Fix various spelling issues reported by codespell

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

CHANGELOG

@@ -57,7 +57,7 @@ version 0.9.4 (released 2020-04-09)
   * Fixed CVE-2020-1730 - Possible DoS in client and server when handling
     AES-CTR keys with OpenSSL
   * Added diffie-hellman-group14-sha256
-  * Fixed serveral possible memory leaks
+  * Fixed several possible memory leaks
 
 version 0.9.3 (released 2019-12-10)
   * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
@@ -208,7 +208,7 @@ version 0.6.1 (released 2014-02-08)
   * Fixed DSA signature extraction.
   * Fixed some memory leaks.
   * Fixed read of non-connected socket.
-  * Fixed thread dectection.
+  * Fixed thread detection.
 
 version 0.6.0 (released 2014-01-08)
   * Added new publicy key API.
@@ -233,7 +233,7 @@ version 0.6.0 (released 2014-01-08)
 version 0.5.5 (released 2013-07-26)
   * BUG 103: Fix ProxyCommand parsing.
   * Fix setting -D_FORTIFY_SOURCE=2.
-  * Fix pollset error return if emtpy.
+  * Fix pollset error return if empty.
   * Fix NULL pointer checks in channel functions.
   * Several bugfixes.
 
@@ -249,7 +249,7 @@ version 0.5.3 (released 2012-11-20)
   * BUG #84 - Fix bug in sftp_mkdir not returning on error.
   * BUG #85 - Fixed a possible channel infinite loop if the connection dropped.
   * BUG #88 - Added missing channel request_state and set it to accepted.
-  * BUG #89 - Reset error state to no error on successful SSHv1 authentiction.
+  * BUG #89 - Reset error state to no error on successful SSHv1 authentication.
   * Fixed a possible use after free in ssh_free().
   * Fixed multiple possible NULL pointer dereferences.
   * Fixed multiple memory leaks in error paths.
@@ -310,7 +310,7 @@ version 0.4.7 (released 2010-12-28)
   * Fixed a possible memory leak in ssh_get_user_home().
   * Fixed a memory leak in sftp_xstat.
   * Fixed uninitialized fd->revents member.
-  * Fixed timout value in ssh_channel_accept().
+  * Fixed timeout value in ssh_channel_accept().
   * Fixed length checks in ssh_analyze_banner().
   * Fixed a possible data overread and crash bug.
   * Fixed setting max_fd which breaks ssh_select().
@@ -333,7 +333,7 @@ version 0.4.5 (released 2010-07-13)
   * Added option to bind a client to an ip address.
   * Fixed the ssh socket polling function.
   * Fixed Windows related bugs in bsd_poll().
-  * Fixed serveral build warnings.
+  * Fixed several build warnings.
 
 version 0.4.4 (released 2010-06-01)
   * Fixed a bug in the expand function for escape sequences.
@@ -352,17 +352,17 @@ version 0.4.3 (released 2010-05-18)
   * Fixed sftp_chown.
   * Fixed sftp_rename on protocol version 3.
   * Fixed a blocking bug in channel_poll.
-  * Fixed config parsing wich has overwritten user specified values.
+  * Fixed config parsing which has overwritten user specified values.
   * Fixed hashed [host]:port format in knownhosts
   * Fixed Windows build.
-  * Fixed doublefree happening after a negociation error.
+  * Fixed doublefree happening after a negotiation error.
   * Fixed aes*-ctr with <= OpenSSL 0.9.7b.
   * Fixed some documentation.
   * Fixed exec example which has broken read usage.
   * Fixed broken algorithm choice for server.
   * Fixed a typo that we don't export all symbols.
   * Removed the unneeded dependency to doxygen.
-  * Build examples only on the Linux plattform.
+  * Build examples only on the Linux platform.
 
 version 0.4.2 (released 2010-03-15)
   * Added owner and group information in sftp attributes.
@@ -384,7 +384,7 @@ version 0.4.1 (released 2010-02-13)
   * Added an example for exec.
   * Added private key type detection feature in privatekey_from_file().
   * Fixed zlib compression fallback.
-  * Fixed kex bug that client preference should be prioritary
+  * Fixed kex bug that client preference should be priority
   * Fixed known_hosts file set by the user.
   * Fixed a memleak in channel_accept().
   * Fixed underflow when leave_function() are unbalanced
@@ -522,7 +522,7 @@ version 0.11-dev
   * Keyboard-interactive authentication working.
 
 version 0.1 (released 2004-03-05)
-  * Begining of sftp subsystem implementation.
+  * Beginning of sftp subsystem implementation.
   * Some cleanup into channels implementation
   * Now every channel functions is called by its CHANNEL handler.
   * Added channel_poll() and channel_read().
@@ -543,7 +543,7 @@ version 0.0.4 (released 2003-10-10)
   * Added a wrapper.c file. The goal is to provide a similar API to every
     cryptographic functions. bignums and sha/md5 are wrapped now.
   * More work than it first looks.
-  * Support for other crypto libs planed (lighter libs)
+  * Support for other crypto libs planned (lighter libs)
   * Fixed stupid select() bug.
   * Libssh now compiles and links with openssl 0.9.6
   * RSA pubkey authentication code now works !

CONTRIBUTING.md

@@ -274,7 +274,7 @@ This is bad:
      * This is a multi line comment,
      * with some more words...*/
 
-### Indention & Whitespace & 80 columns
+### Indentation & Whitespace & 80 columns
 
 To avoid confusion, indentations have to be 4 spaces. Do not use tabs!.  When
 wrapping parameters for function calls, align the parameter list with the first

CompilerChecks.cmake

@@ -70,7 +70,7 @@ if (UNIX)
     check_c_compiler_flag_ssp("-fstack-protector-strong" WITH_STACK_PROTECTOR_STRONG)
     if (WITH_STACK_PROTECTOR_STRONG)
         list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector-strong")
-        # This is needed as Solaris has a seperate libssp
+        # This is needed as Solaris has a separate libssp
         if (SOLARIS)
             list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector-strong")
         endif()
@@ -78,7 +78,7 @@ if (UNIX)
         check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
         if (WITH_STACK_PROTECTOR)
             list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector")
-            # This is needed as Solaris has a seperate libssp
+            # This is needed as Solaris has a separate libssp
             if (SOLARIS)
                 list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector")
             endif()

ConfigureChecks.cmake

@@ -320,7 +320,7 @@ int main(void) {
 # For detecting attributes we need to treat warnings as
 # errors
 if (UNIX OR MINGW)
-    # Get warnings for attributs
+    # Get warnings for attributes
     check_c_compiler_flag("-Wattributes" REQUIRED_FLAGS_WERROR)
     if (REQUIRED_FLAGS_WERROR)
         string(APPEND CMAKE_REQUIRED_FLAGS "-Wattributes ")

DefineOptions.cmake

@@ -2,7 +2,7 @@ option(WITH_GSSAPI "Build with GSSAPI support" ON)
 option(WITH_ZLIB "Build with ZLIB support" ON)
 option(WITH_SFTP "Build with SFTP support" ON)
 option(WITH_SERVER "Build with SSH server support" ON)
-option(WITH_DEBUG_CRYPTO "Build with cryto debug output" OFF)
+option(WITH_DEBUG_CRYPTO "Build with crypto debug output" OFF)
 option(WITH_DEBUG_PACKET "Build with packet debug output" OFF)
 option(WITH_DEBUG_CALLTRACE "Build with calltrace debug output" ON)
 option(WITH_DSA "Build with DSA" OFF)

INSTALL

@@ -39,7 +39,7 @@ GNU/Linux, MacOS X, MSYS/MinGW:
     cmake -DUNIT_TESTING=ON -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug ..
     make
 
-On Windows you should choose a makefile gernerator with -G or use
+On Windows you should choose a makefile generator with -G or use
 
     cmake-gui.exe ..
 

cmake/Modules/DefineCMakeDefaults.cmake

@@ -6,7 +6,7 @@ set(CMAKE_INCLUDE_CURRENT_DIR ON)
 
 # Put the include dirs which are in the source or build tree
 # before all other include dirs, so the headers in the sources
-# are prefered over the already installed ones
+# are preferred over the already installed ones
 # since cmake 2.4.1
 set(CMAKE_INCLUDE_DIRECTORIES_PROJECT_BEFORE ON)
 

cmake/Modules/FindGSSAPI.cmake

@@ -5,7 +5,7 @@
 #  GSSAPI_ROOT_DIR - Set this variable to the root installation of GSSAPI
 #
 # Read-Only variables:
-#  GSSAPI_FLAVOR_MIT - set to TURE if MIT Kerberos has been found
+#  GSSAPI_FLAVOR_MIT - set to TRUE if MIT Kerberos has been found
 #  GSSAPI_FLAVOR_HEIMDAL - set to TRUE if Heimdal Keberos has been found
 #  GSSAPI_FOUND - system has GSSAPI
 #  GSSAPI_INCLUDE_DIR - the GSSAPI include directory

config.h.cmake

@@ -82,13 +82,13 @@
 /* Define to 1 if you have the <pthread.h> header file. */
 #cmakedefine HAVE_PTHREAD_H 1
 
-/* Define to 1 if you have eliptic curve cryptography in openssl */
+/* Define to 1 if you have elliptic curve cryptography in openssl */
 #cmakedefine HAVE_OPENSSL_ECC 1
 
-/* Define to 1 if you have eliptic curve cryptography in gcrypt */
+/* Define to 1 if you have elliptic curve cryptography in gcrypt */
 #cmakedefine HAVE_GCRYPT_ECC 1
 
-/* Define to 1 if you have eliptic curve cryptography */
+/* Define to 1 if you have elliptic curve cryptography */
 #cmakedefine HAVE_ECC 1
 
 /* Define to 1 if you have DSA */

doc/curve25519-sha256@libssh.org.txt

@@ -3,13 +3,13 @@ curve25519-sha256@libssh.org.txt        Aris Adamantiadis <aris@badcode.be>
 
 1. Introduction
 
-This document describes the key exchange methode curve25519-sha256@libssh.org
+This document describes the key exchange method curve25519-sha256@libssh.org
 for SSH version 2 protocol. It is provided as an alternative to the existing
 key exchange mechanisms based on either Diffie-Hellman or Elliptic Curve Diffie-
 Hellman [RFC5656].
 The reason is the following : During summer of 2013, revelations from ex-
 consultant at NSA Edward Snowden gave proof that NSA willingly inserts backdoors
-into softwares, hardware components and published standards. While it is still
+into software, hardware components and published standards. While it is still
 believed that the mathematics behind ECC cryptography are still sound and solid,
 some people (including Bruce Schneier [SCHNEIER]), showed their lack of confidence
 in NIST-published curves such as nistp256, nistp384, nistp521, for which constant
@@ -42,8 +42,8 @@ The following is an overview of the key exchange process:
 Client                                                            Server
 ------                                                            ------
 Generate ephemeral key pair.
-SSH_MSG_KEX_ECDH_INIT          -------->                      
+SSH_MSG_KEX_ECDH_INIT          -------->
-                                            Verify that client public key 
+                                            Verify that client public key
                                             length is 32 bytes.
                                              Generate ephemeral key pair.
                                                    Compute shared secret.
@@ -55,7 +55,7 @@ Compute shared secret.
 Generate exchange hash.
 Verify server's signature.
 
-*   Optional but strongly recommanded as this protects against MITM attacks.
+*   Optional but strongly recommended as this protects against MITM attacks.
 
 This is implemented using the same messages as described in RFC5656 chapter 4
 
@@ -109,7 +109,7 @@ This number is calculated using the following procedure:
      side's public key and the local private key scalar.
 
      The whole 32 bytes of the number X are then converted into a big integer k.
-     This conversion follows the network byte order. This step differs from 
+     This conversion follows the network byte order. This step differs from
      RFC5656.
 
 [RFC5656]    https://tools.ietf.org/html/rfc5656

doc/mainpage.dox

@@ -149,7 +149,7 @@ The libssh Team
 
 @subsection main-rfc-secsh Secure Shell (SSH)
 
-The following RFC documents described SSH-2 protcol as an Internet standard.
+The following RFC documents described SSH-2 protocol as an Internet standard.
 
  - <a href="https://tools.ietf.org/html/rfc4250" target="_blank">RFC 4250</a>,
     The Secure Shell (SSH) Protocol Assigned Numbers

examples/samplesftp.c

@@ -173,7 +173,7 @@ static void do_sftp(ssh_session session) {
         sftp_attributes_free(file);
     }
 
-    /* when file = NULL, an error has occured OR the directory listing is end of
+    /* when file = NULL, an error has occurred OR the directory listing is end of
      * file */
     if (!sftp_dir_eof(dir)) {
         fprintf(stderr, "Error: %s\n", ssh_get_error(session));

examples/samplesshd-kbdint.c

@@ -369,9 +369,9 @@ int main(int argc, char **argv){
         }
     } while(!chan);
 
-    if(!chan) {
+    if (!chan) {
-        printf("Error: cleint did not ask for a channel session (%s)\n",
+        printf("Error: client did not ask for a channel session (%s)\n",
-                                                    ssh_get_error(session));
+               ssh_get_error(session));
         ssh_finalize();
         return 1;
     }

examples/sshd_direct-tcpip.c

@@ -197,7 +197,7 @@ subsystem_request(UNUSED_PARAM(ssh_session session),
                   UNUSED_PARAM(void *userdata))
 {
     _ssh_log(SSH_LOG_PROTOCOL,
-             "=== subsystem_request", "Channel subsystem reqeuest: %s",
+             "=== subsystem_request", "Channel subsystem request: %s",
              subsystem);
     return 0;
 }
@@ -293,7 +293,7 @@ my_channel_eof_function(ssh_session session,
 
     _ssh_log(SSH_LOG_PROTOCOL,
              "=== my_channel_eof_function",
-             "Got EOF on channel. Shuting down write on socket (fd = %d).",
+             "Got EOF on channel. Shutting down write on socket (fd = %d).",
              *event_fd_data->p_fd);
 
     stack_socket_close(session, event_fd_data);

include/libssh/callbacks.h

@@ -81,7 +81,7 @@ typedef void (*ssh_log_callback) (ssh_session session, int priority,
  *
  * @param priority  Priority of the log, the smaller being the more important.
  *
- * @param function  The function name calling the the logging fucntions.
+ * @param function  The function name calling the logging functions.
  *
  * @param message   The actual message
  *
@@ -268,7 +268,7 @@ typedef ssh_string (*ssh_gssapi_select_oid_callback) (ssh_session session, const
 		int n_oid, ssh_string *oids, void *userdata);
 
 /*
- * @brief handle the negociation of a security context, server side.
+ * @brief handle the negotiation of a security context, server side.
  * @param session current session handler
  * @param[in] input_token input token provided by client
  * @param[out] output_token output of the gssapi accept_sec_context method,
@@ -397,7 +397,7 @@ struct ssh_socket_callbacks_struct {
    */
   ssh_callback_int_int exception;
   /** This function is called when the ssh_socket_connect was used on the socket
-   * on nonblocking state, and the connection successed.
+   * on nonblocking state, and the connection succeeded.
    */
   ssh_callback_int_int connected;
 };
@@ -637,7 +637,7 @@ typedef void (*ssh_channel_exit_status_callback) (ssh_session session,
  * @param session Current session handler
  * @param channel the actual channel
  * @param signal the signal name (without the SIG prefix)
- * @param core a boolean telling wether a core has been dumped or not
+ * @param core a boolean telling whether a core has been dumped or not
  * @param errmsg the description of the exception
  * @param lang the language of the description (format: RFC 3066)
  * @param userdata Userdata to be passed to the callback function.
@@ -989,7 +989,7 @@ LIBSSH_API struct ssh_threads_callbacks_struct *ssh_threads_get_noop(void);
  *
  * @param[in]  cb  The callback to set.
  *
- * @return         0 on success, < 0 on errror.
+ * @return         0 on success, < 0 on error.
  */
 LIBSSH_API int ssh_set_log_callback(ssh_logging_callback cb);
 

include/libssh/channels.h

@@ -35,7 +35,7 @@ enum ssh_channel_request_state_e {
 	SSH_CHANNEL_REQ_STATE_ACCEPTED,
 	/** A request has been replied and refused */
 	SSH_CHANNEL_REQ_STATE_DENIED,
-	/** A request has been replied and an error happend */
+	/** A request has been replied and an error happened */
 	SSH_CHANNEL_REQ_STATE_ERROR
 };
 

include/libssh/libssh.h

@@ -352,7 +352,7 @@ enum {
 #define SSH_LOG_WARN 1
 /** Get some information what's going on */
 #define SSH_LOG_INFO 2
-/** Get detailed debuging information **/
+/** Get detailed debugging information **/
 #define SSH_LOG_DEBUG 3
 /** Get trace output, packet information, ... */
 #define SSH_LOG_TRACE 4

include/libssh/pki.h

@@ -34,7 +34,7 @@
 #endif
 #include "libssh/crypto.h"
 #if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ED25519)
-/* If using OpenSSL implementation, define the signature lenght which would be
+/* If using OpenSSL implementation, define the signature length which would be
  * defined in libssh/ed25519.h otherwise */
 #define ED25519_SIG_LEN 64
 #else

include/libssh/server.h

@@ -117,7 +117,7 @@ LIBSSH_API int ssh_bind_listen(ssh_bind ssh_bind_o);
  *
  * @param[in] userdata  A pointer to private data to pass to the callbacks.
  *
- * @return              SSH_OK on success, SSH_ERROR if an error occured.
+ * @return              SSH_OK on success, SSH_ERROR if an error occurred.
  *
  * @code
  *     struct ssh_callbacks_struct cb = {
@@ -280,7 +280,7 @@ LIBSSH_API int ssh_message_reply_default(ssh_message msg);
  *
  * @param[in] msg       The message to get the username from.
  *
- * @return              The username or NULL if an error occured.
+ * @return              The username or NULL if an error occurred.
  *
  * @see ssh_message_get()
  * @see ssh_message_type()
@@ -292,7 +292,7 @@ LIBSSH_API const char *ssh_message_auth_user(ssh_message msg);
  *
  * @param[in] msg       The message to get the password from.
  *
- * @return              The username or NULL if an error occured.
+ * @return              The username or NULL if an error occurred.
  *
  * @see ssh_message_get()
  * @see ssh_message_type()

src/channels.c

@@ -2499,7 +2499,8 @@ ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms)
 
 /**
  * @brief Accept an incoming TCP/IP forwarding channel and get some information
- * about incomming connection
+ * about incoming connection
+ *
  * @param[in]  session    The ssh session to use.
  *
  * @param[in]  timeout_ms A timeout in milliseconds.
@@ -2515,7 +2516,8 @@ ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int*
 
 /**
  * @brief Accept an incoming TCP/IP forwarding channel and get information
- * about incomming connection
+ * about incoming connection
+ *
  * @param[in]  session    The ssh session to use.
  *
  * @param[in]  timeout_ms A timeout in milliseconds.

src/client.c

@@ -730,7 +730,7 @@ ssh_session_set_disconnect_message(ssh_session session, const char *message)
  *
  * The session can then be reused to open a new session.
  *
- * @note Note that this function wont close the socket if it was set with
+ * @note Note that this function won't close the socket if it was set with
  * @ssh_options_set and SSH_OPTIONS_FD. You're responsible for closing the
  * socket. This is new behavior in libssh 0.10.
  *

src/config.c

@@ -395,7 +395,7 @@ ssh_exec_shell(char *cmd)
         }
     }
     if (!WIFEXITED(status)) {
-        SSH_LOG(SSH_LOG_WARN, "Command %s exitted abnormally", cmd);
+        SSH_LOG(SSH_LOG_WARN, "Command %s exited abnormally", cmd);
         return -1;
     }
     SSH_LOG(SSH_LOG_TRACE, "Command '%s' returned %d", cmd, WEXITSTATUS(status));
@@ -1007,7 +1007,7 @@ ssh_config_parse_line(ssh_session session,
         if (p == NULL) {
             break;
         } else if (strcmp(p, "default") == 0) {
-            /* Default rekey limits enforced automaticaly */
+            /* Default rekey limits enforced automatically */
             ll = 0;
         } else {
             char *endp = NULL;

src/curve25519.c

@@ -408,8 +408,8 @@ static SSH_PACKET_CALLBACK(ssh_packet_server_curve25519_init){
     memcpy(session->next_crypto->curve25519_client_pubkey,
            ssh_string_data(q_c_string), CURVE25519_PUBKEY_SIZE);
     SSH_STRING_FREE(q_c_string);
-    /* Build server's keypair */
 
+    /* Build server's key pair */
     rc = ssh_curve25519_init(session);
     if (rc != SSH_OK) {
         ssh_set_error(session, SSH_FATAL, "Failed to generate curve25519 keys");

src/dh-gex.c

@@ -37,7 +37,7 @@
 #include "libssh/buffer.h"
 #include "libssh/session.h"
 
-/* Minimum, recommanded and maximum size of DH group */
+/* Minimum, recommended and maximum size of DH group */
 #define DH_PMIN 2048
 #define DH_PREQ 2048
 #define DH_PMAX 8192

src/dh_crypto.c

@@ -466,7 +466,8 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
 /** @internal
  * @brief generates a secret DH parameter of at least DH_SECURITY_BITS
  *        security as well as the corresponding public key.
- * @param[out] parms a dh_ctx that will hold the new keys.
+ *
+ * @param[out] params a dh_ctx that will hold the new keys.
  * @param peer Select either client or server key storage. Valid values are:
  *        DH_CLIENT_KEYPAIR or DH_SERVER_KEYPAIR
  *

src/dh_key.c

@@ -289,8 +289,10 @@ void ssh_dh_cleanup(struct ssh_crypto_struct *crypto)
 /** @internal
  * @brief generates a secret DH parameter of at least DH_SECURITY_BITS
  *        security as well as the corresponding public key.
- * @param[out] parms a dh_kex paramters structure with preallocated bignum
+ *
+ * @param[out] params a dh_kex parameters structure with preallocated bignum
  *             where to store the parameters
+ *
  * @return SSH_OK on success, SSH_ERROR on error
  */
 int ssh_dh_keypair_gen_keys(struct dh_ctx *dh_ctx, int peer)

src/ecdh_gcrypt.c

@@ -295,7 +295,7 @@ SSH_PACKET_CALLBACK(ssh_packet_server_ecdh_init){
     }
     session->next_crypto->ecdh_client_pubkey = q_c_string;
 
-    /* Build server's keypair */
+    /* Build server's key pair */
     err = gcry_sexp_build(&param, NULL, "(genkey(ecdh(curve %s) (flags transient-key)))",
                           curve);
     if (err) {

src/external/bcrypt_pbkdf.c

@@ -42,7 +42,7 @@
  * function with the following modifications:
  * 1. The input password and salt are preprocessed with SHA512.
  * 2. The output length is expanded to 256 bits.
- * 3. Subsequently the magic string to be encrypted is lengthened and modifed
+ * 3. Subsequently the magic string to be encrypted is lengthened and modified
  *    to "OxychromaticBlowfishSwatDynamite"
  * 4. The hash function is defined to perform 64 rounds of initial state
  *    expansion. (More rounds are performed by iterating the hash.)

src/gzip.c

@@ -50,7 +50,7 @@ static z_stream *initcompress(ssh_session session, int level) {
   if (status != Z_OK) {
     SAFE_FREE(stream);
     ssh_set_error(session, SSH_FATAL,
-        "status %d inititalising zlib deflate", status);
+        "status %d initialising zlib deflate", status);
     return NULL;
   }
 

src/knownhosts.c

@@ -1227,7 +1227,7 @@ ssh_session_get_known_hosts_entry(ssh_session session,
  *          SSH_KNOWN_HOSTS_NOT_FOUND: The known host file does not exist. The
  *                                     host is thus unknown. File will be
  *                                     created if host key is accepted.\n
- *          SSH_KNOWN_HOSTS_ERROR:     There had been an eror checking the host.
+ *          SSH_KNOWN_HOSTS_ERROR:     There had been an error checking the host.
  *
  * @see ssh_knownhosts_entry_free()
  */

src/libcrypto.c

@@ -716,7 +716,7 @@ evp_cipher_aead_decrypt(struct ssh_cipher_struct *cipher,
                            (unsigned char *)out,
                            &outlen,
                            (unsigned char *)complete_packet + aadlen,
-                           encrypted_size /* already substracted aadlen*/);
+                           encrypted_size /* already subtracted aadlen */);
     if (rc != 1) {
         SSH_LOG(SSH_LOG_TRACE, "EVP_DecryptUpdate failed");
         return SSH_ERROR;

src/libgcrypt.c

@@ -390,7 +390,7 @@ aes_gcm_decrypt(struct ssh_cipher_struct *cipher,
     err = gcry_cipher_setiv(cipher->key[0],
                             cipher->last_iv,
                             AES_GCM_IVLEN);
-    /* This actualy does not increment the packet counter for the
+    /* This actually does not increment the packet counter for the
      * current encryption operation, but for the next one. The first
      * operation needs to be completed with the derived IV.
      *

src/libmbedcrypto.c

@@ -725,7 +725,7 @@ chacha20_poly1305_set_iv(struct ssh_cipher_struct *cipher,
 
     /* The nonce in mbedTLS is 96 b long. The counter is passed through separate
      * parameter of 32 b size.
-     * Encode the seqence number into the last 8 bytes.
+     * Encode the sequence number into the last 8 bytes.
      */
     PUSH_BE_U64(seqbuf, 4, seq);
 #ifdef DEBUG_CRYPTO

src/options.c

@@ -464,7 +464,7 @@ int ssh_options_set_algo(ssh_session session,
  *                (uint64_t, 0=default)
  *
  *              - SSH_OPTIONS_REKEY_TIME
- *                Set the time limit for a session before intializing a rekey
+ *                Set the time limit for a session before initializing a rekey
  *                in seconds. RFC 4253 Section 9 recommends one hour.
  *                (uint32_t, 0=off)
  *

src/packet.c

@@ -1801,7 +1801,7 @@ int ssh_packet_send(ssh_session session)
 
         if (need_rekey) {
             /* Send the KEXINIT packet instead.
-             * This recursivelly calls the packet_send(), but it should
+             * This recursively calls the packet_send(), but it should
              * not get into rekeying again.
              * After that we need to handle the key exchange responses
              * up to the point where we can send the rest of the queue.

src/packet_cb.c

@@ -160,7 +160,7 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){
     }
     SSH_LOG(SSH_LOG_DEBUG,"Signature verified and valid");
 
-    /* When receiving this packet, we switch on the incomming crypto. */
+    /* When receiving this packet, we switch on the incoming crypto. */
     rc = ssh_packet_set_newkeys(session, SSH_DIRECTION_IN);
     if (rc != SSH_OK) {
         goto error;

src/pki.c

@@ -1088,7 +1088,7 @@ int ssh_pki_export_privkey_file(const ssh_key privkey,
     return SSH_OK;
 }
 
-/* temporary function to migrate seemlessly to ssh_key */
+/* temporary function to migrate seamlessly to ssh_key */
 ssh_public_key ssh_pki_convert_key_to_publickey(const ssh_key key)
 {
     ssh_public_key pub;
@@ -1967,7 +1967,7 @@ int ssh_pki_import_cert_file(const char *filename, ssh_key *pkey)
 }
 
 /**
- * @brief Generates a keypair.
+ * @brief Generates a key pair.
  *
  * @param[in] type      Type of key to create
  *
@@ -2537,7 +2537,7 @@ int ssh_pki_signature_verify(ssh_session session,
     allowed = ssh_key_size_allowed(session, key);
     if (!allowed) {
         ssh_set_error(session, SSH_FATAL, "The '%s' key of size %d is not "
-                      "allowd by RSA_MIN_SIZE", key->type_c, ssh_key_size(key));
+                      "allowed by RSA_MIN_SIZE", key->type_c, ssh_key_size(key));
         return SSH_ERROR;
     }
 

src/pki_crypto.c

@@ -954,7 +954,7 @@ int pki_key_generate_ecdsa(ssh_key key, int parameter) {
 #endif /* HAVE_OPENSSL_ECC */
 
 /* With OpenSSL 3.0 and higher the parameter 'what'
- * is ignored and the comparision is done by OpenSSL
+ * is ignored and the comparison is done by OpenSSL
  */
 int pki_key_compare(const ssh_key k1,
                     const ssh_key k2,
@@ -1092,7 +1092,7 @@ int pki_key_compare(const ssh_key k1,
 #endif /* OPENSSL_VERSION_NUMBER */
         case SSH_KEYTYPE_ED25519:
         case SSH_KEYTYPE_SK_ED25519:
-            /* ed25519 keys handled globaly */
+            /* ed25519 keys handled globally */
         case SSH_KEYTYPE_UNKNOWN:
         default:
             return 1;

src/pki_gcrypt.c

@@ -1370,9 +1370,9 @@ ssh_key pki_key_dup(const ssh_key key, int demote)
 }
 
 static int pki_key_generate(ssh_key key, int parameter, const char *type_s, int type){
-    gcry_sexp_t parms;
+    gcry_sexp_t params;
     int rc;
-    rc = gcry_sexp_build(&parms,
+    rc = gcry_sexp_build(&params,
             NULL,
             "(genkey(%s(nbits %d)(transient-key)))",
             type_s,
@@ -1381,20 +1381,20 @@ static int pki_key_generate(ssh_key key, int parameter, const char *type_s, int
         return SSH_ERROR;
     switch (type) {
     case SSH_KEYTYPE_RSA:
-        rc = gcry_pk_genkey(&key->rsa, parms);
+        rc = gcry_pk_genkey(&key->rsa, params);
         break;
     case SSH_KEYTYPE_DSS:
-        rc = gcry_pk_genkey(&key->dsa, parms);
+        rc = gcry_pk_genkey(&key->dsa, params);
         break;
     case SSH_KEYTYPE_ECDSA_P256:
     case SSH_KEYTYPE_ECDSA_P384:
     case SSH_KEYTYPE_ECDSA_P521:
-        rc = gcry_pk_genkey(&key->ecdsa, parms);
+        rc = gcry_pk_genkey(&key->ecdsa, params);
         break;
     default:
         assert (! "reached");
     }
-    gcry_sexp_release(parms);
+    gcry_sexp_release(params);
     if (rc != 0)
         return SSH_ERROR;
     return SSH_OK;
@@ -1524,8 +1524,8 @@ int pki_key_compare(const ssh_key k1,
             break;
         case SSH_KEYTYPE_ED25519:
         case SSH_KEYTYPE_SK_ED25519:
-		/* ed25519 keys handled globaly */
+            /* ed25519 keys handled globally */
-		return 0;
+            return 0;
         case SSH_KEYTYPE_ECDSA_P256:
         case SSH_KEYTYPE_ECDSA_P384:
         case SSH_KEYTYPE_ECDSA_P521:

src/poll.c

@@ -287,7 +287,7 @@ static int bsd_poll(ssh_pollfd_t *fds, nfds_t nfds, int timeout)
     if (rc < 0) {
         return -1;
     }
-    /* A timeout occured */
+    /* A timeout occurred */
     if (rc == 0) {
         return 0;
     }
@@ -981,7 +981,7 @@ int ssh_event_add_connector(ssh_event event, ssh_connector connector)
  * @returns SSH_OK      on success.
  *          SSH_ERROR   Error happened during the poll. Check errno to get more
  *                      details about why it failed.
- *          SSH_AGAIN   Timeout occured
+ *          SSH_AGAIN   Timeout occurred
  */
 int ssh_event_dopoll(ssh_event event, int timeout)
 {

src/scp.c

@@ -991,7 +991,7 @@ int ssh_scp_accept_request(ssh_scp scp)
  *
  * @param[in]  size     The size of the buffer.
  *
- * @returns             The nNumber of bytes read, SSH_ERROR if an error occurred
+ * @returns             The number of bytes read, SSH_ERROR if an error occurred
  *                      while reading.
  */
 int ssh_scp_read(ssh_scp scp, void *buffer, size_t size)

src/session.c

@@ -1063,7 +1063,7 @@ void ssh_clean_pubkey_hash(unsigned char **hash)
  * @param[out] key      A pointer to store the allocated key. You need to free
  *                      the key using ssh_key_free().
  *
- * @return              SSH_OK on success, SSH_ERROR on errror.
+ * @return              SSH_OK on success, SSH_ERROR on error.
  *
  * @see ssh_key_free()
  */

src/wrapper.c

@@ -1,5 +1,5 @@
 /*
- * wrapper.c - wrapper for crytpo functions
+ * wrapper.c - wrapper for crypto functions
  *
  * This file is part of the SSH Library
  *

tests/benchmarks/bench1.sh

@@ -7,7 +7,7 @@ echo "Cipher : $CIPHER ; Destination : $DEST (`ssh $DEST uname -a`)"
 echo "Local ssh version: `ssh -V 2>&1`"
 echo "Ping latency to $DEST":
 ping -q -c 1 -n $DEST
-echo "Destination $DEST SSHD vesion : `echo | nc $DEST 22 | head -n1`"
+echo "Destination $DEST SSHD version : `echo | nc $DEST 22 | head -n1`"
 echo "ssh login latency :`(time -f user:%U ssh $DEST 'id > /dev/null') 2>&1`"
 ./generate.py | dd bs=4096 count=100000 | time ssh -c $CIPHER $DEST "dd bs=4096 of=/dev/null" 2>&1
 

tests/benchmarks/bench2.sh

@@ -7,7 +7,7 @@ echo "Cipher : $CIPHER ; Destination : $DEST (`ssh $DEST uname -a`)"
 echo "Local ssh version: `samplessh -V 2>&1`"
 echo "Ping latency to $DEST":
 ping -q -c 1 -n $DEST
-echo "Destination $DEST SSHD vesion : `echo | nc $DEST 22 | head -n1`"
+echo "Destination $DEST SSHD version : `echo | nc $DEST 22 | head -n1`"
 echo "ssh login latency :`(time -f user:%U samplessh $DEST 'id > /dev/null') 2>&1`"
 ./generate.py | dd bs=4096 count=100000 | strace  samplessh -c $CIPHER $DEST "dd bs=4096 of=/dev/null" 2>&1
 

tests/client/torture_client_config.c

@@ -130,7 +130,7 @@ static void torture_client_config_system(void **state)
  * configuration files retains OpenSSH semantics (the per-user overrides
  * the system-wide values).
  * The function ssh_options_parse_config() has hardcoded path to the
- * system-wide configuraion file so we try to emmulate the behavior by parsing
+ * system-wide configuration file so we try to emulate the behavior by parsing
  * the files separately in the same order.
  */
 static void torture_client_config_emulate(void **state)

tests/client/torture_connect.c

@@ -189,7 +189,7 @@ static void torture_connect_uninitialized(UNUSED_PARAM(void **state))
     ssh_session session;
     struct passwd *pwd;
 
-    /* Make sure the library is unitialized */
+    /* Make sure the library is uninitialized */
     while (is_ssh_initialized()) {
         rc = ssh_finalize();
         assert_return_code(rc, errno);

tests/client/torture_rekey.c

@@ -172,7 +172,7 @@ static void torture_rekey_send(void **state)
                      bytes / c->in_cipher->blocksize);
     assert_int_equal(c->out_cipher->max_blocks,
                      bytes / c->out_cipher->blocksize);
-    /* We should have less encrypted packets than transfered (first are not encrypted) */
+    /* We should have less encrypted packets than transferred (first are not encrypted) */
     assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
     assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
     /* Copy the initial secret hash = session_id so we know we changed keys later */
@@ -276,7 +276,7 @@ static void torture_rekey_recv(void **state)
     c = s->ssh.session->current_crypto;
     assert_int_equal(c->in_cipher->max_blocks, bytes / c->in_cipher->blocksize);
     assert_int_equal(c->out_cipher->max_blocks, bytes / c->out_cipher->blocksize);
-    /* We should have less encrypted packets than transfered (first are not encrypted) */
+    /* We should have less encrypted packets than transferred (first are not encrypted) */
     assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
     assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
     /* Copy the initial secret hash = session_id so we know we changed keys later */
@@ -471,7 +471,7 @@ static void torture_rekey_different_kex(void **state)
                      bytes / c->in_cipher->blocksize);
     assert_int_equal(c->out_cipher->max_blocks,
                      bytes / c->out_cipher->blocksize);
-    /* We should have less encrypted packets than transfered (first are not encrypted) */
+    /* We should have less encrypted packets than transferred (first are not encrypted) */
     assert_true(c->out_cipher->packets < s->ssh.session->send_seq);
     assert_true(c->in_cipher->packets < s->ssh.session->recv_seq);
     /* Copy the initial secret hash = session_id so we know we changed keys later */
@@ -497,7 +497,7 @@ static void torture_rekey_different_kex(void **state)
     rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, kex2);
     assert_ssh_return_code(s->ssh.session, rc);
 
-    /* send ignore packets of up to 1KB to trigger rekey. Send litle bit more
+    /* send ignore packets of up to 1KB to trigger rekey. Send little bit more
      * to make sure the rekey it completes with all different ciphers (paddings */
     memset(data, 0, sizeof(data));
     memset(data, 'A', 128);
@@ -575,7 +575,7 @@ static void torture_rekey_server_different_kex(void **state)
     rc = ssh_options_set(s->ssh.session, SSH_OPTIONS_KEY_EXCHANGE, kex2);
     assert_ssh_return_code(s->ssh.session, rc);
 
-    /* send ignore packets of up to 1KB to trigger rekey. Send litle bit more
+    /* send ignore packets of up to 1KB to trigger rekey. Send little bit more
      * to make sure the rekey it completes with all different ciphers (paddings */
     memset(data, 0, sizeof(data));
     memset(data, 'A', 128);

tests/ctest-default.cmake

@@ -17,16 +17,16 @@ set(CTEST_BUILD_OPTIONS "-DUNIT_TESTING=ON -WITH_SFTP=ON -DWITH_SERVER=ON -DWITH
 
 #set(CTEST_CUSTOM_MEMCHECK_IGNORE torture_rand)
 
-## The Model to set: Nightly, Continous, Experimental
+## The Model to set: Nightly, Continuous, Experimental
 set(CTEST_MODEL "Experimental")
 
 ## The branch
 #set(CTEST_GIT_BRANCH "--branch v0-5")
 
-## Wether to enable memory checking.
+## Whether to enable memory checking.
 set(WITH_MEMCHECK FALSE)
 
-## Wether to enable code coverage.
+## Whether to enable code coverage.
 set(WITH_COVERAGE FALSE)
 
 #######################################################################

tests/fuzz/README.md

@@ -95,7 +95,7 @@ You can either pick up my branch or workaround them locally:
 ### Reproduce locally
 
 Clone the above repository from https://github.com/google/oss-fuzz/, apply
-changes from previous secion if needed, setup local clone of libssh repository
+changes from previous section if needed, setup local clone of libssh repository
 and build the fuzzers locally (where `~/devel/libssh` is path to local libssh
 checkout):
 
@@ -111,7 +111,7 @@ This should give you the same error/leak/crash as you see on the testcase
 detail in oss-fuzz.com.
 
 I find it very useful to run libssh in debug mode, to see what happened and
-what exit path was taken to get to the error. Fortunatelly, we can simply
+what exit path was taken to get to the error. Fortunately, we can simply
 pass environment variables to the container:
 
     python infra/helper.py reproduce -eLIBSSH_VERBOSITY=9 libssh ssh_client_fuzzer ~/Downloads/clusterfuzz-testcase-ssh_client_fuzzer-4637376441483264

tests/pkcs11/setup-softhsm-tokens.sh

@@ -74,7 +74,7 @@ eval echo "$cmd"
 out=$(eval $cmd)
 ret=$?
 if [ $ret -ne 0 ]; then
-    echo "Loging failed"
+    echo "Logging in failed"
     echo "$out"
     exit 1
 fi

tests/server/test_server/default_cb.c

@@ -110,7 +110,7 @@ int auth_pubkey_cb(UNUSED_PARAM(ssh_session session),
     }
 
     /* TODO */
-    /* Check wheter the user and public key are in authorized keys list */
+    /* Check whether the user and public key are in authorized keys list */
 
     /* Authenticated */
     printf("Authenticated\n");

tests/server/torture_server_auth_kbdint.c

@@ -97,8 +97,8 @@ static void cleanup_pcap(struct session_data_st *sdata)
     }
 
     /* Do not free the pcap data context here since its ownership was
-     * transfered to the session object, which will take care of its cleanup.
+     * transferred to the session object, which will take care of its cleanup.
-     * Morover it is still in use so we can very simply crash by freeing
+     * Moreover it is still in use so we can very simply crash by freeing
      * it here.
      */
     sdata->pcap = NULL;
@@ -161,7 +161,7 @@ static int authenticate_kbdint(ssh_session session,
     initial_prompt[0] = "username: ";
     initial_prompt[1] = "password: ";
 
-    /* Prompt for aditional prompts */
+    /* Prompt for additional prompts */
     retype_prompt[0] = "retype password: ";
 
     if ((session == NULL) || (message == NULL) || (sdata == NULL)) {

tests/unittests/torture_config.c

@@ -176,7 +176,7 @@ extern LIBSSH_THREAD int ssh_log_level;
     "Host time4\n" \
     "\tRekeyLimit default 9600\n"
 
-/* Multiple IdentityFile settings all are aplied */
+/* Multiple IdentityFile settings all are applied */
 #define LIBSSH_TESTCONFIG_STRING13 \
    "IdentityFile id_rsa_one\n" \
    "IdentityFile id_ecdsa_two\n"
@@ -974,13 +974,13 @@ static void torture_config_proxyjump(void **state,
     _parse_config(session, file, string, SSH_OK);
     assert_true(session->opts.ProxyCommand == NULL);
 
-    /* If also ProxyCommand is specifed, the first is applied */
+    /* If also ProxyCommand is specified, the first is applied */
     torture_reset_config(session);
     ssh_options_set(session, SSH_OPTIONS_HOST, "only-command");
     _parse_config(session, file, string, SSH_OK);
     assert_string_equal(session->opts.ProxyCommand, PROXYCMD);
 
-    /* If also ProxyCommand is specifed, the first is applied */
+    /* If also ProxyCommand is specified, the first is applied */
     torture_reset_config(session);
     ssh_options_set(session, SSH_OPTIONS_HOST, "only-jump");
     _parse_config(session, file, string, SSH_OK);
@@ -1381,7 +1381,7 @@ static void torture_config_nonewlineoneline_string(void **state)
 
 /* ssh_config_get_cmd() does three things:
  *  * Strips leading whitespace
- *  * Terminate the characted on the end of next quotes-enclosed string
+ *  * Terminate the character on the end of next quotes-enclosed string
  *  * Terminate on the end of line
  */
 static void torture_config_parser_get_cmd(void **state)

tests/unittests/torture_knownhosts_parsing.c

@@ -430,7 +430,7 @@ static void torture_knownhosts_get_algorithms_names(void **state)
 }
 
 #ifndef HAVE_DSA
-/* Do not remove this test if we completly remove DSA support! */
+/* Do not remove this test if we completely remove DSA support! */
 static void torture_knownhosts_get_algorithms_names_unsupported(void **state)
 {
     const char *knownhosts_file = *state;

tests/unittests/torture_options.c

@@ -230,7 +230,7 @@ static void torture_options_set_pubkey_accepted_types(void **state) {
         /* simulate the SHA2 extension was negotiated */
         session->extensions = SSH_EXT_SIG_RSA_SHA256;
 
-        /* previous configuration did not list the SHA2 extension algoritms, so
+        /* previous configuration did not list the SHA2 extension algorithms, so
          * it should not be used */
         type = ssh_key_type_to_hash(session, SSH_KEYTYPE_RSA);
         assert_int_equal(type, SSH_DIGEST_SHA1);

tests/unittests/torture_packet_filter.c

@@ -20,7 +20,7 @@
  */
 
 /*
- * This test checks if the messages accepted by the packet filter were intented
+ * This test checks if the messages accepted by the packet filter were intended
  * to be accepted.
  *
  * The process consists in 2 steps:

tests/unittests/torture_pki_rsa.c

@@ -690,7 +690,7 @@ static void torture_pki_rsa_key_size(void **state)
     rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
     assert_ssh_return_code(session, rc);
 
-    /* Set the minumum RSA key size to 4k */
+    /* Set the minimum RSA key size to 4k */
     rc = ssh_options_set(session, SSH_OPTIONS_RSA_MIN_SIZE, &length);
     assert_ssh_return_code(session, rc);
 

tests/unittests/torture_unit_server.c

@@ -120,7 +120,7 @@ static void test_ssh_accept_interrupt(void **state)
     server = ssh_new();
     assert_non_null(server);
 
-    /* Send interupt in 1 second */
+    /* Send interrupt in 1 second */
     rc = pthread_create(&interrupt_pthread, NULL, int_thread, NULL);
     assert_return_code(rc, errno);