More typo fixes

Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)

7 files changed, 16 insertions, 20 deletions

diff --git a/ssl/record/ssl3_record.c b/ssl/record/ssl3_record.c
index d5615d1b36..3d1bcc1f70 100644
--- a/ssl/record/ssl3_record.c
+++ b/ssl/record/ssl3_record.c
@@ -1662,8 +1662,7 @@ int dtls1_process_record(SSL *s, DTLS1_BITMAP *bitmap)
 }
 
 /*
- * retrieve a buffered record that belongs to the current epoch, ie,
- * processed
+ * Retrieve a buffered record that belongs to the current epoch, i.e. processed
  */
 #define dtls1_get_processed_record(s) \
                    dtls1_retrieve_buffered_record((s), \
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 482c810e1e..f169611c01 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -741,7 +741,7 @@ int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
 {
     /*
      * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how
-     * we can "construct" a session to give us the desired check - ie. to
+     * we can "construct" a session to give us the desired check - i.e. to
      * find if there's a session in the hash table that would conflict with
      * any new session built out of this id/id_len and the ssl_version in use
      * by this SSL.
@@ -2546,8 +2546,8 @@ void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
 }
 
 /*
- * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from
- * |ssl|. On return it sets |*data| to point to |*len| bytes of protocol name
+ * SSL_get0_alpn_selected gets the selected ALPN protocol (if any) from |ssl|.
+ * On return it sets |*data| to point to |*len| bytes of protocol name
  * (not including the leading length-prefix byte). If the server didn't
  * respond with a negotiated protocol then |*len| will be zero.
  */
@@ -3147,10 +3147,7 @@ int SSL_get_error(const SSL *s, int i)
     }
 
     if (SSL_want_write(s)) {
-        /*
-         * Access wbio directly - in order to use the buffered bio if
-         * present
-         */
+        /* Access wbio directly - in order to use the buffered bio if present */
         bio = s->wbio;
         if (BIO_should_write(bio))
             return (SSL_ERROR_WANT_WRITE);
@@ -3893,7 +3890,7 @@ void SSL_set_not_resumable_session_callback(SSL *ssl,
 /*
  * Allocates new EVP_MD_CTX and sets pointer to it into given pointer
  * variable, freeing EVP_MD_CTX previously stored in that variable, if any.
- * If EVP_MD pointer is passed, initializes ctx with this md.
+ * If EVP_MD pointer is passed, initializes ctx with this |md|.
  * Returns the newly allocated ctx;
  */
 
diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
index 9cdb263ee3..043b8304eb 100644
--- a/ssl/statem/extensions.c
+++ b/ssl/statem/extensions.c
@@ -325,7 +325,7 @@ static const EXTENSION_DEFINITION ext_defs[] = {
  * Verify whether we are allowed to use the extension |type| in the current
  * |context|. Returns 1 to indicate the extension is allowed or unknown or 0 to
  * indicate the extension is not allowed. If returning 1 then |*found| is set to
- * 1 if we found a definition for the extension, and |*idx| is set to its index
+ * the definition for the extension we found.
  */
 static int verify_extension(SSL *s, unsigned int context, unsigned int type,
                             custom_ext_methods *meths, RAW_EXTENSION *rawexlist,
diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
index c6b164147b..d4f8e0a0c3 100644
--- a/ssl/statem/statem_clnt.c
+++ b/ssl/statem/statem_clnt.c
@@ -1983,7 +1983,7 @@ static int tls_process_ske_dhe(SSL *s, PACKET *pkt, EVP_PKEY **pkey, int *al)
         goto err;
     }
 
-    /* test non-zero pupkey */
+    /* test non-zero pubkey */
     if (BN_is_zero(bnpub_key)) {
         *al = SSL_AD_DECODE_ERROR;
         SSLerr(SSL_F_TLS_PROCESS_SKE_DHE, SSL_R_BAD_DH_VALUE);
diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
index e2c47994b8..1c6c35eb06 100644
--- a/ssl/statem/statem_srvr.c
+++ b/ssl/statem/statem_srvr.c
@@ -659,7 +659,7 @@ WORK_STATE ossl_statem_server_pre_work(SSL *s, WORK_STATE wst)
     case TLS_ST_SW_SRVR_HELLO:
         if (SSL_IS_DTLS(s)) {
             /*
-             * Messages we write from now on should be bufferred and
+             * Messages we write from now on should be buffered and
              * retransmitted if necessary, so we need to use the timer now
              */
             st->use_timer = 1;
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 83e493eb7c..1c98b53e96 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -1841,7 +1841,7 @@ static int ssl_check_ca_name(STACK_OF(X509_NAME) *names, X509 *x)
  * attempting to use them.
  */
 
-/* Flags which need to be set for a certificate when stict mode not set */
+/* Flags which need to be set for a certificate when strict mode not set */
 
 #define CERT_PKEY_VALID_FLAGS \
         (CERT_PKEY_EE_SIGNATURE|CERT_PKEY_EE_PARAM)
@@ -2101,7 +2101,7 @@ void tls1_set_cert_validity(SSL *s)
     tls1_check_chain(s, NULL, NULL, NULL, SSL_PKEY_GOST12_512);
 }
 
-/* User level utiity function to check a chain is suitable */
+/* User level utility function to check a chain is suitable */
 int SSL_check_chain(SSL *s, X509 *x, EVP_PKEY *pk, STACK_OF(X509) *chain)
 {
     return tls1_check_chain(s, x, pk, chain, -1);
@@ -2205,8 +2205,8 @@ int ssl_security_cert(SSL *s, SSL_CTX *ctx, X509 *x, int vfy, int is_ee)
 }
 
 /*
- * Check security of a chain, if sk includes the end entity certificate then
- * x is NULL. If vfy is 1 then we are verifying a peer chain and not sending
+ * Check security of a chain, if |sk| includes the end entity certificate then
+ * |x| is NULL. If |vfy| is 1 then we are verifying a peer chain and not sending
  * one to the peer. Return values: 1 if ok otherwise error code to use
  */
 
@@ -2257,7 +2257,7 @@ int tls_choose_sigalg(SSL *s, int *al)
         int curve = -1, skip_ec = 0;
 #endif
 
-        /* Look for a certificate matching shared sigaglgs */
+        /* Look for a certificate matching shared sigalgs */
         for (i = 0; i < s->cert->shared_sigalgslen; i++) {
             lu = s->cert->shared_sigalgs[i];
 
@@ -2304,7 +2304,7 @@ int tls_choose_sigalg(SSL *s, int *al)
             if (idx == -1)
                 return 1;
             if (idx == SSL_PKEY_GOST_EC) {
-                /* Work out which GOST certificate is avaiable */
+                /* Work out which GOST certificate is available */
                 if (ssl_has_cert(s, SSL_PKEY_GOST12_512)) {
                     idx = SSL_PKEY_GOST12_512;
                 } else if (ssl_has_cert(s, SSL_PKEY_GOST12_256)) {
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 3b783a74af..2ae4552843 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -454,7 +454,7 @@ int tls13_change_cipher_state(SSL *s, int which)
             labellen = sizeof(client_handshake_traffic) - 1;
             log_label = CLIENT_HANDSHAKE_LABEL;
             /*
-             * The hanshake hash used for the server read/client write handshake
+             * The handshake hash used for the server read/client write handshake
              * traffic secret is the same as the hash for the server
              * write/client read handshake traffic secret. However, if we
              * processed early data then we delay changing the server