value.
+Use EVP_CIPHER_get_block_size() to retrieve the cached value.
 
 =item "aead" (B<OSSL_CIPHER_PARAM_AEAD>) <integer>
 
diff --git a/doc/man3/EVP_KEYMGMT.pod b/doc/man3/EVP_KEYMGMT.pod
index 6b6e117369..b3a5a7a8d5 100644
--- a/doc/man3/EVP_KEYMGMT.pod
+++ b/doc/man3/EVP_KEYMGMT.pod
@@ -124,7 +124,7 @@ otherwise 0.
 
 EVP_KEYMGMT_get0_name() returns the algorithm name, or NULL on error.
 
-EVP_KEYMGMT_get0_description() returns a pointer to a decription, or NULL if
+EVP_KEYMGMT_get0_description() returns a pointer to a description, or NULL if
 there isn't one.
 
 EVP_KEYMGMT_gettable_params(), EVP_KEYMGMT_settable_params() and
diff --git a/doc/man3/EVP_PKEY2PKCS8.pod b/doc/man3/EVP_PKEY2PKCS8.pod
index 290a3ba359..85e50b277e 100644
--- a/doc/man3/EVP_PKEY2PKCS8.pod
+++ b/doc/man3/EVP_PKEY2PKCS8.pod
@@ -21,7 +21,7 @@ EVP_PKEY2PKCS8() converts a private key I<pkey> into a returned PKCS8 object.
 EVP_PKCS82PKEY_ex() converts a PKCS8 object I<p8> into a returned private key.
 It uses I<libctx> and I<propq> when fetching algorithms.
 
-EVP_PKCS82PKEY() is similiar to EVP_PKCS82PKEY_ex() but uses default values of
+EVP_PKCS82PKEY() is similar to EVP_PKCS82PKEY_ex() but uses default values of
 NULL for the I<libctx> and I<propq>.
 
 =head1 RETURN VALUES
diff --git a/doc/man3/EVP_PKEY_derive.pod b/doc/man3/EVP_PKEY_derive.pod
index d61bb5512f..9a59a99218 100644
--- a/doc/man3/EVP_PKEY_derive.pod
+++ b/doc/man3/EVP_PKEY_derive.pod
@@ -32,7 +32,7 @@ EVP_PKEY_derive_set_peer_ex() sets the peer key: this will normally
 be a public key. The I<validate_peer> will validate the public key if this value
 is non zero.
 
-EVP_PKEY_derive_set_peer() is similiar to EVP_PKEY_derive_set_peer_ex() with
+EVP_PKEY_derive_set_peer() is similar to EVP_PKEY_derive_set_peer_ex() with
 I<validate_peer> set to 1.
 
 EVP_PKEY_derive() derives a shared secret using I<ctx>.
diff --git a/doc/man3/EVP_PKEY_gettable_params.pod b/doc/man3/EVP_PKEY_gettable_params.pod
index 23ac4bd8b0..a3ccf8ec5f 100644
--- a/doc/man3/EVP_PKEY_gettable_params.pod
+++ b/doc/man3/EVP_PKEY_gettable_params.pod
@@ -49,7 +49,7 @@ is allocated by the method.
 
 EVP_PKEY_get_utf8_string_param() get a key I<pkey> UTF8 string value into a
 buffer I<str> of maximum size I<max_buf_sz> associated with a name of
-I<key_name>.  The maximum size must be large enough to accomodate the string
+I<key_name>.  The maximum size must be large enough to accommodate the string
 value including a terminating NUL byte, or this function will fail.
 If I<out_len> is not NULL, I<*out_len> is set to the length of the string
 not including the terminating NUL byte. The required buffer size not including
diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod
index 0ea7062f01..5b83aec308 100644
--- a/doc/man3/EVP_PKEY_new.pod
+++ b/doc/man3/EVP_PKEY_new.pod
@@ -62,7 +62,7 @@ see L<openssl_user_macros(7)>:
 B<EVP_PKEY> is a generic structure to hold diverse types of asymmetric keys
 (also known as "key pairs"), and can be used for diverse operations, like
 signing, verifying signatures, key derivation, etc.  The asymmetric keys
-themselves are often refered to as the "internal key", and are handled by
+themselves are often referred to as the "internal key", and are handled by
 backends, such as providers (through L<EVP_KEYMGMT(3)>) or B<ENGINE>s.
 
 Conceptually, an B<EVP_PKEY> internal key may hold a private key, a public
diff --git a/doc/man3/EVP_PKEY_todata.pod b/doc/man3/EVP_PKEY_todata.pod
index 98ae484755..df1fccd7f0 100644
--- a/doc/man3/EVP_PKEY_todata.pod
+++ b/doc/man3/EVP_PKEY_todata.pod
@@ -23,7 +23,7 @@ I<selection> is described in L<EVP_PKEY_fromdata(3)/Selections>.
 L<OSSL_PARAM_free(3)> should be used to free the returned parameters in
 I<*params>.
 
-EVP_PKEY_export() is similiar to EVP_PKEY_todata() but uses a callback
+EVP_PKEY_export() is similar to EVP_PKEY_todata() but uses a callback
 I<export_cb> that gets passed the value of I<export_cbarg>.
 See L<openssl-core.h(7)> for more information about the callback. Note that the
 B<OSSL_PARAM> array that is passed to the callback is not persistent after the
diff --git a/doc/man3/OCSP_resp_find_status.pod b/doc/man3/OCSP_resp_find_status.pod
index f4afddcdef..49d9cbcafc 100644
--- a/doc/man3/OCSP_resp_find_status.pod
+++ b/doc/man3/OCSP_resp_find_status.pod
@@ -131,7 +131,7 @@ in L<X509_VERIFY_PARAM_set_flags(3)/VERIFICATION FLAGS>.
 If I<flags> contains B<OCSP_NOCHAIN> it ignores all certificates in I<certs>
 and in I<bs>, else it takes them as untrusted intermediate CA certificates
 and uses them for constructing the validation path for the signer certificate.
-Certicate revocation status checks using CRLs is disabled during path validation
+Certificate revocation status checks using CRLs is disabled during path validation
 if the signer certificate contains the B<id-pkix-ocsp-no-check> extension.
 After successful path
 validation the function returns success if the B<OCSP_NOCHECKS> flag is set.
diff --git a/doc/man3/OCSP_sendreq_new.pod b/doc/man3/OCSP_sendreq_new.pod
index 6e4c8110f1..d2e2e3b42c 100644
--- a/doc/man3/OCSP_sendreq_new.pod
+++ b/doc/man3/OCSP_sendreq_new.pod
@@ -40,7 +40,7 @@ These functions perform an OCSP POST request / response transfer over HTTP,
 using the HTTP request functions described in L<OSSL_HTTP_REQ_CTX(3)>.
 
 The function OCSP_sendreq_new() builds a complete B<OSSL_HTTP_REQ_CTX> structure
-with the B<BIO> I<io> to be used for requests and reponse, the URL path I<path>,
+with the B<BIO> I<io> to be used for requests and response, the URL path I<path>,
 optionally the OCSP request I<req>, and a response header maximum line length
 of I<buf_size>. If I<buf_size> is zero a default value of 4KiB is used.
 The I<req> may be set to NULL and provided later using OCSP_REQ_CTX_set1_req()
diff --git a/doc/man3/OSSL_CMP_log_open.pod b/doc/man3/OSSL_CMP_log_open.pod
index 9a55370e3c..895b98fc65 100644
--- a/doc/man3/OSSL_CMP_log_open.pod
+++ b/doc/man3/OSSL_CMP_log_open.pod
@@ -89,7 +89,7 @@ As long as neither if the two is used any logging output is ignored.
 
 OSSL_CMP_log_close() may be called when all activities are finished to flush
 any pending CMP-specific log output and deallocate related resources.
-It may be called multiple times. It does get called at OpenSSL stutdown.
+It may be called multiple times. It does get called at OpenSSL shutdown.
 
 OSSL_CMP_print_to_bio() prints the given component info, filename, line number,
 severity level, and log message or error queue message to the given I<bio>.
diff --git a/doc/man3/OSSL_DECODER.pod b/doc/man3/OSSL_DECODER.pod
index 334f955e16..3f8bbfa537 100644
--- a/doc/man3/OSSL_DECODER.pod
+++ b/doc/man3/OSSL_DECODER.pod
@@ -116,7 +116,7 @@ multiple synonyms associated with it. In this case the first name from the
 algorithm definition is returned. Ownership of the returned string is retained
 by the I<decoder> object and should not be freed by the caller.
 
-OSSL_DECODER_get0_description() returns a pointer to a decription, or NULL if
+OSSL_DECODER_get0_description() returns a pointer to a description, or NULL if
 there isn't one.
 
 OSSL_DECODER_names_do_all() returns 1 if the callback was called for all
diff --git a/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod b/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod
index 5a01a19ebe..88651198e4 100644
--- a/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod
+++ b/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod
@@ -41,7 +41,7 @@ them up, so all the caller has to do next is call functions like
 L<OSSL_DECODER_from_bio(3)>.  The caller may use the optional I<input_type>,
 I<input_struct>, I<keytype> and I<selection> to specify what the input is
 expected to contain.  The I<pkey> must reference an B<EVP_PKEY *> variable
-that will be set to the newly created B<EVP_PKEY> on succesfull decoding.
+that will be set to the newly created B<EVP_PKEY> on successful decoding.
 The referenced variable must be initialized to NULL before calling the
 function.
 
@@ -78,7 +78,7 @@ callback may be specified with the following functions.
 OSSL_DECODER_CTX_set_pem_password_cb(), OSSL_DECODER_CTX_set_passphrase_ui()
 and OSSL_DECODER_CTX_set_passphrase_cb() set up a callback method that the
 implementation can use to prompt for a pass phrase, giving the caller the
-choice of prefered pass phrase callback form.  These are called indirectly,
+choice of preferred pass phrase callback form.  These are called indirectly,
 through an internal B<OSSL_PASSPHRASE_CALLBACK> function.
 
 The internal B<OSSL_PASSPHRASE_CALLBACK> function caches the pass phrase, to
diff --git a/doc/man3/OSSL_ENCODER.pod b/doc/man3/OSSL_ENCODER.pod
index cfabba2e1d..29ea6c8c8b 100644
--- a/doc/man3/OSSL_ENCODER.pod
+++ b/doc/man3/OSSL_ENCODER.pod
@@ -117,7 +117,7 @@ multiple synonyms associated with it. In this case the first name from the
 algorithm definition is returned. Ownership of the returned string is retained
 by the I<encoder> object and should not be freed by the caller.
 
-OSSL_ENCODER_get0_description() returns a pointer to a decription, or NULL if
+OSSL_ENCODER_get0_description() returns a pointer to a description, or NULL if
 there isn't one.
 
 OSSL_ENCODER_names_do_all() returns 1 if the callback was called for all
diff --git a/doc/man3/OSSL_ENCODER_CTX.pod b/doc/man3/OSSL_ENCODER_CTX.pod
index 2d7a6a298f..005d0dacb5 100644
--- a/doc/man3/OSSL_ENCODER_CTX.pod
+++ b/doc/man3/OSSL_ENCODER_CTX.pod
@@ -80,7 +80,7 @@ as DER to PEM, as well as more specialized encoders like RSA to DER.
 The final output type must be given, and a chain of encoders must end with
 an implementation that produces that output type.
 
-At the beginning of the encoding process, a contructor provided by the
+At the beginning of the encoding process, a constructor provided by the
 caller is called to ensure that there is an appropriate provider-side object
 to start with.
 The constructor is set with OSSL_ENCODER_CTX_set_construct().
@@ -148,7 +148,7 @@ The pointer that was set with OSSL_ENCODE_CTX_set_construct_data().
 
 The constructor is expected to return a valid (non-NULL) pointer to a
 provider-native object that can be used as first input of an encoding chain,
-or NULL to indicate that an error has occured.
+or NULL to indicate that an error has occurred.
 
 These utility functions may be used by a constructor:
 
diff --git a/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod b/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod
index 9db6e3d2a4..b31d28029a 100644
--- a/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod
+++ b/doc/man3/OSSL_ENCODER_CTX_new_for_pkey.pod
@@ -78,7 +78,7 @@ following functions.
 OSSL_ENCODER_CTX_set_pem_password_cb(), OSSL_ENCODER_CTX_set_passphrase_ui()
 and OSSL_ENCODER_CTX_set_passphrase_cb() sets up a callback method that the
 implementation can use to prompt for a pass phrase, giving the caller the
-choice of prefered pass phrase callback form.  These are called indirectly,
+choice of preferred pass phrase callback form.  These are called indirectly,
 through an internal B<OSSL_PASSPHRASE_CALLBACK> function.
 
 =head2 Output types
diff --git a/doc/man3/OSSL_ESS_check_signing_certs.pod b/doc/man3/OSSL_ESS_check_signing_certs.pod
index bff26193d7..caebcae733 100644
--- a/doc/man3/OSSL_ESS_check_signing_certs.pod
+++ b/doc/man3/OSSL_ESS_check_signing_certs.pod
@@ -46,7 +46,7 @@ while the list contained in I<ssv2> is of type B<ESS_CERT_ID_V2>.
 As far as these lists are present, they must be nonempty.
 The certificate identified by their first entry must be the first element of
 I<chain>, i.e. the signer certificate.
-Any further certficates referenced in the list must also be found in I<chain>.
+Any further certificates referenced in the list must also be found in I<chain>.
 The matching is done using the given certificate hash algorithm and value.
 In addition to the checks required by RFCs 2624 and 5035,
 if the B<issuerSerial> field is included in an B<ESSCertID> or B<ESSCertIDv2>
diff --git a/doc/man3/OSSL_HTTP_REQ_CTX.pod b/doc/man3/OSSL_HTTP_REQ_CTX.pod
index ad2d731153..50b6fd8f14 100644
--- a/doc/man3/OSSL_HTTP_REQ_CTX.pod
+++ b/doc/man3/OSSL_HTTP_REQ_CTX.pod
@@ -133,7 +133,7 @@ The function may need to be called again if its result is -1, which indicates
 L<BIO_should_retry(3)>.  In such a case it is advisable to sleep a little in
 between, using L<BIO_wait(3)> on the read BIO to prevent a busy loop.
 
-OSSL_HTTP_REQ_CTX_nbio_d2i() is like OSSL_HTTP_REQ_CTX_nbio() but on successs
+OSSL_HTTP_REQ_CTX_nbio_d2i() is like OSSL_HTTP_REQ_CTX_nbio() but on success
 in addition parses the response, which must be a DER-encoded ASN.1 structure,
 using the ASN.1 template I<it> and places the result in I<*pval>.
 
diff --git a/doc/man3/OSSL_HTTP_parse_url.pod b/doc/man3/OSSL_HTTP_parse_url.pod
index 945e981a73..5c422d3d36 100644
--- a/doc/man3/OSSL_HTTP_parse_url.pod
+++ b/doc/man3/OSSL_HTTP_parse_url.pod
@@ -57,7 +57,7 @@ The path component is also optional and defaults to C</>.
 Each non-NULL result pointer argument I<pscheme>, I<puser>, I<phost>, I<pport>,
 I<ppath>, I<pquery>, and I<pfrag>, is assigned the respective url component.
 On success, they are guaranteed to contain non-NULL string pointers, else NULL.
-It is the reponsibility of the caller to free them using L<OPENSSL_free(3)>.
+It is the responsibility of the caller to free them using L<OPENSSL_free(3)>.
 If I<pquery> is NULL, any given query component is handled as part of the path.
 A string returned via I<*ppath> is guaranteed to begin with a C</> character.
 For absent scheme, userinfo, port, query, and fragment components
diff --git a/doc/man3/OSSL_PARAM.pod b/doc/man3/OSSL_PARAM.pod
index f335d6f2c8..69e0cd8cb8 100644
--- a/doc/man3/OSSL_PARAM.pod
+++ b/doc/man3/OSSL_PARAM.pod
@@ -108,7 +108,7 @@ B<OSSL_PARAM_UTF8_STRING> in relation to C strings.  When setting
 parameters, the size should be set to the length of the string, not
 counting the terminating NUL byte.  When requesting parameters, the
 size should be set to the size of the buffer to be populated, which
-should accomodate enough space for a terminating NUL byte.
+should accommodate enough space for a terminating NUL byte.
 
 When I<requesting parameters>, it's acceptable for I<data> to be NULL.
 This can be used by the I<requestor> to figure out dynamically exactly
diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod
index 9ca725d120..9e03ec4ddc 100644
--- a/doc/man3/OSSL_PARAM_int.pod
+++ b/doc/man3/OSSL_PARAM_int.pod
@@ -241,7 +241,7 @@ will be assigned the size the parameter's I<data> buffer should have.
 OSSL_PARAM_get_utf8_string() retrieves a UTF8 string from the parameter
 pointed to by I<p>.
 The string is stored into I<*val> with a size limit of I<max_len>,
-which must be large enough to accomodate a terminating NUL byte,
+which must be large enough to accommodate a terminating NUL byte,
 otherwise this function will fail.
 If I<*val> is NULL, memory is allocated for the string (including the
 terminating  NUL byte) and I<max_len> is ignored.
@@ -250,14 +250,14 @@ If memory is allocated by this function, it must be freed by the caller.
 OSSL_PARAM_set_utf8_string() sets a UTF8 string from the parameter pointed to
 by I<p> to the value referenced by I<val>.
 If the parameter's I<data> field isn't NULL, its I<data_size> must indicate
-that the buffer is large enough to accomodate the string that I<val> points at,
+that the buffer is large enough to accommodate the string that I<val> points at,
 not including the terminating NUL byte, or this function will fail.
 A terminating NUL byte is added only if the parameter's I<data_size> indicates
 the buffer is longer than the string length, otherwise the string will not be
 NUL terminated.
 If the parameter's I<data> field is NULL, then only its I<return_size> field
 will be assigned the minimum size the parameter's I<data> buffer should have
-to accomodate the string, not including a terminating NUL byte.
+to accommodate the string, not including a terminating NUL byte.
 
 OSSL_PARAM_get_octet_string() retrieves an OCTET string from the parameter
 pointed to by I<p>.
diff --git a/doc/man3/OSSL_STORE_LOADER.pod b/doc/man3/OSSL_STORE_LOADER.pod
index b1d838604b..03b00e4f6a 100644
--- a/doc/man3/OSSL_STORE_LOADER.pod
+++ b/doc/man3/OSSL_STORE_LOADER.pod
@@ -327,7 +327,7 @@ definition string, or NULL on error.
 OSSL_STORE_LOADER_is_a() returns 1 if I<loader> was identifiable,
 otherwise 0.
 
-OSSL_STORE_LOADER_get0_description() returns a pointer to a decription, or NULL if
+OSSL_STORE_LOADER_get0_description() returns a pointer to a description, or NULL if
 there isn't one.
 
 The functions with the types B<OSSL_STORE_open_fn>,
diff --git a/doc/man3/OSSL_trace_set_channel.pod b/doc/man3/OSSL_trace_set_channel.pod
index 7564c60842..fcdc620799 100644
--- a/doc/man3/OSSL_trace_set_channel.pod
+++ b/doc/man3/OSSL_trace_set_channel.pod
@@ -46,7 +46,7 @@ by attaching the B<BIO> I<bio> object as (simple) trace channel.
 OSSL_trace_set_prefix() and OSSL_trace_set_suffix() can be used to add
 an extra line for each channel, to be output before and after group of
 tracing output.
-What constitues an output group is decided by the code that produces
+What constitutes an output group is decided by the code that produces
 the output.
 The lines given here are considered immutable; for more dynamic
 tracing prefixes, consider setting a callback with
diff --git a/doc/man3/PKCS12_decrypt_skey.pod b/doc/man3/PKCS12_decrypt_skey.pod
index 7a41b2b06c..022067c3b4 100644
--- a/doc/man3/PKCS12_decrypt_skey.pod
+++ b/doc/man3/PKCS12_decrypt_skey.pod
@@ -21,7 +21,7 @@ decrypt functions
 PKCS12_decrypt_skey() Decrypt the PKCS#8 shrouded keybag contained within I<bag>
 using the supplied password I<pass> of length I<passlen>.
 
-PKCS12_decrypt_skey_ex() is similar to the above but allows for a library contex
+PKCS12_decrypt_skey_ex() is similar to the above but allows for a library context
 I<ctx> and property query I<propq> to be used to select algorithm implementations.
 
 =head1 RETURN VALUES
diff --git a/doc/man3/PKCS12_gen_mac.pod b/doc/man3/PKCS12_gen_mac.pod
index 53b55e8703..1e72cfabd0 100644
--- a/doc/man3/PKCS12_gen_mac.pod
+++ b/doc/man3/PKCS12_gen_mac.pod
@@ -21,7 +21,7 @@ PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure
 =head1 DESCRIPTION
 
 PKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the
-supplied password along with a set of already configured paramters.
+supplied password along with a set of already configured parameters.
 
 PKCS12_verify_mac() verifies the PKCS#12 object's HMAC using the supplied
 password.
diff --git a/doc/man3/RAND_bytes.pod b/doc/man3/RAND_bytes.pod
index ee7ed4af86..df63f786e5 100644
--- a/doc/man3/RAND_bytes.pod
+++ b/doc/man3/RAND_bytes.pod
@@ -37,7 +37,7 @@ and L<EVP_RAND(7)>.
 
 RAND_bytes_ex() and RAND_priv_bytes_ex() are the same as RAND_bytes() and
 RAND_priv_bytes() except that they both take additional I<strength> and
-I<ctx> parameters. The bytes genreated will have a security strength of at
+I<ctx> parameters. The bytes generated will have a security strength of at
 least I<strength> bits.
 The DRBG used for the operation is the public or private DRBG associated with
 the specified I<ctx>. The parameter can be NULL, in which case
diff --git a/doc/man3/RSA_get0_key.pod b/doc/man3/RSA_get0_key.pod
index 0a0f79125a..90dca47474 100644
--- a/doc/man3/RSA_get0_key.pod
+++ b/doc/man3/RSA_get0_key.pod
@@ -54,7 +54,7 @@ see L<openssl_user_macros(7)>:
 
 All of the functions described on this page are deprecated.
 Applications should instead use L<EVP_PKEY_get_bn_param(3)> for any methods that
-return a B<BIGNUM>. Refer to L<EVP_PKEY-DH(7)> for more infomation.
+return a B<BIGNUM>. Refer to L<EVP_PKEY-DH(7)> for more information.
 
 An RSA object contains the components for the public and private key,
 B<n>, B<e>, B<d>, B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp>.  B<n> is
diff --git a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
index c415935d91..bf8441294a 100644
--- a/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
+++ b/doc/man3/SSL_CTX_set_tmp_dh_callback.pod
@@ -73,9 +73,9 @@ the built-in parameter support described above. Applications wishing to supply
 their own DH parameters should call SSL_CTX_set0_tmp_dh_pkey() or
 SSL_set0_tmp_dh_pkey() to supply the parameters for the B<SSL_CTX> or B<SSL>
 respectively. The parameters should be supplied in the I<dhpkey> argument as
-an B<EVP_PKEY> containg DH parameters. Ownership of the I<dhpkey> value is
+an B<EVP_PKEY> containing DH parameters. Ownership of the I<dhpkey> value is
 passed to the B<SSL_CTX> or B<SSL> object as a result of this call, and so the
-caller should not free it if the function call is succesful.
+caller should not free it if the function call is successful.
 
 The deprecated macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do the same
 thing as SSL_CTX_set0_tmp_dh_pkey() and SSL_set0_tmp_dh_pkey() except that the
diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
index 1213627be7..4437b93fd6 100644
--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod
+++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod
@@ -221,7 +221,7 @@ X509_VERIFY_PARAM_set1_ip_asc() return 1 for success and 0 for
 failure.
 
 X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), and
-X509_VERIFY_PARAM_get1_ip_asc(), return the string pointers pecified above
+X509_VERIFY_PARAM_get1_ip_asc(), return the string pointers specified above
 or NULL if the respective value has not been set or on error.
 
 X509_VERIFY_PARAM_get_flags() returns the current verification flags.
diff --git a/doc/man3/X509_add_cert.pod b/doc/man3/X509_add_cert.pod
index 1512d81701..f6dcc03258 100644
--- a/doc/man3/X509_add_cert.pod
+++ b/doc/man3/X509_add_cert.pod
@@ -31,7 +31,7 @@ The value B<X509_ADD_FLAG_DEFAULT>, which equals 0, means no special semantics.
 If B<X509_ADD_FLAG_UP_REF> is set then
 the reference counts of those certificates added successfully are increased.
 
-If B<X509_ADD_FLAG_PREPEND> is set then the certifcates are prepended to I<sk>.
+If B<X509_ADD_FLAG_PREPEND> is set then the certificates are prepended to I<sk>.
 By default they are appended to I<sk>.
 In both cases the original order of the added certificates is preserved.
 
diff --git a/doc/man3/X509_digest.pod b/doc/man3/X509_digest.pod
index f4921dbc18..ed58932505 100644
--- a/doc/man3/X509_digest.pod
+++ b/doc/man3/X509_digest.pod
@@ -44,9 +44,9 @@ X509_digest_sig() calculates a digest of the given certificate I<cert>
 using the same hash algorithm as in its signature, if the digest
 is an integral part of the certificate signature algorithm identifier.
 Otherwise, a fallback hash algorithm is determined as follows:
-SHA512 if the signature alorithm is ED25519,
+SHA512 if the signature algorithm is ED25519,
 SHAKE256 if it is ED448, otherwise SHA256.
-The output parmeters are assigned as follows.
+The output parameters are assigned as follows.
 Unless I<md_used> is NULL, the hash algorithm used is provided
 in I<*md_used> and must be freed by the caller (if it is not NULL).
 Unless I<md_is_fallback> is NULL,
diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod
index 9fc355c7ce..179b887543 100644
--- a/doc/man3/X509_dup.pod
+++ b/doc/man3/X509_dup.pod
@@ -350,7 +350,7 @@ to generate the function bodies.
 B<I<TYPE>_new>() allocates an empty object of the indicated type.
 The object returned must be released by calling B<I<TYPE>_free>().
 
-B<I<TYPE>_new_ex>() is similiar to B<I<TYPE>_new>() but also passes the
+B<I<TYPE>_new_ex>() is similar to B<I<TYPE>_new>() but also passes the
 library context I<libctx> and the property query I<propq> to use when retrieving
 algorithms from providers. This created object can then be used when loading
 binary data using B<d2i_I<TYPE>>().
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 77a8055e81..1ff76c633f 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -415,7 +415,7 @@ For example:
 =head2 Random Configuration
 
 The name B<random> in the initialization section names the section
-containing the random number generater settings.
+containing the random number generator settings.
 
 Within the random section, the following names have meaning:
 
diff --git a/doc/man7/EVP_PKEY-EC.pod b/doc/man7/EVP_PKEY-EC.pod
index a3c3ccb705..cf726823ae 100644
--- a/doc/man7/EVP_PKEY-EC.pod
+++ b/doc/man7/EVP_PKEY-EC.pod
@@ -15,7 +15,7 @@ The B<EC> keytype is implemented in OpenSSL's default provider.
 The normal way of specifying domain parameters for an EC curve is via the
 curve name "group". For curves with no curve name, explicit parameters can be
 used that specify "field-type", "p", "a", "b", "generator" and "order".
-Explicit parameters are supported for backwards compability reasons, but they
+Explicit parameters are supported for backwards compatibility reasons, but they
 are not compliant with multiple standards (including RFC5915) which only allow
 named curves.
 
@@ -70,7 +70,7 @@ I<order> multiplied by the I<cofactor> gives the number of points on the curve.
 
 =item  "decoded-from-explicit" (B<OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS>) <integer>
 
-Gets a flag indicating wether the key or parameters were decoded from explicit
+Gets a flag indicating whether the key or parameters were decoded from explicit
 curve parameters. Set to 1 if so or 0 if a named curve was used.
 
 =item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer>
@@ -95,7 +95,7 @@ point_conversion_forms please see L<EC_POINT_new(3)>. Valid values are
 Sets or Gets the type of group check done when EVP_PKEY_param_check() is called.
 Valid values are "default", "named" and "named-nist".
 The "named" type checks that the domain parameters match the inbuilt curve parameters,
-"named-nist" is similiar but also checks that the named curve is a nist curve.
+"named-nist" is similar but also checks that the named curve is a nist curve.
 The "default" type does domain parameter validation for the OpenSSL default provider,
 but is equivalent to "named-nist" for the OpenSSL fips provider.
 
diff --git a/doc/man7/crypto.pod b/doc/man7/crypto.pod
index 2b09ad8903..33a321ef60 100644
--- a/doc/man7/crypto.pod
+++ b/doc/man7/crypto.pod
@@ -206,7 +206,7 @@ If anything in this step fails, the next step is used as a fallback.
 
 As a fallback, try to fetch the operation type implementation from the same
 provider as the original L<EVP_PKEY(3)>'s L<EVP_KEYMGMT(3)>, still using the
-propery string from the B<EVP_PKEY_CTX>.
+property string from the B<EVP_PKEY_CTX>.
 
 =back
 
diff --git a/doc/man7/fips_module.pod b/doc/man7/fips_module.pod
index e374651fa5..482174be30 100644
--- a/doc/man7/fips_module.pod
+++ b/doc/man7/fips_module.pod
@@ -92,7 +92,7 @@ Obviously the include file location above should match the path and name of the
 FIPS module config file that you installed earlier.
 See L<https://github.com/openssl/openssl/blob/master/README-FIPS.md>.
 
-For FIPS usage, it is recommened that the B<config_diagnostics> option is
+For FIPS usage, it is recommended that the B<config_diagnostics> option is
 enabled to prevent accidental use of non-FIPS validated algorithms via broken
 or mistaken configuration.  See L<config(5)>.
 
diff --git a/doc/man7/life_cycle-pkey.pod b/doc/man7/life_cycle-pkey.pod
index 6768750f48..0300203551 100644
--- a/doc/man7/life_cycle-pkey.pod
+++ b/doc/man7/life_cycle-pkey.pod
@@ -22,7 +22,7 @@ This state represents the PKEY after it has been allocated.
 =item decapsulate
 
 This state represents the PKEY when it is ready to perform a private key decapsulation
-opeartion.
+operation.
 
 =item decrypt
 
@@ -40,7 +40,7 @@ operation.
 =item encapsulate
 
 This state represents the PKEY when it is ready to perform a public key encapsulation
-opeartion.
+operation.
 
 =item encrypt
 
diff --git a/doc/man7/migration_guide.pod b/doc/man7/migration_guide.pod
index 67e102fa4c..5b4939d82b 100644
--- a/doc/man7/migration_guide.pod
+++ b/doc/man7/migration_guide.pod
@@ -130,7 +130,7 @@ New algorithms provided via engines will still work.
 
 Engine-backed keys can be loaded via custom B<OSSL_STORE> implementation.
 In this case the B<EVP_PKEY> objects created via L<ENGINE_load_private_key(3)>
-will be concidered legacy and will continue to work.
+will be considered legacy and will continue to work.
 
 To ensure the future compatibility, the engines should be turned to providers.
 To prefer the provider-based hardware offload, you can specify the default
@@ -624,7 +624,7 @@ set up with the default library context. Use L<X509_new_ex(3)>,
 L<X509_CRL_new_ex(3)>, L<X509_REQ_new_ex(3)> and L<X509_PUBKEY_new_ex(3)> if a
 library context is required.
 
-All functions listed below with a I<NAME> have a replacment function I<NAME_ex>
+All functions listed below with a I<NAME> have a replacement function I<NAME_ex>
 that takes B<OSSL_LIB_CTX> as an additional argument. Functions that have other
 mappings are listed along with the respective name.
 
@@ -982,7 +982,7 @@ that refer to these categories.
 Any accessor that uses an ENGINE is deprecated (such as EVP_PKEY_set1_engine()).
 Applications using engines should instead use providers.
 
-Before providers were added algorithms were overriden by changing the methods
+Before providers were added algorithms were overridden by changing the methods
 used by algorithms. All these methods such as RSA_new_method() and RSA_meth_new()
 are now deprecated and can be replaced by using providers instead.
 
@@ -1074,7 +1074,7 @@ See L<EVP_MAC(3)>, L<EVP_MAC-HMAC(7)>, L<EVP_MAC-CMAC(7)>, L<EVP_MAC-GMAC(7)>,
 L<EVP_MAC-KMAC(7)>, L<EVP_MAC-BLAKE2(7)>, L<EVP_MAC-Poly1305(7)> and
 L<EVP_MAC-Siphash(7)> for additional information.
 
-Note that the one-shot method HMAC() is still available for compatability purposes.
+Note that the one-shot method HMAC() is still available for compatibility purposes.
 
 =head4 Deprecated low-level validation functions
 
@@ -1530,7 +1530,7 @@ See L</Deprecated low-level validation functions>
 
 EC_KEY_set_flags(), EC_KEY_get_flags(), EC_KEY_clear_flags()
 
-See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as seperate
+See L<EVP_PKEY-EC(7)/Common EC parameters> which handles flags as separate
 parameters for B<OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT>,
 B<OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE>, B<OSSL_PKEY_PARAM_EC_ENCODING>,
 B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH> and
diff --git a/doc/man7/openssl-glossary.pod b/doc/man7/openssl-glossary.pod
index b112b375ac..5d6a830429 100644
--- a/doc/man7/openssl-glossary.pod
+++ b/doc/man7/openssl-glossary.pod
@@ -12,7 +12,7 @@ openssl-glossary - An OpenSSL Glossary
 
 =item Algorithm
 
-Cryptograpic primitives such as the SHA256 digest, or AES encryption are
+Cryptographic primitives such as the SHA256 digest, or AES encryption are
 referred to in OpenSSL as "algorithms". There can be more than one
 implementation for any given algorithm available for use.
 
@@ -45,7 +45,7 @@ L<OSSL_DECODER_CTX_new_for_pkey(3)>
 
 =item Default Provider
 
-An OpenSSL Provider that contains the most commmon OpenSSL algorithm
+An OpenSSL Provider that contains the most common OpenSSL algorithm
 implementations. It is loaded by default if no other provider is available. All
 the algorithm implementations in the Base Provider are also available in the
 Default Provider.
@@ -81,7 +81,7 @@ Fetching is the process of looking through the available algorithm
 implementations, applying selection criteria (via a property query string), and
 finally choosing the implementation that will be used.
 
-Also see Explicit Fetching and Implict Fetching.
+Also see Explicit Fetching and Implicit Fetching.
 
 L<crypto(7)>
 
diff --git a/doc/man7/provider-kdf.pod b/doc/man7/provider-kdf.pod
index 3fbce625ff..fd17f9d28f 100644
--- a/doc/man7/provider-kdf.pod
+++ b/doc/man7/provider-kdf.pod
@@ -198,7 +198,7 @@ Sets the mode in the associated KDF ctx.
 
 =item "pkcs5" (B<OSSL_KDF_PARAM_PKCS5>) <integer>
 
-Enables or diables the SP800-132 compliance checks.
+Enables or disables the SP800-132 compliance checks.
 A mode of 0 enables the compliance checks.
 
 The checks performed are:
diff --git a/doc/man7/provider-object.pod b/doc/man7/provider-object.pod
index 1088e03551..bc82879679 100644
--- a/doc/man7/provider-object.pod
+++ b/doc/man7/provider-object.pod
@@ -164,7 +164,7 @@ A human readable text that describes extra details on the object.
 
 =back
 
-When a provider-native object abtraction is used, it I<must> contain object
+When a provider-native object abstraction is used, it I<must> contain object
 data in at least one form (object data I<passed by value>, i.e. the "data"
 item, or object data I<passed by reference>, i.e. the "reference" item).
 Both may be present at once, in which case the OpenSSL library code that
diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h
index 99fcda0020..6aeb9e61e1 100644
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@@ -511,7 +511,7 @@ OSSL_CORE_MAKE_FUNC(void,rand_clear_seed,
  * and key material, etc, essentially everything that manipulates the keys
  * themselves and their parameters.
  *
- * The key objects are commonly refered to as |keydata|, and it MUST be able
+ * The key objects are commonly referred to as |keydata|, and it MUST be able
  * to contain parameters if the key has any, the public key and the private
  * key.  All parts are optional, but their presence determines what can be
  * done with the key object in terms of encryption, signature, and so on.
diff --git a/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc b/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc
index 310f4470d6..db2678714e 100644
--- a/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc
+++ b/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc
@@ -8,7 +8,7 @@
  */
 
 /*
- * Crypto extention support for AES GCM.
+ * Crypto extension support for AES GCM.
  * This file is included by cipher_aes_gcm_hw.c
  */
 
diff --git a/providers/implementations/encode_decode/encode_key2any.c b/providers/implementations/encode_decode/encode_key2any.c
index ae15a5db46..949dc2bd8b 100644
--- a/providers/implementations/encode_decode/encode_key2any.c
+++ b/providers/implementations/encode_decode/encode_key2any.c
@@ -168,7 +168,7 @@ static X509_PUBKEY *key_to_pubkey(const void *key, int key_nid,
  * EncryptedPrivateKeyInfo structure (defined by PKCS#8).  They require
  * that there's an intent to encrypt, anything else is an error.
  *
- * key_to_pki_* primarly produce encoded output with the private key data
+ * key_to_pki_* primarily produce encoded output with the private key data
  * in a PrivateKeyInfo structure (also defined by PKCS#8).  However, if
  * there is an intent to encrypt the data, the corresponding key_to_epki_*
  * function is used instead.
diff --git a/providers/implementations/keymgmt/kdf_legacy_kmgmt.c b/providers/implementations/keymgmt/kdf_legacy_kmgmt.c
index 0b301c333b..73e6974208 100644
--- a/providers/implementations/keymgmt/kdf_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/kdf_legacy_kmgmt.c
@@ -69,7 +69,7 @@ int ossl_kdf_data_up_ref(KDF_DATA *kdfdata)
 
     /* This is effectively doing a new operation on the KDF_DATA and should be
      * adequately guarded again modules' error states.  However, both current
-     * calls here are guarded propery in exchange/kdf_exch.c.  Thus, it
+     * calls here are guarded properly in exchange/kdf_exch.c.  Thus, it
      * could be removed here.  The concern is that something in the future
      * might call this function without adequate guards.  It's a cheap call,
      * it seems best to leave it even though it is currently redundant.
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index ec34a3ee71..b1c3880277 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -109,7 +109,7 @@ int ossl_mac_key_up_ref(MAC_KEY *mackey)
 
     /* This is effectively doing a new operation on the MAC_KEY and should be
      * adequately guarded again modules' error states.  However, both current
-     * calls here are guarded propery in signature/mac_legacy.c.  Thus, it
+     * calls here are guarded properly in signature/mac_legacy.c.  Thus, it
      * could be removed here.  The concern is that something in the future
      * might call this function without adequate guards.  It's a cheap call,
      * it seems best to leave it even though it is currently redundant.
diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c
index 3c700ac887..99460edfce 100644
--- a/providers/implementations/signature/sm2_sig.c
+++ b/providers/implementations/signature/sm2_sig.c
@@ -9,7 +9,7 @@
 
 /*
  * ECDSA low level APIs are deprecated for public use, but still ok for
- * internal use - SM2 implemetation uses ECDSA_size() function.
+ * internal use - SM2 implementation uses ECDSA_size() function.
  */
 #include "internal/deprecated.h"
 
@@ -66,9 +66,9 @@ typedef struct {
     EC_KEY *ec;
 
     /*
-     * Flag to termine if the 'z' digest needs to be computed and fed to the
+     * Flag to determine if the 'z' digest needs to be computed and fed to the
      * hash function.
-     * This flag should be set on initialization and the compuation should
+     * This flag should be set on initialization and the computation should
      * be performed only once, on first update.
      */
     unsigned int flag_compute_z_digest : 1;
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index cda9b32156..283d55e9f0 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -2899,7 +2899,7 @@ static int tls_process_cke_rsa(SSL *s, PACKET *pkt)
      * We must not leak whether a decryption failure occurs because of
      * Bleichenbacher's attack on PKCS #1 v1.5 RSA padding (see RFC 2246,
      * section 7.4.7.1). We use the special padding type
-     * RSA_PKCS1_WITH_TLS_PADDING to do that. It will automaticaly decrypt the
+     * RSA_PKCS1_WITH_TLS_PADDING to do that. It will automatically decrypt the
      * RSA, check the padding and check that the client version is as expected
      * in the premaster secret. If any of that fails then the function appears
      * to return successfully but with a random result. The call below could
diff --git a/test/cmp_vfy_test.c b/test/cmp_vfy_test.c
index bfb51916f7..73c8bb4fb2 100644
--- a/test/cmp_vfy_test.c
+++ b/test/cmp_vfy_test.c
@@ -417,7 +417,7 @@ static int execute_msg_check_test(CMP_VFY_TEST_FIXTURE *fixture)
                                                fixture->additional_arg)))
         return 0;
 
-    if (fixture->expected == 0) /* error expected aready during above check */
+    if (fixture->expected == 0) /* error expected already during above check */
         return 1;
     return
         TEST_int_eq(0,
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 0d5bd5e3f7..7f191c43a9 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -2929,9 +2929,9 @@ static int test_pkey_ctx_fail_without_provider(int tst)
 
     /*
      * We check for certain algos in the null provider.
-     * If an algo is expected to have a provider keymgmt, contructing an
+     * If an algo is expected to have a provider keymgmt, constructing an
      * EVP_PKEY_CTX is expected to fail (return NULL).
-     * Otherwise, if it's expected to have legacy support, contructing an
+     * Otherwise, if it's expected to have legacy support, constructing an
      * EVP_PKEY_CTX is expected to succeed (return non-NULL).
      */
     switch (tst) {
diff --git a/test/param_build_test.c b/test/param_build_test.c
index 332a4cbfcf..f802b90dfc 100644
--- a/test/param_build_test.c
+++ b/test/param_build_test.c
@@ -294,7 +294,7 @@ static int builder_limit_test(void)
     }
     if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
         goto err;
-    /* Count the elements in the params arrary, expecting n */
+    /* Count the elements in the params array, expecting n */
     for (i = 0; params[i].key != NULL; i++);
     if (!TEST_int_eq(i, n))
         goto err;
@@ -306,7 +306,7 @@ static int builder_limit_test(void)
     if (!TEST_true(OSSL_PARAM_BLD_push_int(bld, "g", 2))
         || !TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
         goto err;
-    /* Count the elements in the params arrary, expecting 1 */
+    /* Count the elements in the params array, expecting 1 */
     for (i = 0; params[i].key != NULL; i++);
     if (!TEST_int_eq(i, 1))
         goto err;
diff --git a/test/params_api_test.c b/test/params_api_test.c
index 320de12877..62e458c993 100644
--- a/test/params_api_test.c
+++ b/test/params_api_test.c
@@ -78,7 +78,7 @@ static int test_param_type_extra(OSSL_PARAM *param, const unsigned char *cmp,
     const int signd = param->data_type == OSSL_PARAM_INTEGER;
 
     /*
-     * Set the unmodified sentinal directly because there is no param array
+     * Set the unmodified sentinel directly because there is no param array
      * for these tests.
      */
     param->return_size = OSSL_PARAM_UNMODIFIED;
diff --git a/test/params_test.c b/test/params_test.c
index 6a970feaa4..bcf397a55f 100644
--- a/test/params_test.c
+++ b/test/params_test.c
@@ -46,7 +46,7 @@ struct object_st {
      */
     double p2;
     /*
-     * Documented as an arbitrarly large unsigned integer.
+     * Documented as an arbitrarily large unsigned integer.
      * The data size must be large enough to accommodate.
      * Assumed data type OSSL_PARAM_UNSIGNED_INTEGER
      */
diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t
index 30d9136bbc..7c677f4fb1 100644
--- a/test/recipes/70-test_sslrecords.t
+++ b/test/recipes/70-test_sslrecords.t
@@ -87,7 +87,7 @@ use constant {
 };
 
 # The TLSv1.2 in SSLv2 ClientHello need to run at security level 0
-# because in a SSLv2 ClientHello we can't send extentions to indicate
+# because in a SSLv2 ClientHello we can't send extensions to indicate
 # which signature algorithm we want to use, and the default is SHA1.
 
 #Test 5: Inject an SSLv2 style record format for a TLSv1.2 ClientHello
diff --git a/test/recipes/90-test_threads.t b/test/recipes/90-test_threads.t
index d373fcbd16..4e892351ab 100644
--- a/test/recipes/90-test_threads.t
+++ b/test/recipes/90-test_threads.t
@@ -34,7 +34,7 @@ if ($no_fips) {
 }
 
 # Merge the configuration files into one filtering the contents so the failure
-# condition is reproducable.  A working FIPS configuration without the install
+# condition is reproducible.  A working FIPS configuration without the install
 # status is required.
 
 open CFGBASE, '<', $config_path;
diff --git a/test/ssl-tests/28-seclevel.cnf.in b/test/ssl-tests/28-seclevel.cnf.in
index 945f4599d1..2ec9ec1349 100644
--- a/test/ssl-tests/28-seclevel.cnf.in
+++ b/test/ssl-tests/28-seclevel.cnf.in
@@ -36,7 +36,7 @@ our @tests_ec = (
     {
         # The Ed448 signature algorithm will not be enabled.
         # Because of the config order, the certificate is first loaded, and
-        # then the security level is chaged. If you try this with s_server
+        # then the security level is changed. If you try this with s_server
         # the order will be reversed and it will instead fail to load the key.
         name => "SECLEVEL 5 server with ED448 key",
         server => { "CipherString" => "DEFAULT:\@SECLEVEL=5",
@@ -48,7 +48,7 @@ our @tests_ec = (
     },
     {
         # The client will not sent the Ed448 signature algorithm, so the server
-        # doesn't have a useable signature algorithm for the certificate.
+        # doesn't have a usable signature algorithm for the certificate.
         name => "SECLEVEL 5 client with ED448 key",
         server => { "CipherString" => "DEFAULT:\@SECLEVEL=4",
                     "Certificate" => test_pem("server-ed448-cert.pem"),
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 1abe120c3e..181d0ef686 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -856,7 +856,7 @@ static int test_ccs_change_cipher(void)
     size_t readbytes;
 
     /*
-     * Create a conection so we can resume and potentially (but not) use
+     * Create a connection so we can resume and potentially (but not) use
      * a different cipher in the second connection.
      */
     if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
diff --git a/test/tls-provider.c b/test/tls-provider.c
index 9ac1db51b3..7bff6e7406 100644
--- a/test/tls-provider.c
+++ b/test/tls-provider.c
@@ -313,7 +313,7 @@ static const OSSL_DISPATCH xor_keyexch_functions[] = {
 
 static const OSSL_ALGORITHM tls_prov_keyexch[] = {
     /*
-     * Obviously this is not FIPS approved, but in order to test in conjuction
+     * Obviously this is not FIPS approved, but in order to test in conjunction
      * with the FIPS provider we pretend that it is.
      */
     { "XOR", "provider=tls-provider,fips=yes", xor_keyexch_functions },
@@ -442,7 +442,7 @@ static const OSSL_DISPATCH xor_kem_functions[] = {
 
 static const OSSL_ALGORITHM tls_prov_kem[] = {
     /*
-     * Obviously this is not FIPS approved, but in order to test in conjuction
+     * Obviously this is not FIPS approved, but in order to test in conjunction
      * with the FIPS provider we pretend that it is.
      */
     { "XOR", "provider=tls-provider,fips=yes", xor_kem_functions },
@@ -758,7 +758,7 @@ static const OSSL_DISPATCH xor_keymgmt_functions[] = {
 
 static const OSSL_ALGORITHM tls_prov_keymgmt[] = {
     /*
-     * Obviously this is not FIPS approved, but in order to test in conjuction
+     * Obviously this is not FIPS approved, but in order to test in conjunction
      * with the FIPS provider we pretend that it is.
      */
     { "XOR", "provider=tls-provider,fips=yes", xor_keymgmt_functions },
diff --git a/util/add-depends.pl b/util/add-depends.pl
index 599a267f6d..d0f7c3473d 100644
--- a/util/add-depends.pl
+++ b/util/add-depends.pl
@@ -214,7 +214,7 @@ my %procedures = (
             #
             #   Hinweis: Einlesen der Datei:   {whatever header file}
             #
-            # To accomodate, we need to use a very general regular expression
+            # To accommodate, we need to use a very general regular expression
             # to parse those lines.
             #
             # Since there's no object file name at all in that information,
diff --git a/util/check-format.pl b/util/check-format.pl
index 09bd6b6270..8bc840b6fc 100755
--- a/util/check-format.pl
+++ b/util/check-format.pl
@@ -62,7 +62,7 @@
 #   except within if ... else constructs where some branch contains more than one
 #   statement. Since the exception is hard to recognize when such branches occur
 #   after the current position (such that false positives would be reported)
-#   the tool by checks for this rule by defaul only for do/while/for bodies.
+#   the tool by checks for this rule by default only for do/while/for bodies.
 #   Yet with the --1-stmt option false positives are preferred over negatives.
 #   False negatives occur if the braces are more than two non-empty lines apart.
 #
@@ -316,7 +316,7 @@ sub check_indent { # used for lines outside multi-line string literals
             $contents_before) if !$sloppy_cmt && $count_before != $count;
     }
     # ... but allow normal indentation for the current line, else above check will be done for the line before
-    if (($in_comment == 0 || $in_comment < 0) # (no commment,) intra-line comment or end of multi-line comment
+    if (($in_comment == 0 || $in_comment < 0) # (no comment,) intra-line comment or end of multi-line comment
         && m/^(\s*)@[\s@]*$/) { # line begins with '@', no code follows (except '\')
         if ($count == $ref_indent) { # indentation is like for (normal) code in this line
             s/^(\s*)@/$1*/; # blind first '@' as '*' to prevent above delayed check for the line before
@@ -511,7 +511,7 @@ while (<>) { # loop over all lines of all input files
 
     # do/prepare checks within multi-line comments
     my $self_test_exception = $self_test ? "@" : "";
-    if ($in_comment > 0) { # this still includes the last line of multi-line commment
+    if ($in_comment > 0) { # this still includes the last line of multi-line comment
         my ($head, $any_symbol, $cmt_text) = m/^(\s*)(.?)(.*)$/;
         if ($any_symbol eq "*") {
             report("no space after leading '*' in multi-line comment") if $cmt_text =~ m|^[^/\s$self_test_exception]|;
@@ -851,7 +851,7 @@ while (<>) { # loop over all lines of all input files
              $line_opening_brace == $line_before)
             && $contents_before =~ m/;/) { # there is at least one terminator ';', so there is some stmt
             # TODO do not report cases where a further else branch
-            # follows with a block containg more than one line/statement
+            # follows with a block containing more than one line/statement
             report_flexibly($line_before, "'$keyword_opening_brace' { 1 stmt }", $contents_before);
         }
     }


More information about the openssl-commits mailing list