Fix legitimate spelling errors

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29463)

NEWS.md

@@ -162,7 +162,7 @@ changes:
 
   * Optimized AES-CTR for ARM Neoverse V1 and V2
 
-  * Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems
+  * Enable AES and SHA3 optimisations on Apple Silicon M3-based MacOS systems
     similar to M1/M2.
 
   * Various optimizations for cryptographic routines using RISC-V vector crypto

crypto/evp/ctrl_params_translate.c

@@ -2869,7 +2869,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
          * function to put it to good use, or maybe affect it.
          *
          * NOTE: even though EVP_PKEY_CTX_ctrl return value is documented
-         * as return positive on Success and 0 or negative on falure. There
+         * as return positive on Success and 0 or negative on failure. There
          * maybe parameters (e.g. ecdh_cofactor), which actually return 0
          * as success value. That is why we do POST_PARAMS_TO_CTRL for 0
          * value as well

crypto/modes/asm/aes-gcm-avx512.pl

@@ -2592,7 +2592,7 @@ ___
     $code .= <<___;
         vpclmulqdq        \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]}
         vpslldq           \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]}                    # ; shift-L 2 DWs
-        vpxorq            @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]}      # ; first phase of the reduct
+        vpxorq            @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]}      # ; first phase of the reduction
 ___
   }
 
@@ -3222,7 +3222,7 @@ ___
     $code .= <<___;
         vpclmulqdq        \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]}
         vpslldq           \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]}                    # ; shift-L 2 DWs
-        vpxorq            @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]}      # ; first phase of the reduct
+        vpxorq            @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]}      # ; first phase of the reduction
 ___
   }
 

doc/man1/openssl-verification-options.pod

@@ -581,7 +581,7 @@ keyCertSign bit set if the keyUsage extension is present.
 
 The extKeyUsage (EKU) extension places additional restrictions on
 certificate use. If this extension is present (whether critical or not)
-in an end-entity certficiate, the key is allowed only for the uses specified,
+in an end-entity certificate, the key is allowed only for the uses specified,
 while the special EKU B<anyExtendedKeyUsage> allows for all uses.
 
 Note that according to RFC 5280 section 4.2.1.12,
@@ -639,7 +639,7 @@ This is used as a workaround if the basicConstraints extension is absent.
 =item B<Netscape SSL Server> (C<nssslserver>)
 
 In addition to what has been described for B<sslserver>, for a Netscape
-SSL client to connect to an SSL server, its EE certficate must have the
+SSL client to connect to an SSL server, its EE certificate must have the
 B<keyEncipherment> bit set if the keyUsage extension is present. This isn't
 always valid because some cipher suites use the key for digital signing.
 Otherwise it is the same as a normal SSL server.
@@ -660,19 +660,19 @@ This is used as a workaround if the basicConstraints extension is absent.
 
 =item B<S/MIME Signing> (C<smimesign>)
 
-In addition to the common S/MIME checks, for target certficiates
+In addition to the common S/MIME checks, for target certificates
 the key usage must allow for C<digitalSignature> and/or B<nonRepudiation>.
 
 =item B<S/MIME Encryption> (C<smimeencrypt>)
 
-In addition to the common S/MIME checks, for target certficiates
+In addition to the common S/MIME checks, for target certificates
 the key usage must allow for C<keyEncipherment>.
 
 =item B<CRL Signing> (C<crlsign>)
 
 For target certificates, the key usage must allow for C<cRLSign>.
 
-For all other certifcates the normal CA checks apply.
+For all other certificates the normal CA checks apply.
 Except in this case the basicConstraints extension must be present.
 
 =item B<OCSP Helper> (C<ocsphelper>)
@@ -680,7 +680,7 @@ Except in this case the basicConstraints extension must be present.
 For target certificates, no checks are performed at this stage,
 but special checks apply; see L<OCSP_basic_verify(3)>.
 
-For all other certifcates the normal CA checks apply.
+For all other certificates the normal CA checks apply.
 
 =item B<Timestamp Signing> (C<timestampsign>)
 
@@ -689,7 +689,7 @@ C<digitalSignature> and/or C<nonRepudiation> and must not include other bits.
 The EKU extension must be present and contain C<timeStamping> only.
 Moreover, it must be marked as critical.
 
-For all other certifcates the normal CA checks apply.
+For all other certificates the normal CA checks apply.
 
 =item B<Code Signing> (C<codesign>)
 
@@ -699,7 +699,7 @@ include <digitalSignature>, but must not include C<keyCertSign> nor C<cRLSign>.
 The EKU extension must be present and contain C<codeSign>,
 but must not include C<anyExtendedKeyUsage> nor C<serverAuth>.
 
-For all other certifcates the normal CA checks apply.
+For all other certificates the normal CA checks apply.
 
 =back
 

doc/man3/OSSL_PROVIDER.pod

@@ -172,7 +172,7 @@ I<capability>. For each capability of that name supported by the provider it
 will call the callback I<cb> and supply a set of L<OSSL_PARAM(3)>s describing the
 capability. It will also pass back the argument I<arg>. For more details about
 capabilities and what they can be used for please see
-L<provider-base(7)/CAPABILTIIES>.
+L<provider-base(7)/CAPABILITIES>.
 
 =head1 RETURN VALUES
 

doc/man3/X509_STORE_CTX_new.pod

@@ -85,7 +85,7 @@ If I<ctx> is NULL nothing is done.
 X509_STORE_CTX_init() sets up I<ctx> for a subsequent verification operation.
 
 X509_STORE_CTX_init() initializes the internal state and resources of the
-given I<ctx>. Among others, it sets the verification parameters associcated
+given I<ctx>. Among others, it sets the verification parameters associated
 with the method name C<default>, which includes the C<any> purpose,
 and takes over callback function pointers from I<trust_store> (unless NULL).
 It must be called before each call to L<X509_verify_cert(3)> or

doc/man7/openssl-env.pod

@@ -61,7 +61,7 @@ Unless OpenSSL tracing support is generally disabled,
 enable trace output of specific parts of OpenSSL libraries, by name.
 This output usually makes sense only if you know OpenSSL internals well.
 
-The value of this environment varialble is a comma-separated list of names,
+The value of this environment variable is a comma-separated list of names,
 with the following available:
 
 =over 4

providers/implementations/kem/rsa_kem.c

@@ -268,7 +268,7 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
     /*
      * If outlen is specified, then it must report the length
      * of the out buffer on input so that we can confirm
-     * its size is sufficent for encapsulation
+     * its size is sufficient for encapsulation
      */
     if (outlen != NULL && *outlen < nlen) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
@@ -299,8 +299,7 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
 /**
  * rsasve_recover - Recovers a secret value from ciphertext using an RSA
  * private key.  Once, recovered, the secret value is considered to be a
- * shared secret.  Algorithm is preformed as per
- * NIST SP 800-56B Rev 2
+ * shared secret.  Algorithm is performed as per NIST SP 800-56B Rev 2
  * 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER).
  *
  * This function performs RSA decryption using the private key from the

ssl/t1_trce.c

@@ -1293,7 +1293,7 @@ static int ssl_print_certificate(BIO *bio, const SSL_CONNECTION *sc, int indent,
         x = NULL;
     }
     if (x == NULL)
-        BIO_puts(bio, "<UNPARSEABLE CERTIFICATE>\n");
+        BIO_puts(bio, "<UNPARSABLE CERTIFICATE>\n");
     else {
         BIO_puts(bio, "\n------details-----\n");
         X509_print_ex(bio, x, XN_FLAG_ONELINE, 0);
@@ -1522,7 +1522,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc
         p = msg;
         nm = d2i_X509_NAME(NULL, &p, dlen);
         if (!nm) {
-            BIO_puts(bio, "<UNPARSEABLE DN>\n");
+            BIO_puts(bio, "<UNPARSABLE DN>\n");
         } else {
             X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE);
             BIO_puts(bio, "\n");

test/recipes/80-test_cmp_http_data/test_connection.csv

@@ -12,7 +12,7 @@ disabled as not supported by some host IP configurations,server domain name, -se
 0,server missing argument, -section,, -server,,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 0,server with default port, -section,, -server,_SERVER_HOST,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 0,server port bad syntax: leading garbage, -section,, -server,_SERVER_HOST:x/+80,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
-0,server port bad synatx: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
+0,server port bad syntax: trailing garbage, -section,, -server,_SERVER_HOST:_SERVER_PORT+/x.,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 0,server with wrong port, -section,, -server,_SERVER_HOST:999,,,,,BLANK,,,,-msg_timeout,1,BLANK,,BLANK,
 TBD,server IP address with TLS port, -section,, -server,_SERVER_IP:_SERVER_TLS,,,,,BLANK,,,,BLANK,,BLANK,,BLANK,
 ,,,,,,,,,,,,,,,,,,,

util/perl/TLSProxy/Proxy.pm

@@ -124,10 +124,10 @@ sub init
     my $test_client_port;
 
     # Sometimes, our random selection of client ports gets unlucky
-    # And we randomly select a port thats already in use.  This causes
+    # And we randomly select a port that's already in use.  This causes
     # this test to fail, so lets harden ourselves against that by doing
     # a test bind to the randomly selected port, and only continue once we
-    # find a port thats available.
+    # find a port that's available.
     my $test_client_addr = $have_IPv6 ? "[::1]" : "127.0.0.1";
     my $found_port = 0;
     for (my $i = 0; $i <= 10; $i++) {