Fix typos in lib/tmp-fix-typos-in-lib

Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>

34 files changed, 49 insertions, 49 deletions

diff --git a/lib/accelerated/cryptodev.c b/lib/accelerated/cryptodev.c
index 5897cc2ace..8d00cfdc2a 100644
--- a/lib/accelerated/cryptodev.c
+++ b/lib/accelerated/cryptodev.c
@@ -251,7 +251,7 @@ int _gnutls_cryptodev_init(void)
 			return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
 		}
 
-		/* Set close-on-exec (not really neede here) */
+		/* Set close-on-exec (not really needed here) */
 		if (fcntl(cfd, F_SETFD, 1) == -1) {
 			gnutls_assert();
 			return GNUTLS_E_CRYPTODEV_IOCTL_ERROR;
diff --git a/lib/auth/rsa.c b/lib/auth/rsa.c
index c2203c7ed3..d5d0943242 100644
--- a/lib/auth/rsa.c
+++ b/lib/auth/rsa.c
@@ -92,7 +92,7 @@ int check_key_usage_for_enc(gnutls_session_t session, unsigned key_usage)
  * server. Therefore the correct cert type needs to be retrieved to be
  * used for the _gnutls_get_auth_info_pcert call. If this
  * function is to be called on the server side in the future, extra
- * checks need to be build in order to retrieve te correct
+ * checks need to be build in order to retrieve the correct
  * certificate type.
  */
 int
@@ -213,12 +213,12 @@ proc_rsa_client_kx(gnutls_session_t session, uint8_t * data,
 					 session->key.key.size);
 	/* After this point, any conditional on failure that cause differences
 	 * in execution may create a timing or cache access pattern side
-	 * channel that can be used as an oracle, so tread very carefully */
+	 * channel that can be used as an oracle, so treat very carefully */
 
 	/* Error handling logic:
 	 * In case decryption fails then don't inform the peer. Just use the
 	 * random key previously generated. (in order to avoid attack against
-	 * pkcs-1 formating).
+	 * pkcs-1 formatting).
 	 *
 	 * If we get version mismatches no error is returned either. We
 	 * proceed normally. This is to defend against the attack described
diff --git a/lib/auth/rsa_psk.c b/lib/auth/rsa_psk.c
index 644f2e8b29..791fcd8bb7 100644
--- a/lib/auth/rsa_psk.c
+++ b/lib/auth/rsa_psk.c
@@ -334,7 +334,7 @@ _gnutls_proc_rsa_psk_client_kx(gnutls_session_t session, uint8_t * data,
 	if (ret < 0 || plaintext.size != GNUTLS_MASTER_SIZE) {
 		/* In case decryption fails then don't inform
 		 * the peer. Just use a random key. (in order to avoid
-		 * attack against pkcs-1 formating).
+		 * attack against pkcs-1 formatting).
 		 */
 		gnutls_assert();
 		_gnutls_debug_log
diff --git a/lib/cipher-cbc.c b/lib/cipher-cbc.c
index 741119223b..2f387c523c 100644
--- a/lib/cipher-cbc.c
+++ b/lib/cipher-cbc.c
@@ -90,7 +90,7 @@ int cbc_mac_verify(gnutls_session_t session, record_parameters_st *params,
 
 	pad = data[data_size - 1];	/* pad */
 
-	/* Check the pading bytes (TLS 1.x).
+	/* Check the padding bytes (TLS 1.x).
 	 * Note that we access all 256 bytes of ciphertext for padding check
 	 * because there is a timing channel in that memory access (in certain CPUs).
 	 */
diff --git a/lib/ext/client_cert_type.c b/lib/ext/client_cert_type.c
index 534c407b3a..0fbd4e9e4a 100644
--- a/lib/ext/client_cert_type.c
+++ b/lib/ext/client_cert_type.c
@@ -91,7 +91,7 @@ static int _gnutls_client_cert_type_recv_params(gnutls_session_t session,
 					gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 		}
 
-		/* The server picked one of the offered cert types iff he supports
+		/* The server picked one of the offered cert types if he supports
 		 * at least one of them and decided to do a client certificate
 		 * request. If both parties play by the rules then we may only
 		 * receive a cert type that we offered, i.e. one that we support.
diff --git a/lib/ext/server_cert_type.c b/lib/ext/server_cert_type.c
index 35c6d751db..b290b7b06e 100644
--- a/lib/ext/server_cert_type.c
+++ b/lib/ext/server_cert_type.c
@@ -91,7 +91,7 @@ static int _gnutls_server_cert_type_recv_params(gnutls_session_t session,
 					gnutls_assert_val(GNUTLS_E_UNEXPECTED_PACKET_LENGTH);
 		}
 
-		/* The server picked one of the offered cert types iff he supports
+		/* The server picked one of the offered cert types if he supports
 		 * at least one of them. If both parties play by the rules then we
 		 * may only receive a cert type that we offered, i.e. one that we
 		 * support. Because the world isn't as beautiful as it may seem,
diff --git a/lib/extras/hex.h b/lib/extras/hex.h
index e2ce3ff28a..15d4e64932 100644
--- a/lib/extras/hex.h
+++ b/lib/extras/hex.h
@@ -7,7 +7,7 @@
 
 /**
  * hex_decode - Unpack a hex string.
- * @str: the hexidecimal string
+ * @str: the hexadecimal string
  * @slen: the length of @str
  * @buf: the buffer to write the data into
  * @bufsize: the length of @buf
diff --git a/lib/global.h b/lib/global.h
index c1aa7863b5..97b0b27281 100644
--- a/lib/global.h
+++ b/lib/global.h
@@ -33,7 +33,7 @@ extern ASN1_TYPE _gnutls_gnutls_asn;
 
 /* removed const from node_asn* to
  * prevent warnings, since libtasn1 doesn't
- * use the const keywork in its functions.
+ * use the const keyword in its functions.
  */
 #define _gnutls_get_gnutls_asn() ((ASN1_TYPE) _gnutls_gnutls_asn)
 #define _gnutls_get_pkix() ((ASN1_TYPE) _gnutls_pkix1_asn)
diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h
index 8baa8815e7..a0c47efa0f 100644
--- a/lib/gnutls_int.h
+++ b/lib/gnutls_int.h
@@ -1101,7 +1101,7 @@ typedef struct {
 
 	bool invalid_connection;	/* true or FALSE - if this session is valid */
 
-	bool may_not_read;	/* if it's 0 then we can read/write, otherwise it's forbiden to read/write
+	bool may_not_read;	/* if it's 0 then we can read/write, otherwise it's forbidden to read/write
 				 */
 	bool may_not_write;
 	bool read_eof;		/* non-zero if we have received a closure alert. */
@@ -1263,7 +1263,7 @@ typedef struct {
 	 */
 	bool ignore_rdn_sequence;
 
-	/* This is used to set an arbitary version in the RSA
+	/* This is used to set an arbitrary version in the RSA
 	 * PMS secret. Can be used by clients to test whether the
 	 * server checks that version. (** only used in gnutls-cli-debug)
 	 */
diff --git a/lib/handshake.c b/lib/handshake.c
index d83a51c9bb..70b4486266 100644
--- a/lib/handshake.c
+++ b/lib/handshake.c
@@ -1626,7 +1626,7 @@ _gnutls_recv_handshake(gnutls_session_t session,
 	default:
 		gnutls_assert();
 		/* we shouldn't actually arrive here in any case .
-		 * unexpected messages should be catched after _gnutls_handshake_io_recv_int()
+		 * unexpected messages should be caught after _gnutls_handshake_io_recv_int()
 		 */
 		ret = GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET;
 		goto cleanup;
diff --git a/lib/includes/gnutls/abstract.h b/lib/includes/gnutls/abstract.h
index 223fb2ed1f..0aa1018555 100644
--- a/lib/includes/gnutls/abstract.h
+++ b/lib/includes/gnutls/abstract.h
@@ -122,7 +122,7 @@ typedef void (*gnutls_privkey_deinit_func) (gnutls_privkey_t key,
  */
 #define GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO (1<<2)
 /* Should return the number of bits of the public key algorithm (required for RSA-PSS)
- * It is the value that should be retuned by gnutls_pubkey_get_pk_algorithm() */
+ * It is the value that should be returned by gnutls_pubkey_get_pk_algorithm() */
 #define GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS (1<<3)
 
 /* returns information on the public key associated with userdata */
diff --git a/lib/includes/gnutls/compat.h b/lib/includes/gnutls/compat.h
index 732b9dbeb4..f81d25b47a 100644
--- a/lib/includes/gnutls/compat.h
+++ b/lib/includes/gnutls/compat.h
@@ -50,7 +50,7 @@ extern "C" {
 /* gnutls_connection_end_t was made redundant in 2.99.0 */
 typedef unsigned int gnutls_connection_end_t _GNUTLS_GCC_ATTR_DEPRECATED;
 
-/* Stuff deprected in 2.x */
+/* Stuff deprecated in 2.x */
 typedef gnutls_cipher_algorithm_t gnutls_cipher_algorithm
     _GNUTLS_GCC_ATTR_DEPRECATED;
 typedef gnutls_kx_algorithm_t gnutls_kx_algorithm
diff --git a/lib/mbuffers.c b/lib/mbuffers.c
index 2e4c62a295..24395e6496 100644
--- a/lib/mbuffers.c
+++ b/lib/mbuffers.c
@@ -324,7 +324,7 @@ _mbuffer_append_data(mbuffer_st * bufel, void *newdata,
 #ifdef ENABLE_ALIGN16
 # define ALIGN_SIZE 16
 
-/* Allocate a 16-byte alligned buffer segment. The segment is not initially "owned" by
+/* Allocate a 16-byte aligned buffer segment. The segment is not initially "owned" by
  * any buffer.
  *
  * maximum_size: Amount of data that this segment can contain.
diff --git a/lib/nettle/gost/ecc-internal.h b/lib/nettle/gost/ecc-internal.h
index 16d6828772..21bd98cfdc 100644
--- a/lib/nettle/gost/ecc-internal.h
+++ b/lib/nettle/gost/ecc-internal.h
@@ -127,7 +127,7 @@ struct ecc_curve
 {
   /* The prime p. */
   struct ecc_modulo p;
-  /* Group order. FIXME: Currently, many fucntions rely on q.size ==
+  /* Group order. FIXME: Currently, many functions rely on q.size ==
      p.size. This has to change for radix-51 implementation of
      curve25519 mod p arithmetic. */
   struct ecc_modulo q;
@@ -202,7 +202,7 @@ gost_hash (const struct ecc_modulo *m,
 
 /* Converts a point P in jacobian coordinates into a point R in affine
    coordinates. If op == 1, produce x coordinate only. If op == 2,
-   produce the x coordiante only, and in also it modulo q. FIXME: For
+   produce the x coordinate only, and in also it modulo q. FIXME: For
    the public interface, have separate for the three cases, and use
    this flag argument only for the internal ecc->h_to_a function. */
 void
diff --git a/lib/nettle/int/dsa-keygen-fips186.c b/lib/nettle/int/dsa-keygen-fips186.c
index 30ba004e0f..69f7f8ceba 100644
--- a/lib/nettle/int/dsa-keygen-fips186.c
+++ b/lib/nettle/int/dsa-keygen-fips186.c
@@ -421,7 +421,7 @@ _dsa_generate_dss_pqg(struct dsa_params *params,
 	if (_gnutls_fips_mode_enabled() != 0) {
 		cert->seed_length = 2 * (q_bits / 8) + 1;
 
-		FIPS_RULE(cert->seed_length != seed_size, 0, "unsupported DSA seed length (is %d, shoudl be %d)\n", seed_size, cert->seed_length);
+		FIPS_RULE(cert->seed_length != seed_size, 0, "unsupported DSA seed length (is %d, should be %d)\n", seed_size, cert->seed_length);
 	} else {
 		cert->seed_length = seed_size;
 	}
diff --git a/lib/nettle/int/rsa-keygen-fips186.c b/lib/nettle/int/rsa-keygen-fips186.c
index a76e5eaa00..438101ef1d 100644
--- a/lib/nettle/int/rsa-keygen-fips186.c
+++ b/lib/nettle/int/rsa-keygen-fips186.c
@@ -358,7 +358,7 @@ _rsa_generate_fips186_4_keypair(struct rsa_public_key *pub,
 		goto cleanup;
 	}
 
-	/* Done! Almost, we must compute the auxillary private values. */
+	/* Done! Almost, we must compute the auxiliary private values. */
 	/* a = d % (p-1) */
 	mpz_fdiv_r(key->a, key->d, p1);
 
diff --git a/lib/pcert.c b/lib/pcert.c
index 816a748b05..23eadf12d0 100644
--- a/lib/pcert.c
+++ b/lib/pcert.c
@@ -387,7 +387,7 @@ int gnutls_pcert_import_rawpk(gnutls_pcert_st* pcert,
 	/* A pcert struct holds a raw copy of the certificate data.
 	 * Therefore we convert our gnutls_pubkey_t to its raw DER
 	 * representation and copy it into our pcert. It is this raw data
-	 * that will be transfered to the peer via a Certificate msg.
+	 * that will be transferred to the peer via a Certificate msg.
 	 * According to the spec (RFC7250) a DER representation must be used.
 	 */
 	ret = gnutls_pubkey_export2(pubkey, GNUTLS_X509_FMT_DER, &pcert->cert);
@@ -452,7 +452,7 @@ int gnutls_pcert_import_rawpk_raw(gnutls_pcert_st* pcert,
 	pcert->pubkey->key_usage = key_usage;
 
 	/* A pcert struct holds a raw copy of the certificate data.
-	 * It is this raw data that will be transfered to the peer via a
+	 * It is this raw data that will be transferred to the peer via a
 	 * Certificate message. According to the spec (RFC7250) a DER
 	 * representation must be used. Therefore we check the format and
 	 * convert if necessary.
diff --git a/lib/pkcs11.c b/lib/pkcs11.c
index c974565830..39e2799b1e 100644
--- a/lib/pkcs11.c
+++ b/lib/pkcs11.c
@@ -1291,7 +1291,7 @@ void gnutls_pkcs11_obj_deinit(gnutls_pkcs11_obj_t obj)
  *   replaced by the actual size of parameters)
  *
  * This function will export the PKCS11 object data.  It is normal for
- * data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST
+ * data to be inaccessible and in that case %GNUTLS_E_INVALID_REQUEST
  * will be returned.
  *
  * If the buffer provided is not long enough to hold the output, then
@@ -1329,7 +1329,7 @@ gnutls_pkcs11_obj_export(gnutls_pkcs11_obj_t obj,
  * @out: will contain the object data
  *
  * This function will export the PKCS11 object data.  It is normal for
- * data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST
+ * data to be inaccessible and in that case %GNUTLS_E_INVALID_REQUEST
  * will be returned.
  *
  * The output buffer is allocated using gnutls_malloc().
@@ -1352,7 +1352,7 @@ gnutls_pkcs11_obj_export2(gnutls_pkcs11_obj_t obj, gnutls_datum_t * out)
  * @fmt: The format of the exported data
  *
  * This function will export the PKCS11 object data.  It is normal for
- * data to be inaccesible and in that case %GNUTLS_E_INVALID_REQUEST
+ * data to be inaccessible and in that case %GNUTLS_E_INVALID_REQUEST
  * will be returned.
  *
  * The output buffer is allocated using gnutls_malloc().
@@ -4252,7 +4252,7 @@ find_cert_cb(struct ck_function_list *module, struct pkcs11_session_info *sinfo,
  *
  * This function will return the issuer of a given certificate, if it
  * is stored in the token. By default only marked as trusted issuers
- * are retuned. If any issuer should be returned specify
+ * are returned. If any issuer should be returned specify
  * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY in @flags.
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
@@ -4355,7 +4355,7 @@ int gnutls_pkcs11_get_raw_issuer(const char *url, gnutls_x509_crt_t cert,
  *
  * This function will return the certificate with the given DN, if it
  * is stored in the token. By default only marked as trusted issuers
- * are retuned. If any issuer should be returned specify
+ * are returned. If any issuer should be returned specify
  * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY in @flags.
  *
  * The name of the function includes issuer because it can
@@ -4440,7 +4440,7 @@ int gnutls_pkcs11_get_raw_issuer_by_dn (const char *url, const gnutls_datum_t *d
  *
  * This function will return the certificate with the given DN and @spki, if it
  * is stored in the token. By default only marked as trusted issuers
- * are retuned. If any issuer should be returned specify
+ * are returned. If any issuer should be returned specify
  * %GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY in @flags.
  *
  * The name of the function includes issuer because it can
diff --git a/lib/record.c b/lib/record.c
index 73c484ed56..2dc997d09b 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -872,7 +872,7 @@ record_add_to_buffers(gnutls_session_t session,
 				goto cleanup;
 			} else {
 				/* if the alert is FATAL or WARNING
-				 * return the apropriate message
+				 * return the appropriate message
 				 */
 				gnutls_assert();
 				ret = GNUTLS_E_WARNING_ALERT_RECEIVED;
diff --git a/lib/str-idna.c b/lib/str-idna.c
index 8a1dce980a..30a09407c0 100644
--- a/lib/str-idna.c
+++ b/lib/str-idna.c
@@ -73,7 +73,7 @@ int gnutls_idna_map(const char *input, unsigned ilen, gnutls_datum_t *out, unsig
 	/* IDN2_NONTRANSITIONAL automatically converts to lowercase
 	 * IDN2_NFC_INPUT converts to NFC before toASCII conversion
 	 *
-	 * Since IDN2_NONTRANSITIONAL implicitely does NFC conversion, we don't need
+	 * Since IDN2_NONTRANSITIONAL implicitly does NFC conversion, we don't need
 	 * the additional IDN2_NFC_INPUT. But just for the unlikely case that the linked
 	 * library is not matching the headers when building and it doesn't support TR46,
 	 * we provide IDN2_NFC_INPUT. */
diff --git a/lib/str.c b/lib/str.c
index f766915bc0..7757730175 100644
--- a/lib/str.c
+++ b/lib/str.c
@@ -223,7 +223,7 @@ _gnutls_buffer_pop_datum(gnutls_buffer_st * str, gnutls_datum_t * data,
 	str->data += req_size;
 	str->length -= req_size;
 
-	/* if string becomes empty start from begining */
+	/* if string becomes empty start from beginning */
 	if (str->length == 0) {
 		str->data = str->allocd;
 	}
diff --git a/lib/tls-sig.c b/lib/tls-sig.c
index 87016172e2..75f88e5fbd 100644
--- a/lib/tls-sig.c
+++ b/lib/tls-sig.c
@@ -547,7 +547,7 @@ _gnutls_handshake_verify_crt_vrfy(gnutls_session_t session,
 }
 
 /* the same as _gnutls_handshake_sign_crt_vrfy except that it is made for TLS 1.2.
- * Returns the used signature algorihm, or a negative error code.
+ * Returns the used signature algorithm, or a negative error code.
  */
 static int
 _gnutls_handshake_sign_crt_vrfy12(gnutls_session_t session,
@@ -668,7 +668,7 @@ _gnutls_handshake_sign_crt_vrfy3(gnutls_session_t session,
  * For TLS1.x, x<2 returns negative for failure and zero or unspecified for success.
  * For TLS1.2 returns the signature algorithm used on success, or a negative error code;
  *
- * Returns the used signature algorihm, or a negative error code.
+ * Returns the used signature algorithm, or a negative error code.
  */
 int
 _gnutls_handshake_sign_crt_vrfy(gnutls_session_t session,
diff --git a/lib/x509/attributes.c b/lib/x509/attributes.c
index 4d116be4ec..9c83ca8414 100644
--- a/lib/x509/attributes.c
+++ b/lib/x509/attributes.c
@@ -110,7 +110,7 @@ _x509_parse_attribute(ASN1_TYPE asn1_struct,
 			goto cleanup;
 		}
 
-		/* Move to the attibute type and values
+		/* Move to the attribute type and values
 		 */
 		/* Read the OID
 		 */
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 828bd9059d..033531970d 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -74,7 +74,7 @@ static int append_elements(ASN1_TYPE asn1_struct, const char *asn1_rdn_name, gnu
 		goto cleanup;
 	}
 
-	do {		/* Move to the attibute type and values
+	do {		/* Move to the attribute type and values
 				 */
 		k2++;
 
@@ -359,7 +359,7 @@ _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct,
 
 		k2 = 0;
 
-		do {		/* Move to the attibute type and values
+		do {		/* Move to the attribute type and values
 				 */
 			k2++;
 
@@ -519,7 +519,7 @@ _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct,
 
 		k2 = 0;
 
-		do {		/* Move to the attibute type and values
+		do {		/* Move to the attribute type and values
 				 */
 			k2++;
 
diff --git a/lib/x509/ip-in-cidr.h b/lib/x509/ip-in-cidr.h
index 86fd8e50e4..8bb5dd48ae 100644
--- a/lib/x509/ip-in-cidr.h
+++ b/lib/x509/ip-in-cidr.h
@@ -30,7 +30,7 @@
  * The @ip version must match the @cidr version (v4/v6),
  * (this is not checked).
  *
- * Returns: 1 if @ip lies withing @cidr, 0 otherwise
+ * Returns: 1 if @ip lies within @cidr, 0 otherwise
  -*/
 static unsigned ip_in_cidr(const gnutls_datum_t *ip, const gnutls_datum_t *cidr)
 {
diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c
index 20a64690a3..bb914420f1 100644
--- a/lib/x509/mpi.c
+++ b/lib/x509/mpi.c
@@ -378,7 +378,7 @@ _gnutls_x509_write_sign_params(ASN1_TYPE dst, const char *dst_name,
 }
 
 /* this function reads a (small) unsigned integer
- * from asn1 structs. Combines the read and the convertion
+ * from asn1 structs. Combines the read and the conversion
  * steps.
  */
 int
diff --git a/lib/x509/name_constraints.c b/lib/x509/name_constraints.c
index c4d78026fe..a2cca38450 100644
--- a/lib/x509/name_constraints.c
+++ b/lib/x509/name_constraints.c
@@ -242,7 +242,7 @@ static name_constraints_node_st* name_constraints_node_new(unsigned type,
  * @_nc_excluded: Corresponding excluded name constraints list
  *
  * This function finds the intersection of @_nc and @_nc2. The result is placed in @_nc,
- * the original @_nc is deallocated. @_nc2 is not chenged. If necessary, a universal
+ * the original @_nc is deallocated. @_nc2 is not changed. If necessary, a universal
  * excluded name constraint node of the right type is added to the list provided
  * in @_nc_excluded.
  *
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index db54b3ea22..a52c4aa428 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -2575,7 +2575,7 @@ time_t _gnutls_ocsp_get_validity(gnutls_ocsp_resp_t resp)
 	now = gnutls_time(0);
 
 	if (ntime == -1) {
-		/* This is a problematic case, and there is no concensus on how
+		/* This is a problematic case, and there is no consensus on how
 		 * to treat these responses. It doesn't contain the time after which
 		 * the response is invalid, thus it is an OCSP response effectively
 		 * valid forever defeating the purpose of OCSP. We set here the same
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 1f5b4bdf88..447eb8e2c9 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -827,7 +827,7 @@ int gnutls_pkcs12_set_bag(gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag)
 	asn1_delete_structure(&safe_cont);
 
 
-	/* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12
+	/* Step 5. Re-encode and copy the AuthenticatedSafe into the pkcs12
 	 * structure.
 	 */
 	result =
diff --git a/lib/x509/time.c b/lib/x509/time.c
index 4d2b789268..2632a795a9 100644
--- a/lib/x509/time.c
+++ b/lib/x509/time.c
@@ -35,7 +35,7 @@
 #include <common.h>
 
 /* TIME functions 
- * Convertions between generalized or UTC time to time_t
+ * Conversions between generalized or UTC time to time_t
  *
  */
 
@@ -69,7 +69,7 @@ static const int MONTHDAYS[] = {
 /*
  **  Given a struct tm representing a calendar time in UTC, convert it to
  **  seconds since epoch.  Returns (time_t) -1 if the time is not
- **  convertable.  Note that this function does not canonicalize the provided
+ **  convertible.  Note that this function does not canonicalize the provided
  **  struct tm, nor does it allow out of range values or years before 1970.
  */
 static time_t mktime_utc(const struct fake_tm *tm)
diff --git a/lib/x509/verify-high.c b/lib/x509/verify-high.c
index 7f640f1a13..5969b36146 100644
--- a/lib/x509/verify-high.c
+++ b/lib/x509/verify-high.c
@@ -1203,7 +1203,7 @@ gnutls_x509_trust_list_verify_crt(gnutls_x509_trust_list_t list,
 /* This macro is introduced to detect a verification output
  * which indicates an unknown signer, or a signer which uses
  * an insecure algorithm (e.g., sha1), something that indicates
- * a superceded signer */
+ * a superseded signer */
 #define SIGNER_OLD_OR_UNKNOWN(output) ((output & GNUTLS_CERT_SIGNER_NOT_FOUND) || (output & GNUTLS_CERT_INSECURE_ALGORITHM))
 #define SIGNER_WAS_KNOWN(output) (!(output & GNUTLS_CERT_SIGNER_NOT_FOUND))
 
diff --git a/lib/x509/verify.c b/lib/x509/verify.c
index 58acf42b86..d4eafd4fdd 100644
--- a/lib/x509/verify.c
+++ b/lib/x509/verify.c
@@ -593,7 +593,7 @@ static int _gnutls_x509_verify_data(gnutls_sign_algorithm_t sign,
  * trusted CAs.
  *
  * Returns only 0 or 1. If 1 it means that the certificate 
- * was successfuly verified.
+ * was successfully verified.
  *
  * 'flags': an OR of the gnutls_certificate_verify_flags enumeration.
  *
diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index 58c3263d1e..8213c6e427 100644
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -453,7 +453,7 @@ int gnutls_x509_ext_import_name_constraints(const gnutls_datum_t * ext,
  *
  * This function will convert the provided name constraints type to a
  * DER-encoded PKIX NameConstraints (2.5.29.30) extension. The output data in 
- * @ext will be allocated usin gnutls_malloc().
+ * @ext will be allocated using gnutls_malloc().
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
  *
@@ -3136,7 +3136,7 @@ int gnutls_x509_ext_import_key_purposes(const gnutls_datum_t * ext,
  *
  * This function will convert the key purposes type to a
  * DER-encoded PKIX ExtKeyUsageSyntax (2.5.29.37) extension. The output data in 
- * @ext will be allocated usin gnutls_malloc().
+ * @ext will be allocated using gnutls_malloc().
  *
  * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a negative error value.
  *
diff --git a/lib/x509/x509_int.h b/lib/x509/x509_int.h
index bbd59d1547..c1bacc7b2a 100644
--- a/lib/x509/x509_int.h
+++ b/lib/x509/x509_int.h
@@ -313,7 +313,7 @@ _gnutls_x509_ext_extract_number(uint8_t * number,
 				size_t * nr_size,
 				uint8_t * extnValue, int extnValueLen);
 int
-_gnutls_x509_ext_gen_number(const uint8_t * nuber, size_t nr_size,
+_gnutls_x509_ext_gen_number(const uint8_t * number, size_t nr_size,
 			    gnutls_datum_t * der_ext);