Spelling fixes

Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1219)

apps/apps.h

@@ -113,9 +113,9 @@ int has_stdin_waiting(void);
         { "explicit_policy", OPT_V_EXPLICIT_POLICY, '-', \
             "set policy variable require-explicit-policy"}, \
         { "inhibit_any", OPT_V_INHIBIT_ANY, '-', \
-            "set policy variable inihibit-any-policy"}, \
+            "set policy variable inhibit-any-policy"}, \
         { "inhibit_map", OPT_V_INHIBIT_MAP, '-', \
-            "set policy variable inihibit-policy-mapping"}, \
+            "set policy variable inhibit-policy-mapping"}, \
         { "x509_strict", OPT_V_X509_STRICT, '-', \
             "disable certificate compatibility work-arounds"}, \
         { "extended_crl", OPT_V_EXTENDED_CRL, '-', \
@@ -187,7 +187,7 @@ int has_stdin_waiting(void);
         { "xcertform", OPT_X_CERTFORM, 'F', \
             "format of Extended certificate (PEM or DER) PEM default " }, \
         { "xkeyform", OPT_X_KEYFORM, 'F', \
-            "format of Exnteded certificate's key (PEM or DER) PEM default"}
+            "format of Extended certificate's key (PEM or DER) PEM default"}
 
 # define OPT_X_CASES \
         OPT_X__FIRST: case OPT_X__LAST: break; \

apps/ocsp.c

@@ -165,7 +165,7 @@ OPTIONS ocsp_options[] = {
      "Number of requests to accept (default unlimited)"},
     {"ndays", OPT_NDAYS, 'p', "Number of days before next update"},
     {"rsigner", OPT_RSIGNER, '<',
-     "Sesponder certificate to sign responses with"},
+     "Responder certificate to sign responses with"},
     {"rkey", OPT_RKEY, '<', "Responder key to sign responses with"},
     {"rother", OPT_ROTHER, '<', "Other certificates to include in response"},
     {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"},

apps/opt.c

@@ -74,7 +74,7 @@ char *opt_progname(const char *argv0)
 {
     const char *p, *q;
 
-    /* Find last special charcter sys:[foo.bar]openssl */
+    /* Find last special character sys:[foo.bar]openssl */
     for (p = argv0 + strlen(argv0); --p > argv0;)
         if (*p == ':' || *p == ']' || *p == '>') {
             p++;
@@ -857,7 +857,7 @@ void opt_help(const OPTIONS *list)
         start[sizeof start - 1] = '\0';
 
         if (o->name == OPT_MORE_STR) {
-            /* Continuation of previous line; padd and print. */
+            /* Continuation of previous line; pad and print. */
             start[width] = '\0';
             BIO_printf(bio_err, "%s  %s\n", start, help);
             continue;

crypto/x509v3/pcy_data.c

@@ -28,9 +28,9 @@ void policy_data_free(X509_POLICY_DATA *data)
 }
 
 /*
- * Create a data based on an existing policy. If 'id' is NULL use the oid in
+ * Create a data based on an existing policy. If 'id' is NULL use the OID in
  * the policy, otherwise use 'id'. This behaviour covers the two types of
- * data in RFC3280: data with from a CertificatePolcies extension and
+ * data in RFC3280: data with from a CertificatePolicies extension and
  * additional data with just the qualifiers of anyPolicy and ID from another
  * source.
  */

doc/apps/s_client.pod

@@ -355,7 +355,7 @@ L<SSL_CTX_set_split_send_fragment(3)> for further information.
 
 The maximum number of encrypt/decrypt pipelines to be used. This will only have
 an effect if an engine has been loaded that supports pipelining (e.g. the dasync
-engine) and a suiteable ciphersuite has been negotiated. The default value is 1.
+engine) and a suitable ciphersuite has been negotiated. The default value is 1.
 See L<SSL_CTX_set_max_pipelines(3)> for further information.
 
 =item B<-read_buf int>

doc/apps/x509v3_config.pod

@@ -116,7 +116,7 @@ following PKIX, NS and MS values are meaningful:
  emailProtection        E-mail Protection (S/MIME).
  timeStamping           Trusted Timestamping
  OCSPSigning            OCSP Signing
- ipsecIKE               ipsec Internet Key Exchnage
+ ipsecIKE               ipsec Internet Key Exchange
  msCodeInd              Microsoft Individual Code Signing (authenticode)
  msCodeCom              Microsoft Commercial Code Signing (authenticode)
  msCTLSign              Microsoft Trust List Signing

doc/crypto/ASN1_STRING_length.pod

@@ -53,7 +53,7 @@ should be freed using OPENSSL_free().
 =head1 NOTES
 
 Almost all ASN1 types in OpenSSL are represented as an B<ASN1_STRING>
-structure. Other types such as B<ASN1_OCTET_STRING> are simply typedefed
+structure. Other types such as B<ASN1_OCTET_STRING> are simply typedef'ed
 to B<ASN1_STRING> and the functions call the B<ASN1_STRING> equivalents.
 B<ASN1_STRING> is also used for some B<CHOICE> types which consist
 entirely of primitive string types such as B<DirectoryString> and

doc/crypto/X509_PUBKEY_new.pod

@@ -56,7 +56,7 @@ count on the returned key is incremented so it B<MUST> be freed using
 EVP_PKEY_free() after use.
 
 d2i_PUBKEY() and i2d_PUBKEY() decode and encode an B<EVP_PKEY> structure
-using B<SubjectPublicKeyInfo> format. They otherise follow the conventions of
+using B<SubjectPublicKeyInfo> format. They otherwise follow the conventions of
 other ASN.1 functions such as d2i_X509().
 
 d2i_PUBKEY_bio(), d2i_PUBKEY_fp(), i2d_PUBKEY_bio() and i2d_PUBKEY_fp() are

doc/crypto/X509_STORE_CTX_get_error.pod

@@ -203,7 +203,7 @@ consistent with the supplied purpose.
 
 =item B<X509_V_ERR_PATH_LENGTH_EXCEEDED: path length constraint exceeded>
 
-the basicConstraints pathlength parameter has been exceeded.
+the basicConstraints path-length parameter has been exceeded.
 
 =item B<X509_V_ERR_INVALID_PURPOSE: unsupported certificate purpose>
 

doc/crypto/X509_STORE_CTX_new.pod

@@ -95,10 +95,10 @@ X509_STORE_CTX_get0_param() retrieves an internal pointer
 to the verification parameters associated with B<ctx>.
 
 X509_STORE_CTX_get0_untrusted() retrieves an internal pointer to the
-stack of untrusted certifieds associated with B<ctx>.
+stack of untrusted certificates associated with B<ctx>.
 
 X509_STORE_CTX_set0_untrusted() sets the internal point to the stack
-of unstrusted certificates associated with B<ctx> to B<sk>.
+of untrusted certificates associated with B<ctx> to B<sk>.
 
 X509_STORE_CTX_set0_param() sets the internal verification parameter pointer
 to B<param>. After this call B<param> should not be used.
@@ -171,7 +171,7 @@ L<X509_VERIFY_PARAM_set_flags(3)>
 
 X509_STORE_CTX_set0_crls() was first added to OpenSSL 1.0.0
 X509_STORE_CTX_get_num_untrusted() was first added to OpenSSL 1.1.0
-X509_STORE_set_verify() wsa first added to OpenSSL 1.1.0. It was previously
+X509_STORE_set_verify() was first added to OpenSSL 1.1.0. It was previously
 available as a macro X509_STORE_set_verify_func(). This macro still exists but
 simply calls this function.
 

doc/crypto/X509_VERIFY_PARAM_set_flags.pod

@@ -79,7 +79,7 @@ X509_VERIFY_PARAM_set_depth() sets the maximum verification depth to B<depth>.
 That is the maximum number of intermediate CA certificates that can appear in a
 chain.
 A maximal depth chain contains 2 more certificates than the limit, since
-neither the end-entity ceritificate nor the trust-anchor count against this
+neither the end-entity certificate nor the trust-anchor count against this
 limit.
 Thus a B<depth> limit of 0 only allows the end-entity certificate to be signed
 directly by the trust-anchor, while with a B<depth> limit of 1 there can be one

doc/crypto/X509_check_ca.pod

@@ -19,7 +19,7 @@ to sign other certificates).
 
 Function return 0, if it is not CA certificate, 1 if it is proper X509v3
 CA certificate with B<basicConstraints> extension CA:TRUE,
-3, if it is selfsigned X509 v1 certificate, 4, if it is certificate with
+3, if it is self-signed X509 v1 certificate, 4, if it is certificate with
 B<keyUsage> extension with bit B<keyCertSign> set, but without
 B<basicConstraints>, and 5 if it has outdated Netscape Certificate Type
 extension telling that it is CA certificate.

doc/crypto/X509_get_subject_name.pod

@@ -34,11 +34,11 @@ up when it is no longer needed.
 
 X509_get_issuer_name() and X509_set_issuer_name() are identical to
 X509_get_subject_name() and X509_set_subject_name() except the get and
-set the isssuer name of B<x>.
+set the issuer name of B<x>.
 
 Similarly X509_REQ_get_subject_name(), X509_REQ_set_subject_name(),
  X509_CRL_get_issuer() and X509_CRL_set_issuer_name() get or set the subject
-or issuer names of certifcate requests of CRLs respectively.
+or issuer names of certificate requests of CRLs respectively.
 
 =head1 RETURN VALUES
 

doc/crypto/X509_get_version.pod

@@ -23,7 +23,7 @@ certificate request or CRL version
 
 X509_get_version() returns the numerical value of the version field of
 certificate B<x>. Note: this is defined by standards (X.509 et al) to be one
-less than the certificate version. So a verson 3 certificate will return 2 and
+less than the certificate version. So a version 3 certificate will return 2 and
 a version 1 certificate will return 0.
 
 X509_set_version() sets the numerical value of the version field of certificate

doc/crypto/X509_sign.pod

@@ -30,7 +30,7 @@ certificate B<x> but uses the parameters contained in digest context B<ctx>.
 
 X509_verify() verifies the signature of certificate B<x> using public key
 B<pkey>. Only the signature is checked: no other checks (such as certificate
-chain validity) are perfored.
+chain validity) are performed.
 
 X509_REQ_sign(), X509_REQ_sign_ctx(), X509_REQ_verify(),
 X509_CRL_sign(), X509_CRL_sign_ctx() and X509_CRL_verify() sign and verify