ispell (and minor modifications)

INSTALL.VMS

@@ -51,7 +51,7 @@ directory.  The syntax is trhe following:
 
 Note: The RSAREF libraries are NOT INCLUDED and you have to
       download it from "ftp://ftp.rsa.com/rsaref".  You have to
-      get the ".tar-Z" file as the ".zip" file dosen't have the
+      get the ".tar-Z" file as the ".zip" file doesn't have the
       directory structure stored.  You have to extract the file
       into the [.RSAREF] directory as that is where the scripts
       will look for the files.
@@ -175,7 +175,7 @@ dependent on the OpenVMS version or the C library version, *and* you
 can use those macros to simulate older OpenVMS or C library versions,
 by defining the macros _VMS_V6_SOURCE, __VMS_VER and __CTRL_VER with
 correct values.  In the compilation scripts, I've provided the possibility
-for the user to influense the creation of such macros, through a bunch of
+for the user to influence the creation of such macros, through a bunch of
 symbols, all having names starting with USER_.  Here's the list of them:
 
   USER_CCFLAGS		 - Used to give additional qualifiers to the

INSTALL.W32

@@ -4,7 +4,7 @@
 
  Heres a few comments about building OpenSSL in Windows environments. Most of
  this is tested on Win32 but it may also work in Win 3.1 with some
- modification.  See the end of this file for Eric's original comments.
+ modification.
 
  You need Perl for Win32 (available from http://www.activestate.com/ActivePerl)
  and one of the following C compilers:

apps/CA.pl.in

@@ -66,7 +66,7 @@ foreach (@ARGV) {
 	    $RET=$?;
 	    print "Request (and private key) is in newreq.pem\n";
 	} elsif (/^-newca$/) {
-		# if explictly asked for or it doesn't exist then setup the
+		# if explicitly asked for or it doesn't exist then setup the
 		# directory structure that Eric likes to manage things 
 	    $NEW="1";
 	    if ( "$NEW" || ! -f "${CATOP}/serial" ) {

apps/CA.sh

@@ -60,7 +60,7 @@ case $i in
     echo "Request (and private key) is in newreq.pem"
     ;;
 -newca)     
-    # if explictly asked for or it doesn't exist then setup the directory
+    # if explicitly asked for or it doesn't exist then setup the directory
     # structure that Eric likes to manage things 
     NEW="1"
     if [ "$NEW" -o ! -f ${CATOP}/serial ]; then

apps/app_rand.c

@@ -180,7 +180,7 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
 	if (!seeded)
 		/* If we did not manage to read the seed file,
 		 * we should not write a low-entropy seed file back --
-		 * it would supress a crucial warning the next time
+		 * it would suppress a crucial warning the next time
 		 * we want to use it. */
 		return 0;
 

apps/asn1pars.c

@@ -74,7 +74,7 @@
  * -i		- indent the details by depth
  * -offset	- where in the file to start
  * -length	- how many bytes to use
- * -oid file	- extra oid decription file
+ * -oid file	- extra oid description file
  */
 
 #undef PROG
@@ -172,7 +172,7 @@ bad:
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
-		BIO_printf(bio_err," -length arg   lenth of section in file\n");
+		BIO_printf(bio_err," -length arg   length of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
 		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
 		BIO_printf(bio_err," -strparse offset\n");

apps/ca.c

@@ -517,7 +517,7 @@ bad:
 		}
 
 	/*****************************************************************/
-	/* we definitly need an public key, so lets get it */
+	/* we definitely need an public key, so lets get it */
 
 	if ((keyfile == NULL) && ((keyfile=CONF_get_string(conf,
 		section,ENV_PRIVATE_KEY)) == NULL))
@@ -592,7 +592,7 @@ bad:
 		if (access(outdir,R_OK|W_OK|X_OK) != 0)
 #endif
 			{
-			BIO_printf(bio_err,"I am unable to acces the %s directory\n",outdir);
+			BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
 			perror(outdir);
 			goto err;
 			}
@@ -676,7 +676,7 @@ bad:
 		TXT_DB_write(out,db);
 		BIO_printf(bio_err,"%d entries loaded from the database\n",
 			db->data->num);
-		BIO_printf(bio_err,"generating indexs\n");
+		BIO_printf(bio_err,"generating index\n");
 		}
 	
 	if (!TXT_DB_create_index(db,DB_serial,NULL,index_serial_hash,
@@ -1008,14 +1008,14 @@ bad:
 			out=NULL;
 			if (rename(serialfile,buf[2]) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					serialfile,buf[2]);
 				perror("reason");
 				goto err;
 				}
 			if (rename(buf[0],serialfile) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					buf[0],serialfile);
 				perror("reason");
 				rename(buf[2],serialfile);
@@ -1032,14 +1032,14 @@ bad:
 
 			if (rename(dbfile,buf[2]) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					dbfile,buf[2]);
 				perror("reason");
 				goto err;
 				}
 			if (rename(buf[1],dbfile) < 0)
 				{
-				BIO_printf(bio_err,"unabel to rename %s to %s\n",
+				BIO_printf(bio_err,"unable to rename %s to %s\n",
 					buf[1],dbfile);
 				perror("reason");
 				rename(buf[2],dbfile);
@@ -1686,7 +1686,7 @@ again2:
 		}
 
 	if (verbose)
-		BIO_printf(bio_err,"The subject name apears to be ok, checking data base for clashes\n");
+		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
 
 	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
 	row[DB_serial]=BN_bn2hex(serial);
@@ -1743,7 +1743,7 @@ again2:
 		goto err;
 		}
 
-	/* We are now totaly happy, lets make and sign the certificate */
+	/* We are now totally happy, lets make and sign the certificate */
 	if (verbose)
 		BIO_printf(bio_err,"Everything appears to be ok, creating and signing the certificate\n");
 
@@ -1790,7 +1790,7 @@ again2:
 		ASN1_INTEGER_set(ci->version,2); /* version 3 certificate */
 
 		/* Free the current entries if any, there should not
-		 * be any I belive */
+		 * be any I believe */
 		if (ci->extensions != NULL)
 			sk_X509_EXTENSION_pop_free(ci->extensions,
 						   X509_EXTENSION_free);

apps/dh.c

@@ -219,7 +219,7 @@ bad:
 		BN_print(stdout,dh->g);
 		printf("\n");
 		if (dh->length != 0)
-			printf("recomented private length=%ld\n",dh->length);
+			printf("recommended private length=%ld\n",dh->length);
 #endif
 		}
 	
@@ -298,7 +298,7 @@ bad:
 			}
 		if (!i)
 			{
-			BIO_printf(bio_err,"unable to write DH paramaters\n");
+			BIO_printf(bio_err,"unable to write DH parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}

apps/dhparam.c

@@ -335,7 +335,7 @@ bad:
 			}
 		if (!i)
 			{
-			BIO_printf(bio_err,"unable to write DH paramaters\n");
+			BIO_printf(bio_err,"unable to write DH parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}

apps/dsaparam.c

@@ -317,7 +317,7 @@ bad:
 			}
 		if (!i)
 			{
-			BIO_printf(bio_err,"unable to write DSA paramaters\n");
+			BIO_printf(bio_err,"unable to write DSA parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}

apps/enc.c

@@ -245,7 +245,7 @@ bad:
 			BIO_printf(bio_err,"rc2     :128 bit key RC2 encryption\n");
 #endif
 #ifndef NO_BF
-			BIO_printf(bio_err,"bf      :128 bit key BlowFish encryption\n");
+			BIO_printf(bio_err,"bf      :128 bit key Blowfish encryption\n");
 #endif
 #ifndef NO_RC4
 			BIO_printf(bio_err," -%-5s :128 bit key RC4 encryption\n",

apps/genrsa.c

@@ -94,7 +94,7 @@ int MAIN(int argc, char **argv)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
-		BIO_printf(bio_err,"unable to creat BIO for output\n");
+		BIO_printf(bio_err,"unable to create BIO for output\n");
 		goto err;
 		}
 
@@ -178,7 +178,7 @@ bad:
 
 	if (rsa == NULL) goto err;
 	
-	/* We need to do the folloing for when the base number size is <
+	/* We need to do the following for when the base number size is <
 	 * long, esp windows 3.1 :-(. */
 	l=0L;
 	for (i=0; i<rsa->e->top; i++)

apps/pkcs12.c

@@ -492,7 +492,7 @@ int MAIN(int argc, char **argv)
     CRYPTO_push_info("verify MAC");
 #endif
 	if (!PKCS12_verify_mac (p12, mpass, -1)) {
-	    BIO_printf (bio_err, "Mac verify errror: invalid password?\n");
+	    BIO_printf (bio_err, "Mac verify error: invalid password?\n");
 	    ERR_print_errors (bio_err);
 	    goto end;
 	} else BIO_printf (bio_err, "MAC verified OK\n");

apps/s_client.c

@@ -148,7 +148,7 @@ static void sc_usage(void)
 	BIO_printf(bio_err," -tls1         - just use TLSv1\n");
 	BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n");
 	BIO_printf(bio_err," -bugs         - Switch on all SSL implementation bug workarounds\n");
-	BIO_printf(bio_err," -cipher       - prefered cipher to use, use the 'openssl ciphers'\n");
+	BIO_printf(bio_err," -cipher       - preferred cipher to use, use the 'openssl ciphers'\n");
 	BIO_printf(bio_err,"                 command to see what is available\n");
 
 	}
@@ -354,7 +354,7 @@ bad:
 	if (state) SSL_CTX_set_info_callback(ctx,apps_ssl_info_callback);
 	if (cipher != NULL)
 		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
-		BIO_printf(bio_err,"error seting cipher list\n");
+		BIO_printf(bio_err,"error setting cipher list\n");
 		ERR_print_errors(bio_err);
 		goto end;
 	}
@@ -370,7 +370,7 @@ bad:
 	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(ctx)))
 		{
-		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
+		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}

apps/s_server.c

@@ -239,7 +239,7 @@ static void sv_usage(void)
 #ifndef NO_DH
 	BIO_printf(bio_err," -no_dhe       - Disable ephemeral DH\n");
 #endif
-	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatability\n");
+	BIO_printf(bio_err," -bugs         - Turn on SSL bug compatibility\n");
 	BIO_printf(bio_err," -www          - Respond to a 'GET /' with a status page\n");
 	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
 	}
@@ -698,7 +698,7 @@ bad:
 
 	if (cipher != NULL)
 		if(!SSL_CTX_set_cipher_list(ctx,cipher)) {
-		BIO_printf(bio_err,"error seting cipher list\n");
+		BIO_printf(bio_err,"error setting cipher list\n");
 		ERR_print_errors(bio_err);
 		goto end;
 	}
@@ -1448,7 +1448,7 @@ end:
 	/* make sure we re-use sessions */
 	SSL_set_shutdown(con,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
-	/* This kills performace */
+	/* This kills performance */
 /*	SSL_shutdown(con); A shutdown gets sent in the
  *	BIO_free_all(io) procession */
 #endif

apps/s_time.c

@@ -216,7 +216,7 @@ static void s_time_usage(void)
                 file if not specified by this option\n\
 -CApath arg   - PEM format directory of CA's\n\
 -CAfile arg   - PEM format file of CA's\n\
--cipher       - prefered cipher to use, play with 'openssl ciphers'\n\n";
+-cipher       - preferred cipher to use, play with 'openssl ciphers'\n\n";
 
 	printf( "usage: s_time <args>\n\n" );
 
@@ -225,7 +225,7 @@ static void s_time_usage(void)
 	printf("-nbio         - Run with non-blocking IO\n");
 	printf("-ssl2         - Just use SSLv2\n");
 	printf("-ssl3         - Just use SSLv3\n");
-	printf("-bugs         - Turn on SSL bug compatability\n");
+	printf("-bugs         - Turn on SSL bug compatibility\n");
 	printf("-new          - Just time new connections\n");
 	printf("-reuse        - Just time connection reuse\n");
 	printf("-www page     - Retrieve 'page' from the site\n");
@@ -431,7 +431,7 @@ int MAIN(int argc, char **argv)
 	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
 		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
 		{
-		/* BIO_printf(bio_err,"error seting default verify locations\n"); */
+		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}

apps/smime.c

@@ -294,7 +294,7 @@ int MAIN(int argc, char **argv)
 		encerts = sk_X509_new_null();
 		while (*args) {
 			if(!(cert = load_cert(*args))) {
-				BIO_printf(bio_err, "Can't read recipent certificate file %s\n", *args);
+				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
 				goto end;
 			}
 			sk_X509_push(encerts, cert);

apps/verify.c

@@ -119,7 +119,7 @@ int MAIN(int argc, char **argv)
 				i = X509_PURPOSE_get_by_sname(*(++argv));
 				if(i < 0)
 					{
-					BIO_printf(bio_err, "unrecognised purpose\n");
+					BIO_printf(bio_err, "unrecognized purpose\n");
 					goto end;
 					}
 				xptmp = X509_PURPOSE_iget(i);
@@ -185,7 +185,7 @@ int MAIN(int argc, char **argv)
 end:
 	if (ret == 1) {
 		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] cert1 cert2 ...\n");
-		BIO_printf(bio_err,"recognised usages:\n");
+		BIO_printf(bio_err,"recognized usages:\n");
 		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
 			X509_PURPOSE *ptmp;
 			ptmp = X509_PURPOSE_iget(i);

apps/x509.c

@@ -93,7 +93,7 @@ static char *x509_usage[]={
 " -in arg         - input file - default stdin\n",
 " -out arg        - output file - default stdout\n",
 " -passin arg     - private key password\n",
-" -envpassin arg  - read private key password from encvironment variable \"arg\"\n",
+" -envpassin arg  - read private key password from environment variable \"arg\"\n",
 " -serial         - print serial number value\n",
 " -hash           - print hash value\n",
 " -subject        - print subject DN\n",
@@ -119,7 +119,7 @@ static char *x509_usage[]={
 " -req            - input is a certificate request, sign and output.\n",
 " -CA arg         - set the CA certificate, must be PEM format.\n",
 " -CAkey arg      - set the CA key, must be PEM format\n",
-"                   missing, it is asssumed to be in the CA file.\n",
+"                   missing, it is assumed to be in the CA file.\n",
 " -CAcreateserial - create serial number file if it does not exist\n",
 " -CAserial       - serial file\n",
 " -text           - print the certificate in text form\n",

crypto/asn1/a_bytes.c

@@ -71,7 +71,7 @@ B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0,
 B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN,
 	};
 
-static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c);
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c);
 /* type is a 'bitmap' of acceptable string types.
  */
 ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp,
@@ -205,7 +205,7 @@ ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length,
 		c.tag=Ptag;
 		c.xclass=Pclass;
 		c.max=(length == 0)?0:(p+length);
-		if (!asn1_collate_primative(ret,&c)) 
+		if (!asn1_collate_primitive(ret,&c)) 
 			goto err; 
 		else
 			{
@@ -254,11 +254,11 @@ err:
 	}
 
 
-/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapes
- * them into the one struture that is then returned */
+/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
+ * them into the one structure that is then returned */
 /* There have been a few bug fixes for this function from
  * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
-static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c)
+static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c)
 	{
 	ASN1_STRING *os=NULL;
 	BUF_MEM b;

crypto/asn1/a_null.c

@@ -60,7 +60,7 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-/* ASN1 functions for NULL type. For compatability with other ASN1 code
+/* ASN1 functions for NULL type. For compatibility with other ASN1 code
  * it returns a pointer to an "ASN1_NULL" structure. The new/free functions
  * don't need to do any allocating because nothing is stored in a NULL.
  */

crypto/asn1/a_object.c

@@ -269,7 +269,7 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a)
 	if (a == NULL) return;
 	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
 		{
-#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause mempory leaks */
+#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
 		if (a->sn != NULL) Free((void *)a->sn);
 		if (a->ln != NULL) Free((void *)a->ln);
 #endif

crypto/asn1/a_sign.c

@@ -133,7 +133,7 @@ int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	signature->data=buf_out;
 	buf_out=NULL;
 	signature->length=outl;
-	/* In the interests of compatability, I'll make sure that
+	/* In the interests of compatibility, I'll make sure that
 	 * the bit string has a 'not-used bits' value of 0
 	 */
 	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);

crypto/asn1/asn1.h

@@ -81,7 +81,7 @@ extern "C" {
 #define V_ASN1_PRIMITIVE_TAG		0x1f
 #define V_ASN1_PRIMATIVE_TAG		0x1f
 
-#define V_ASN1_APP_CHOOSE		-2	/* let the recipent choose */
+#define V_ASN1_APP_CHOOSE		-2	/* let the recipient choose */
 
 #define V_ASN1_UNDEF			-1
 #define V_ASN1_EOC			0
@@ -176,7 +176,7 @@ typedef struct asn1_ctx_st
 	int tag;	/* tag from last 'get object' */
 	int xclass;	/* class from last 'get object' */
 	long slen;	/* length of last 'get object' */
-	unsigned char *max; /* largest value of p alowed */
+	unsigned char *max; /* largest value of p allowed */
 	unsigned char *q;/* temporary variable */
 	unsigned char **pp;/* variable */
 	int line;	/* used in error processing */

crypto/asn1/asn1_lib.c

@@ -176,7 +176,7 @@ static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
 	}
 
 /* class 0 is constructed
- * constructed == 2 for indefinitle length constructed */
+ * constructed == 2 for indefinite length constructed */
 void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
 	     int xclass)
 	{
@@ -349,7 +349,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
 	if (data != NULL)
 		{
 		memcpy(str->data,data,len);
-		/* an alowance for strings :-) */
+		/* an allowance for strings :-) */
 		str->data[len]='\0';
 		}
 	return(1);

crypto/asn1/d2i_pr.c

@@ -122,7 +122,7 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp,
 	int keytype;
 	p = *pp;
 	/* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
-	 * by analysing it we can determine the passed structure: this
+	 * by analyzing it we can determine the passed structure: this
 	 * assumes the input is surrounded by an ASN1 SEQUENCE.
 	 */
 	inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 

crypto/asn1/t_pkey.c

@@ -298,7 +298,7 @@ int DHparams_print(BIO *bp, DH *x)
 	if (!print(bp,"generator:",x->g,m,4)) goto err;
 	if (x->length != 0)
 		{
-		if (BIO_printf(bp,"    recomented-private-length: %d bits\n",
+		if (BIO_printf(bp,"    recommended-private-length: %d bits\n",
 			(int)x->length) <= 0) goto err;
 		}
 	ret=1;

crypto/asn1/x_req.c

@@ -73,7 +73,7 @@ int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **pp)
 	 * allow some CA Software to accept the cert request.
 	 * It is not following the PKCS standards ...
 	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attibutes
+	 * attributes [0] IMPLICIT Attributes
 	 * NOTE: no OPTIONAL ... so it *must* be there
 	 */
 	if (a->req_kludge) 
@@ -94,7 +94,7 @@ int i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **pp)
 	/* this is a *nasty* hack reported to be required by some CA's.
 	 * It is not following the PKCS standards ...
 	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attibutes
+	 * attributes [0] IMPLICIT Attributes
 	 * NOTE: no OPTIONAL ... so it *must* be there
 	 */
 	if (a->req_kludge)
@@ -126,7 +126,7 @@ X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a, unsigned char **pp,
 	 * have been reported as requiring it.
 	 * It is not following the PKCS standards ...
 	 * PKCS#10 pg 5
-	 * attributes [0] IMPLICIT Attibutes
+	 * attributes [0] IMPLICIT Attributes
 	 * NOTE: no OPTIONAL ... so it *must* be there
 	 */
 	if (asn1_Finish(&c))

crypto/asn1/x_spki.c

@@ -57,7 +57,7 @@
  */
 
  /* This module was send to me my Pat Richards <patr@x509.com> who
-  * wrote it.  It is under my Copyright with his permision
+  * wrote it.  It is under my Copyright with his permission
   */
 
 #include <stdio.h>

crypto/bf/bf_ecb.c

@@ -61,11 +61,11 @@
 #include <openssl/opensslv.h>
 
 /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
  * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
  */
 
-const char *BF_version="BlowFish" OPENSSL_VERSION_PTEXT;
+const char *BF_version="Blowfish" OPENSSL_VERSION_PTEXT;
 
 const char *BF_options(void)
 	{

crypto/bf/bf_enc.c

@@ -60,7 +60,7 @@
 #include "bf_locl.h"
 
 /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
+ * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
  * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
  */
 

crypto/bf/bf_locl.h

@@ -148,7 +148,7 @@
                          *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
                          *((c)++)=(unsigned char)(((l)     )&0xff))
 
-/* This is actually a big endian algorithm, the most significate byte
+/* This is actually a big endian algorithm, the most significant byte
  * is used to lookup array 0 */
 
 #if defined(BF_PTR2)
@@ -183,8 +183,8 @@
 
 /*
  * This is normally very good on RISC platforms where normally you
- * have to explicitely "multiplicate" array index by sizeof(BF_LONG)
- * in order to caclulate the effective address. This implementation
+ * have to explicitly "multiply" array index by sizeof(BF_LONG)
+ * in order to calculate the effective address. This implementation
  * excuses CPU from this extra work. Power[PC] uses should have most
  * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely
  * rlwinm. So let'em double-check if their compiler does it.

crypto/bf/bf_opts.c

@@ -242,7 +242,7 @@ int main(int argc, char **argv)
 		}
 
 #ifndef TIMES
-	fprintf(stderr,"To get the most acurate results, try to run this\n");
+	fprintf(stderr,"To get the most accurate results, try to run this\n");
 	fprintf(stderr,"program when this computer is idle.\n");
 #endif
 

crypto/bf/bfspeed.c

@@ -183,7 +183,7 @@ int main(int argc, char **argv)
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 

crypto/bio/bio.h

@@ -76,7 +76,7 @@ extern "C" {
 #define BIO_TYPE_SOCKET		(5|0x0400|0x0100)
 #define BIO_TYPE_NULL		(6|0x0400)
 #define BIO_TYPE_SSL		(7|0x0200)
-#define BIO_TYPE_MD		(8|0x0200)		/* pasive filter */
+#define BIO_TYPE_MD		(8|0x0200)		/* passive filter */
 #define BIO_TYPE_BUFFER		(9|0x0200)		/* filter */
 #define BIO_TYPE_CIPHER		(10|0x0200)		/* filter */
 #define BIO_TYPE_BASE64		(11|0x0200)		/* filter */
@@ -168,7 +168,7 @@ extern "C" {
 #define BIO_get_retry_flags(b) \
 		((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY))
 
-/* These shouldbe used by the application to tell why we should retry */
+/* These should be used by the application to tell why we should retry */
 #define BIO_should_read(a)		((a)->flags & BIO_FLAGS_READ)
 #define BIO_should_write(a)		((a)->flags & BIO_FLAGS_WRITE)
 #define BIO_should_io_special(a)	((a)->flags & BIO_FLAGS_IO_SPECIAL)

crypto/bio/bss_bio.c

@@ -65,7 +65,7 @@ struct bio_bio_st
 
 	size_t request; /* valid iff peer != NULL; 0 if len != 0,
 	                 * otherwise set by peer to number of bytes
-	                 * it (unsuccesfully) tried to read,
+	                 * it (unsuccessfully) tried to read,
 	                 * never more than buffer space (size-len) warrants. */
 };
 
@@ -387,7 +387,7 @@ static size_t bio_nwrite0(BIO *bio, char **buf)
 		write_offset -= b->size;
 	if (write_offset + num > b->size)
 		/* no ring buffer wrap-around for non-copying interface
-		 * (to fulfil the promise by BIO_ctrl_get_write_guarantee,
+		 * (to fulfill the promise by BIO_ctrl_get_write_guarantee,
 		 * BIO_nwrite may have to be called twice) */
 		num = b->size - write_offset;
 
@@ -479,7 +479,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 
 	case BIO_C_GET_WRITE_GUARANTEE:
 		/* How many bytes can the caller feed to the next write
-		 * withouth having to keep any? */
+		 * without having to keep any? */
 		if (b->peer == NULL || b->closed)
 			ret = 0;
 		else
@@ -487,7 +487,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
 		break;
 
 	case BIO_C_GET_READ_REQUEST:
-		/* If the peer unsuccesfully tried to read, how many bytes
+		/* If the peer unsuccessfully tried to read, how many bytes
 		 * were requested?  (As with BIO_CTRL_PENDING, that number
 		 * can usually be treated as boolean.) */
 		ret = (long) b->request;
@@ -765,7 +765,7 @@ int BIO_ctrl_reset_read_request(BIO *bio)
 	}
 
 
-/* BIO_nread0/nread/nwrite0/nwrite are availabe only for BIO pairs for now
+/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
  * (conceivably some other BIOs could allow non-copying reads and writes too.)
  */
 int BIO_nread0(BIO *bio, char **buf)

crypto/bio/bss_conn.c

@@ -90,11 +90,11 @@ typedef struct bio_connect_st
 	struct sockaddr_in them;
 
 	/* int socket; this will be kept in bio->num so that it is
-	 * compatable with the bss_sock bio */ 
+	 * compatible with the bss_sock bio */ 
 
 	/* called when the connection is initially made
 	 *  callback(BIO,state,ret);  The callback should return
-	 * 'ret'.  state is for compatablity with the ssl info_callback */
+	 * 'ret'.  state is for compatibility with the ssl info_callback */
 	int (*info_callback)();
 	} BIO_CONNECT;
 
@@ -500,7 +500,7 @@ static long conn_ctrl(BIO *b, int cmd, long num, char *ptr)
 				*((int *)ptr)=data->port;
 				}
 			if ((!b->init) || (ptr == NULL))
-				*pptr="not initalised";
+				*pptr="not initialized";
 			ret=1;
 			}
 		break;

crypto/bio/bss_file.c

@@ -171,7 +171,7 @@ static int MS_CALLBACK file_write(BIO *b, char *in, int inl)
 		if (fwrite(in,(int)inl,1,(FILE *)b->ptr))
 			ret=inl;
 		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
-		/* acording to Tim Hudson <tjh@cryptsoft.com>, the commented
+		/* according to Tim Hudson <tjh@cryptsoft.com>, the commented
 		 * out version above can cause 'inl' write calls under
 		 * some stupid stdio implementations (VMS) */
 		}

crypto/bn/bn.h

@@ -83,12 +83,12 @@ extern "C" {
  * The reason for this flag is that when the particular C compiler
  * library routine is used, and the library is linked with a different
  * compiler, the library is missing.  This mostly happens when the
- * library is built with gcc and then linked using nornal cc.  This would
- * be a common occurance because gcc normally produces code that is
+ * library is built with gcc and then linked using normal cc.  This would
+ * be a common occurrence because gcc normally produces code that is
  * 2 times faster than system compilers for the big number stuff.
  * For machines with only one compiler (or shared libraries), this should
  * be on.  Again this in only really a problem on machines
- * using "long long's", are 32bit, and are not using my assember code. */
+ * using "long long's", are 32bit, and are not using my assembler code. */
 #if defined(MSDOS) || defined(WINDOWS) || defined(linux)
 #define BN_DIV2W
 #endif
@@ -118,8 +118,8 @@ extern "C" {
 
 /* This is where the long long data type is 64 bits, but long is 32.
  * For machines where there are 64bit registers, this is the mode to use.
- * IRIX, on R4000 and above should use this mode, along with the relevent
- * assember code :-).  Do NOT define BN_LLONG.
+ * IRIX, on R4000 and above should use this mode, along with the relevant
+ * assembler code :-).  Do NOT define BN_LLONG.
  */
 #ifdef SIXTY_FOUR_BIT
 #undef BN_LLONG

crypto/bn/bn_exp2.c

@@ -9,7 +9,7 @@
  * bits=1  75.4%  79.4%
  * bits=2  61.2%  62.4%
  * bits=3  61.3%  59.3%
- * The lack of speed improvment is also a function of the pre-calculation
+ * The lack of speed improvement is also a function of the pre-calculation
  * which could be removed.
  */
 #define EXP2_TABLE_BITS	2 /* 1  2  3  4  5  */

crypto/bn/bn_lib.c

@@ -394,7 +394,7 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
  * if A and B happen to share same cache line such code is going to
  * cause severe cache trashing. Both factors have severe impact on
  * performance of modern CPUs and this is the reason why this
- * particulare piece of code is #ifdefed away and replaced by more
+ * particular piece of code is #ifdefed away and replaced by more
  * "friendly" version found in #else section below. This comment
  * also applies to BN_copy function.
  *
@@ -425,7 +425,7 @@ BIGNUM *bn_expand2(BIGNUM *b, int words)
 				A[0]=B[0];
 			case 0:
 				/* I need the 'case 0' entry for utrix cc.
-				 * If the optimiser is turned on, it does the
+				 * If the optimizer is turned on, it does the
 				 * switch table by doing
 				 * a=top&7
 				 * a--;

crypto/bn/bn_mul.c

@@ -66,7 +66,7 @@
  * n2 must be a power of 2.
  * We multiply and return the result.
  * t must be 2*n2 words in size
- * We calulate
+ * We calculate
  * a[0]*b[0]
  * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
  * a[1]*b[1]
@@ -620,7 +620,7 @@ printf("BN_mul %d * %d\n",a->top,b->top);
 			goto end;
 			}
 #  ifdef BN_RECURSION
-		goto symetric;
+		goto symmetric;
 #  endif
 		}
 #endif
@@ -640,19 +640,19 @@ printf("BN_mul %d * %d\n",a->top,b->top);
 			bn_wexpand(b,al);
 			b->d[bl]=0;
 			bl++;
-			goto symetric;
+			goto symmetric;
 			}
 		else if ((i ==  -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
 			{
 			bn_wexpand(a,bl);
 			a->d[al]=0;
 			al++;
-			goto symetric;
+			goto symmetric;
 			}
 		}
 #endif
 
-	/* asymetric and >= 4 */ 
+	/* asymmetric and >= 4 */ 
 	if (bn_wexpand(rr,top) == NULL) return(0);
 	rr->top=top;
 	bn_mul_normal(rr->d,a->d,al,b->d,bl);
@@ -660,8 +660,8 @@ printf("BN_mul %d * %d\n",a->top,b->top);
 #ifdef BN_RECURSION
 	if (0)
 		{
-symetric:
-		/* symetric and > 4 */
+symmetric:
+		/* symmetric and > 4 */
 		/* 16 or larger */
 		j=BN_num_bits_word((BN_ULONG)al);
 		j=1<<(j-1);

crypto/bn/bn_opts.c

@@ -254,7 +254,7 @@ int time_it(int sec, PARMS *p)
 	for (;;)
 		{
 		if (verbose)
-			printf("timing %s for %d interations\n",p->name,i);
+			printf("timing %s for %d interactions\n",p->name,i);
 
 		ms_time_get(start);
 		p->func(i,p);
@@ -271,7 +271,7 @@ int time_it(int sec, PARMS *p)
 			}
 		}
 	if (verbose)
-		printf("using %d interations\n",i);
+		printf("using %d interactions\n",i);
 	return(i);
 	}
 

crypto/bn/bn_prime.c

@@ -223,7 +223,7 @@ int BN_is_prime_fasttest(const BIGNUM *a, int checks,
 	BN_CTX *ctx = NULL;
 	BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
 	BN_MONT_CTX *mont = NULL;
-	const BIGNUM *A;
+	const BIGNUM *A = NULL;
 
 	if (checks == BN_prime_checks)
 		checks = BN_prime_checks_for_size(BN_num_bits(a));
@@ -364,7 +364,7 @@ again:
 			d=delta;
 			delta+=2;
 			/* perhaps need to check for overflow of
-			 * delta (but delta can be upto 2^32)
+			 * delta (but delta can be up to 2^32)
 			 * 21-May-98 eay - added overflow check */
 			if (delta < d) goto again;
 			goto loop;

crypto/bn/bn_print.c

@@ -137,7 +137,7 @@ char *BN_bn2dec(const BIGNUM *a)
 			}
 		lp--;
 		/* We now have a series of blocks, BN_DEC_NUM chars
-		 * in length, where the last one needs trucation.
+		 * in length, where the last one needs truncation.
 		 * The blocks need to be reversed in order. */
 		sprintf(p,BN_DEC_FMT1,*lp);
 		while (*p) p++;
@@ -171,7 +171,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
 	num=i+neg;
 	if (bn == NULL) return(num);
 
-	/* a is the start of the hex digets, and it is 'i' long */
+	/* a is the start of the hex digits, and it is 'i' long */
 	if (*bn == NULL)
 		{
 		if ((ret=BN_new()) == NULL) return(0);
@@ -185,7 +185,7 @@ int BN_hex2bn(BIGNUM **bn, const char *a)
 	/* i is the number of hex digests; */
 	if (bn_expand(ret,i*4) == NULL) goto err;
 
-	j=i; /* least significate 'hex' */
+	j=i; /* least significant 'hex' */
 	m=0;
 	h=0;
 	while (j > 0)
@@ -236,8 +236,8 @@ int BN_dec2bn(BIGNUM **bn, const char *a)
 	num=i+neg;
 	if (bn == NULL) return(num);
 
-	/* a is the start of the digets, and it is 'i' long.
-	 * We chop it into BN_DEC_NUM digets at a time */
+	/* a is the start of the digits, and it is 'i' long.
+	 * We chop it into BN_DEC_NUM digits at a time */
 	if (*bn == NULL)
 		{
 		if ((ret=BN_new()) == NULL) return(0);

crypto/bn/bn_sqr.c

@@ -185,7 +185,7 @@ void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp)
  * n must be a power of 2.
  * We multiply and return the result.
  * t must be 2*n words in size
- * We calulate
+ * We calculate
  * a[0]*b[0]
  * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
  * a[1]*b[1]

crypto/cast/cast_spd.c

@@ -183,7 +183,7 @@ int main(int argc, char **argv)
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 

crypto/cast/castopts.c

@@ -252,7 +252,7 @@ int main(int argc, char **argv)
 		}
 
 #ifndef TIMES
-	fprintf(stderr,"To get the most acurate results, try to run this\n");
+	fprintf(stderr,"To get the most accurate results, try to run this\n");
 	fprintf(stderr,"program when this computer is idle.\n");
 #endif
 

crypto/des/des.c

@@ -325,11 +325,11 @@ void usage(void)
 "des <options> [input-file [output-file]]",
 "options:",
 "-v         : des(1) version number",
-"-e         : encrypt using sunOS compatible user key to DES key conversion.",
+"-e         : encrypt using SunOS compatible user key to DES key conversion.",
 "-E         : encrypt ",
-"-d         : decrypt using sunOS compatible user key to DES key conversion.",
+"-d         : decrypt using SunOS compatible user key to DES key conversion.",
 "-D         : decrypt ",
-"-c[ckname] : generate a cbc_cksum using sunOS compatible user key to",
+"-c[ckname] : generate a cbc_cksum using SunOS compatible user key to",
 "             DES key conversion and output to ckname (stdout default,",
 "             stderr if data being output on stdout).  The checksum is",
 "             generated before encryption and after decryption if used",
@@ -340,10 +340,10 @@ void usage(void)
 "             that is used directly as the des key",
 "-u[uuname] : input file is uudecoded if -[dD] or output uuencoded data if -[eE]",
 "             (uuname is the filename to put in the uuencode header).",
-"-b         : encrypt using DES in ecb encryption mode, the defaut is cbc mode.",
-"-3         : encrypt using tripple DES encryption.  This uses 2 keys",
+"-b         : encrypt using DES in ecb encryption mode, the default is cbc mode.",
+"-3         : encrypt using triple DES encryption.  This uses 2 keys",
 "             generated from the input key.  If the input key is less",
-"             than 8 characters long, this is equivelent to normal",
+"             than 8 characters long, this is equivalent to normal",
 "             encryption.  Default is triple cbc, -b makes it triple ecb.",
 NULL
 };

crypto/des/des_locl.h

@@ -182,14 +182,14 @@
 #endif
 
 /* The changes to this macro may help or hinder, depending on the
- * compiler and the achitecture.  gcc2 always seems to do well :-).
+ * compiler and the architecture.  gcc2 always seems to do well :-).
  * Inspired by Dana How <how@isl.stanford.edu>
  * DO NOT use the alternative version on machines with 8 byte longs.
  * It does not seem to work on the Alpha, even when DES_LONG is 4
  * bytes, probably an issue of accessing non-word aligned objects :-( */
 #ifdef DES_PTR
 
-/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
+/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
  * is no reason to not xor all the sub items together.  This potentially
  * saves a register since things can be xored directly into L */
 

crypto/des/des_opts.c

@@ -434,7 +434,7 @@ int main(int argc, char **argv)
 		}
 
 #ifndef TIMES
-	fprintf(stderr,"To get the most acurate results, try to run this\n");
+	fprintf(stderr,"To get the most accurate results, try to run this\n");
 	fprintf(stderr,"program when this computer is idle.\n");
 #endif
 

crypto/des/enc_writ.c

@@ -152,7 +152,7 @@ int des_enc_write(int fd, const void *_buf, int len,
 	for (j=0; j<outnum; j+=i)
 		{
 		/* eay 26/08/92 I was not doing writing from where we
-		 * got upto. */
+		 * got up to. */
 		i=write(fd,(void *)&(outbuf[j]),outnum-j);
 		if (i == -1)
 			{

crypto/des/fcrypt.c

@@ -9,7 +9,7 @@
 #include <openssl/ebcdic.h>
 #endif
 
-/* This version of crypt has been developed from my MIT compatable
+/* This version of crypt has been developed from my MIT compatible
  * DES library.
  * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
  * Eric Young (eay@cryptsoft.com)
@@ -19,7 +19,7 @@
  * I have included directive PARA for shared memory computers.
  * I have included a directive LONGCRYPT to using this routine to cipher
  * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
- * definition is the maximum of lenght of password and can changed. I have
+ * definition is the maximum of length of password and can changed. I have
  * defined 24.
  */
 
@@ -124,8 +124,8 @@ char *des_fcrypt(const char *buf, const char *salt, char *ret)
 	 * returns *\0XXXXXXXXX
 	 * The \0 makes the string look like * so the pwd "*" would
 	 * crypt to "*".  This was found when replacing the crypt in
-	 * our shared libraries.  People found that the disbled
-	 * accounts effectivly had no passwd :-(. */
+	 * our shared libraries.  People found that the disabled
+	 * accounts effectively had no passwd :-(. */
 #ifndef CHARSET_EBCDIC
 	x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
 	Eswap0=con_salt[x]<<2;

crypto/des/fcrypt_b.c

@@ -58,7 +58,7 @@
 
 #include <stdio.h>
 
-/* This version of crypt has been developed from my MIT compatable
+/* This version of crypt has been developed from my MIT compatible
  * DES library.
  * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
  * Eric Young (eay@cryptsoft.com)

crypto/des/set_key.c

@@ -125,7 +125,7 @@ int des_is_weak_key(const_des_cblock *key)
 	int i;
 
 	for (i=0; i<NUM_WEAK_KEY; i++)
-		/* Added == 0 to comparision, I obviously don't run
+		/* Added == 0 to comparison, I obviously don't run
 		 * this section very often :-(, thanks to
 		 * engineering@MorningStar.Com for the fix
 		 * eay 93/06/29

crypto/des/speed.c

@@ -186,7 +186,7 @@ int main(int argc, char **argv)
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 

crypto/err/err.c

@@ -91,7 +91,7 @@ static ERR_STRING_DATA ERR_str_libraries[]=
 {ERR_PACK(ERR_LIB_PEM,0,0)		,"PEM routines"},
 {ERR_PACK(ERR_LIB_ASN1,0,0)		,"asn1 encoding routines"},
 {ERR_PACK(ERR_LIB_X509,0,0)		,"x509 certificate routines"},
-{ERR_PACK(ERR_LIB_CONF,0,0)		,"configuation file routines"},
+{ERR_PACK(ERR_LIB_CONF,0,0)		,"configuration file routines"},
 {ERR_PACK(ERR_LIB_METH,0,0)		,"X509 lookup 'method' routines"},
 {ERR_PACK(ERR_LIB_SSL,0,0)		,"SSL routines"},
 {ERR_PACK(ERR_LIB_RSAREF,0,0)		,"RSAref routines"},

crypto/err/err.h

@@ -162,7 +162,7 @@ typedef struct err_state_st
 #define ERR_GET_REASON(l)	(int)((l)&0xfffL)
 #define ERR_FATAL_ERROR(l)	(int)((l)&ERR_R_FATAL)
 
-/* OS fuctions */
+/* OS functions */
 #define SYS_F_FOPEN		1
 #define SYS_F_CONNECT		2
 #define SYS_F_GETSERVBYNAME	3

crypto/evp/bio_ok.c

@@ -67,7 +67,7 @@
 	and everything was OK. BUT if user types wrong password 
 	BIO_f_cipher outputs only garbage and my function crashes. Yes
 	I can and I should fix my function, but BIO_f_cipher is 
-	easy way to add encryption support to many exisiting applications
+	easy way to add encryption support to many existing applications
 	and it's hard to debug and fix them all. 
 
 	So I wanted another BIO which would catch the incorrect passwords and
@@ -80,10 +80,10 @@
 	1) you must somehow separate checksum from actual data. 
 	2) you need lot's of memory when reading the file, because you 
 	must read to the end of the file and verify the checksum before
-	leting the application to read the data. 
+	letting the application to read the data. 
 	
 	BIO_f_reliable tries to solve both problems, so that you can 
-	read and write arbitraly long streams using only fixed amount
+	read and write arbitrary long streams using only fixed amount
 	of memory.
 
 	BIO_f_reliable splits data stream into blocks. Each block is prefixed
@@ -91,7 +91,7 @@
 	several Kbytes of memory to buffer single block before verifying 
 	it's digest. 
 
-	BIO_f_reliable goes futher and adds several important capabilities:
+	BIO_f_reliable goes further and adds several important capabilities:
 
 	1) the digest of the block is computed over the whole stream 
 	-- so nobody can rearrange the blocks or remove or replace them.
@@ -110,7 +110,7 @@
 	and then compare the digest output.
 
 	Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I 
-	initialy wrote and tested this code on x86 machine and wrote the
+	initially wrote and tested this code on x86 machine and wrote the
 	digests out in machine-dependent order :( There are people using
 	this code and I cannot change this easily without making existing
 	data files unreadable.

crypto/evp/evp.h

@@ -149,7 +149,7 @@ extern "C" {
 
 /* Type needs to be a bit field
  * Sub-type needs to be for variations on the method, as in, can it do
- * arbitary encryption.... */
+ * arbitrary encryption.... */
 typedef struct evp_pkey_st
 	{
 	int type;
@@ -343,7 +343,7 @@ typedef struct evp_cipher_ctx_st
 	unsigned char buf[EVP_MAX_IV_LENGTH];	/* saved partial block */
 	int num;				/* used by cfb/ofb mode */
 
-	char *app_data;		/* aplication stuff */
+	char *app_data;		/* application stuff */
 	union	{
 #ifndef NO_RC4
 		struct
@@ -715,7 +715,7 @@ void EVP_PBE_cleanup(void);
 #define EVP_R_INPUT_NOT_INITIALIZED			 111
 #define EVP_R_IV_TOO_LARGE				 102
 #define EVP_R_KEYGEN_FAILURE				 120
-#define EVP_R_MISSING_PARMATERS				 103
+#define EVP_R_MISSING_PARAMETERS			 103
 #define EVP_R_NO_DSA_PARAMETERS				 116
 #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED		 104
 #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED		 105

crypto/evp/evp_err.c

@@ -105,7 +105,7 @@ static ERR_STRING_DATA EVP_str_reasons[]=
 {EVP_R_INPUT_NOT_INITIALIZED             ,"input not initialized"},
 {EVP_R_IV_TOO_LARGE                      ,"iv too large"},
 {EVP_R_KEYGEN_FAILURE                    ,"keygen failure"},
-{EVP_R_MISSING_PARMATERS                 ,"missing parmaters"},
+{EVP_R_MISSING_PARAMETERS                ,"missing parameters"},
 {EVP_R_NO_DSA_PARAMETERS                 ,"no dsa parameters"},
 {EVP_R_NO_SIGN_FUNCTION_CONFIGURED       ,"no sign function configured"},
 {EVP_R_NO_VERIFY_FUNCTION_CONFIGURED     ,"no verify function configured"},

crypto/evp/evp_pkey.c

@@ -231,7 +231,7 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
 		case EVP_PKEY_DSA:
 		p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
 
-		/* get paramaters and place in AlgorithmIdentifier */
+		/* get parameters and place in AlgorithmIdentifier */
 		len = i2d_DSAparams (pkey->pkey.dsa, NULL);
 		if (!(p = Malloc(len))) {
 			EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);

crypto/evp/p_lib.c

@@ -119,7 +119,7 @@ int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from)
 
 	if (EVP_PKEY_missing_parameters(from))
 		{
-		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARMATERS);
+		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
 		goto err;
 		}
 #ifndef NO_DSA

crypto/idea/idea_lcl.h

@@ -56,7 +56,7 @@
  * [including the GNU Public Licence.]
  */
 
-/* The new form of this macro (check if the a*b == 0) was sugested by 
+/* The new form of this macro (check if the a*b == 0) was suggested by 
  * Colin Plumb <colin@nyx10.cs.du.edu> */
 /* Removal of the inner if from from Wei Dai 24/4/96 */
 #define idea_mul(r,a,b,ul) \

crypto/idea/idea_spd.c

@@ -183,7 +183,7 @@ int main(int argc, char **argv)
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 

crypto/lhash/lhash.c

@@ -64,11 +64,11 @@
  *
  * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
  *
- * 2.0 eay - Fixed a bug that occured when using lh_delete
+ * 2.0 eay - Fixed a bug that occurred when using lh_delete
  *	     from inside lh_doall().  As entries were deleted,
  *	     the 'table' was 'contract()ed', making some entries
  *	     jump from the end of the table to the start, there by
- *	     skiping the lh_doall() processing. eay - 4/12/95
+ *	     skipping the lh_doall() processing. eay - 4/12/95
  *
  * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
  *	     were not being free()ed. 21/11/95

crypto/md2/md2_dgst.c

@@ -69,9 +69,9 @@ const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
 
 #define UCHAR	unsigned char
 
-static void md2_block(MD2_CTX *c, unsigned char *d);
+static void md2_block(MD2_CTX *c, const unsigned char *d);
 /* The magic S table - I have converted it to hex since it is
- * basicaly just a random byte string. */
+ * basically just a random byte string. */
 static MD2_INT S[256]={
 	0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
 	0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
@@ -161,7 +161,7 @@ void MD2_Update(MD2_CTX *c, const unsigned char *data, unsigned long len)
 	c->num=(int)len;
 	}
 
-static void md2_block(MD2_CTX *c, unsigned char *d)
+static void md2_block(MD2_CTX *c, const unsigned char *d)
 	{
 	register MD2_INT t,*sp1,*sp2;
 	register int i,j;

crypto/md5/md5_locl.h

@@ -81,7 +81,7 @@ void md5_block_data_order (MD5_CTX *c, const void *p,int num);
 /*
  * *_block_host_order is expected to handle aligned data while
  * *_block_data_order - unaligned. As algorithm and host (x86)
- * are in this case of the same "endianess" these two are
+ * are in this case of the same "endianness" these two are
  * otherwise indistinguishable. But normally you don't want to
  * call the same function because unaligned access in places
  * where alignment is expected is usually a "Bad Thing". Indeed,
@@ -126,7 +126,7 @@ void md5_block_data_order (MD5_CTX *c, const void *p,int num);
  * Little-endians (Intel and Alpha) feel better without this.
  * It looks like memcpy does better job than generic
  * md5_block_data_order on copying-n-aligning input data.
- * But franlky speaking I didn't expect such result on Alpha.
+ * But frankly speaking I didn't expect such result on Alpha.
  * On the other hand I've got this with egcs-1.0.2 and if
  * program is compiled with another (better?) compiler it
  * might turn out other way around.
@@ -147,7 +147,7 @@ void md5_block_data_order (MD5_CTX *c, const void *p,int num);
 */
 
 /* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be
- * simplified to the code below.  Wei attributes these optimisations
+ * simplified to the code below.  Wei attributes these optimizations
  * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel.
  */
 #define	F(b,c,d)	((((c) ^ (d)) & (b)) ^ (d))

crypto/objects/objects.h

@@ -632,7 +632,7 @@ extern "C" {
 #define OBJ_ripemd160			1L,3L,36L,3L,2L,1L
 
 /* The name should actually be rsaSignatureWithripemd160, but I'm going
- * to contiune using the convention I'm using with the other ciphers */
+ * to continue using the convention I'm using with the other ciphers */
 #define SN_ripemd160WithRSA		"RSA-RIPEMD160"
 #define LN_ripemd160WithRSA		"ripemd160WithRSA"
 #define NID_ripemd160WithRSA		119
@@ -740,7 +740,7 @@ extern "C" {
 #define NID_ms_efs			138
 #define OBJ_ms_efs			1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
 
-/* Addidional usage: Netscape */
+/* Additional usage: Netscape */
 
 #define SN_ns_sgc			"nsSGC"
 #define LN_ns_sgc			"Netscape Server Gated Crypto"

crypto/pkcs7/bio_ber.c

@@ -92,7 +92,7 @@ typedef struct bio_ber_struct
 	/* most of the following are used when doing non-blocking IO */
 	/* reading */
 	long num_left;	/* number of bytes still to read/write in block */
-	int depth;	/* used with idefinite encoding. */
+	int depth;	/* used with indefinite encoding. */
 	int finished;	/* No more read data */
 
 	/* writting */ 

crypto/pkcs7/pk7_mime.c

@@ -597,7 +597,7 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
 		tmpval = BUF_strdup(value);
 		if(!tmpval) return 0;
 	} else tmpval = NULL;
-	/* Paramter values are case sensitive so leave as is */
+	/* Parameter values are case sensitive so leave as is */
 	mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM));
 	if(!mparam) return 0;
 	mparam->param_name = tmpname;

crypto/pkcs7/pkcs7.h

@@ -250,7 +250,7 @@ typedef struct pkcs7_st
 #define PKCS7_BINARY	0x80
 #define PKCS7_NOATTR	0x100
 
-/* Flags: for compatability with older code */
+/* Flags: for compatibility with older code */
 
 #define SMIME_TEXT	PKCS7_TEXT
 #define SMIME_NOCERTS	PKCS7_NOCERTS

crypto/rand/md_rand.c

@@ -497,12 +497,12 @@ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
  */
 /*
  * I have modified the loading of bytes via RAND_seed() mechanism since
- * the origional would have been very very CPU intensive since RAND_seed()
+ * the original would have been very very CPU intensive since RAND_seed()
  * does an MD5 per 16 bytes of input.  The cost to digest 16 bytes is the same
  * as that to digest 56 bytes.  So under the old system, a screen of
- * 1024*768*256 would have been CPU cost of approximatly 49,000 56 byte MD5
+ * 1024*768*256 would have been CPU cost of approximately 49,000 56 byte MD5
  * digests or digesting 2.7 mbytes.  What I have put in place would
- * be 48 16k MD5 digests, or efectivly 48*16+48 MD5 bytes or 816 kbytes
+ * be 48 16k MD5 digests, or effectively 48*16+48 MD5 bytes or 816 kbytes
  * or about 3.5 times as much.
  * - eric 
  */

crypto/rc2/rc2speed.c

@@ -183,7 +183,7 @@ int main(int argc, char **argv)
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 

crypto/rc4/rc4speed.c

@@ -183,7 +183,7 @@ int main(int argc, char **argv)
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 

crypto/rc5/rc5speed.c

@@ -183,7 +183,7 @@ int main(int argc, char **argv)
 #endif
 
 #ifndef TIMES
-	printf("To get the most acurate results, try to run this\n");
+	printf("To get the most accurate results, try to run this\n");
 	printf("program when this computer is idle.\n");
 #endif
 

crypto/rsa/rsa.h

@@ -95,7 +95,7 @@ typedef struct rsa_meth_st
  * to be signed/verified: this allows them to be used. Note: for this to work
  * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
  * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
- * compatability this functionality is only enabled if the RSA_FLAG_SIGN_VER
+ * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
  * option is set in 'flags'.
  */
 	int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,

crypto/rsa/rsa_eay.c

@@ -264,7 +264,7 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
 		goto err;
 		}
 
-	/* This check was for equallity but PGP does evil things
+	/* This check was for equality but PGP does evil things
 	 * and chops off the top '0' bytes */
 	if (flen > num)
 		{
@@ -357,7 +357,7 @@ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
 		goto err;
 		}
 
-	/* This check was for equallity but PGP does evil things
+	/* This check was for equality but PGP does evil things
 	 * and chops off the top '0' bytes */
 	if (flen > num)
 		{

crypto/rsa/rsa_sign.c

@@ -181,7 +181,7 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
 
 
 	#ifdef RSA_DEBUG
-		/* put a backward compatability flag in EAY */
+		/* put a backward compatibility flag in EAY */
 		fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
 			OBJ_nid2ln(dtype));
 	#endif

crypto/stack/stack.c

@@ -59,7 +59,7 @@
 /* Code for stacks
  * Author - Eric Young v 1.0
  * 1.2 eay 12-Mar-97 -	Modified sk_find so that it _DOES_ return the
- *			lowest index for the seached item.
+ *			lowest index for the searched item.
  *
  * 1.1 eay - Take from netdb and added to SSLeay
  *

crypto/threads/th-lock.c

@@ -96,7 +96,7 @@ static unsigned long pthreads_thread_id(void );
 
 /* usage:
  * CRYPTO_thread_setup();
- * applicaion code
+ * application code
  * CRYPTO_thread_cleanup();
  */
 

crypto/x509/x509.h

@@ -379,7 +379,7 @@ DECLARE_STACK_OF(X509_INFO)
 
 /* The next 2 structures and their 8 routines were sent to me by
  * Pat Richard <patr@x509.com> and are used to manipulate
- * Netscapes spki strucutres - usefull if you are writing a CA web page
+ * Netscapes spki structures - useful if you are writing a CA web page
  */
 typedef struct Netscape_spkac_st
 	{
@@ -901,7 +901,7 @@ int		X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name);
 int		X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey);
 EVP_PKEY *	X509_REQ_get_pubkey(X509_REQ *req);
 int		X509_REQ_extension_nid(int nid);
-int *		X509_REQ_get_extesion_nids(void);
+int *		X509_REQ_get_extension_nids(void);
 void		X509_REQ_set_extension_nids(int *nids);
 STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req);
 int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
@@ -962,7 +962,7 @@ int		X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
 			char *buf,int len);
 
 /* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
- * lastpos, seach after that position on. */
+ * lastpos, search after that position on. */
 int 		X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
 int 		X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj,
 			int lastpos);

crypto/x509/x509_cmp.c

@@ -188,7 +188,7 @@ int X509_NAME_cmp(X509_NAME *a, X509_NAME *b)
 
 #ifndef NO_MD5
 /* I now DER encode the name and hash it.  Since I cache the DER encoding,
- * this is reasonably effiecent. */
+ * this is reasonably efficient. */
 unsigned long X509_NAME_hash(X509_NAME *x)
 	{
 	unsigned long ret=0;

crypto/x509/x509_req.c

@@ -132,7 +132,7 @@ int X509_REQ_extension_nid(int req_nid)
 	}
 }
 
-int *X509_REQ_get_extesion_nids(void)
+int *X509_REQ_get_extension_nids(void)
 {
 	return ext_nids;
 }

crypto/x509/x509_trs.c

@@ -227,7 +227,7 @@ int X509_TRUST_get_trust(X509_TRUST *xp)
 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
 {
 	if(x->aux) return obj_trust(trust->arg1, x, flags);
-	/* we don't have any trust settings: for compatability
+	/* we don't have any trust settings: for compatibility
 	 * we return trusted if it is self signed
 	 */
 	X509_check_purpose(x, -1, 0);

doc/apps/CA.pl.pod

@@ -63,7 +63,7 @@ it creates a file "newcert.p12". This command can thus be called after the
 B<-sign> option. The PKCS#12 file can be imported directly into a browser.
 If there is an additional argument on the command line it will be used as the
 "friendly name" for the certificate (which is typically displayed in the browser
-list box), otherwise the name "My Certifictate" is used.
+list box), otherwise the name "My Certificate" is used.
 
 =item B<-sign>, B<-signreq>, B<-xsign>
 

doc/apps/ciphers.pod

@@ -25,7 +25,7 @@ the appropriate cipherlist.
 
 =item B<-v>
 
-verbose option. List ciphers with a complete decsription of the authentication,
+verbose option. List ciphers with a complete description of the authentication,
 key exchange, encryption and mac algorithms used along with any key size
 restrictions and whether the algorithm is classed as an "export" cipher.
 
@@ -186,7 +186,7 @@ cipher suites using DH, including anonymous DH.
 
 =item B<ADH>
 
-anoymous DH cipher suites.
+anonymous DH cipher suites.
 
 =item B<3DES>
 
@@ -313,7 +313,7 @@ Note: these ciphers can also be used in SSL v3.
 
 =head1 NOTES
 
-The non ephemeral DH modes are currently unimplimented in OpenSSL
+The non-ephemeral DH modes are currently unimplemented in OpenSSL
 because there is no support for DH certificates.
 
 Some compiled versions of OpenSSL may not include all the ciphers

doc/apps/config.pod

@@ -49,7 +49,7 @@ instead of calling B<getenv()> directly.
 It is possible to escape certain characters by using any kind of quote
 or the B<\> character. By making the last character of a line a B<\>
 a B<value> string can be spread across multiple lines. In addition
-the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognised.
+the sequences B<\n>, B<\r>, B<\b> and B<\t> are recognized.
 
 =head1 NOTES
 

doc/apps/req.pod

@@ -308,7 +308,7 @@ just consist of field names and values: for example,
 
  CN=My Name
  OU=My Organization
- emailAddress=someone@somehere.org
+ emailAddress=someone@somewhere.org
 
 This allows external programs (e.g. GUI based) to generate a template file
 with all the field names and values and just pass it to B<req>. An example

doc/apps/s_client.pod

@@ -111,11 +111,11 @@ print extensive debugging information including a hex dump of all traffic.
 
 =item B<-nbio_test>
 
-tests non blocking I/O
+tests non-blocking I/O
 
 =item B<-nbio>
 
-turns on non blocking I/O
+turns on non-blocking I/O
 
 =item B<-crlf>
 

doc/apps/s_server.pod

@@ -194,7 +194,7 @@ If a connection request is established with an SSL client and neither the
 B<-www> nor the B<-WWW> option has been used then normally any data received
 from the client is displayed and any key presses will be sent to the client. 
 
-Certain single letter commands are also recognised which perform special
+Certain single letter commands are also recognized which perform special
 operations: these are listed below.
 
 =over 4

doc/apps/sess_id.pod

@@ -45,7 +45,7 @@ input by default.
 
 =item B<-out filename>
 
-This specifies the output filename to write session information toor standard
+This specifies the output filename to write session information to or standard
 output if this option is not specified.
 
 =item B<-text>

doc/apps/x509.pod

@@ -179,7 +179,7 @@ may be trusted for SSL client but not SSL server use.
 See the description of the B<verify> utility for more information on the
 meaning of trust settings.
 
-Future versions of OpenSSL will recognise trust settings on any
+Future versions of OpenSSL will recognize trust settings on any
 certificate: not just root CAs.
 
 

doc/crypto/md5.pod

@@ -30,7 +30,7 @@ MD5_Final - MD2 and MD5 hash functions
 
 =head1 DESCRIPTION
 
-MD2 and MD5 are cryptographic hashs function with a 128 bit output.
+MD2 and MD5 are cryptographic hash functions with a 128 bit output.
 
 MD2() and MD5() compute the MD2 and MD5 message digest of the B<n>
 bytes at B<d> and place it in B<md> (which must have space for

ssl/s23_srvr.c

@@ -413,7 +413,7 @@ next_bit:
 		*(d++) = v[1];
 
 		/* lets populate the random area */
-		/* get the chalenge_length */
+		/* get the challenge_length */
 		i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl;
 		memset(d,0,SSL3_RANDOM_SIZE);
 		memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i);

ssl/s2_clnt.c

@@ -245,7 +245,7 @@ int ssl2_connect(SSL *s)
 		/*	ERR_clear_error();*/
 
 			/* If we want to cache session-ids in the client
-			 * and we sucessfully add the session-id to the
+			 * and we successfully add the session-id to the
 			 * cache, and there is a callback, then pass it out.
 			 * 26/11/96 - eay - only add if not a re-used session.
 			 */
@@ -368,7 +368,7 @@ static int get_server_hello(SSL *s)
 		*/
 #endif
 
-		/* we need to do this incase we were trying to reuse a 
+		/* we need to do this in case we were trying to reuse a 
 		 * client session but others are already reusing it.
 		 * If this was a new 'blank' session ID, the session-id
 		 * length will still be 0 */
@@ -418,7 +418,7 @@ static int get_server_hello(SSL *s)
 
 		/* In theory we could have ciphers sent back that we
 		 * don't want to use but that does not matter since we
-		 * will check against the list we origionally sent and
+		 * will check against the list we originally sent and
 		 * for performance reasons we should not bother to match
 		 * the two lists up just to check. */
 		for (i=0; i<sk_SSL_CIPHER_num(cl); i++)
@@ -768,7 +768,7 @@ static int client_certificate(SSL *s)
 			{
 			/* this is not good.  If things have failed it
 			 * means there so something wrong with the key.
-			 * We will contiune with a 0 length signature
+			 * We will continue with a 0 length signature
 			 */
 			}
 		memset(&ctx,0,sizeof(ctx));

ssl/s2_srvr.c

@@ -689,7 +689,7 @@ static int server_hello(SSL *s)
 		s->init_off=0;
 		}
 	/* SSL2_ST_SEND_SERVER_HELLO_B */
- 	/* If we are using TCP/IP, the performace is bad if we do 2
+ 	/* If we are using TCP/IP, the performance is bad if we do 2
  	 * writes without a read between them.  This occurs when
  	 * Session-id reuse is used, so I will put in a buffering module
  	 */

ssl/s3_clnt.c

@@ -1225,7 +1225,7 @@ fclose(out);
 
 		if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL)
 			{
-			/* If netscape tollerance is on, ignore errors */
+			/* If netscape tolerance is on, ignore errors */
 			if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG)
 				goto cont;
 			else
@@ -1258,7 +1258,7 @@ cont:
 		ERR_clear_error();
 		}
 
-	/* we should setup a certficate to return.... */
+	/* we should setup a certificate to return.... */
 	s->s3->tmp.cert_req=1;
 	s->s3->tmp.ctype_num=ctype_num;
 	if (s->s3->tmp.ca_names != NULL)

ssl/s3_enc.c

@@ -571,11 +571,11 @@ int ssl3_alert_code(int code)
 	case SSL_AD_ACCESS_DENIED:	return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_DECODE_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_DECRYPT_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_EXPORT_RESTRICION:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_EXPORT_RESTRICTION:	return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_PROTOCOL_VERSION:	return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_INSUFFICIENT_SECURITY:return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_INTERNAL_ERROR:	return(SSL3_AD_HANDSHAKE_FAILURE);
-	case SSL_AD_USER_CANCLED:	return(SSL3_AD_HANDSHAKE_FAILURE);
+	case SSL_AD_USER_CANCELLED:	return(SSL3_AD_HANDSHAKE_FAILURE);
 	case SSL_AD_NO_RENEGOTIATION:	return(-1); /* Don't send it :-) */
 	default:			return(-1);
 		}

ssl/s3_pkt.c

@@ -331,7 +331,7 @@ again:
 	/* We now have - encrypted [ MAC [ compressed [ plain ] ] ]
 	 * rr->length bytes of encrypted compressed stuff. */
 
-	/* check is not needed I belive */
+	/* check is not needed I believe */
 	if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
 		{
 		al=SSL_AD_RECORD_OVERFLOW;