Correct another batch of typos

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
diff --git a/doc/crypto/BIO_connect.pod b/doc/crypto/BIO_connect.pod
index 4edb8ba..4c908fb 100644
--- a/doc/crypto/BIO_connect.pod
+++ b/doc/crypto/BIO_connect.pod
@@ -78,15 +78,15 @@
 =head1 RETURN VALUES
 
 BIO_socket() returns the socket number on success or B<INVALID_SOCKET>
-(-1) on error.  When an error has occured, the OpenSSL error stack
+(-1) on error.  When an error has occurred, the OpenSSL error stack
 will hold the error data and errno has the system error.
 
 BIO_connect() and BIO_listen() return 1 on success or 0 on error.
-When an error has occured, the OpenSSL error stack will hold the error
+When an error has occurred, the OpenSSL error stack will hold the error
 data and errno has the system error.
 
 BIO_accept_ex() returns the accepted socket on success or
-B<INVALID_SOCKET> (-1) on error.  When an error has occured, the
+B<INVALID_SOCKET> (-1) on error.  When an error has occurred, the
 OpenSSL error stack will hold the error data and errno has the system
 error.
 
diff --git a/doc/crypto/BIO_parse_hostserv.pod b/doc/crypto/BIO_parse_hostserv.pod
index 56b7144..df73ea7 100644
--- a/doc/crypto/BIO_parse_hostserv.pod
+++ b/doc/crypto/BIO_parse_hostserv.pod
@@ -21,7 +21,7 @@
 create strings with the host name and service name and give those
 back via B<host> and B<service>.  Those will need to be freed after
 they are used.  B<hostserv_prio> helps determine if B<hostserv> shall
-be interpreted primarly as a host name or a service name in ambiguous
+be interpreted primarily as a host name or a service name in ambiguous
 cases.
 
 The syntax the BIO_parse_hostserv() recognises is:
diff --git a/doc/crypto/BIO_s_accept.pod b/doc/crypto/BIO_s_accept.pod
index e0877e0..88877e4 100644
--- a/doc/crypto/BIO_s_accept.pod
+++ b/doc/crypto/BIO_s_accept.pod
@@ -49,7 +49,7 @@
 connection on that chain is shutdown and the socket closed when
 the BIO is freed.
 
-Calling BIO_reset() on a accept BIO will close any active
+Calling BIO_reset() on an accept BIO will close any active
 connection and reset the BIO into a state where it awaits another
 incoming connection.
 
@@ -60,7 +60,7 @@
 port. The port is represented as a string of the form "host:port",
 where "host" is the interface to use and "port" is the port.
 The host can be "*" or empty which is interpreted as meaning
-any interface.  If the host is a IPv6 address, it has to be
+any interface.  If the host is an IPv6 address, it has to be
 enclosed in brackets, for example "[::1]:https".  "port" has the
 same syntax as the port specified in BIO_set_conn_port() for
 connect BIOs, that is it can be a numerical port string or a
diff --git a/doc/crypto/BIO_s_bio.pod b/doc/crypto/BIO_s_bio.pod
index ce3cf6e..438b5dd 100644
--- a/doc/crypto/BIO_s_bio.pod
+++ b/doc/crypto/BIO_s_bio.pod
@@ -172,7 +172,7 @@
 
 =head1 WARNING
 
-As the data is buffered, SSL_operation() may return with a ERROR_SSL_WANT_READ
+As the data is buffered, SSL_operation() may return with an ERROR_SSL_WANT_READ
 condition, but there is still data in the write buffer. An application must
 not rely on the error value of SSL_operation() but must assure that the
 write buffer is always flushed first. Otherwise a deadlock may occur as
diff --git a/doc/crypto/BIO_s_connect.pod b/doc/crypto/BIO_s_connect.pod
index bd3cf81..4c246e0 100644
--- a/doc/crypto/BIO_s_connect.pod
+++ b/doc/crypto/BIO_s_connect.pod
@@ -55,7 +55,7 @@
 type (int *).
 
 BIO_set_conn_hostname() uses the string B<name> to set the hostname.
-The hostname can be an IP address; if the address is a IPv6 one, it
+The hostname can be an IP address; if the address is an IPv6 one, it
 must be enclosed with brackets. The hostname can also include the
 port in the form hostname:port.
 
diff --git a/doc/crypto/BIO_s_fd.pod b/doc/crypto/BIO_s_fd.pod
index 7c7cee9..e9ebdbf 100644
--- a/doc/crypto/BIO_s_fd.pod
+++ b/doc/crypto/BIO_s_fd.pod
@@ -23,7 +23,7 @@
 BIO_read() and BIO_write() read or write the underlying descriptor.
 BIO_puts() is supported but BIO_gets() is not.
 
-If the close flag is set then then close() is called on the underlying
+If the close flag is set then close() is called on the underlying
 file descriptor when the BIO is freed.
 
 BIO_reset() attempts to change the file pointer to the start of file
diff --git a/doc/crypto/BN_BLINDING_new.pod b/doc/crypto/BN_BLINDING_new.pod
index acc1220..f539ae6 100644
--- a/doc/crypto/BN_BLINDING_new.pod
+++ b/doc/crypto/BN_BLINDING_new.pod
@@ -97,7 +97,7 @@
 BN_BLINDING_set_current_thread() doesn't return anything.
 
 BN_BLINDING_lock(), BN_BLINDING_unlock() return 1 if the operation
-succeded or 0 on error.
+succeeded or 0 on error.
 
 BN_BLINDING_get_flags() returns the currently set B<BN_BLINDING> flags
 (a B<unsigned long> value).
diff --git a/doc/crypto/EVP_CIPHER_meth_new.pod b/doc/crypto/EVP_CIPHER_meth_new.pod
index b0076d5..499133f 100644
--- a/doc/crypto/EVP_CIPHER_meth_new.pod
+++ b/doc/crypto/EVP_CIPHER_meth_new.pod
@@ -193,7 +193,7 @@
 
 =item EVP_CIPH_FLAG_AEAD_CIPHER
 
-This indicates that this is a AEAD cipher implementation.
+This indicates that this is an AEAD cipher implementation.
 
 =item EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
 
diff --git a/doc/crypto/EVP_MD_meth_new.pod b/doc/crypto/EVP_MD_meth_new.pod
index a6a17cd..0bab127 100644
--- a/doc/crypto/EVP_MD_meth_new.pod
+++ b/doc/crypto/EVP_MD_meth_new.pod
@@ -96,13 +96,13 @@
 
 When setting up a DigestAlgorithmIdentifier, this flag will have the
 parameter be left absent by default.  I<Note: if combined with
-EVP_MD_FLAG_DIGALGID_NULL, the latter will be overriden.>
+EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.>
 
 =item EVP_MD_FLAG_DIGALGID_CUSTOM
 
 Custom DigestAlgorithmIdentifier handling via ctrl, with
 B<EVP_MD_FLAG_DIGALGID_ABSENT> as default.  I<Note: if combined with
-EVP_MD_FLAG_DIGALGID_NULL, the latter will be overriden.>
+EVP_MD_FLAG_DIGALGID_NULL, the latter will be overridden.>
 Currently unused.
 
 =back
diff --git a/doc/crypto/OCSP_response_find_status.pod b/doc/crypto/OCSP_response_find_status.pod
index 4baadfb4..2a14189 100644
--- a/doc/crypto/OCSP_response_find_status.pod
+++ b/doc/crypto/OCSP_response_find_status.pod
@@ -1,6 +1,6 @@
 =pod
 
-OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP reponse utility functions.
+OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity - OCSP response utility functions.
 
 =head1 SYNOPSIS
 
diff --git a/doc/crypto/OCSP_response_status.pod b/doc/crypto/OCSP_response_status.pod
index 5946734..5195b2a 100644
--- a/doc/crypto/OCSP_response_status.pod
+++ b/doc/crypto/OCSP_response_status.pod
@@ -26,7 +26,7 @@
 OCSP_response_create() creates and returns an B<OCSP_RESPONSE> structure for
 B<status> and optionally including basic response B<bs>.
 
-OCSP_RESPONSE_free() frees up OCSP reponse B<resp>.
+OCSP_RESPONSE_free() frees up OCSP response B<resp>.
 
 =head1 RETURN VALUES
 
diff --git a/doc/crypto/OCSP_sendreq_new.pod b/doc/crypto/OCSP_sendreq_new.pod
index b051512..1d5599a 100644
--- a/doc/crypto/OCSP_sendreq_new.pod
+++ b/doc/crypto/OCSP_sendreq_new.pod
@@ -40,7 +40,7 @@
 
 OCSP_REQ_CTX_free() frees up the OCSP context B<rctx>.
 
-OCSP_set_max_response_length() sets the maximum reponse length for B<rctx>
+OCSP_set_max_response_length() sets the maximum response length for B<rctx>
 to B<len>. If the response exceeds this length an error occurs. If not
 set a default value of 100k is used.
 
diff --git a/doc/crypto/OPENSSL_secure_malloc.pod b/doc/crypto/OPENSSL_secure_malloc.pod
index 3423eb0..2a04931 100644
--- a/doc/crypto/OPENSSL_secure_malloc.pod
+++ b/doc/crypto/OPENSSL_secure_malloc.pod
@@ -100,8 +100,7 @@
 the secure heap of the requested size, or C<NULL> if memory could not be
 allocated.
 
-CRYPTO_secure_allocated() returns 1 if the pointer is in the
-the secure heap, or 0 if not.
+CRYPTO_secure_allocated() returns 1 if the pointer is in the secure heap, or 0 if not.
 
 CRYPTO_secure_malloc_done() and OPENSSL_secure_free()
 return no values.
diff --git a/doc/crypto/RAND_load_file.pod b/doc/crypto/RAND_load_file.pod
index debf06f..6bc779a 100644
--- a/doc/crypto/RAND_load_file.pod
+++ b/doc/crypto/RAND_load_file.pod
@@ -24,7 +24,7 @@
 
 RAND_load_file() reads a number of bytes from file B<filename> and
 adds them to the PRNG. If B<max_bytes> is non-negative,
-up to to B<max_bytes> are read;
+up to B<max_bytes> are read;
 if B<max_bytes> is -1, the complete file is read.
 
 RAND_write_file() writes a number of random bytes (currently 1024) to
diff --git a/doc/crypto/X509V3_get_d2i.pod b/doc/crypto/X509V3_get_d2i.pod
index accc9f4..b502e81 100644
--- a/doc/crypto/X509V3_get_d2i.pod
+++ b/doc/crypto/X509V3_get_d2i.pod
@@ -168,7 +168,7 @@
  Delta CRL Indicator                NID_delta_crl
  Freshest CRL                       NID_freshest_crl
  Invalidity Date                    NID_invalidity_date
- Issuing Distrubution Point         NID_issuing_distribution_point
+ Issuing Distribution Point         NID_issuing_distribution_point
 
 The following are CRL entry extensions from PKIX standards such as RFC5280.
 
diff --git a/doc/crypto/X509_verify_cert.pod b/doc/crypto/X509_verify_cert.pod
index 1d0f1e2..a84ef00 100644
--- a/doc/crypto/X509_verify_cert.pod
+++ b/doc/crypto/X509_verify_cert.pod
@@ -41,7 +41,7 @@
 =head1 BUGS
 
 This function uses the header B<x509.h> as opposed to most chain verification
-functiosn which use B<x509_vfy.h>.
+functions which use B<x509_vfy.h>.
 
 =head1 SEE ALSO
 
diff --git a/doc/crypto/ecdsa.pod b/doc/crypto/ecdsa.pod
index 67ab536..c2e786e 100644
--- a/doc/crypto/ecdsa.pod
+++ b/doc/crypto/ecdsa.pod
@@ -123,7 +123,7 @@
 Creating an ECDSA signature of a given SHA-256 hash value using the
 named curve prime256v1 (aka P-256).
 
-First step: create a EC_KEY object (note: this part is B<not> ECDSA
+First step: create an EC_KEY object (note: this part is B<not> ECDSA
 specific)
 
  int        ret;
diff --git a/doc/crypto/engine.pod b/doc/crypto/engine.pod
index 99ed170..c069fd7 100644
--- a/doc/crypto/engine.pod
+++ b/doc/crypto/engine.pod
@@ -482,7 +482,7 @@
 this symbol is considered a "generic" command is handled directly by the
 OpenSSL core routines.
 
-It is using these "core" control commands that one can discover the the control
+It is using these "core" control commands that one can discover the control
 commands implemented by a given ENGINE, specifically the commands;
 
  #define ENGINE_HAS_CTRL_FUNCTION		10
diff --git a/doc/crypto/pem.pod b/doc/crypto/pem.pod
index 7ab8d67..5687375 100644
--- a/doc/crypto/pem.pod
+++ b/doc/crypto/pem.pod
@@ -399,7 +399,7 @@
 initialization vector is passed to EVP_BytesToKey() as the B<salt>
 parameter. Internally, B<PKCS5_SALT_LEN> bytes of the salt are used
 (regardless of the size of the initialization vector). The user's
-password is passed to to EVP_BytesToKey() using the B<data> and B<datal>
+password is passed to EVP_BytesToKey() using the B<data> and B<datal>
 parameters. Finally, the library uses an iteration count of 1 for
 EVP_BytesToKey().
 
diff --git a/doc/crypto/sk_X509_num.pod b/doc/crypto/sk_X509_num.pod
index 79002d4..eebdeb3 100644
--- a/doc/crypto/sk_X509_num.pod
+++ b/doc/crypto/sk_X509_num.pod
@@ -78,7 +78,7 @@
 elements at or after B<idx> are moved downwards. If B<idx> is out of range
 the new element is appended to B<sk>. sk_X509_insert() either returns the
 number of elements in B<sk> after the new element is inserted or zero if
-an error occured: which will happen if there is a memory allocation failure.
+an error occurred: which will happen if there is a memory allocation failure.
 
 sk_X509_push() appends B<ptr> to B<sk> it is equivalent to:
 
@@ -93,7 +93,7 @@
 sk_X509_shift() returns and removes the first element from B<sk>.
 
 sk_X509_set() sets element B<idx> of B<sk> to B<ptr> replacing the current
-element. The new element value is returned or B<NULL> if an error occured:
+element. The new element value is returned or B<NULL> if an error occurred:
 this will only happen if B<sk> is B<NULL> or B<idx> is out of range.
 
 sk_X509_find() and int sk_X509_find_ex() search B<sk> using the supplied
diff --git a/doc/openssl-c-indent.el b/doc/openssl-c-indent.el
index cedf135..c28814a 100644
--- a/doc/openssl-c-indent.el
+++ b/doc/openssl-c-indent.el
@@ -12,7 +12,7 @@
 ;;; M-x c-set-style <RET> (or C-c . for short), and enter "eay".
 ;;; To toggle the auto-newline feature of CC mode, type C-c C-a.
 ;;;
-;;; If you're a OpenSSL developer, you might find it more comfortable
+;;; If you're an OpenSSL developer, you might find it more comfortable
 ;;; to have this style be permanent in your OpenSSL development
 ;;; directory.  To have that, please perform this:
 ;;;
diff --git a/doc/ssl/SSL_CTX_dane_enable.pod b/doc/ssl/SSL_CTX_dane_enable.pod
index 36e9699..f2cb99e 100644
--- a/doc/ssl/SSL_CTX_dane_enable.pod
+++ b/doc/ssl/SSL_CTX_dane_enable.pod
@@ -36,7 +36,7 @@
 L<SSL_CTX_set_cert_verify_callback(3)> are responsible to authenticate the peer
 chain in whatever manner they see fit.
 
-SSL_CTX_dane_mtype_set() may then be called zero or more times to to adjust the
+SSL_CTX_dane_mtype_set() may then be called zero or more times to adjust the
 supported digest algorithms.
 This must be done before any SSL handles are created for the context.
 
diff --git a/doc/ssl/SSL_CTX_free.pod b/doc/ssl/SSL_CTX_free.pod
index 22ce550..70a6314 100644
--- a/doc/ssl/SSL_CTX_free.pod
+++ b/doc/ssl/SSL_CTX_free.pod
@@ -13,8 +13,7 @@
 =head1 DESCRIPTION
 
 SSL_CTX_free() decrements the reference count of B<ctx>, and removes the
-SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the
-the reference count has reached 0.
+SSL_CTX object pointed to by B<ctx> and frees up the allocated memory if the reference count has reached 0.
 
 It also calls the free()ing procedures for indirectly affected items, if
 applicable: the session cache, the list of ciphers, the list of Client CAs,
diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod
index 3383232..512ca81 100644
--- a/doc/ssl/SSL_CTX_set_cipher_list.pod
+++ b/doc/ssl/SSL_CTX_set_cipher_list.pod
@@ -45,7 +45,7 @@
 (see L<SSL_CTX_set_tmp_dh_callback(3)>).
 
 When these conditions are not met for any cipher in the list (e.g. a
-client only supports export RSA ciphers with a asymmetric key length
+client only supports export RSA ciphers with an asymmetric key length
 of 512 bits and the server is not configured to use temporary RSA
 keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
 and the handshake will fail.
diff --git a/doc/ssl/SSL_CTX_set_psk_client_callback.pod b/doc/ssl/SSL_CTX_set_psk_client_callback.pod
index 573f89a..b7f574b 100644
--- a/doc/ssl/SSL_CTX_set_psk_client_callback.pod
+++ b/doc/ssl/SSL_CTX_set_psk_client_callback.pod
@@ -59,7 +59,7 @@
 or SSL_set_psk_client_callback(). The callback function is given the
 connection in parameter B<ssl>, a B<NULL>-terminated PSK identity hint
 sent by the server in parameter B<hint>, a buffer B<identity> of
-length B<max_identity_len> bytes where the the resulting
+length B<max_identity_len> bytes where the resulting
 B<NULL>-terminated identity is to be stored, and a buffer B<psk> of
 length B<max_psk_len> bytes where the resulting pre-shared key is to
 be stored.
diff --git a/doc/ssl/SSL_CTX_set_security_level.pod b/doc/ssl/SSL_CTX_set_security_level.pod
index fd50614..2b56472 100644
--- a/doc/ssl/SSL_CTX_set_security_level.pod
+++ b/doc/ssl/SSL_CTX_set_security_level.pod
@@ -54,7 +54,7 @@
 
 =head1 DEFAULT CALLBACK BEHAVIOUR
 
-If an application doesn't set it's own security callback the default
+If an application doesn't set its own security callback the default
 callback is used. It is intended to provide sane defaults. The meaning
 of each level is described below.
 
diff --git a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
index b660b21..3502c1c 100644
--- a/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
+++ b/doc/ssl/SSL_CTX_set_tlsext_ticket_key_cb.pod
@@ -90,7 +90,7 @@
 =item Z<>0
 
 This indicates that it was not possible to set/retrieve a session ticket and 
-the SSL/TLS session will continue by by negotiating a set of cryptographic
+the SSL/TLS session will continue by negotiating a set of cryptographic
 parameters or using the alternate SSL/TLS resumption mechanism, session ids.
 
 If called with enc equal to 0 the library will call the I<cb> again to get
diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod
index b6d3334..c875163 100644
--- a/doc/ssl/ssl.pod
+++ b/doc/ssl/ssl.pod
@@ -76,7 +76,7 @@
 =head1 HEADER FILES
 
 Currently the OpenSSL B<ssl> library provides the following C header files
-containing the prototypes for the data structures and and functions:
+containing the prototypes for the data structures and functions:
 
 =over 4