Fix typos and repeated words

CLA: trivial Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from #12320)
openssl · Jul 4, 2020 · 8c1cbc7 · 8c1cbc7
1 parent 3a19f1a
commit 8c1cbc7
Show file tree

Hide file tree

Showing 107 changed files with 170 additions and 172 deletions.
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -5,7 +5,7 @@ Contributors guide: https://github.com/openssl/openssl/blob/master/CONTRIBUTING.
 
 Other than that, provide a description above this comment if there isn't one already
 
-If this fixes a github issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message.
+If this fixes a GitHub issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message.
 -->
 
 ##### Checklist

diff --git a/INSTALL.md b/INSTALL.md
@@ -167,7 +167,7 @@ Use the following commands to build OpenSSL:
 ### Windows
 
 If you are using Visual Studio, open a Developer Command Prompt and
-and issue the following commands to build OpenSSL.
+issue the following commands to build OpenSSL.
 
     $ perl Configure
     $ nmake
@@ -192,7 +192,7 @@ paragraphs carefully before you install OpenSSL.
 For security reasons the default system location is by default not writable
 for unprivileged users.  So for the final installation step administrative
 privileges are required.  The default system location and the procedure to
-obtain administrative privileges depends on the operating sytem.
+obtain administrative privileges depends on the operating system.
 It is recommended to compile and test OpenSSL with normal user privileges
 and use administrative privileges only for the final installation step.
 
@@ -482,8 +482,8 @@ be a hex string no more than 64 characters.
 Enable and Disable Features
 ---------------------------
 
-Feature options always come in pairs, an option to enable feature `xxxx`, and
-and option to disable it:
+Feature options always come in pairs, an option to enable feature
+`xxxx`, and an option to disable it:
 
     [ enable-xxxx | no-xxxx ]
 
@@ -852,7 +852,7 @@ Don't build with support for multi-threaded applications.
 ### threads
 
 Build with support for multi-threaded applications.  Most platforms will enable
-this by default.  However if on a platform where this is not the case then this
+this by default.  However, if on a platform where this is not the case then this
 will usually require additional system-dependent options!
 
 See [Notes on multi-threading](#notes-on-multi-threading) below.
@@ -1457,7 +1457,7 @@ described here.  Examine the Makefiles themselves for the full list.
                    Only install the OpenSSL man pages (Unix only).
 
     install_html_docs
-                   Only install the OpenSSL html documentation.
+                   Only install the OpenSSL HTML documentation.
 
     list-tests
                    Prints a list of all the self test names.
@@ -1683,7 +1683,7 @@ to deliver random bytes and a "PRNG not seeded error" will occur.
 
 The seeding method can be configured using the `--with-rand-seed` option,
 which can be used to specify a comma separated list of seed methods.
-However in most cases OpenSSL will choose a suitable default method,
+However, in most cases OpenSSL will choose a suitable default method,
 so it is not necessary to explicitly provide this option.  Note also
 that not all methods are available on all platforms.
 

diff --git a/NEWS.md b/NEWS.md
@@ -27,7 +27,7 @@ OpenSSL 3.0
     will not be accidentially used.
   * The algorithm specific public key command line applications have
     been deprecated.  These include dhparam, gendsa and others.  The pkey
-    alternatives should be used intead: pkey, pkeyparam and genpkey.
+    alternatives should be used instead: pkey, pkeyparam and genpkey.
   * X509 certificates signed using SHA1 are no longer allowed at security
     level 1 or higher. The default security level for TLS is 1, so
     certificates signed using SHA1 are by default no longer trusted to
@@ -57,12 +57,12 @@ OpenSSL 3.0
   * Removed the heartbeat message in DTLS feature.
   * Added EVP_KDF, an EVP layer KDF API, and a generic EVP_PKEY to EVP_KDF
     bridge.
-  * All of the low level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
+  * All of the low-level MD2, MD4, MD5, MDC2, RIPEMD160, SHA1, SHA224,
     SHA256, SHA384, SHA512 and Whirlpool digest functions have been
     deprecated.
-  * All of the low level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2,
+  * All of the low-level AES, Blowfish, Camellia, CAST, DES, IDEA, RC2,
     RC4, RC5 and SEED cipher functions have been deprecated.
-  * All of the low level DH, DSA, ECDH, ECDSA and RSA public key functions
+  * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
     have been deprecated.
   * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
 
@@ -681,7 +681,7 @@ OpenSSL 1.0.0
   Known issues in OpenSSL 1.0.0m:
 
   * EAP-FAST and other applications using tls_session_secret_cb
-    wont resume sessions. Fixed in 1.0.0n-dev
+    won't resume sessions. Fixed in 1.0.0n-dev
   * Compilation failure of s3_pkt.c on some platforms due to missing
     `<limits.h>` include. Fixed in 1.0.0n-dev
 
@@ -1189,7 +1189,7 @@ OpenSSL 0.9.x
   * Enhanced chain verification using key identifiers.
   * New sign and verify options to 'dgst' application.
   * Support for DER and PEM encoded messages in 'smime' application.
-  * New 'rsautl' application, low level RSA utility.
+  * New 'rsautl' application, low-level RSA utility.
   * MD4 now included.
   * Bugfix for SSL rollback padding check.
   * Support for external crypto devices [1].
@@ -1241,7 +1241,7 @@ OpenSSL 0.9.x
   * BIGNUM library bug fixes
   * Faster DSA parameter generation
   * Enhanced support for Alpha Linux
-  * Experimental MacOS support
+  * Experimental macOS support
 
 ### Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4 [9 Aug 1999]
 

diff --git a/NOTES.ANDROID b/NOTES.ANDROID
@@ -6,8 +6,8 @@
  -------------------
 
  Beside basic tools like perl and make you'll need to download the Android
- NDK. It's available for Linux, Mac OS X and Windows, but only Linux
- version was actually tested. There is no reason to believe that Mac OS X
+ NDK. It's available for Linux, macOS and Windows, but only Linux
+ version was actually tested. There is no reason to believe that macOS
  wouldn't work. And as for Windows, it's unclear which "shell" would be
  suitable, MSYS2 might have best chances. NDK version should play lesser
  role, the goal is to support a range of most recent versions.

diff --git a/NOTES.VMS b/NOTES.VMS
@@ -18,7 +18,7 @@
  An ANSI C compiled is needed among other things.  This means that
  VAX C is not and will not be supported.
 
- We have only tested with DEC C (a.k.a HP VMS C / VSI C) and require
+ We have only tested with DEC C (aka HP VMS C / VSI C) and require
  version 7.1 or later.  Compiling with a different ANSI C compiler may
  require some work.
 

diff --git a/NOTES.WIN b/NOTES.WIN
@@ -18,7 +18,7 @@
  For this option you can use Cygwin.
 
 
- Visual C++ native builds, a.k.a. VC-*
+ Visual C++ native builds, aka VC-*
  =====================================
 
  Requirement details
@@ -100,7 +100,7 @@
  is, of course, to choose a different set of directories by using
  --prefix and --openssldir when configuring.
 
- Special notes for Universal Windows Platform builds, a.k.a. VC-*-UWP
+ Special notes for Universal Windows Platform builds, aka VC-*-UWP
  --------------------------------------------------------------------
 
  - UWP targets only support building the static and dynamic libraries.
@@ -119,7 +119,7 @@
 
    MSYS2 provides GNU tools, a Unix-like command prompt,
    and a UNIX compatibility layer for applications.
-   However in this context it is only used for building OpenSSL.
+   However, in this context it is only used for building OpenSSL.
    The resulting OpenSSL does not rely on MSYS2 to run and is fully native.
 
    Requirement details

diff --git a/doc/internal/man3/OPENSSL_SA.pod b/doc/internal/man3/OPENSSL_SA.pod
@@ -69,7 +69,7 @@ elements.  After this call I<sa> is no longer valid.
 B<ossl_sa_I<TYPE>_doall>() calls the function I<leaf> for each element in I<sa>
 in ascending index order. The index position, within the sparse array,
 of each item is passed as the first argument to the leaf function and a
-pointer to the associated value is is passed as the second argument.
+pointer to the associated value is passed as the second argument.
 
 B<ossl_sa_I<TYPE>_doall_arg>() calls the function I<leaf> for each element in
 I<sa> in ascending index order. The index position, within the sparse

diff --git a/doc/internal/man3/s2i_ASN1_UTF8STRING.pod b/doc/internal/man3/s2i_ASN1_UTF8STRING.pod
@@ -18,7 +18,7 @@ s2i_ASN1_UTF8STRING
 =head1 DESCRIPTION
 
 These functions convert OpenSSL objects to and from their ASN.1/string
-representation. This function is used for B<X509v3> extentions.
+representation. This function is used for B<X509v3> extensions.
 
 =head1 NOTES
 

diff --git a/doc/internal/man7/DERlib.pod b/doc/internal/man7/DERlib.pod
@@ -7,7 +7,7 @@ DERlib - internal OpenSSL DER library
 =head1 DESCRIPTION
 
 OpenSSL contains an internal small DER reading and writing library,
-as an alternative to the publically known i2d and d2i functions.  It's
+as an alternative to the publicly known i2d and d2i functions.  It's
 solely constituted of functions that work as building blocks to create
 more similar functions to encode and decode larger structures.
 
@@ -47,7 +47,7 @@ which is defined like this in ASN.1 terms:
             r       INTEGER,
             s       INTEGER  }
 
-With the DER library, this is the correspoding code, given two OpenSSL
+With the DER library, this is the corresponding code, given two OpenSSL
 B<BIGNUM>s I<r> and I<s>:
 
     int ok = DER_w_begin_sequence(pkt, -1)

diff --git a/doc/internal/man7/EVP_PKEY.pod b/doc/internal/man7/EVP_PKEY.pod
@@ -19,12 +19,11 @@ private/public key key pairs, but has had other uses as well.
 
 =for comment "uses" could as well be "abuses"...
 
-It can contain the legacy form of keys -- i.e. pointers to the low
-level key types, such as B<RSA>, B<DSA> and B<EC> --, but also the
+It can contain the legacy form of keys -- i.e. pointers to the low-level key types, such as B<RSA>, B<DSA> and B<EC> --, but also the
 provided form of keys -- i.e. pointers to provider side key data.
 Those two forms are mutually exclusive; an B<EVP_PKEY> instance can't
 contain both a key in legacy form and in provided form.  Regardless of
-form, this key is commonly refered to as the "origin".
+form, this key is commonly referred to as the "origin".
 
 An B<EVP_PKEY> also contains a cache of provider side copies of the
 key, each adapted for the provider that is going to use that copy to

diff --git a/doc/internal/man7/build.info.pod b/doc/internal/man7/build.info.pod
@@ -610,7 +610,7 @@ B<SCRIPTS>.
 For OpenSSL::Template documentation,
 C<perldoc -o man util/perl/OpenSSL/Template.pm>
 
-L<Text::Temlate|https://metacpan.org/pod/Text::Template>
+L<Text::Template|https://metacpan.org/pod/Text::Template>
 
 =head1 COPYRIGHT
 

diff --git a/doc/man1/openssl-ca.pod.in b/doc/man1/openssl-ca.pod.in
@@ -253,7 +253,7 @@ DNs match the order of the request. This is not needed for Xenroll.
 =item B<-noemailDN>
 
 The DN of a certificate can contain the EMAIL field if present in the
-request DN, however it is good policy just having the e-mail set into
+request DN, however, it is good policy just having the e-mail set into
 the altName extension of the certificate. When this option is set the
 EMAIL field is removed from the certificate' subject and set only in
 the, eventually present, extensions. The B<email_in_dn> keyword can be

diff --git a/doc/man1/openssl-cmp.pod.in b/doc/man1/openssl-cmp.pod.in
@@ -1104,7 +1104,7 @@ This prints information about all received ITAV B<infoType>s to stdout.
 For CMP client invocations, in particular for certificate enrollment,
 usually many parameters need to be set, which is tedious and error-prone to do
 on the command line.
-Therefore the client offers the possibility to read
+Therefore, the client offers the possibility to read
 options from sections of the OpenSSL config file, usually called B<openssl.cnf>.
 The values found there can still be extended and even overridden by any
 subsequently loaded sections and on the command line.

diff --git a/doc/man1/openssl-dsa.pod.in b/doc/man1/openssl-dsa.pod.in
@@ -62,7 +62,7 @@ The input and formats; the default is B<PEM>.
 See L<openssl(1)/Format Options> for details.
 
 Private keys are a sequence of B<ASN.1 INTEGERS>: the version (zero), B<p>,
-B<q>, B<g>, and the public and and private key components.  Public keys
+B<q>, B<g>, and the public and private key components.  Public keys
 are a B<SubjectPublicKeyInfo> structure with the B<DSA> type.
 
 The B<PEM> format also accepts PKCS#8 data.

diff --git a/doc/man1/openssl-enc.pod.in b/doc/man1/openssl-enc.pod.in
@@ -241,7 +241,7 @@ a strong block cipher, such as AES, in CBC mode.
 
 All the block ciphers normally use PKCS#5 padding, also known as standard
 block padding. This allows a rudimentary integrity or password check to
-be performed. However since the chance of random data passing the test
+be performed. However, since the chance of random data passing the test
 is better than 1 in 256 it isn't a very good test.
 
 If padding is disabled then the input data must be a multiple of the cipher

diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in
@@ -244,7 +244,7 @@ This option is only interpreted by MSIE and similar MS software. Normally
 encryption purposes but arbitrary length keys for signing. The B<-keysig>
 option marks the key for signing only. Signing only keys can be used for
 S/MIME signing, authenticode (ActiveX control signing)  and SSL client
-authentication, however due to a bug only MSIE 5.0 and later support
+authentication, however, due to a bug only MSIE 5.0 and later support
 the use of signing only keys for SSL client authentication.
 
 =item B<-macalg> I<digest>

diff --git a/doc/man1/openssl-pkcs8.pod.in b/doc/man1/openssl-pkcs8.pod.in
@@ -248,7 +248,7 @@ one million iterations of the password:
 Test vectors from this PKCS#5 v2.0 implementation were posted to the
 pkcs-tng mailing list using triple DES, DES and RC2 with high iteration
 counts, several people confirmed that they could decrypt the private
-keys produced and Therefore it can be assumed that the PKCS#5 v2.0
+keys produced and therefore, it can be assumed that the PKCS#5 v2.0
 implementation is reasonably accurate at least as far as these
 algorithms are concerned.
 

diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in
@@ -43,7 +43,7 @@ B<openssl> B<pkeyutl>
 
 =head1 DESCRIPTION
 
-This command can be used to perform low level public key
+This command can be used to perform low-level public key
 operations using any supported algorithm.
 
 =head1 OPTIONS

diff --git a/doc/man1/openssl-s_client.pod.in b/doc/man1/openssl-s_client.pod.in
@@ -192,7 +192,7 @@ When used with the B<-proxy> flag, the program will attempt to authenticate
 with the specified proxy using basic (base64) authentication.
 NB: Basic authentication is insecure; the credentials are sent to the proxy
 in easily reversible base64 encoding before any TLS/SSL session is established.
-Therefore these credentials are easily recovered by anyone able to sniff/trace
+Therefore, these credentials are easily recovered by anyone able to sniff/trace
 the network. Use with caution.
 
 =item B<-proxy_pass> I<arg>
@@ -854,14 +854,14 @@ is that a web client complains it has no certificates or gives an empty
 list to choose from. This is normally because the server is not sending
 the clients certificate authority in its "acceptable CA list" when it
 requests a certificate. By using this command, the CA list can be viewed
-and checked. However some servers only request client authentication
+and checked. However, some servers only request client authentication
 after a specific URL is requested. To obtain the list in this case it
 is necessary to use the B<-prexit> option and send an HTTP request
 for an appropriate page.
 
 If a certificate is specified on the command line using the B<-cert>
 option it will not be used unless the server specifically requests
-a client certificate. Therefore merely including a client certificate
+a client certificate. Therefore, merely including a client certificate
 on the command line is no guarantee that the certificate works.
 
 If there are problems verifying a server certificate then the

diff --git a/doc/man1/openssl-s_server.pod.in b/doc/man1/openssl-s_server.pod.in
@@ -433,9 +433,9 @@ For more information on shutting down a connection, see L<SSL_shutdown(3)>.
 =item B<-id_prefix> I<val>
 
 Generate SSL/TLS session IDs prefixed by I<val>. This is mostly useful
-for testing any SSL/TLS code (eg. proxies) that wish to deal with multiple
+for testing any SSL/TLS code (e.g. proxies) that wish to deal with multiple
 servers, when each of which might be generating a unique range of session
-IDs (eg. with a certain prefix).
+IDs (e.g. with a certain prefix).
 
 =item B<-verify_return_error>
 

diff --git a/doc/man1/openssl-s_time.pod.in b/doc/man1/openssl-s_time.pod.in
@@ -157,14 +157,14 @@ is that a web client complains it has no certificates or gives an empty
 list to choose from. This is normally because the server is not sending
 the clients certificate authority in its "acceptable CA list" when it
 requests a certificate. By using L<openssl-s_client(1)> the CA list can be
-viewed and checked. However some servers only request client authentication
+viewed and checked. However, some servers only request client authentication
 after a specific URL is requested. To obtain the list in this case it
 is necessary to use the B<-prexit> option of L<openssl-s_client(1)> and
 send an HTTP request for an appropriate page.
 
 If a certificate is specified on the command line using the B<-cert>
 option it will not be used unless the server specifically requests
-a client certificate. Therefore merely including a client certificate
+a client certificate. Therefore, merely including a client certificate
 on the command line is no guarantee that the certificate works.
 
 =head1 BUGS

diff --git a/doc/man1/openssl-sess_id.pod.in b/doc/man1/openssl-sess_id.pod.in
@@ -136,7 +136,7 @@ This is the return code when an SSL client certificate is verified.
 
 Since the SSL session output contains the master key it is
 possible to read the contents of an encrypted session using this
-information. Therefore appropriate security precautions should be taken if
+information. Therefore, appropriate security precautions should be taken if
 the information is being output by a "real" application. This is however
 strongly discouraged and should only be used for debugging purposes.
 

diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
@@ -1125,7 +1125,7 @@ a string and leading or trailing spaces.
 =item B<esc_2254>
 
 Escape the "special" characters in a field as required by RFC 2254 in a field.
-That is, the B<NUL> character and and of C<()*>.
+That is, the B<NUL> character and of C<()*>.
 
 =item B<esc_ctrl>
 

diff --git a/doc/man3/ASN1_INTEGER_get_int64.pod b/doc/man3/ASN1_INTEGER_get_int64.pod
@@ -81,7 +81,7 @@ instead.
 
 In general an B<ASN1_INTEGER> or B<ASN1_ENUMERATED> type can contain an
 integer of almost arbitrary size and so cannot always be represented by a C
-B<int64_t> type. However in many cases (for example version numbers) they
+B<int64_t> type. However, in many cases (for example version numbers) they
 represent small integers which can be more easily manipulated if converted to
 an appropriate C integer type.
 

diff --git a/doc/man3/ASN1_STRING_length.pod b/doc/man3/ASN1_STRING_length.pod
@@ -72,7 +72,7 @@ In general it cannot be assumed that the data returned by ASN1_STRING_data()
 is null terminated or does not contain embedded nulls. The actual format
 of the data will depend on the actual string type itself: for example
 for an IA5String the data will be ASCII, for a BMPString two bytes per
-character in big endian format, and for an UTF8String it will be in UTF8 format.
+character in big endian format, and for a UTF8String it will be in UTF8 format.
 
 Similar care should be take to ensure the data is in the correct format
 when calling ASN1_STRING_set().

diff --git a/doc/man3/ASN1_TYPE_get.pod b/doc/man3/ASN1_TYPE_get.pod
@@ -68,7 +68,7 @@ only return zero if the values are the same.
 
 If either or both of the parameters passed to ASN1_TYPE_cmp() is NULL the
 return value is nonzero. Technically if both parameters are NULL the two
-types could be absent OPTIONAL fields and so should match, however passing
+types could be absent OPTIONAL fields and so should match, however, passing
 NULL values could also indicate a programming error (for example an
 unparsable type which returns NULL) for types which do B<not> match. So
 applications should handle the case of two absent values separately.