Correct another batch of typos

Reviewed-by: NKurt Roeckx <kurt@openssl.org>
Reviewed-by: NRich Salz <rsalz@openssl.org>

doc/crypto/BIO_connect.pod

@@ -78,15 +78,15 @@ C<|> operator, for example:
 =head1 RETURN VALUES
 
 BIO_socket() returns the socket number on success or B<INVALID_SOCKET>
-(-1) on error.  When an error has occured, the OpenSSL error stack
+(-1) on error.  When an error has occurred, the OpenSSL error stack
 will hold the error data and errno has the system error.
 
 BIO_connect() and BIO_listen() return 1 on success or 0 on error.
-When an error has occured, the OpenSSL error stack will hold the error
+When an error has occurred, the OpenSSL error stack will hold the error
 data and errno has the system error.
 
 BIO_accept_ex() returns the accepted socket on success or
-B<INVALID_SOCKET> (-1) on error.  When an error has occured, the
+B<INVALID_SOCKET> (-1) on error.  When an error has occurred, the
 OpenSSL error stack will hold the error data and errno has the system
 error.
 

doc/crypto/BIO_parse_hostserv.pod

@@ -21,7 +21,7 @@ BIO_parse_hostserv() will parse the information given in B<hostserv>,
 create strings with the host name and service name and give those
 back via B<host> and B<service>.  Those will need to be freed after
 they are used.  B<hostserv_prio> helps determine if B<hostserv> shall
-be interpreted primarly as a host name or a service name in ambiguous
+be interpreted primarily as a host name or a service name in ambiguous
 cases.
 
 The syntax the BIO_parse_hostserv() recognises is:

doc/crypto/BIO_s_accept.pod

@@ -49,7 +49,7 @@ If the close flag is set on an accept BIO then any active
 connection on that chain is shutdown and the socket closed when
 the BIO is freed.
 
-Calling BIO_reset() on a accept BIO will close any active
+Calling BIO_reset() on an accept BIO will close any active
 connection and reset the BIO into a state where it awaits another
 incoming connection.
 
@@ -60,7 +60,7 @@ BIO_set_accept_port() uses the string B<name> to set the accept
 port. The port is represented as a string of the form "host:port",
 where "host" is the interface to use and "port" is the port.
 The host can be "*" or empty which is interpreted as meaning
-any interface.  If the host is a IPv6 address, it has to be
+any interface.  If the host is an IPv6 address, it has to be
 enclosed in brackets, for example "[::1]:https".  "port" has the
 same syntax as the port specified in BIO_set_conn_port() for
 connect BIOs, that is it can be a numerical port string or a

doc/crypto/BIO_s_bio.pod

@@ -172,7 +172,7 @@ SSL_operation() can successfully be continued.
 
 =head1 WARNING
 
-As the data is buffered, SSL_operation() may return with a ERROR_SSL_WANT_READ
+As the data is buffered, SSL_operation() may return with an ERROR_SSL_WANT_READ
 condition, but there is still data in the write buffer. An application must
 not rely on the error value of SSL_operation() but must assure that the
 write buffer is always flushed first. Otherwise a deadlock may occur as

doc/crypto/BIO_s_connect.pod

@@ -55,7 +55,7 @@ it also returns the socket . If B<c> is not NULL it should be of
 type (int *).
 
 BIO_set_conn_hostname() uses the string B<name> to set the hostname.
-The hostname can be an IP address; if the address is a IPv6 one, it
+The hostname can be an IP address; if the address is an IPv6 one, it
 must be enclosed with brackets. The hostname can also include the
 port in the form hostname:port.
 

doc/crypto/BIO_s_fd.pod

@@ -23,7 +23,7 @@ round the platforms file descriptor routines such as read() and write().
 BIO_read() and BIO_write() read or write the underlying descriptor.
 BIO_puts() is supported but BIO_gets() is not.
 
-If the close flag is set then then close() is called on the underlying
+If the close flag is set then close() is called on the underlying
 file descriptor when the BIO is freed.
 
 BIO_reset() attempts to change the file pointer to the start of file

doc/crypto/BN_BLINDING_new.pod

@@ -97,7 +97,7 @@ the B<BN_BLINDING> object, 0 otherwise.
 BN_BLINDING_set_current_thread() doesn't return anything.
 
 BN_BLINDING_lock(), BN_BLINDING_unlock() return 1 if the operation
-succeded or 0 on error.
+succeeded or 0 on error.
 
 BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags
 (a B<unsigned long> value).

doc/crypto/EVP_CIPHER_meth_new.pod

@@ -193,7 +193,7 @@ The EVP routines will simply give them control and do nothing more.
 
 =item EVP_CIPH_FLAG_AEAD_CIPHER
 
-This indicates that this is a AEAD cipher implementation.
+This indicates that this is an AEAD cipher implementation.
 
 =item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
 

doc/crypto/EVP_MD_meth_new.pod

@@ -96,13 +96,13 @@ combined with EVP_MD_FLAG_DIGALGID_ABSENT, the latter will override.>
 
 When setting up a DigestAlgorithmIdentifier, this flag will have the
 parameter be left absent by default.  I<Note: if combined with
-EVP_MD_FLAG_DIGALGID_NULL, the latter will be overriden.>
+EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.>
 
 =item EVP_MD_FLAG_DIGALGID_CUSTOM
 
 Custom DigestAlgorithmIdentifier handling via ctrl, with
 B<EVP_MD_FLAG_DIGALGID_ABSENT> as default.  I<Note: if combined with
-EVP_MD_FLAG_DIGALGID_NULL, the latter will be overriden.>
+EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.>
 Currently unused.
 
 =back

doc/crypto/OCSP_response_find_status.pod

 =pod
 
-OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP reponse utility functions.
+OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP response utility functions.
 
 =head1 SYNOPSIS
 

doc/crypto/OCSP_response_status.pod

@@ -26,7 +26,7 @@ contained in B<resp>.
 OCSP_response_create() creates and returns an B<OCSP_RESPONSE> structure for
 B<status> and optionally including basic response B<bs>.
 
-OCSP_RESPONSE_free() frees up OCSP reponse B<resp>.
+OCSP_RESPONSE_free() frees up OCSP response B<resp>.
 
 =head1 RETURN VALUES
 

doc/crypto/OCSP_sendreq_new.pod

@@ -40,7 +40,7 @@ B<rctx>. When the operation is complete it returns the response in B<*presp>.
 
 OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>.
 
-OCSP_set_max_response_length() sets the maximum reponse length for B<rctx>
+OCSP_set_max_response_length() sets the maximum response length for B<rctx>
 to B<len>. If the response exceeds this length an error occurs. If not
 set a default value of 100k is used.
 

doc/crypto/OPENSSL_secure_malloc.pod

@@ -100,8 +100,7 @@ OPENSSL_secure_malloc() and OPENSSL_secure_zalloc() return a pointer into
 the secure heap of the requested size, or C<NULL> if memory could not be
 allocated.
 
-CRYPTO_secure_allocated() returns 1 if the pointer is in the
-the secure heap, or 0 if not.
+CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.
 
 CRYPTO_secure_malloc_done() and OPENSSL_secure_free()
 return no values.

doc/crypto/RAND_load_file.pod

@@ -24,7 +24,7 @@ too small for the path name, an error occurs.
 
 RAND_load_file() reads a number of bytes from file B<filename> and
 adds them to the PRNG. If B<max_bytes> is non-negative,
-up to to B<max_bytes> are read;
+up to B<max_bytes> are read;
 if B<max_bytes> is -1, the complete file is read.
 
 RAND_write_file() writes a number of random bytes (currently 1024) to

doc/crypto/X509V3_get_d2i.pod

@@ -168,7 +168,7 @@ The following are CRL extensions from PKIX standards such as RFC5280.
  Delta CRL Indicator                NID_delta_crl
  Freshest CRL                       NID_freshest_crl
  Invalidity Date                    NID_invalidity_date
- Issuing Distrubution Point         NID_issuing_distribution_point
+ Issuing Distribution Point         NID_issuing_distribution_point
 
 The following are CRL entry extensions from PKIX standards such as RFC5280.
 

doc/crypto/X509_verify_cert.pod

@@ -41,7 +41,7 @@ for <= 0 return value on error.
 =head1 BUGS
 
 This function uses the header B<x509.h> as opposed to most chain verification
-functiosn which use B<x509_vfy.h>.
+functions which use B<x509_vfy.h>.
 
 =head1 SEE ALSO
 

doc/crypto/ecdsa.pod

@@ -123,7 +123,7 @@ The error codes can be obtained by L<ERR_get_error(3)>.
 Creating an ECDSA signature of a given SHA-256 hash value using the
 named curve prime256v1 (aka P-256).
 
-First step: create a EC_KEY object (note: this part is B<not> ECDSA
+First step: create an EC_KEY object (note: this part is B<not> ECDSA
 specific)
 
  int        ret;

doc/crypto/engine.pod

@@ -482,7 +482,7 @@ implemented by ENGINEs should be numbered from. Any command value lower than
 this symbol is considered a "generic" command is handled directly by the
 OpenSSL core routines.
 
-It is using these "core" control commands that one can discover the the control
+It is using these "core" control commands that one can discover the control
 commands implemented by a given ENGINE, specifically the commands;
 
  #define ENGINE_HAS_CTRL_FUNCTION		10

doc/crypto/pem.pod

@@ -399,7 +399,7 @@ The encryption key is derived using EVP_BytesToKey(). The cipher's
 initialization vector is passed to EVP_BytesToKey() as the B<salt>
 parameter. Internally, B<PKCS5_SALT_LEN> bytes of the salt are used
 (regardless of the size of the initialization vector). The user's
-password is passed to to EVP_BytesToKey() using the B<data> and B<datal>
+password is passed to EVP_BytesToKey() using the B<data> and B<datal>
 parameters. Finally, the library uses an iteration count of 1 for
 EVP_BytesToKey().
 

doc/crypto/sk_X509_num.pod

@@ -78,7 +78,7 @@ sk_X509_insert() inserts B<ptr> into B<sk> at position B<idx>. Any existing
 elements at or after B<idx> are moved downwards. If B<idx> is out of range
 the new element is appended to B<sk>. sk_X509_insert() either returns the
 number of elements in B<sk> after the new element is inserted or zero if
-an error occured: which will happen if there is a memory allocation failure.
+an error occurred: which will happen if there is a memory allocation failure.
 
 sk_X509_push() appends B<ptr> to B<sk> it is equivalent to:
 
@@ -93,7 +93,7 @@ sk_X509_pop() returns and removes the last element from B<sk>.
 sk_X509_shift() returns and removes the first element from B<sk>.
 
 sk_X509_set() sets element B<idx> of B<sk> to B<ptr> replacing the current
-element. The new element value is returned or B<NULL> if an error occured:
+element. The new element value is returned or B<NULL> if an error occurred:
 this will only happen if B<sk> is B<NULL> or B<idx> is out of range.
 
 sk_X509_find() and int sk_X509_find_ex() search B<sk> using the supplied

doc/openssl-c-indent.el

@@ -12,7 +12,7 @@
 ;;; M-x c-set-style <RET> (or C-c . for short), and enter "eay".
 ;;; To toggle the auto-newline feature of CC mode, type C-c C-a.
 ;;;
-;;; If you're a OpenSSL developer, you might find it more comfortable
+;;; If you're an OpenSSL developer, you might find it more comfortable
 ;;; to have this style be permanent in your OpenSSL development
 ;;; directory.  To have that, please perform this:
 ;;;

doc/ssl/SSL_CTX_dane_enable.pod

@@ -36,7 +36,7 @@ applications that override L<X509_verify_cert(3)> via
 L<SSL_CTX_set_cert_verify_callback(3)> are responsible to authenticate the peer
 chain in whatever manner they see fit.
 
-SSL_CTX_dane_mtype_set() may then be called zero or more times to to adjust the
+SSL_CTX_dane_mtype_set() may then be called zero or more times to adjust the
 supported digest algorithms.
 This must be done before any SSL handles are created for the context.
 

doc/ssl/SSL_CTX_free.pod

@@ -13,8 +13,7 @@ SSL_CTX_free - free an allocated SSL_CTX object
 =head1 DESCRIPTION
 
 SSL_CTX_free() decrements the reference count of B<ctx>, and removes the
-SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the
-the reference count has reached 0.
+SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the reference count has reached 0.
 
 It also calls the free()ing procedures for indirectly affected items, if
 applicable: the session cache, the list of ciphers, the list of Client CAs,

doc/ssl/SSL_CTX_set_cipher_list.pod

@@ -45,7 +45,7 @@ DSA ciphers always use DH key exchange and therefore need DH-parameters
 (see L<SSL_CTX_set_tmp_dh_callback(3)>).
 
 When these conditions are not met for any cipher in the list (e.g. a
-client only supports export RSA ciphers with a asymmetric key length
+client only supports export RSA ciphers with an asymmetric key length
 of 512 bits and the server is not configured to use temporary RSA
 keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
 and the handshake will fail.

doc/ssl/SSL_CTX_set_psk_client_callback.pod

@@ -59,7 +59,7 @@ The callback is set using functions SSL_CTX_set_psk_client_callback()
 or SSL_set_psk_client_callback(). The callback function is given the
 connection in parameter B<ssl>, a B<NULL>-terminated PSK identity hint
 sent by the server in parameter B<hint>, a buffer B<identity> of
-length B<max_identity_len> bytes where the the resulting
+length B<max_identity_len> bytes where the resulting
 B<NULL>-terminated identity is to be stored, and a buffer B<psk> of
 length B<max_psk_len> bytes where the resulting pre-shared key is to
 be stored.

doc/ssl/SSL_CTX_set_security_level.pod

@@ -54,7 +54,7 @@ application specific value.
 
 =head1 DEFAULT CALLBACK BEHAVIOUR
 
-If an application doesn't set it's own security callback the default
+If an application doesn't set its own security callback the default
 callback is used. It is intended to provide sane defaults. The meaning
 of each level is described below.
 

doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod

@@ -90,7 +90,7 @@ continue on those parameters.
 =item Z<>0
 
 This indicates that it was not possible to set/retrieve a session ticket and 
-the SSL/TLS session will continue by by negotiating a set of cryptographic
+the SSL/TLS session will continue by negotiating a set of cryptographic
 parameters or using the alternate SSL/TLS resumption mechanism, session ids.
 
 If called with enc equal to 0 the library will call the I<cb> again to get

doc/ssl/ssl.pod

@@ -76,7 +76,7 @@ links to mostly all other structures.
 =head1 HEADER FILES
 
 Currently the OpenSSL B<ssl> library provides the following C header files
-containing the prototypes for the data structures and and functions:
+containing the prototypes for the data structures and functions:
 
 =over 4