From: Bob Beck Date: Mon, 22 Sep 2025 19:51:32 +0000 (-0600) Subject: Add util/codespell-check.sh and run it X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e70d3b1886a0fadbbe47401a9d46114f05bec80d;p=thirdparty%2Fopenssl.git Add util/codespell-check.sh and run it Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/28639) --- diff --git a/NEWS.md b/NEWS.md index 1a8160ab1ca..3f0901520d7 100644 --- a/NEWS.md +++ b/NEWS.md @@ -316,7 +316,7 @@ This release adds the following new features: * Added X509_STORE_get1_objects to avoid issues with the existing X509_STORE_get0_objects API in multi-threaded applications. - * Support for using certificate profiles and extened delayed delivery in CMP + * Support for using certificate profiles and extended delayed delivery in CMP This release incorporates the following potentially significant or incompatible changes: diff --git a/apps/lib/apps.c b/apps/lib/apps.c index fe9519e1ef3..ffb5a07af63 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -932,7 +932,7 @@ int load_key_certs_crls(const char *uri, int format, int maybe_stdin, SET_EXPECT1(pparams, OSSL_STORE_INFO_PARAMS); SET_EXPECT1(pcert, OSSL_STORE_INFO_CERT); /* - * Up to here, the follwing holds. + * Up to here, the following holds. * If just one of the ppkey, ppubkey, pparams, and pcert function parameters * is nonzero, expect > 0 indicates which type of credential is expected. * If expect == 0, more than one of them is nonzero (multiple types expected). diff --git a/apps/speed.c b/apps/speed.c index 2eb8ee3b600..cafd4c48807 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -4317,7 +4317,7 @@ int speed_main(int argc, char **argv) } /* - * Try explicitly fetching the signature algoritm implementation to + * Try explicitly fetching the signature algorithm implementation to * use in case the algorithm does not support EVP_PKEY_sign_init */ ERR_set_mark(); @@ -4354,7 +4354,7 @@ int speed_main(int argc, char **argv) } if (EVP_PKEY_sign(sig_sign_ctx, NULL, &max_sig_len, md, md_len) <= 0) { BIO_printf(bio_err, - "Error while obtaining signature bufffer length for %s.\n", + "Error while obtaining signature buffer length for %s.\n", sig_name); goto sig_err_break; } diff --git a/crypto/aes/asm/aes-sha1-armv8.pl b/crypto/aes/asm/aes-sha1-armv8.pl index 710a39666b7..404d52025e0 100644 --- a/crypto/aes/asm/aes-sha1-armv8.pl +++ b/crypto/aes/asm/aes-sha1-armv8.pl @@ -413,7 +413,7 @@ $code.=<<___; /* get outstanding bytes of the digest */ sub x8,x5,x2 - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* * main combined loop CBC @@ -2443,7 +2443,7 @@ asm_sha1_hmac_aescbc_dec: rev32 v28.16b,v28.16b /* endian swap w2 */ rev32 v29.16b,v29.16b /* endian swap w3 */ - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* * now we can do the loop prolog, 1st sha1 block @@ -2567,7 +2567,7 @@ asm_sha1_hmac_aescbc_dec: ld1 {v29.16b},[x3],16 /* next w3 */ sha1p q24,s22,v23.4s - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* * aes_blocks_left := number after the main (sha) block is done. @@ -2812,7 +2812,7 @@ $code.=<<___; add v25.4s,v25.4s,v21.4s /* save aes res, bump aes_out_ptr */ st1 {v3.16b},[x1],16 - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* loop if more to do */ cbnz x15,.Ldec_main_loop diff --git a/crypto/aes/asm/aes-sha256-armv8.pl b/crypto/aes/asm/aes-sha256-armv8.pl index 4b872caa327..e719bf850aa 100644 --- a/crypto/aes/asm/aes-sha256-armv8.pl +++ b/crypto/aes/asm/aes-sha256-armv8.pl @@ -427,7 +427,7 @@ $code.=<<___; /* get outstanding bytes of the digest */ sub x12,x5,x2 - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* @@ -2590,7 +2590,7 @@ asm_sha256_hmac_aescbc_dec: rev32 v28.16b,v28.16b /* endian swap w2 */ rev32 v29.16b,v29.16b /* endian swap w3 */ - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* * now we can do the loop prolog, 1st sha256 block @@ -2746,7 +2746,7 @@ asm_sha256_hmac_aescbc_dec: sha256h q22, q23, v7.4s sha256h2 q23, q21, v7.4s - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 /* @@ -3017,7 +3017,7 @@ $code.=<<___; add v25.4s,v25.4s,v23.4s /* EFGH += working copy */ /* save aes res, bump aes_out_ptr */ st1 {v3.16b},[x1],16 - /* substract loaded bytes */ + /* subtract loaded bytes */ sub x5,x5,64 cbnz x15,.Ldec_main_loop /* loop if more to do */ /* diff --git a/crypto/aes/asm/aesni-xts-avx512.pl b/crypto/aes/asm/aesni-xts-avx512.pl index 0dc69589838..2e20a6e6b85 100644 --- a/crypto/aes/asm/aesni-xts-avx512.pl +++ b/crypto/aes/asm/aesni-xts-avx512.pl @@ -2194,7 +2194,7 @@ ___ vpxorq %zmm6,%zmm5,%zmm5{%k2} vpxord %zmm5,%zmm7,%zmm10 - # Make next 8 tweek values by all x 2^8 + # Make next 8 tweak values by all x 2^8 vpsrldq \$0xf,%zmm9,%zmm13 vpclmulqdq \$0x0,%zmm25,%zmm13,%zmm14 vpslldq \$0x1,%zmm9,%zmm11 @@ -2234,7 +2234,7 @@ ___ jmp .L_do_n_blocks_${rndsuffix} .L_start_by8_${rndsuffix}: - # Make first 7 tweek values + # Make first 7 tweak values vbroadcasti32x4 ($TW),%zmm0 vbroadcasti32x4 shufb_15_7(%rip),%zmm8 mov \$0xaa,$tmp1 diff --git a/crypto/cpuid.c b/crypto/cpuid.c index 538a5a039f2..c061377708b 100644 --- a/crypto/cpuid.c +++ b/crypto/cpuid.c @@ -146,7 +146,7 @@ void OPENSSL_cpuid_setup(void) OPENSSL_ia32cap_P[index + 1] = (unsigned int)(vecx >> 32); } } - /* skip delimeter */ + /* skip delimiter */ if ((env = ossl_strchr(env, ':')) != NULL) env++; } else { /* zeroize the next two indexes */ diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c index 76dd8e0d364..0ddc2acfc8f 100644 --- a/crypto/evp/ctrl_params_translate.c +++ b/crypto/evp/ctrl_params_translate.c @@ -2878,7 +2878,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, * function to put it to good use, or maybe affect it. * * NOTE: even though EVP_PKEY_CTX_ctrl return value is documented - * as return positive on Success and 0 or negative on falure. There + * as return positive on Success and 0 or negative on failure. There * maybe parameters (e.g. ecdh_cofactor), which actually return 0 * as success value. That is why we do POST_PARAMS_TO_CTRL for 0 * value as well diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c index 463c595b023..15bd583d48b 100644 --- a/crypto/http/http_client.c +++ b/crypto/http/http_client.c @@ -842,7 +842,7 @@ int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx) if (*p != '\r' && *p != '\n') break; } - if (*p != '\0') /* not end of headers or not end of error reponse content */ + if (*p != '\0') /* not end of headers or not end of error response content */ goto next_line; /* Found blank line(s) indicating end of headers */ diff --git a/crypto/lms/lm_ots_params.c b/crypto/lms/lm_ots_params.c index d2a23e5b7e8..09613ce9b8f 100644 --- a/crypto/lms/lm_ots_params.c +++ b/crypto/lms/lm_ots_params.c @@ -56,7 +56,7 @@ uint16_t ossl_lm_ots_params_checksum(const LM_OTS_PARAMS *params, { uint16_t sum = 0; uint16_t i; - /* Largest size is 8 * 32 / 1 = 256 (which doesnt quite fit into 8 bits) */ + /* Largest size is 8 * 32 / 1 = 256 (which doesn't quite fit into 8 bits) */ uint16_t bytes = (8 * params->n / params->w); uint16_t end = (1 << params->w) - 1; diff --git a/crypto/lms/lm_ots_verify.c b/crypto/lms/lm_ots_verify.c index 5cdadfdf880..0579fdb17c6 100644 --- a/crypto/lms/lm_ots_verify.c +++ b/crypto/lms/lm_ots_verify.c @@ -27,7 +27,7 @@ static int lm_ots_compute_pubkey_final(EVP_MD_CTX *ctx, EVP_MD_CTX *ctxIq, * that returns a non finalized value of H(I || q) * @param sig An LM_OTS_SIG object that contains C and y * @param pub The public key LM_OTS_PARAMS - * @param Id A 16 byte indentifier (I) associated with a LMS tree + * @param Id A 16 byte identifier (I) associated with a LMS tree * @param q The leaf index of the LMS tree. * @param msg A message to verify * @param msglen The size of |msg| diff --git a/crypto/lms/lms_verify.c b/crypto/lms/lms_verify.c index a4aa93d4566..43633ce0345 100644 --- a/crypto/lms/lms_verify.c +++ b/crypto/lms/lms_verify.c @@ -51,7 +51,7 @@ int lms_sig_compute_tc_from_path(const unsigned char *paths, uint32_t n, /* * Calculate the public key Tc using the path - * The root hash is the hash of its 2 childrens Hash values. + * The root hash is the hash of its 2 children's Hash values. * A child hash for each level is passed in by paths, and we have * a leaf value that can be used with the path to calculate the parent * hash. diff --git a/crypto/ml_kem/ml_kem.c b/crypto/ml_kem/ml_kem.c index 26ecafebc1e..f316aaa8121 100644 --- a/crypto/ml_kem/ml_kem.c +++ b/crypto/ml_kem/ml_kem.c @@ -50,7 +50,7 @@ /* * Return whether a value that can only be 0 or 1 is non-zero, in constant time * in practice! The return value is a mask that is all ones if true, and all - * zeros otherwise (twos-complement arithmentic assumed for unsigned values). + * zeros otherwise (twos-complement arithmetic assumed for unsigned values). * * Although this is used in constant-time selects, we omit a value barrier * here. Value barriers impede auto-vectorization (likely because it forces @@ -506,7 +506,7 @@ static void scalar_mult_const(scalar *s, uint16_t a) } /*- - * FIPS 203, Section 4.3, Algoritm 9: "NTT". + * FIPS 203, Section 4.3, Algorithm 9: "NTT". * In-place number theoretic transform of a given scalar. Note that ML-KEM's * kPrime 3329 does not have a 512th root of unity, so this transform leaves * off the last iteration of the usual FFT code, with the 128 relevant roots of @@ -539,7 +539,7 @@ static void scalar_ntt(scalar *s) } /*- - * FIPS 203, Section 4.3, Algoritm 10: "NTT^(-1)". + * FIPS 203, Section 4.3, Algorithm 10: "NTT^(-1)". * In-place inverse number theoretic transform of a given scalar, with pairs of * entries of s->v being interpreted as elements of GF(3329^2). Just as with * the number theoretic transform, this leaves off the first step of the normal @@ -596,7 +596,7 @@ static void scalar_sub(scalar *lhs, const scalar *rhs) * GF(3329)[X]/(X^2 - 17^(2*bitreverse(i)+1)). * * The value of 17^(2*bitreverse(i)+1) mod 3329 is stored in the precomputed - * ModRoots table. Note that our Barrett transform only allows us to multipy + * ModRoots table. Note that our Barrett transform only allows us to multiply * two reduced numbers together, so we need some intermediate reduction steps, * even if an uint64_t could hold 3 multiplied numbers. */ diff --git a/crypto/modes/asm/aes-gcm-avx512.pl b/crypto/modes/asm/aes-gcm-avx512.pl index 79ee59f9e07..054672bb6b9 100644 --- a/crypto/modes/asm/aes-gcm-avx512.pl +++ b/crypto/modes/asm/aes-gcm-avx512.pl @@ -2592,7 +2592,7 @@ ___ $code .= <<___; vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]} vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs - vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduct + vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduction ___ } @@ -3222,7 +3222,7 @@ ___ $code .= <<___; vpclmulqdq \$0x01,@{[XWORD($GH1L)]},@{[XWORD($RED_POLY)]},@{[XWORD($RED_P1)]} vpslldq \$8,@{[XWORD($RED_P1)]},@{[XWORD($RED_P1)]} # ; shift-L 2 DWs - vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduct + vpxorq @{[XWORD($RED_P1)]},@{[XWORD($GH1L)]},@{[XWORD($RED_P1)]} # ; first phase of the reduction ___ } diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 74b7d3d8ac1..010a2262e15 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -1038,7 +1038,7 @@ static int provider_init(OSSL_PROVIDER *prov) #ifndef FIPS_MODULE OSSL_TRACE_BEGIN(PROVIDER) { BIO_printf(trc_out, - "(provider %s) initalizing\n", prov->name); + "(provider %s) initializing\n", prov->name); } OSSL_TRACE_END(PROVIDER); #endif diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c index 1a7b35d0668..92f83c9de80 100644 --- a/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c @@ -408,7 +408,7 @@ static int sk_X509_contains(STACK_OF(X509) *sk, X509 *cert) * Likely it would be good if build_chain() sets |check_signing_allowed|. * Yet if |sk| is a list of trusted certs, as with X509_STORE_CTX_set0_trusted_stack(), * better not set |check_signing_allowed|. - * Maybe not touch X509_STORE_CTX_get1_issuer(), for API backward compatiblity. + * Maybe not touch X509_STORE_CTX_get1_issuer(), for API backward compatibility. */ static X509 *get0_best_issuer_sk(X509_STORE_CTX *ctx, int check_signing_allowed, int no_dup, STACK_OF(X509) *sk, X509 *x) diff --git a/demos/quic/poll-server/quic-server-ssl-poll-http.c b/demos/quic/poll-server/quic-server-ssl-poll-http.c index 8b7cd68b472..91452ef3556 100644 --- a/demos/quic/poll-server/quic-server-ssl-poll-http.c +++ b/demos/quic/poll-server/quic-server-ssl-poll-http.c @@ -75,7 +75,7 @@ * This is a simple non-blocking QUIC HTTP/1.0 server application. * Server accepts QUIC connections. It then accepts bi-directional * stream from client and reads request. By default it sends - * 12345 bytes back as HHTTP/1.0 response to any GET request. + * 12345 bytes back as HTTP/1.0 response to any GET request. * If GET request comes with URL for example as follows: * /foo/bar/file_65535.txt * then the server sends 64kB of data in HTTP/1.0 response. @@ -216,7 +216,7 @@ struct poll_event_connection { * Members in poll manager deserve some explanation: * - pm_head, holds a list of poll_event structures (connections and * streams) - * - pm_event_count number of events to montior in SSL_poll(3ossl) + * - pm_event_count number of events to monitor in SSL_poll(3ossl) * - pm_poll_set array of events to poll on * - pm_poll_set_sz number of slots (space) available in pm_poll_set * - pm_need_rebuild whenever list of events to monitor in a list changes diff --git a/doc/designs/ML-KEM.md b/doc/designs/ML-KEM.md index 267656dfba2..b1ca4098e08 100644 --- a/doc/designs/ML-KEM.md +++ b/doc/designs/ML-KEM.md @@ -44,7 +44,7 @@ subsequent computations (encapsulation). Since the private key includes the public key as one of its components, the matrix is also pre-computed and stored with the private key, and then need not be regenerated during decapsulation. -During encapsulation (typically peformed by servers), it is in principle +During encapsulation (typically performed by servers), it is in principle possible to save space and compute the matrix elements *just-in-time*, as each matrix element is used exactly once. This is not currently implemented, and the matrix is pre-computed in full. @@ -90,7 +90,7 @@ Keys can be generated via the usual **EVP_PKEY_generate()** and An explicit seed can be specified by setting the key generation **OSSL_PKEY_PARAM_ML_KEM_SEED** parameter to a 64-byte octet-string -(concatentation of the **d** and **z** values (32-bytes each) in that order). +(concatenation of the **d** and **z** values (32-bytes each) in that order). KEM API ------- diff --git a/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md b/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md index cb4df1a40c3..d474c588bd2 100644 --- a/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md +++ b/doc/designs/functions-for-explicitly-fetched-signature-algorithms.md @@ -54,7 +54,7 @@ and `EVP_PKEY_verify()` remain supported. Some more recent verification algorithms need to obtain the signature before processing the data. This is particularly important for streaming modes of operation. -This design proposes a mechanism to accomodate these algorithms +This design proposes a mechanism to accommodate these algorithms and modes of operation. New public API - API Reference diff --git a/doc/designs/ml-dsa.md b/doc/designs/ml-dsa.md index 2504b518890..efe8138fc5e 100644 --- a/doc/designs/ml-dsa.md +++ b/doc/designs/ml-dsa.md @@ -103,7 +103,7 @@ the API's used should be OpenSSL command line support ---------------------------- -For backwards compatability reasons `EVP_DigestSignInit_ex()`, +For backwards compatibility reasons `EVP_DigestSignInit_ex()`, `EVP_DigestSign()`, `EVP_DigestVerifyInit_ex()` and `EVP_DigestVerify()` may also be used, but the digest passed in `mdname` must be NULL (i.e. it effectively behaves the same as above). diff --git a/doc/designs/quic-design/quic-concurrency.md b/doc/designs/quic-design/quic-concurrency.md index 55af2a94db9..1f8e23e336c 100644 --- a/doc/designs/quic-design/quic-concurrency.md +++ b/doc/designs/quic-design/quic-concurrency.md @@ -386,7 +386,7 @@ int ossl_cml_write(QUIC_CML *cml, QUIC_CML_PIPE pipe_handle, /* * Returns the number of bytes a receiving pipe currently has waiting to be * read. The returned value may increase over time asynchronously but will only - * decreate in response to an ossl_cml_read call. + * decrease in response to an ossl_cml_read call. */ size_t ossl_cml_read_available(QUIC_CML *cml, QUIC_CML_PIPE pipe_handle); diff --git a/doc/designs/quic-design/server/quic-polling.md b/doc/designs/quic-design/server/quic-polling.md index 68b2c8a89d6..cda4ffef5e5 100644 --- a/doc/designs/quic-design/server/quic-polling.md +++ b/doc/designs/quic-design/server/quic-polling.md @@ -1072,7 +1072,7 @@ typedef struct ssl_poll_event_st { * this, applications must still ensure no events in an SSL_POLL_EVENT * structure recorded from a previous call to this function are left over, which * may still reference that poll descriptor. Therefore, applications must still - * excercise caution when freeing resources which are registered, or which were + * exercise caution when freeing resources which are registered, or which were * previously registered in a poll group. */ #define SSL_POLL_FLAG_NO_HANDLE_EVENTS (1U << 0) @@ -1324,13 +1324,13 @@ void process_event(const SSL_POLL_EVENT *event) for (i = 0; i < nevents; ++i) { process_event(&events[i]); /* do something in application */ - /* We have processed the event so now reenable it. */ + /* We have processed the event so now re-enable it. */ SSL_POLL_CHANGE_chflag(chg++, events[i].desc, events[i].instance, SSL_POLL_EVENT_FLAG_DISABLE, 0); ++nchanges; } - /* Reenable any event we processed and go to sleep again. */ + /* Re-enable any event we processed and go to sleep again. */ if (!SSL_POLL_GROUP_change_poll(pg, changes, nchanges, sizeof(changes[0]), events, OSSL_NELEM(events), sizeof(events[0]), NULL, 0, &nevents)) @@ -1419,7 +1419,7 @@ There are two kinds of polling that occur: Firstly, the `SSL_POLL_METHOD` object is defined abstractly as follows: ```c -/* API (Psuedocode) */ +/* API (Pseudocode) */ #define SSL_POLL_METHOD_CAP_IMMEDIATE (1U << 0) /* supports immediate mode */ #define SSL_POLL_METHOD_CAP_RETAINED (1U << 1) /* supports retained mode */ diff --git a/doc/designs/rfc4514.md b/doc/designs/rfc4514.md index 93b707e2c7f..3c5d6ce07c7 100644 --- a/doc/designs/rfc4514.md +++ b/doc/designs/rfc4514.md @@ -121,7 +121,7 @@ Only the entries of type "A" (Attribute Type) are potentially relevant. All the *mainstream* attribute types are already listed in `crypto/objects/objects.txt` and should be already supported: -| Atribute Name | OID | Reference | +| Attribute Name | OID | Reference | |---|---|---| | uid | 0.9.2342.19200300.100.1.1 | [RFC4519] | | userId | 0.9.2342.19200300.100.1.1 | [RFC4519] | diff --git a/doc/man3/EVP_SKEY.pod b/doc/man3/EVP_SKEY.pod index 2124f4e3dc4..9f013cc8c73 100644 --- a/doc/man3/EVP_SKEY.pod +++ b/doc/man3/EVP_SKEY.pod @@ -135,7 +135,7 @@ EVP_SKEY_up_ref() returns 1 for success and 0 on failure. EVP_SKEY_export() and EVP_SKEY_get0_raw_key() return 1 for success and 0 on failure. EVP_SKEY_get0_skeymgmt_name() and EVP_SKEY_get0_provider_name() return the -names of the associated EVP_SKEYMGMT object and its provider correspondigly. +names of the associated EVP_SKEYMGMT object and its provider correspondingly. EVP_SKEY_is_a() returns 1 if I has the key type I, otherwise 0. diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index 1c1818a1f06..f90b5d7a9ef 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -206,7 +206,7 @@ I. For each capability of that name supported by the provider it will call the callback I and supply a set of Ls describing the capability. It will also pass back the argument I. For more details about capabilities and what they can be used for please see -L. +L. =head1 RETURN VALUES diff --git a/doc/man3/PKCS12_gen_mac.pod b/doc/man3/PKCS12_gen_mac.pod index 8e65b1f31cf..60ee6df142e 100644 --- a/doc/man3/PKCS12_gen_mac.pod +++ b/doc/man3/PKCS12_gen_mac.pod @@ -74,14 +74,14 @@ All functions returning an integer return 1 on success and 0 if an error occurre =item B =for comment -https://tc26.ru/standarts/metodicheskie-rekomendatsii/transportnyy-klyuchevoy-konteyner.html section 5.1 +https://tc26.ru/standards/metodicheskie-rekomendatsii/transportnyy-klyuchevoy-konteyner.html section 5.1 https://tc26.ru/standard/rs/%D0%A0%2050.1.112-2016.pdf section 5 https://meganorm.ru/mega_doc/norm/prikaz/25/r_1323565_1_041-2022_rekomendatsii_po_standartizatsii.html section 7.1 If this environment variable is set, MAC generation that utilises GOST R 34.11-94 or GOST 34.11-2012 hashing algorithms is performed the usual way and not in accordance with the specification provided in the methodical -recommendation MP 26.2.002-2012 (or in its later versions, standartisation +recommendation MP 26.2.002-2012 (or in its later versions, standardisation recommendation P 50.1.112-2016 or P 1323565.1.041-2022) of Technical Committee 26, that specifies that the key used for MAC generation should be the last 32 bytes of the 96-byte sequence generated diff --git a/doc/man3/SSL_CTX_set_domain_flags.pod b/doc/man3/SSL_CTX_set_domain_flags.pod index cc9ad591149..6c126428895 100644 --- a/doc/man3/SSL_CTX_set_domain_flags.pod +++ b/doc/man3/SSL_CTX_set_domain_flags.pod @@ -42,7 +42,7 @@ Specifying this flag configures the Single-Threaded Concurrency Model (SCM). =item B -Speciyfing this flag configures the Contentive Concurrency Model (CCM) (unless +Specifying this flag configures the Contentive Concurrency Model (CCM) (unless B is also specified). If OpenSSL was built without thread support, this is identical to diff --git a/engines/e_padlock.c b/engines/e_padlock.c index 84d84abebb5..5e7fc4df30d 100644 --- a/engines/e_padlock.c +++ b/engines/e_padlock.c @@ -203,9 +203,9 @@ struct padlock_cipher_data { int rounds:4; int dgst:1; /* n/a in C3 */ int align:1; /* n/a in C3 */ - int ciphr:1; /* n/a in C3 */ + int cipher:1; /* n/a in C3 */ unsigned int keygen:1; - int interm:1; + int intern:1; unsigned int encdec:1; int ksize:2; } b; diff --git a/fuzz/ml-kem.c b/fuzz/ml-kem.c index 0ad1f0fd514..497b2f6425b 100644 --- a/fuzz/ml-kem.c +++ b/fuzz/ml-kem.c @@ -640,7 +640,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) return -1; /* * Get the first byte of the buffer to tell us what operation - * to preform + * to perform */ buffer_cursor = consume_uint8t(buf, &len, &operation); if (buffer_cursor == NULL) diff --git a/fuzz/slh-dsa.c b/fuzz/slh-dsa.c index dada29a62d6..0f7019bb1fb 100644 --- a/fuzz/slh-dsa.c +++ b/fuzz/slh-dsa.c @@ -378,7 +378,7 @@ static void slh_dsa_sign_verify(uint8_t **buf, size_t *len, void *key1, /* * the context_string parameter can be no more than 255 bytes, so if * our random input buffer is greater than that, we expect failure above, - * which we check for. In that event, theres nothing more we can do here + * which we check for. In that event, there's nothing more we can do here * so bail out */ if (expect_init_rc == 0) @@ -439,7 +439,7 @@ static void slh_dsa_export_import(uint8_t **buf, size_t *len, void *key1, * EVP_PKEY returns: * 1 if the keys are equivalent * 0 if the keys are not equivalent - * -1 if the key types are differnt + * -1 if the key types are different * -2 if the operation is not supported */ OPENSSL_assert(EVP_PKEY_eq(alice, new) == 1); @@ -578,7 +578,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) return -1; /* * Get the first byte of the buffer to tell us what operation - * to preform + * to perform */ buffer_cursor = consume_uint8t(buf, &len, &operation); if (buffer_cursor == NULL) diff --git a/include/crypto/ml_kem.h b/include/crypto/ml_kem.h index 43f6848e426..b7da3979e37 100644 --- a/include/crypto/ml_kem.h +++ b/include/crypto/ml_kem.h @@ -154,7 +154,7 @@ typedef struct { int security_category; } ML_KEM_VINFO; -/* Retrive global variant-specific parameters */ +/* Retrieve global variant-specific parameters */ const ML_KEM_VINFO *ossl_ml_kem_get_vinfo(int evp_type); /* Known as ML_KEM_KEY via crypto/types.h */ diff --git a/providers/implementations/encode_decode/ml_common_codecs.c b/providers/implementations/encode_decode/ml_common_codecs.c index 6ec6dd25cf9..2b0176f2dd6 100644 --- a/providers/implementations/encode_decode/ml_common_codecs.c +++ b/providers/implementations/encode_decode/ml_common_codecs.c @@ -57,7 +57,7 @@ ossl_ml_common_pkcs8_fmt_order(const char *algorithm_name, /* * Formats are case-insensitive, separated by spaces, tabs or commas. - * Duplicate formats are allowed, the first occurence determines the order. + * Duplicate formats are allowed, the first occurrence determines the order. */ do { if (*(fmt += strspn(fmt, sep)) == '\0') diff --git a/providers/implementations/encode_decode/ml_dsa_codecs.c b/providers/implementations/encode_decode/ml_dsa_codecs.c index d034befcaab..7850c94e3ba 100644 --- a/providers/implementations/encode_decode/ml_dsa_codecs.c +++ b/providers/implementations/encode_decode/ml_dsa_codecs.c @@ -126,7 +126,7 @@ ossl_ml_dsa_d2i_PUBKEY(const uint8_t *pk, int pk_len, int evp_type, if (!ossl_ml_dsa_pk_decode(ret, pk, (size_t) pk_len)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING, - "errror parsing %s public key from input SPKI", + "error parsing %s public key from input SPKI", params->alg); ossl_ml_dsa_key_free(ret); return NULL; diff --git a/providers/implementations/encode_decode/ml_kem_codecs.c b/providers/implementations/encode_decode/ml_kem_codecs.c index 53425aa499c..bbc52aa10ca 100644 --- a/providers/implementations/encode_decode/ml_kem_codecs.c +++ b/providers/implementations/encode_decode/ml_kem_codecs.c @@ -125,7 +125,7 @@ ossl_ml_kem_d2i_PUBKEY(const uint8_t *pubenc, int publen, int evp_type, if (!ossl_ml_kem_parse_public_key(pubenc, (size_t) publen, ret)) { ERR_raise_data(ERR_LIB_PROV, PROV_R_BAD_ENCODING, - "errror parsing %s public key from input SPKI", + "error parsing %s public key from input SPKI", v->algorithm_name); ossl_ml_kem_key_free(ret); return NULL; diff --git a/providers/implementations/kem/rsa_kem.c.in b/providers/implementations/kem/rsa_kem.c.in index 1613dd7307e..0806cdd43e6 100644 --- a/providers/implementations/kem/rsa_kem.c.in +++ b/providers/implementations/kem/rsa_kem.c.in @@ -302,7 +302,7 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, /* * If outlen is specified, then it must report the length * of the out buffer on input so that we can confirm - * its size is sufficent for encapsulation + * its size is sufficient for encapsulation */ if (outlen != NULL && *outlen < nlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH); @@ -334,7 +334,7 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx, /** * rsasve_recover - Recovers a secret value from ciphertext using an RSA * private key. Once, recovered, the secret value is considered to be a - * shared secret. Algorithm is preformed as per + * shared secret. Algorithm is performed as per * NIST SP 800-56B Rev 2 * 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER). * diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c index efe9ba1d9b8..d07940b42c3 100644 --- a/providers/implementations/macs/blake2_mac_impl.c +++ b/providers/implementations/macs/blake2_mac_impl.c @@ -146,7 +146,7 @@ static int blake2_mac_final(void *vmacctx, return BLAKE2_FINAL(out, &macctx->ctx); } -/* See blake2.h for parameter defintion */ +/* See blake2.h for parameter definition */ static const OSSL_PARAM *blake2_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { diff --git a/providers/implementations/signature/rsa_sig.c.in b/providers/implementations/signature/rsa_sig.c.in index 90b6f5d154e..cb0c7366194 100644 --- a/providers/implementations/signature/rsa_sig.c.in +++ b/providers/implementations/signature/rsa_sig.c.in @@ -111,7 +111,7 @@ typedef struct { unsigned int mgf1_md_set : 1; /* * Flags to say what are the possible next external calls in what - * consitutes the life cycle of an algorithm. The relevant calls are: + * constitutes the life cycle of an algorithm. The relevant calls are: * - init * - update * - final diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index 47d2b94f92f..61e54570b1c 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -2478,7 +2478,7 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch, int channel_only) while (PACKET_remaining(&vpkt) > 0) { /* * We only support quic version 1 at the moment, so - * look to see if thats offered + * look to see if that's offered */ if (!PACKET_get_net_4(&vpkt, &supported_ver)) return; diff --git a/ssl/quic/quic_port.c b/ssl/quic/quic_port.c index bc41e8284cc..7cad535c5c7 100644 --- a/ssl/quic/quic_port.c +++ b/ssl/quic/quic_port.c @@ -520,9 +520,9 @@ static QUIC_CHANNEL *port_make_channel(QUIC_PORT *port, SSL *tls, OSSL_QRX *qrx, /* * Creating a a new channel is made a bit tricky here as there is a - * bit of a circular dependency. Initalizing a channel requires that + * bit of a circular dependency. Initializing a channel requires that * the ch->tls and optionally the qlog_title be configured prior to - * initalization, but we need the channel at least partially configured + * initialization, but we need the channel at least partially configured * to create the new handshake layer, so we have to do this in a few steps. */ @@ -1033,7 +1033,7 @@ err: /** * @brief Parses contents of a buffer into a validation token. * - * VALIDATION_TOKEN should already be initalized. Does some basic sanity checks. + * VALIDATION_TOKEN should already be initialized. Does some basic sanity checks. * * @param token Validation token to fill data in. * @param buf Buffer of previously marshaled validation token. @@ -1291,7 +1291,7 @@ static void port_send_version_negotiation(QUIC_PORT *port, BIO_ADDR *peer, } /** - * @brief defintions of token lifetimes + * @brief definitions of token lifetimes * * RETRY tokens are only valid for 10 seconds * NEW_TOKEN tokens have a lifetime of 3600 sec (1 hour) diff --git a/ssl/quic/quic_record_util.c b/ssl/quic/quic_record_util.c index d7c3cece888..c452835a353 100644 --- a/ssl/quic/quic_record_util.c +++ b/ssl/quic/quic_record_util.c @@ -44,7 +44,7 @@ int ossl_quic_hkdf_extract(OSSL_LIB_CTX *libctx, * at least 8 bytes. It means that the length of destination connection ID * may be less than the minimum length for HKDF required by FIPS provider. * - * Therefore, we need to set `key-check` to zero to allow using destionation + * Therefore, we need to set `key-check` to zero to allow using destination * connection ID as IKM. */ *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_FIPS_KEY_CHECK, &key_check); diff --git a/ssl/rio/rio_notifier.c b/ssl/rio/rio_notifier.c index 6dbb2bdc476..d4d290d6583 100644 --- a/ssl/rio/rio_notifier.c +++ b/ssl/rio/rio_notifier.c @@ -83,7 +83,7 @@ static int create_socket(int domain, int socktype, int protocol) /* * Its also possible that someone is building a binary on a newer windows * SDK, but running it on a runtime that doesn't support inheritance - * supression. In that case the above will return INVALID_SOCKET, and + * suppression. In that case the above will return INVALID_SOCKET, and * our response for those older platforms is to try the call again * without the flag */ @@ -142,7 +142,7 @@ static int create_socket(int domain, int socktype, int protocol) * * Win32 does not support socketpair(2), and Win32 pipes are not compatible with * Winsock select(2). This means our only means of making select(2) wakeable is - * to artifically create a loopback TCP connection and send bytes to it. + * to artificially create a loopback TCP connection and send bytes to it. */ int ossl_rio_notifier_init(RIO_NOTIFIER *nfy) { diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index bd970750566..8660824f1d0 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -3962,8 +3962,8 @@ static long check_keylog_bio_free(BIO *b, int oper, const char *argp, /* * Note we _dont_ take the keylog_lock here * This is intentional, because we only free the keylog lock - * During SSL_CTX_free, in which we already posess the lock, so - * Theres no need to grab it again here + * During SSL_CTX_free, in which we already possess the lock, so + * There's no need to grab it again here */ if (oper == BIO_CB_FREE) keylog_bio = NULL; @@ -4319,7 +4319,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq, /* Make sure we have a global lock allocated */ if (!RUN_ONCE(&ssl_keylog_once, ssl_keylog_init)) { /* use a trace message as a warning */ - OSSL_TRACE(TLS, "Unable to initalize keylog data\n"); + OSSL_TRACE(TLS, "Unable to initialize keylog data\n"); goto out; } diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c index 02955752a70..81c251523b6 100644 --- a/ssl/statem/extensions_srvr.c +++ b/ssl/statem/extensions_srvr.c @@ -901,7 +901,7 @@ int tls_parse_ctos_key_share(SSL_CONNECTION *s, PACKET *pkt, goto end; /* - * We now have the folowing lists available to make a decision for + * We now have the following lists available to make a decision for * which group the server should use for key exchange : * From client: clntgroups[clnt_num_groups], * keyshares_arr[keyshares_cnt], encoded_pubkey_arr[keyshares_cnt] diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index a53a8c290f5..941455bc8ae 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -72,7 +72,7 @@ static int tls1_PRF(SSL_CONNECTION *s, *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED, (void *)seed5, (size_t)seed5_len); /* - * If we have a propery query string, the kdf needs to know about it in the event + * If we have a property query string, the kdf needs to know about it in the event * the specific kdf in use allocated a digest as part of its implementation */ if (SSL_CONNECTION_GET_CTX(s)->propq != NULL) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index e556bff2631..98fe2133817 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -1583,10 +1583,10 @@ static int tuple_cb(const char *tuple, int len, void *arg) /* * Set groups and prepare generation of keyshares based on a string of groupnames, * names separated by the group or the tuple delimiter, with per-group prefixes to - * (1) add a key share for this group, (2) ignore the group if unkown to the current + * (1) add a key share for this group, (2) ignore the group if unknown to the current * context, (3) delete a previous occurrence of the group in the current tuple. * - * The list parsing is done in two hierachical steps: The top-level step extracts the + * The list parsing is done in two hierarchical steps: The top-level step extracts the * string of a tuple using tuple_cb, while the next lower step uses gid_cb to * parse and process the groups inside a tuple */ @@ -1646,7 +1646,7 @@ int tls1_set_groups_list(SSL_CTX *ctx, } /* - * We check whether a tuple was completly emptied by using "-" prefix + * We check whether a tuple was completely emptied by using "-" prefix * excessively, in which case we remove the tuple */ for (i = j = 0; j < gcb.tplcnt; j++) { @@ -1693,7 +1693,7 @@ int tls1_set_groups_list(SSL_CTX *ctx, /* * tuple_cb and gid_cb combo ensures there are no duplicates or unknown groups so we - * can just go ahead and set the results (after diposing the existing) + * can just go ahead and set the results (after disposing the existing) */ OPENSSL_free(*grpext); *grpext = gcb.gid_arr; diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c index 9abb5350bb7..640552c0ba0 100644 --- a/ssl/t1_trce.c +++ b/ssl/t1_trce.c @@ -1310,7 +1310,7 @@ static int ssl_print_certificate(BIO *bio, const SSL_CONNECTION *sc, int indent, x = NULL; } if (x == NULL) - BIO_puts(bio, "\n"); + BIO_puts(bio, "\n"); else { BIO_puts(bio, "\n------details-----\n"); X509_print_ex(bio, x, XN_FLAG_ONELINE, 0); @@ -1541,7 +1541,7 @@ static int ssl_print_cert_request(BIO *bio, int indent, const SSL_CONNECTION *sc p = msg; nm = d2i_X509_NAME(NULL, &p, (long)dlen); if (!nm) { - BIO_puts(bio, "\n"); + BIO_puts(bio, "\n"); } else { X509_NAME_print_ex(bio, nm, 0, XN_FLAG_ONELINE); BIO_puts(bio, "\n"); diff --git a/util/codespell-check.sh b/util/codespell-check.sh new file mode 100755 index 00000000000..57232c2d94c --- /dev/null +++ b/util/codespell-check.sh @@ -0,0 +1,9 @@ +#!/bin/sh + +# Run codespell and apply fixes to the OpenSSL tree. +# If you get a false positive here, the usual fix is to +# add it to the end of the -L list of ignored words, below. + +codespell -w --ignore-regex '\b[a-zA-Z][a-zA-Z]\b' \ + -L 'ADDAD, addin, adin, allws, alo, Alo, alow, anS, Buda, buildd, bve, cann, CANN, ciph, Collison, consumation, DELET, dota, Durin, ect, ede, endianess, endin, engineerr, ENGINEerr, FILETEST, filetests, htmp, inbrace, ine, informat, ISCONNECTION, isnt, KEYPAIR, keyserver, larg, LOd, Manger, Merget, nclusion, NOo, OPTIO, outin, passin, poping, pris, rewinded, shouldnot, SHS, Sorce, sover, succes, testss, Thi, tmplate, tne, uis, usign, vew, Widgits, aas, Aas, AAS, abd, ABD, accreting, AFAIR, afile, afterAll, AfterAll, Ake, ALine, allEdges, alloced, alloco, ALS, alsptd, ang, ans, ANS, aNULL, archType, arithmetics, assertIn, atLeast, AtLeast, atMost, bootup, BRE, CAF, cant, Chang, checkin, childs, circularly, Circularly, claus, Claus, clen, CLOS, Collet, compilability, compileTime, CompileTime, complies, COMPLIES, configury, co-ordinate, co-ordinates, crasher, crashers, crate, Crate, CRATE, creat, CREAT, CrOS, crypted, CRYPTED, currentY, DAA, datas, debbugs, Debbugs, dependancies, dependancy, dependant, deque, Deque, doubleclick, doubleClick, DoubleClick, dout, Dout, DOUT, dum, dur, Dur, ECT, EDE, FileTest, flate, Flate, FLATE, fpr, FPR, FPT, gord, gost, Gost, GOST, Hart, hasTable, hel, hist, HIST, HSI, ifset, iif, IIF, implementor, Implementor, implementors, Implementors, inactivate, indention, indx, inh, inout, inOut, InOut, INOUT, ist, IST, keep-alives, keypair, keyPair, Keypair, KeyPair, keypairs, keyPairs, Keypairs, KeyPairs, LAMDA, leapYear, LOD, Maked, Manuel, ment, minimise, mis, Mis, MIS, mitre, Mitre, MITRE, mmaped, msdos, MSDOS, nam, Nam, NAM, Ned, nin, Nin, nmake, NMake, NMAKE, notin, Notin, NotIn, numer, OCE, offsetp, ois, onText, OnText, openin, OptIn, origN, paeth, Paeth, PAETH, parm, pARM, Parm, PARM, parms, pARMS, Parms, PARMs, PARMS, pass-thru, pres, Pres, prevEnd, PullRequest, que, readd, Readd, readded, Readded, regArg, regArgs, requestor, Requestor, requestors, re-usable, Re-usable, re-use, Re-use, re-used, Re-used, re-uses, Re-uses, re-using, Re-using, sav, SEH, ser, Ser, SER, servent, shouldBe, siz, SIZ, SME, SOM, splitted, statics, Statics, strRange, technics, therefor, Therefor, therefrom, thirdparty, thirdParty, Thirdparty, ThirdParty, THIRDPARTY, thru, Thur, THUR, tolen, tthe, UIs, upto, upTo, uptodate, upToDate, UpToDate, useable, Useable, userA, UserA, varN, vertexes, vor, WAN, Wirth, wont, WRONLY, WTH, roperties, igest, equest, equests, ategory, couldn, wasn, ture, biom, bion, sHolder' \ + -S '*codespell-check.sh, */LICENSE, */test/danetest.in, */test/data2.bin, */test/recipes/30-test_evp_data/evppkey_kas.txt, */test/recipes/30-test_evp_data/evppkey.txt, */3rd*[pP]arty/*, */aspell/*, */charsets/*, */chrtrans/*, */codepage/*, */data/*, */deps/*, */dict/*, */dictionaries/*, */doc*/[a-df-z][a-z]/*, */doc*/[a-z][a-z][_-][a-zA-Z][a-zA-Z]/*, */doc*/e[a-mo-z]/*, */[eE]ncode/*, */[eE]ncodings/*, */extern/*, */external/*, */externals/*, */help/[a-df-z][a-z]/*, */help/[a-z][a-z]_[A-Z][A-Z]/*, */help/es/*, */i18n/*, */icu/*, */info/[a-df-z][a-z]/*, */info/[a-z][a-z]_[A-Z][A-Z]/*, */info/es/*, */intl/*, */l10n/*, */langmap/*, */langs/*, */[lL]ang/*, */[lL]anguage/*, */[lL]anguages/*, */*[lL]ocal[ei]*/*, */man*/[a-df-z][a-z]/*, */man*/[a-z][a-z][_-][a-zA-Z][a-zA-Z]/*, */man*/e[a-mo-z]/*, */messages[_./][a-df-z][a-z][_./]*, */messages[_./][a-z][a-z]_[A-Z][A-Z][_./]*, */messages[_./]es[_./]*, */[mM]ath[jJ]ax/*, */runtime/*, */[tT]hird*[pP]arty/*, */[tT]ranslation/*, */[tT]ranslations/*, */unicode/*, */Unicode/*, */unicore/*, */vendor/*, */vendors/*, */.versions/*, *_8h.html, *_8h_source.html, *.asc, */AUTHORS*, CONTRIBUTORS*, *.crt, *.css.map, */*.desktop, */*.desktop.in, *.eps, /fonts/*, *.fr.utf-8, *.git, *__*__*.html, *.html.de, *.html.es, *.html.fr, *.html.ko.euc-kr, *.html.pt-br, *.info_[0-9], *.ipynb, *.ja.utf8, *.js.map, */[lL]ocale, localization*-[a-z][a-z].*, localization*-[a-z][a-z]_[a-zA-Z][a-zA-Z].*, *lorem-ipsum*, */.mailmap, *.min.js, *.pdf, *.pem, *.po, *.ppm, *.ps, */rfc[1-9]*.txt, *.rtf, */searchindex.js, *.sum, *.svg, *.svn, THANKS*, *.tr.utf8, *.xpm, */yarn.lock, *.zh-cn.utf8, *.zlib, ABOUT-NLS, authors.xml, CREDITS, CREDITS.TXT, DONATIONS, jquery.js, jquery.min.map, MAINTAINERS, NormalizationTest.txt, package-lock.json, UnicodeData.txt, */*[^a/]test/*, */*[^a/]tests/*, */test*/*, [cC]hange.[lL]og*, [cC]hange[lL]og*, *[._-][cC]hanges, [cC]hanges[._-]*, CHANGE.log*, CHANGELOG*, *[._-]CHANGES, CHANGES[._-]*, [cC]hanges, CHANGES, *man[12345657]/*' diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm index f51833dfc15..b9c53b0047f 100644 --- a/util/perl/OpenSSL/paramnames.pm +++ b/util/perl/OpenSSL/paramnames.pm @@ -625,7 +625,7 @@ my %params = ( 'OSSL_LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING' => "block_padding", 'OSSL_LIBSSL_RECORD_LAYER_PARAM_HS_PADDING' => "hs_padding", -# Symmetric Key parametes +# Symmetric Key parameters 'OSSL_SKEY_PARAM_RAW_BYTES' => "raw-bytes", 'OSSL_SKEY_PARAM_KEY_LENGTH' => "key-length", ); diff --git a/util/perl/TLSProxy/Proxy.pm b/util/perl/TLSProxy/Proxy.pm index 5d578e838e7..0c2880a7d81 100644 --- a/util/perl/TLSProxy/Proxy.pm +++ b/util/perl/TLSProxy/Proxy.pm @@ -124,10 +124,10 @@ sub init my $test_client_port; # Sometimes, our random selection of client ports gets unlucky - # And we randomly select a port thats already in use. This causes + # And we randomly select a port that's already in use. This causes # this test to fail, so lets harden ourselves against that by doing # a test bind to the randomly selected port, and only continue once we - # find a port thats available. + # find a port that's available. my $test_client_addr = $have_IPv6 ? "[::1]" : "127.0.0.1"; my $found_port = 0; for (my $i = 0; $i <= 10; $i++) {