9 files changed, 24 insertions, 24 deletions

diff --git a/src/lib/libcrypto/x509/pcy_tree.c b/src/lib/libcrypto/x509/pcy_tree.c
index be563d2677..050503bdf3 100644
--- a/src/lib/libcrypto/x509/pcy_tree.c
+++ b/src/lib/libcrypto/x509/pcy_tree.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pcy_tree.c,v 1.4 2022/11/26 16:08:54 tb Exp $ */
+/* $OpenBSD: pcy_tree.c,v 1.5 2022/12/26 07:18:53 jmc Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2004.
  */
@@ -131,7 +131,7 @@ tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
 #endif
 
 /* Initialize policy tree. Return values:
- *  0 Some internal error occured.
+ *  0 Some internal error occurred.
  * -1 Inconsistent or invalid extensions in certificates.
  *  1 Tree initialized OK.
  *  2 Policy tree is empty.
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 7795181efc..0ff66587b9 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.90 2022/07/12 14:42:50 kn Exp $ */
+/* $OpenBSD: x509.h,v 1.91 2022/12/26 07:18:53 jmc Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -893,7 +893,7 @@ int 		X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
 int             X509_NAME_get_text_by_OBJ(X509_NAME *name,
                         const ASN1_OBJECT *obj, char *buf,int len);
 
-/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
+/* NOTE: you should be passing -1, not 0 as lastpos.  The functions that use
  * lastpos, search after that position on. */
 int             X509_NAME_get_index_by_NID(const X509_NAME *name, int nid,
                         int lastpos);
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index 1b79383de0..346cab0a40 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_constraints.c,v 1.30 2022/11/28 07:22:15 tb Exp $ */
+/* $OpenBSD: x509_constraints.c,v 1.31 2022/12/26 07:18:53 jmc Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -192,7 +192,7 @@ x509_constraints_names_dup(struct x509_constraints_names *names)
  * 5890 compliant A-labels (see RFC 6066 section 3). This is more
  * permissive to allow for a leading '.'  for a subdomain based
  * constraint, as well as allowing for '_' which is commonly accepted
- * by nonconformant DNS implementaitons.
+ * by nonconformant DNS implementations.
  *
  * if "wildcards" is set it allows '*' to occur in the string at the end of a
  * component.
@@ -587,7 +587,7 @@ x509_constraints_sandns(char *sandns, size_t dlen, char *constraint, size_t len)
  * returns 1 if the domain and constraint match.
  * returns 0 otherwise.
  *
- * an empty constraint matches everyting.
+ * an empty constraint matches everything.
  * constraint will be matched against the domain as a suffix if it
  * starts with a '.'.
  * domain will be matched against the constraint as a suffix if it
@@ -651,10 +651,10 @@ x509_constraints_uri(uint8_t *uri, size_t ulen, uint8_t *constraint,
 }
 
 /*
- * Verify a validated address of size alen with a validated contraint
+ * Verify a validated address of size alen with a validated constraint
  * of size constraint_len. returns 1 if matching, 0 if not.
  * Addresses are assumed to be pre-validated for a length of 4 and 8
- * respectively for ipv4 addreses and constraints, and a length of
+ * respectively for ipv4 addresses and constraints, and a length of
  * 16 and 32 respectively for ipv6 address constraints by the caller.
  */
 int
@@ -909,7 +909,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
                         vname = NULL;
                 }
                 /*
-                 * Include the CN as a hostname to be checked againt
+                 * Include the CN as a hostname to be checked against
                  * name constraints if it looks like a hostname.
                  */
                 while (include_cn &&
@@ -1210,7 +1210,7 @@ x509_constraints_check(struct x509_constraints_names *names,
 /*
  * Walk a validated chain of X509 certs, starting at the leaf, and
  * validate the name constraints in the chain. Intended for use with
- * the legacy X509 validtion code in x509_vfy.c
+ * the legacy X509 validation code in x509_vfy.c
  *
  * returns 1 if the constraints are ok, 0 otherwise, setting error and
  * depth
diff --git a/src/lib/libcrypto/x509/x509_issuer_cache.c b/src/lib/libcrypto/x509/x509_issuer_cache.c
index 4f78e1e69b..f7fbd54ca7 100644
--- a/src/lib/libcrypto/x509/x509_issuer_cache.c
+++ b/src/lib/libcrypto/x509/x509_issuer_cache.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_issuer_cache.c,v 1.3 2022/06/27 14:23:40 beck Exp $ */
+/* $OpenBSD: x509_issuer_cache.c,v 1.4 2022/12/26 07:18:53 jmc Exp $ */
 /*
  * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
  *
@@ -75,7 +75,7 @@ x509_issuer_cache_set_max(size_t max)
 
 /*
  * Free the oldest entry in the issuer cache. Returns 1
- * if an entry was successfuly freed, 0 otherwise. Must
+ * if an entry was successfully freed, 0 otherwise. Must
  * be called with x509_issuer_tree_mutex held.
  */
 void
diff --git a/src/lib/libcrypto/x509/x509_ncons.c b/src/lib/libcrypto/x509/x509_ncons.c
index cc7f59cd0a..c7e4e6ed9f 100644
--- a/src/lib/libcrypto/x509/x509_ncons.c
+++ b/src/lib/libcrypto/x509/x509_ncons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_ncons.c,v 1.7 2022/11/26 16:08:55 tb Exp $ */
+/* $OpenBSD: x509_ncons.c,v 1.8 2022/12/26 07:18:53 jmc Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -482,7 +482,7 @@ nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
 
         if (!emlat)
                 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-        /* Special case: inital '.' is RHS match */
+        /* Special case: initial '.' is RHS match */
         if (!baseat && (*baseptr == '.')) {
                 if (eml->length > base->length) {
                         emlptr += eml->length - base->length;
@@ -543,7 +543,7 @@ nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
         if (hostlen == 0)
                 return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
 
-        /* Special case: inital '.' is RHS match */
+        /* Special case: initial '.' is RHS match */
         if (*baseptr == '.') {
                 if (hostlen > base->length) {
                         p = hostptr + hostlen - base->length;
diff --git a/src/lib/libcrypto/x509/x509_utl.c b/src/lib/libcrypto/x509/x509_utl.c
index 525939d4ca..aa18efe2c5 100644
--- a/src/lib/libcrypto/x509/x509_utl.c
+++ b/src/lib/libcrypto/x509/x509_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_utl.c,v 1.4 2022/11/14 17:48:50 beck Exp $ */
+/* $OpenBSD: x509_utl.c,v 1.5 2022/12/26 07:18:53 jmc Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -723,7 +723,7 @@ skip_prefix(const unsigned char **p, size_t *plen, const unsigned char *subject,
  * "equal_nocase" function is a hand-rolled strncasecmp that does not
  * allow \0 in the pattern. Since an embedded \0 is likely a sign of
  * problems, we simply don't allow it in either case, and then we use
- * standard libc funcitons.
+ * standard libc functions.
  */
 
 /* Compare using strncasecmp */
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 9392b1f41e..f6c7c21f5f 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.109 2022/12/01 05:20:30 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.110 2022/12/26 07:18:53 jmc Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -312,7 +312,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
                 if (ctx->untrusted != NULL) {
                         /*
                          * If we do not find a non-expired untrusted cert, peek
-                         * ahead and see if we can satisify this from the trusted
+                         * ahead and see if we can satisfy this from the trusted
                          * store. If not, see if we have an expired untrusted cert.
                          */
                         xtmp = find_issuer(ctx, sktmp, x, 0);
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index 9a9d6c0a1c..27ed484291 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.56 2022/12/01 05:27:04 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.57 2022/12/26 07:18:53 jmc Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -255,7 +255,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 /* Do not check certificate or CRL validity against current time. */
 #define X509_V_FLAG_NO_CHECK_TIME               0x200000
 
-/* Force the use of the legacy certificate verifcation */
+/* Force the use of the legacy certificate verification */
 #define X509_V_FLAG_LEGACY_VERIFY               0x400000
 
 #define X509_VP_FLAG_DEFAULT                    0x1
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
index 14e2deb84f..19a253da4d 100644
--- a/src/lib/libcrypto/x509/x509name.c
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509name.c,v 1.29 2022/11/26 16:08:55 tb Exp $ */
+/* $OpenBSD: x509name.c,v 1.30 2022/12/26 07:18:53 jmc Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -123,7 +123,7 @@ X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos)
 }
 LCRYPTO_ALIAS(X509_NAME_get_index_by_NID)
 
-/* NOTE: you should be passsing -1, not 0 as lastpos */
+/* NOTE: you should be passing -1, not 0 as lastpos */
 int
 X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj,
     int lastpos)