indent: Fix spelling

--

These are non-substantive corrections for minor spelling mistakes
within the GnuPG codebase.

With something like this applied to the codebase, and a judiciously
tuned spellchecker integrated as part of a standard test suite, it
should be possible to keep a uniform orthography within the project.

GnuPG-bug-id: 7116

agent/agent.h

@@ -121,7 +121,7 @@ struct
   /* Flag disallowing bypassing of the warning.  */
   int enforce_passphrase_constraints;
 
-  /* The require minmum length of a passphrase. */
+  /* The required minimum length of a passphrase. */
   unsigned int min_passphrase_len;
 
   /* The minimum number of non-alpha characters in a passphrase.  */
@@ -286,7 +286,7 @@ struct server_control_s
     int algo;
     unsigned char value[MAX_DIGEST_LEN];
     unsigned int raw_value: 1;
-    unsigned int is_pss: 1;    /* DATA holds PSS formated data.  */
+    unsigned int is_pss: 1;    /* DATA holds PSS formatted data.  */
   } digest;
   unsigned int have_keygrip:  1;
   unsigned int have_keygrip1: 1;

agent/call-pinentry.c

@@ -884,7 +884,7 @@ struct inq_cb_parm_s
 };
 
 
-/* Return true if PIN is indentical to the last generated pin.  */
+/* Return true if PIN is identical to the last generated pin.  */
 static int
 is_generated_pin (struct inq_cb_parm_s *parm, const char *pin)
 {

agent/command.c

@@ -251,7 +251,7 @@ reset_notify (assuan_context_t ctx, char *line)
 
   clear_nonce_cache (ctrl);
 
-  /* Note that a RESET does not clear the ephemeral store becuase
+  /* Note that a RESET does not clear the ephemeral store because
    * clients are used to issue a RESET on a connection.  */
 
   return 0;

agent/divert-scd.c

@@ -90,7 +90,7 @@ has_percent0A_suffix (const char *string)
 
    INFO gets displayed as part of a generic string.  However if the
    first character of INFO is a vertical bar all up to the next
-   verical bar are considered flags and only everything after the
+   vertical bar are considered flags and only everything after the
    second vertical bar gets displayed as the full prompt.
 
    Flags:

agent/findkey.c

@@ -1550,7 +1550,7 @@ agent_key_from_file (ctrl_t ctrl, const char *cache_nonce,
                 {
                   memcpy (*shadow_info, s, n);
                   /*
-                   * When it's a key on card (not on tpm2), maks sure
+                   * When it's a key on card (not on tpm2), make sure
                    * it's available.
                    */
                   if (strcmp (shadow_type, "t1-v1") == 0 && !grip)

agent/gpg-agent.c

@@ -1216,7 +1216,7 @@ main (int argc, char **argv)
    *  Now we are now working under our real uid
    */
 
-  /* The configuraton directories for use by gpgrt_argparser.  */
+  /* The configuration directories for use by gpgrt_argparser.  */
   gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
   gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 
@@ -1225,7 +1225,7 @@ main (int argc, char **argv)
   pargs.argc = &argc;
   pargs.argv = &argv;
   /* We are re-using the struct, thus the reset flag.  We OR the
-   * flags so that the internal intialized flag won't be cleared. */
+   * flags so that the internal initialized flag won't be cleared. */
   pargs.flags |= (ARGPARSE_FLAG_RESET
                   | ARGPARSE_FLAG_KEEP
                   | ARGPARSE_FLAG_SYS

agent/protect.c

@@ -509,7 +509,7 @@ do_encryption (const unsigned char *hashbegin, size_t hashlen,
        ((sha1 salt no_of_iterations) 16byte_iv)
        encrypted_octet_string)
 
-     in canoncical format of course.  We use asprintf and %n modifier
+     in canonical format of course.  We use asprintf and %n modifier
      and dummy values as placeholders.  */
   {
     char countbuf[35];

agent/sexp-secret.c

@@ -22,7 +22,7 @@
 #include "../common/sexp-parse.h"
 
 /*
- * When it's for ECC, fixup private key part in the cannonical SEXP
+ * When it's for ECC, fixup private key part in the canonical SEXP
  * representation in BUF.  If not ECC, do nothing.
  */
 gpg_error_t

agent/trustlist.c

@@ -63,7 +63,7 @@ static const char headerblurb[] =
 "# well as empty lines are ignored.  Lines have a length limit but this\n"
 "# is not a serious limitation as the format of the entries is fixed and\n"
 "# checked by gpg-agent.  A non-comment line starts with optional white\n"
-"# space, followed by the SHA-1 fingerpint in hex, followed by a flag\n"
+"# space, followed by the SHA-1 fingerprint in hex, followed by a flag\n"
 "# which may be one of 'P', 'S' or '*' and optionally followed by a list of\n"
 "# other flags.  The fingerprint may be prefixed with a '!' to mark the\n"
 "# key as not trusted.  You should give the gpg-agent a HUP or run the\n"
@@ -736,7 +736,7 @@ agent_marktrusted (ctrl_t ctrl, const char *name, const char *fpr, int flag)
             insert a line break.  The double percent sign is actually
             needed because it is also a printf format string.  If you
             need to insert a plain % sign, you need to encode it as
-            "%%25".  The second "%s" gets replaced by a hexdecimal
+            "%%25".  The second "%s" gets replaced by a hexadecimal
             fingerprint string whereas the first one receives the name
             as stored in the certificate. */
          L_("Please verify that the certificate identified as:%%0A"

build-aux/speedo.mk

@@ -188,13 +188,13 @@ MAKE_J=6
 
 INST_NAME=gnupg-w32
 
-# Use this to override the installaion directory for native builds.
+# Use this to override the installation directory for native builds.
 INSTALL_PREFIX=none
 
 # Set this to the location of wixtools
 WIXPREFIX=$(shell readlink -f ~/w32root/wixtools)
 
-# If patchelf(1) is not availale disable the command.
+# If patchelf(1) is not available disable the command.
 PATCHELF := $(shell patchelf --version 2>/dev/null >/dev/null || echo "echo please run: ")patchelf
 
 # Read signing information from ~/.gnupg-autogen.rc
@@ -1401,7 +1401,7 @@ endif
 
 
 #
-# Check availibility of standard tools and prepare everything.
+# Check availability of standard tools and prepare everything.
 #
 check-tools: $(stampdir)/stamp-directories
 

build-aux/speedo/w32/README.txt

@@ -60,7 +60,7 @@ Below is the README file as distributed with the GnuPG source.
 4. Software Versions of the Included Packages
 =============================================
 
-GnuPG for Windows depends on several independet developed packages
+GnuPG for Windows depends on several independent developed packages
 which are part of the installation.  These packages along with their
 version numbers and the SHA-1 checksums of their compressed tarballs
 are listed here:

build-aux/speedo/w32/g4wihelp.c

@@ -24,7 +24,7 @@
  ************************************************************
  * The code for the splash screen has been taken from the Splash
  * plugin of the NSIS 2.04 distribution.  That code comes without
- * explicit copyright notices in tyhe source files or author names, it
+ * explicit copyright notices in the source files or author names, it
  * seems that it has been written by Justin Frankel; not sure about
  * the year, though. [wk 2005-11-28]
  *

common/asshelp.c

@@ -695,7 +695,7 @@ get_assuan_server_version (assuan_context_t ctx, int mode, char **r_version)
 
 /* Print a warning if the server's version number is less than our
  * version number.  Returns an error code on a connection problem.
- * CTX is the Assuan context, SERVERNAME is the name of teh server,
+ * CTX is the Assuan context, SERVERNAME is the name of the server,
  * STATUS_FUNC and STATUS_FUNC_DATA is a callback to emit status
  * messages.  If PRINT_HINTS is set additional hints are printed.  For
  * MODE see get_assuan_server_version.  */

common/audit.c

@@ -44,7 +44,7 @@ struct log_item_s
   gpg_error_t err;     /* The logged error code.  */
   int intvalue;        /* A logged integer value.  */
   char *string;        /* A malloced string or NULL.  */
-  ksba_cert_t cert;    /* A certifciate or NULL. */
+  ksba_cert_t cert;    /* A certificate or NULL. */
   unsigned int have_err:1;
   unsigned int have_intvalue:1;
 };

common/audit.h

@@ -76,7 +76,7 @@ typedef enum
     /* The signature is a detached one. */
 
     AUDIT_CERT_ONLY_SIG,
-    /* A certifciate only signature has been detected.  */
+    /* A certificate only signature has been detected.  */
 
     AUDIT_DATA_HASH_ALGO,  /* int */
     /* The hash algo given as argument is used for the data.  This

common/compliance.c

@@ -42,7 +42,7 @@ static int module;
 
 /* This value is used by DSA and RSA checks in addition to the hard
  * coded length checks.  It allows one to increase the required key length
- * using a confue file.  */
+ * using a config file.  */
 static unsigned int min_compliant_rsa_length;
 
 /* Return the address of a compliance cache variable for COMPLIANCE.

common/dotlock.c

@@ -1450,7 +1450,7 @@ dotlock_take_unix (dotlock_t h, long timeout)
       int wtimereal;
 
       if (ownerchanged)
-        wtime = 0;  /* Reset because owner chnaged.  */
+        wtime = 0;  /* Reset because owner changed.  */
 
       wtimereal = next_wait_interval (&wtime, &timeout);
       if (!timeout)

common/gettime.c

@@ -124,7 +124,7 @@ timegm (struct tm *tm)
 
 /* Version of the GNU timegm which returns an unsigned 64 bit integer
  * instead of the usually signed time_t.  On error (uint64_t)(-1) is
- * returned.  This function is mostly here becuase on 32 bit Windows
+ * returned.  This function is mostly here because on 32 bit Windows
  * we have an internal API to get the system time even after
  * 2023-01-19.  For 32 bit Unix we need to suffer from the too short
  * time_t and no system function to construct the time from a tm.  */

common/homedir.c

@@ -1089,7 +1089,7 @@ gnupg_daemon_rootdir (void)
 
       n = GetSystemDirectoryA (path, sizeof path);
       if (!n || n >= sizeof path)
-        name = xstrdup ("/"); /* Error - use the curret top dir instead.  */
+        name = xstrdup ("/"); /* Error - use the current top dir instead.  */
       else
         name = xstrdup (path);
       gpgrt_annotate_leaked_object (name);
@@ -1306,7 +1306,7 @@ _gnupg_socketdir_internal (int skip_checks, unsigned *r_info)
       strcat (prefixbuffer, gnupgname);
     }
 
-  /* Check whether the gnupg sub directory (or the specified diretory)
+  /* Check whether the gnupg sub directory (or the specified directory)
    * has proper permissions.  */
   if (stat (prefix, &sb))
     {

common/iobuf.c

@@ -1670,7 +1670,7 @@ iobuf_ioctl (iobuf_t a, iobuf_ioctl_t cmd, int intval, void *ptrval)
       /* Peek at a justed opened file.  Use this only directly after a
        * file has been opened for reading.  Don't use it after you did
        * a seek.  This works only if just file filter has been
-       * pushed.  Expects a buffer wit size INTVAL at PTRVAL and returns
+       * pushed.  Expects a buffer with size INTVAL at PTRVAL and returns
        * the number of bytes put into the buffer.  */
       if (DBG_IOBUF)
 	log_debug ("iobuf-%d.%d: ioctl '%s' peek\n",

common/iobuf.h

@@ -204,7 +204,7 @@ struct iobuf_struct
     byte *buf;
   } d;
 
-  /* A external drain buffer for reading/writting data skipping internal
+  /* A external drain buffer for reading/writing data skipping internal
      draint buffer D.BUF.  This allows zerocopy operation reducing
      processing overhead across filter stack.
 

common/mkdir_p.h

@@ -34,7 +34,7 @@
 
 /* Create a directory as well as any missing parents.
 
-   The arguments must be NULL termianted.  If DIRECTORY_COMPONENTS...
+   The arguments must be NULL terminated.  If DIRECTORY_COMPONENTS...
    consists of two elements, "foo/bar" and "xyzzy", this function will
    first try to create the directory "foo/bar" and then the directory
    "foo/bar/xyzzy".  On success returns 0, otherwise an error code is

common/openpgp-fpr.c

@@ -136,7 +136,7 @@ compute_openpgp_fpr (int keyversion, int pgpalgo, unsigned long timestamp,
   /*   log_printhex (iov[i].data, iov[i].len, "cmpfpr i=%d: ", i); */
 
   err = gcry_md_hash_buffers (hashalgo, 0, result, iov, iovcnt);
-  /* log_printhex (result, 20, "fingerpint: "); */
+  /* log_printhex (result, 20, "fingerprint: "); */
 
   /* Better clear the first element because it was set by us.  */
   iov[0].size = 0;

common/openpgp-oid.c

@@ -129,7 +129,7 @@ make_flagged_int (unsigned long value, char *buf, size_t buflen)
 
   /* fixme: figure out the number of bits in an ulong and start with
      that value as shift (after making it a multiple of 7) a more
-     straigtforward implementation is to do it in reverse order using
+     straightforward implementation is to do it in reverse order using
      a temporary buffer - saves a lot of compares */
   for (more=0, shift=28; shift > 0; shift -= 7)
     {

common/session-env.c

@@ -315,7 +315,7 @@ session_env_putenv (session_env_t se, const char *string)
 }
 
 
-/* Same as session_env_putenv but with name and value given as distict
+/* Same as session_env_putenv but with name and value given as distinct
    values.  */
 gpg_error_t
 session_env_setenv (session_env_t se, const char *name, const char *value)
@@ -355,7 +355,7 @@ session_env_getenv (session_env_t se, const char *name)
    object.  The returned value is valid as long as SE is valid and as
    long it has not been removed or updated by a call to
    session_env_putenv.  If the variable does not exist, the function
-   tries to return the value trough a call to getenv; if that returns
+   tries to return the value through a call to getenv; if that returns
    a value, this value is recorded and used.  If no value could be
    found, returns NULL.  The caller must not change the returned
    value. */

common/sexp-parse.h

@@ -104,7 +104,7 @@ smatch (unsigned char const **buf, size_t buflen, const char *token)
   return 1;
 }
 
-/* Format VALUE for use as the length indicatior of an S-expression.
+/* Format VALUE for use as the length indicator of an S-expression.
    The caller needs to provide a buffer HELP_BUFFER with a length of
    HELP_BUFLEN.  The return value is a pointer into HELP_BUFFER with
    the formatted length string.  The colon and a trailing nul are

common/sexputil.c

@@ -199,7 +199,7 @@ make_canon_sexp_pad (gcry_sexp_t sexp, int secure,
 }
 
 /* Return the so called "keygrip" which is the SHA-1 hash of the
-   public key parameters expressed in a way dependend on the algorithm.
+   public key parameters expressed in a way dependent on the algorithm.
 
    KEY is expected to be an canonical encoded S-expression with a
    public or private key. KEYLEN is the length of that buffer.
@@ -1195,7 +1195,7 @@ cipher_mode_to_string (int mode)
     }
 }
 
-/* Return the cannonical name of the ECC curve in KEY.  */
+/* Return the canonical name of the ECC curve in KEY.  */
 const char *
 get_ecc_curve_from_key (gcry_sexp_t key)
 {

common/sysutils.c

@@ -588,7 +588,7 @@ translate_sys2libc_fd_int (int fd, int for_write)
 /*
  * Parse the string representation of a file reference (file handle on
  * Windows or file descriptor on POSIX) in FDSTR.  The string
- * representation may be either of folllowing:
+ * representation may be either of following:
 
  *  (1) 0, 1, or 2 which means stdin, stdout, and stderr, respectively.
  *  (2) Integer representation (by %d of printf).
@@ -1106,7 +1106,7 @@ modestr_to_mode (const char *modestr, mode_t oldmode)
 int
 gnupg_mkdir (const char *name, const char *modestr)
 {
-  /* Note that gpgrt_mkdir also sets ERRNO in addition to returing an
+  /* Note that gpgrt_mkdir also sets ERRNO in addition to returning an
    * gpg-error style error code.  */
   return gpgrt_mkdir (name, modestr);
 }

common/t-iobuf.c

@@ -29,7 +29,7 @@
  */
 
 /* The whole code here does not very fill into our general test frame
- * work patter.  But let's keep it as it is.  */
+ * work pattern.  But let's keep it as it is.  */
 
 #include <config.h>
 #include <stdio.h>

common/tlv-builder.c

@@ -95,7 +95,7 @@ ensure_space (tlv_builder_t tb)
  * element is described by CLASS, TAG, VALUE, and VALUEEN.  CLASS and
  * TAG must describe a primitive element and (VALUE,VALUELEN) specify
  * its value.  The value is a pointer and its object must not be
- * changed as long as the instance TB exists.  For a TAG_NULL no vlaue
+ * changed as long as the instance TB exists.  For a TAG_NULL no value
  * is expected.  Errors are not returned but recorded for later
  * retrieval.  */
 void

common/tlv-parser.c

@@ -42,7 +42,7 @@ struct bufferlist_s
 /* An object to control the ASN.1 parsing.  */
 struct tlv_parser_s
 {
-  /* The orginal buffer with the entire pkcs#12 object and its length.  */
+  /* The original buffer with the entire pkcs#12 object and its length.  */
   const unsigned char *origbuffer;
   size_t origbufsize;
 

common/tlv.h

@@ -141,7 +141,7 @@ void tlv_builder_add_end (tlv_builder_t tb);
 gpg_error_t tlv_builder_finalize (tlv_builder_t tb,
                                   void **r_obj, size_t *r_objlen);
 
-/* Wite a TLV header to MEMBUF.  */
+/* Write a TLV header to MEMBUF.  */
 void put_tlv_to_membuf (membuf_t *membuf, int class, int tag,
                         int constructed, size_t length);
 

common/util.h

@@ -323,7 +323,7 @@ void setup_libgcrypt_logging (void);
 /* Print an out of core message and die.  */
 void xoutofcore (void);
 
-/* Wrapper aroung gpgrt_reallocarray.  Uses the gpgrt alloc function
+/* Wrapper around gpgrt_reallocarray.  Uses the gpgrt alloc function
  * which redirects to the Libgcrypt versions via
  * init_common_subsystems.  Thus this can be used interchangeable with
  * the other alloc functions. */

configure.ac

@@ -1601,7 +1601,7 @@ if test "$build_tpm2d" = "yes"; then
     # until version 2.4.0.
     #
     # Note: the missing API is fairly serious and is also easily backportable
-    # so keep the check below as is intead of going by library version number.
+    # so keep the check below as is instead of going by library version number.
     ##
     AC_CHECK_LIB(tss2-esys, Esys_TR_GetTpmHandle, [], [
 	AC_MSG_WARN([Need Esys_TR_GetTpmHandle API (usually requires Intel TSS 2.4.0 or later, disabling TPM support)])
@@ -1638,7 +1638,7 @@ if test "$GCC" = yes; then
     mycflags=
     mycflags_save=$CFLAGS
 
-    # Check whether gcc does not emit a diagnositc for unknown -Wno-*
+    # Check whether gcc does not emit a diagnostic for unknown -Wno-*
     # options.  This is the case for gcc >= 4.6
     AC_MSG_CHECKING([if gcc ignores unknown -Wno-* options])
     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[

dirmngr/ONEWS

@@ -55,7 +55,7 @@ Noteworthy changes in version 1.0.1 (2007-08-16)
 Noteworthy changes in version 1.0.0 (2006-11-29)
 ------------------------------------------------
 
- * Bumbed the version number.
+ * Bumped the version number.
 
  * Removed included gettext.  We now require the system to provide a
    suitable installation.
@@ -174,7 +174,7 @@ Noteworthy changes in version 0.5.4 (2004-04-29)
 ------------------------------------------------
 
  * New commands --ocsp-responder and --ocsp-signer to define a default
-   OCSP reponder if a certificate does not contain an assigned OCSP
+   OCSP responder if a certificate does not contain an assigned OCSP
    responder.
 
 

dirmngr/certcache.c

@@ -225,7 +225,7 @@ cert_compute_fpr (ksba_cert_t cert, unsigned char *digest)
 
 
 
-/* Cleanup one slot.  This releases all resourses but keeps the actual
+/* Cleanup one slot.  This releases all resources but keeps the actual
    slot in the cache marked for reuse. */
 static void
 clean_cache_slot (cert_item_t ci)

dirmngr/dirmngr.c

@@ -1104,12 +1104,12 @@ main (int argc, char **argv)
 
   socket_name = dirmngr_socket_name ();
 
-  /* The configuraton directories for use by gpgrt_argparser.  */
+  /* The configuration directories for use by gpgrt_argparser.  */
   gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
   gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 
   /* We are re-using the struct, thus the reset flag.  We OR the
-   * flags so that the internal intialized flag won't be cleared. */
+   * flags so that the internal initialized flag won't be cleared. */
   argc = orig_argc;
   argv = orig_argv;
   pargs.argc = &argc;
@@ -1748,7 +1748,7 @@ dirmngr_deinit_default_ctrl (ctrl_t ctrl)
 
    The format of such a file is line oriented where empty lines and
    lines starting with a hash mark are ignored.  All other lines are
-   assumed to be colon seprated with these fields:
+   assumed to be colon separated with these fields:
 
    1. field: Hostname
    2. field: Portnumber

dirmngr/dirmngr.h

@@ -241,7 +241,7 @@ struct server_control_s
   int audit_events;  /* Send audit events to client.  */
   char *http_proxy;  /* The used http_proxy or NULL.  */
 
-  nvc_t rootdse;     /* Container wit the rootDSE properties.  */
+  nvc_t rootdse;     /* Container with the rootDSE properties.  */
 
   unsigned int timeout; /* Timeout for connect calls in ms.  */
 

dirmngr/dns.c

@@ -9761,7 +9761,7 @@ struct dns_addrinfo *dns_ai_open(const char *host, const char *serv, enum dns_ty
 	/*
 	 * FIXME: If an explicit A or AAAA record type conflicts with
 	 * .ai_family or with resconf.family (i.e. AAAA specified but
-	 * AF_INET6 not in interection of .ai_family and resconf.family),
+	 * AF_INET6 not in intersection of .ai_family and resconf.family),
 	 * then what?
 	 */
 	switch (ai->qtype) {

dirmngr/http-ntbtls.c

@@ -78,7 +78,7 @@ gnupg_http_tls_verify_cb (void *opaque,
   validate_flags = VALIDATE_FLAG_TLS;
 
   /* If we are using the standard hkps:// pool use the dedicated root
-   * certificate.  Note that this differes from the GnuTLS
+   * certificate.  Note that this differs from the GnuTLS
    * implementation which uses this special certificate only if no
    * other certificates are configured. */
   /* Disabled for 2.3.2 to due problems with the standard hkps pool.  */

dirmngr/http.c

@@ -295,7 +295,7 @@ struct http_session_s
   } verify;
   char *servername; /* Malloced server name.  */
 
-  /* A callback function to log details of TLS certifciates.  */
+  /* A callback function to log details of TLS certificates.  */
   void (*cert_log_cb) (http_session_t, gpg_error_t, const char *,
                        const void **, size_t *);
 
@@ -2018,7 +2018,7 @@ w32_get_proxy (const char *url)
  * If OVERRIDE_PROXY is not NULL and not empty, this proxy will be
  * used instead of any configured or dynamically determined proxy.  If
  * the function runs into an error an error code is returned and NULL
- * is stored at R_PROXY.  If the fucntion was successful and a proxy
+ * is stored at R_PROXY.  If the function was successful and a proxy
  * is to be used, information on the procy is stored at R_PROXY; if no
  * proxy shall be used R_PROXY is set to NULL.  Caller should always
  * use release_proxy_info on the value stored at R_PROXY.  */
@@ -2358,8 +2358,8 @@ run_gnutls_handshake (http_t hd, const char *server)
 #endif /*HTTP_USE_GNUTLS*/
 
 
-/* It INPUTSTRING is NULL get the intial token.  If INPUTSTRING is not
+/* It INPUTSTRING is NULL get the initial token.  If INPUTSTRING is not
- * NULL, decode the string and use this as input from teh server.  On
+ * NULL, decode the string and use this as input from the server.  On
  * success the final output token is stored at PROXY->OUTTOKEN and
  * OUTTOKLEN.  IF the authentication succeeded OUTTOKLEN is zero. */
 static gpg_error_t
@@ -2379,7 +2379,7 @@ proxy_get_token (proxy_info_t proxy, const char *inputstring)
 
   if (inputstring)
     {
-      /* The input is expected in the token parameter but the paremter
+      /* The input is expected in the token parameter but the parameter
        * name is often forgotten.  Thus we simply detect the parameter
        * name and skip it, assuming no other parameters are given.  */
       if (!strncmp (inputstring, "token=", 6))
@@ -4424,8 +4424,8 @@ same_host_p (parsed_uri_t a, parsed_uri_t b)
 
 /* Prepare a new URL for a HTTP redirect.  INFO has flags controlling
  * the operation, STATUS_CODE is used for diagnostics, LOCATION is the
- * value of the "Location" header, and R_URL reveives the new URL on
+ * value of the "Location" header, and R_URL receives the new URL on
- * success or NULL or error.  Note that INFO->ORIG_URL is
+ * success or NULL on error.  Note that INFO->ORIG_URL is
  * required.  */
 gpg_error_t
 http_prepare_redirect (http_redir_info_t *info, unsigned int status_code,
@@ -4596,7 +4596,7 @@ http_status2string (unsigned int status)
 }
 
 
-/* Fucntion called on SIGHUP to flush internal variables.  */
+/* Function called on SIGHUP to flush internal variables.  */
 void
 http_reinitialize (void)
 {

dirmngr/ks-engine-ldap.c

@@ -53,7 +53,7 @@
 #define SERVERINFO_PGPKEYV2 2 /* Needs "pgpKeyV2" instead of "pgpKey"*/
 #define SERVERINFO_SCHEMAV2 4 /* Version 2 of the Schema.            */
 #define SERVERINFO_NTDS     8 /* Server is an Active Directory.      */
-#define SERVERINFO_GENERIC 16 /* Connected in genric mode.           */
+#define SERVERINFO_GENERIC 16 /* Connected in generic mode.          */
 
 
 /* The page size requested from the server.  */
@@ -1257,7 +1257,7 @@ return_all_attributes (LDAP *ld, LDAPMessage *msg, estream_t *fp)
     }
 
   /* Always print the DN - note that by using only unbkown attributes
-   * it is pissible to list just the DNs with out addiional
+   * it is possible to list just the DNs with out additional
    * linefeeds.  */
   es_fprintf (*fp, "Dn: %s\n", mydn? mydn : "[oops DN missing]");
 
@@ -1307,7 +1307,7 @@ return_all_attributes (LDAP *ld, LDAPMessage *msg, estream_t *fp)
           len = values[idx]->bv_len;
           while (len && (s = memchr (val, '\n', len)))
             {
-              s++; /* We als want to print the LF.  */
+              s++; /* We also want to print the LF.  */
               if (es_fwrite (val, s - val, 1, *fp) != 1)
                 goto fwrite_failed;
               len -= (s-val);
@@ -2361,7 +2361,7 @@ modlist_free (LDAPMod **modlist)
       LDAPMod *mod = *ml;
       char **ptr;
 
-      /* The list of values is a NULL termianted array of pointers.
+      /* The list of values is a NULL terminated array of pointers.
 	 If the list is NULL, there are no values.  */
 
       if (mod->mod_values)
@@ -2460,7 +2460,7 @@ uncescape (char *str)
 /* Given one line from an info block (`gpg --list-{keys,sigs}
    --with-colons KEYID'), pull it apart and fill in the modlist with
    the relevant (for the LDAP schema) attributes.  EXTRACT_STATE
-   should initally be set to 0 by the caller.  SCHEMAV2 is set if the
+   should initially be set to 0 by the caller.  SCHEMAV2 is set if the
    server supports the version 2 schema.  */
 static void
 extract_attributes (LDAPMod ***modlist, int *extract_state,
@@ -2620,7 +2620,7 @@ extract_attributes (LDAPMod ***modlist, int *extract_state,
 
 	  memset (&tm, 0, sizeof (tm));
 
-	  /* parse_timestamp handles both seconds fromt he epoch and
+	  /* parse_timestamp handles both seconds from the epoch and
 	     ISO 8601 format.  We also need to handle YYYY-MM-DD
 	     format (as generated by gpg1 --with-colons --list-key).
 	     Check that first and then if it fails, then try
@@ -2668,7 +2668,7 @@ extract_attributes (LDAPMod ***modlist, int *extract_state,
 
 	  memset (&tm, 0, sizeof (tm));
 
-	  /* parse_timestamp handles both seconds fromt he epoch and
+	  /* parse_timestamp handles both seconds from the epoch and
 	     ISO 8601 format.  We also need to handle YYYY-MM-DD
 	     format (as generated by gpg1 --with-colons --list-key).
 	     Check that first and then if it fails, then try

dirmngr/ldap-misc.c

@@ -220,7 +220,7 @@ ldap_to_gpg_err (LDAP *ld)
  *  ^&SCOPE&(objectClasses=*)
  *
  * Give a scope and a filter.  Note that R_SCOPE is only changed if a
- * STRING has scope parameter.  Setting this initally to -1 allows to
+ * STRING has scope parameter.  Setting this initially to -1 allows to
  * detect this case.
  */
 gpg_error_t

dirmngr/ldap.c

@@ -256,7 +256,7 @@ url_fetch_ldap (ctrl_t ctrl, const char *url, ksba_reader_t *reader)
     }
 
   if (ludp->lud_scheme && !strcmp (ludp->lud_scheme, "ldaps"))
-    tls_mode = 2; /* LDAP-over-TLS here becuase we get it from certs. */
+    tls_mode = 2; /* LDAP-over-TLS here because we get it from certs. */
   else
     tls_mode = 0;
 
@@ -524,7 +524,7 @@ make_one_filter (const char *pattern, char **r_result)
       if (*pattern)
         {
           /* We need just the BaseDN.  This assumes that the Subject
-           * is correcly stored in the DT.  This is however not always
+           * is correctly stored in the DT.  This is however not always
            * the case and the actual DN is different from the
            * subject.  In this case we won't find anything.  */
           if (extfilt_need_escape (pattern)
@@ -606,7 +606,7 @@ make_one_filter (const char *pattern, char **r_result)
 /* Prepare an LDAP query to return the cACertificate attribute for DN.
  * All configured default servers are queried until one responds.
  * This function returns an error code or 0 and stored a newly
- * allocated contect object at CONTEXT on success. */
+ * allocated context object at CONTEXT on success. */
 gpg_error_t
 start_cacert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
                          const char *dn)
@@ -778,7 +778,7 @@ start_cert_fetch_ldap (ctrl_t ctrl, cert_fetch_context_t *r_context,
       if (argc >= DIM (argv) - 1)
         {
           /* Too many patterns.  It does not make sense to allow an
-             arbitrary number of patters because the length of the
+             arbitrary number of patterns because the length of the
              command line is limited anyway.  */
           err = gpg_error (GPG_ERR_RESOURCE_LIMIT);
           goto leave;

dirmngr/ldapserver.c

@@ -60,7 +60,7 @@ ldapserver_list_free (ldap_server_t servers)
  * Flags are:
  *
  *   starttls  := Use STARTTLS with a default port of 389
- *   ldaptls   := Tunnel LDAP trough a TLS tunnel with default port 636
+ *   ldaptls   := Tunnel LDAP through a TLS tunnel with default port 636
  *   plain     := Switch to plain unsecured LDAP.
  *   (The last of these 3 flags is the effective one)
  *   ntds      := Use Active Directory authentication

dirmngr/ocsp.c

@@ -31,7 +31,7 @@
 #include "certcache.h"
 #include "ocsp.h"
 
-/* The maximum size we allow as a response from an OCSP reponder. */
+/* The maximum size we allow as a response from an OCSP responder. */
 #define MAX_RESPONSE_SIZE 65536
 
 
@@ -526,7 +526,7 @@ check_signature_core (ctrl_t ctrl, ksba_cert_t cert, gcry_sexp_t s_sig,
 /* Check the signature of an OCSP response.  OCSP is the context,
    S_SIG the signature value and MD the handle of the hash we used for
    the response.  This function automagically finds the correct public
-   key.  If SIGNER_FPR_LIST is not NULL, the default OCSP reponder has been
+   key.  If SIGNER_FPR_LIST is not NULL, the default OCSP responder has been
    used and thus the certificate is one of those identified by
    the fingerprints. */
 static gpg_error_t
@@ -651,7 +651,7 @@ check_signature (ctrl_t ctrl,
    or directly through the CERT object is valid by running an OCSP
    transaction.  With FORCE_DEFAULT_RESPONDER set only the configured
    default responder is used.  If R_REVOKED_AT or R_REASON are not
-   NULL and the certificat has been revoked the revocation time and
+   NULL and the certificate has been revoked the revocation time and
    the reasons are stored there. */
 gpg_error_t
 ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
@@ -723,7 +723,7 @@ ocsp_isvalid (ctrl_t ctrl, ksba_cert_t cert, const char *cert_fpr,
     }
 
   /* Figure out the OCSP responder to use.
-     1. Try to get the reponder from the certificate.
+     1. Try to get the responder from the certificate.
         We do only take http and https style URIs into account.
      2. If this fails use the default responder, if any.
    */

dirmngr/server.c

@@ -932,7 +932,7 @@ proc_wkd_get (ctrl_t ctrl, assuan_context_t ctx, char *line)
       err = get_dns_srv (ctrl, domain, "openpgpkey", NULL, &srvs, &srvscount);
       if (err)
         {
-          /* Ignore server failed becuase there are too many resolvers
+          /* Ignore server failed because there are too many resolvers
            * which do not work as expected.  */
           if (gpg_err_code (err) == GPG_ERR_SERVER_FAILED)
             err = 0; /*(srvcount is guaranteed to be 0)*/

dirmngr/t-ldap-parse-uri.c

@@ -291,7 +291,7 @@ main (int argc, char **argv)
     }
   if (argc)
     {
-      fprintf (stderr, PGM ": no argumenst are expected\n");
+      fprintf (stderr, PGM ": no arguments are expected\n");
       exit (1);
     }
 

dirmngr/validate.c

@@ -42,7 +42,7 @@ enum cert_usage_modes
     CERT_USAGE_MODE_VRFY,  /* Usable for verification.          */
     CERT_USAGE_MODE_DECR,  /* Usable for decryption.            */
     CERT_USAGE_MODE_CERT,  /* Usable for cert signing.          */
-    CERT_USAGE_MODE_OCSP,  /* Usable for OCSP respone signing.  */
+    CERT_USAGE_MODE_OCSP,  /* Usable for OCSP response signing. */
     CERT_USAGE_MODE_CRL    /* Usable for CRL signing.           */
   };
 
@@ -56,7 +56,7 @@ struct chain_item_s
   ksba_cert_t cert;      /* The certificate.  */
   unsigned char fpr[20]; /* Fingerprint of the certificate.  */
   int is_self_signed;    /* This certificate is self-signed.  */
-  int is_valid;          /* The certifiate is valid except for revocations.  */
+  int is_valid;          /* The certificate is valid except for revocations.  */
 };
 typedef struct chain_item_s *chain_item_t;
 
@@ -173,7 +173,7 @@ check_cert_policy (ksba_cert_t cert)
   if (err)
     return err;
 
-  /* STRING is a line delimited list of certifiate policies as stored
+  /* STRING is a line delimited list of certificate policies as stored
      in the certificate.  The line itself is colon delimited where the
      first field is the OID of the policy and the second field either
      N or C for normal or critical extension */

doc/DETAILS

@@ -132,7 +132,7 @@ described here.
 *** Field 5 - KeyID
 
     This is the 64 bit keyid as specified by OpenPGP and the last 64
-    bit of the SHA-1 fingerprint of an X.509 certifciate.
+    bit of the SHA-1 fingerprint of an X.509 certificate.
 
 *** Field 6 - Creation date
 
@@ -1101,7 +1101,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
                         gpg-agent.
     - keyedit.passwd :: Changing the password failed.
     - nomdc_with_legacy_cipher :: The message was not MDC protected.
-         Use the command line to lern about a workaround.
+         Use the command line to learn about a workaround.
     - random-compliance :: The random number generator or the used
          version of Libgcrypt do not fulfill the requirements of the
          current compliance setting.  The error code is often
@@ -1179,7 +1179,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
     <total>.  For example "B", "KiB", or "MiB".
 
 *** BACKUP_KEY_CREATED <fingerprint> <fname>
-    A backup of a key identified by <fingerprint> has been writte to
+    A backup of a key identified by <fingerprint> has been written to
     the file <fname>; <fname> is percent-escaped.
 
 *** MOUNTPOINT <name>
@@ -1263,7 +1263,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
 
 *** CERTINFO <certtype> <certref> [<label>]
 
-    This status is emitted for X.509 certifcates.
+    This status is emitted for X.509 certificates.
     CERTTYPE is a number indicating the type of the certificate:
      0   := Unknown
      100 := Regular X.509 cert
@@ -1274,7 +1274,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
 
     CERTREF identifies the certificate uniquely on the card and may be
     used to match it with a key's KEYREF.  LABEL is an optional human
-    readable decription of the certificate; it won't have any space in
+    readable description of the certificate; it won't have any space in
     it and is percent encoded.
 
 *** MANUFACTURER <n> [<string>]
@@ -1297,7 +1297,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
 *** KEY-ATTR-INFO <keyref> <string>
     This is the response from scdaemon on GETATTR KEY-ATTR-INFO for
     OpenPGP cards.  <keyref> is the usual keyref (e.g. OPENPGP.1 or
-    OPENPGP.129) and <string> is the algoritm or curve name, which
+    OPENPGP.129) and <string> is the algorithm or curve name, which
     is available for the key.
 
 *** KEY-TIME <n> <timestamp>
@@ -1310,7 +1310,7 @@ pkd:0:1024:B665B1435F4C2 .... FF26ABB:
 *** KEY-LABEL <keyref> <label>
     This returns the human readbable label for the keys given by
     KEYREF.  LABEL won't have any space in it and is percent encoded.
-    This info shall only be used for dispaly purposes.
+    This info shall only be used for display purposes.
 
 * Format of the --attribute-fd output
 

doc/HACKING

@@ -152,7 +152,7 @@ Note that such a comment will be removed if the git commit option
       if ( 42 == foo )
 #+end_src
     this is harder to read and modern compilers are pretty good in
-    detecing accidental assignments.  It is also suggested not to
+    detecting accidental assignments.  It is also suggested not to
     compare to 0 or NULL but to test the value direct or with a '!';
     this makes it easier to see that a boolean test is done.
   - We use our own printf style functions like =es_printf=, and
@@ -244,7 +244,7 @@ subject line; the list is used for several different projects.
 
 In general you should send patches only for the master branch; we may
 later decide to backport to another branch.  Please ask first before
-sending pacthes for another branch.
+sending patches for another branch.
 
 If you're working from the Git repo, here's a suggested workflow:
 

doc/dirmngr.texi

@@ -1278,7 +1278,7 @@ as a binary blob.
 @c
 @c For historical reasons the Assuan command ISVALID is a bit different
 @c to CHECKCRL but this is mainly due to different calling conventions.
-@c In the end the same fucntionality is used, albeit hidden by a couple
+@c In the end the same functionality is used, albeit hidden by a couple
 @c of indirection and argument and result code mangling.  It furthere
 @c ingetrages OCSP checking depending on options are the way it is
 @c called.  GPGSM still uses this command but might eventually switch over

doc/examples/common.conf

@@ -10,8 +10,8 @@
 # and gpgsm.
 #use-keyboxd
 
-# For testing ist is somethimes useful to use a different binary
+# For testing it is sometimes useful to use a different binary
-# of keybox.  This option can be used to speicify this.
+# of keybox.  This option can be used to specify this.
 #keyboxd-program /foo/bar/keyboxd
 
 # For the daemons (gpg-agent, scdaemon, dirmngr, keyboxd) it is often

doc/examples/trustlist.txt

@@ -2,7 +2,7 @@
 # one, as well as empty lines are ignored.  Lines have a length limit
 # but this is not serious limitation as the format of the entries is
 # fixed and checked by gpg-agent.  A non-comment line starts with
-# optional white space, followed by the SHA-1 fingerpint in hex,
+# optional white space, followed by the SHA-1 fingerprint in hex,
 # optionally followed by a flag character which my either be 'P', 'S'
 # or '*'.  This file will be read by gpg-agent if no local trustlist
 # is available or if the statement "include-default" is used in the

doc/gnupg.texi

@@ -19,7 +19,7 @@
 
 @c Create a separate index for command line options.
 @defcodeindex op
-@c Create an index vor environment variables and files.
+@c Create an index for environment variables and files.
 @defcodeindex ef
 
 @c Merge the function index into the concept index.

doc/gpg-card.texi

@@ -281,7 +281,7 @@ removes this data object.  GnuPG does not use this info.
 Change the User Interaction Flag.  That flags tells whether the
 confirmation button of a token shall be used.  @var{n} must in the
 range 1 to 3.  "permanent" is the same as "on" but the flag can't be
-changed anmore.
+changed anymore.
 
 @item UNBLOCK
 @opindex unblock

doc/gpg.texi

@@ -1611,7 +1611,7 @@ maintained by the keyboxd process in its own database.
 
 @item --primary-keyring @var{file}
 @opindex primary-keyring
-This is a varian of @option{--keyring} and designates @var{file} as
+This is a variant of @option{--keyring} and designates @var{file} as
 the primary public keyring. This means that newly imported keys (via
 @option{--import} or keyserver @option{--recv-from}) will go to this
 keyring.
@@ -1808,7 +1808,7 @@ this option at all (e.g. due to the @option{--no-options} option).
 @opindex add-desig-revoker
 Add the key specified by @var{fingerprint} as a designated revoker to
 newly created keys.  If the fingerprint is prefixed with the keyword
-``sensitive:'' that info is normally not exported wit the key.  This
+``sensitive:'' that info is normally not exported with the key.  This
 option may be given several time to add more than one designated
 revoker.  If the keyword ``clear'' is used instead of a fingerprint,
 all designated options previously encountered are discarded.
@@ -2794,7 +2794,7 @@ The available properties are:
   Key Directory.
 
   @item url
-  A string with the the URL associated wit the last key lookup.
+  A string with the the URL associated with the last key lookup.
 
 @end table
 

doc/help.txt

@@ -117,7 +117,7 @@ disable CRL checking in gpgsm's configuration.
 
 
 .gpg.edit_ownertrust.value
-# The help identies prefixed with "gpg." used to be hard coded in gpg
+# The help entries prefixed with "gpg." used to be hard coded in gpg
 # but may now be overridden by help texts from this file.
 It's up to you to assign a value here; this value will never be exported
 to any 3rd party.  We need it to implement the web-of-trust; it has nothing

doc/ldap/README.ldap

@@ -291,7 +291,7 @@ olcAccess: {0} to dn.subtree="dc=example,dc=com"
 
 As usual replace all "dc=example,dc=com" accordingly.  Take care not
 to insert a blank line anywhere.  The first line needs to give the DN
-of the database as determined above.  Excute the rules from that file
+of the database as determined above.  Execute the rules from that file
 using the command:
 
 : ldapmodify -Q -Y EXTERNAL -H ldapi:/// -f grantaccess.ldif
@@ -384,7 +384,7 @@ This lists just the DNs.  If you need the entire content of the DIT
 leave out the "dn" argument.  The option "-LLL" selects useful
 formatting options for the output.
 
-** Insert X.509 Certficate
+** Insert X.509 Certificate
 
 If you don't have a handy tool to insert a certificate via LDAP you
 can do it manually.  First put the certificate in binary (DER) format
@@ -505,7 +505,7 @@ to revert replace "ACL" by "none".
 ** Extending the AD Schema
 The Active Directory on Windows is actually an LDAP server but
 configuration differs from OpenLDAP.  The used schema is the same but
-the data objects are slighly different.  To extend the schema the
+the data objects are slightly different.  To extend the schema the
 LDIF format is used but with variants of the files used for OpenLDAP.
 Thus please download these two files:
 
@@ -517,7 +517,7 @@ schema.  There are *no ways to revert changes* made to a schema.  You
 should also first try this all on a test system and not on a
 production system.
 
-To extend the schema become Adminstrator on your Primary Domain
+To extend the schema become Administrator on your Primary Domain
 Controller and open a shell (Command Prompt).  Copy the above
 mentioned ldif files to your working directory and run the following
 command:

doc/ldap/gnupg-ldap-ad-schema.ldif

@@ -1,6 +1,6 @@
 # gnupg-ldap-ad-scheme.ldif                               -*- conf -*-
 #
-# Schema for an OpenPGP LDAP keyserver.  This is a slighly enhanced
+# Schema for an OpenPGP LDAP keyserver.  This is a slightly enhanced
 # version of the original LDAP schema used for PGP keyservers as
 # installed at quite some sites.
 # Revision: 2021-09-01  v1
@@ -12,7 +12,7 @@
 #      ldifde -i -v -f gnupg-ldap-ad-schema.ldif
 #             -c "DC=EXAMPLEDC" "#configurationNamingContext"
 #   (the above command is given as one line)
-# - The schema does not get its own distingished name as done with OpenLDAP.
+# - The schema does not get its own distinguished name as done with OpenLDAP.
 # - The first GUID we use is f406e7a5-a5ea-411e-9ddd-2e4e66899800
 #   and incremented for each attribute.
 #

doc/ldap/gnupg-ldap-schema.ldif

@@ -1,6 +1,6 @@
 # gnupg-ldap-scheme.ldif                                 -*- conf -*-
 #
-# Schema for an OpenPGP LDAP keyserver.  This is a slighly enhanced
+# Schema for an OpenPGP LDAP keyserver.  This is a slightly enhanced
 # version of the original LDAP schema used for PGP keyservers as
 # installed at quite some sites.
 # Revision: 2020-10-07
@@ -58,7 +58,7 @@ olcAttributeTypes: {5}(
     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
     SINGLE-VALUE )
 # The short key id.  This is actually not required and should thus not
-# be used by cleint software.
+# be used by client software.
 olcAttributeTypes: {6}(
     1.3.6.1.4.1.3401.8.2.14
     NAME 'pgpKeyID'

doc/tools.texi

@@ -1826,7 +1826,7 @@ Do the check using the OCSP protocol and ignore any CRLs.
 @item --force-default-responder
 @opindex force-default-responder
 When checking using the OCSP protocol, force the use of the default OCSP
-responder.  That is not to use the Reponder as given by the certificate.
+responder.  That is not to use the Responder as given by the certificate.
 
 @item --ping
 @opindex ping

g10/armor.c

@@ -1319,7 +1319,7 @@ armor_filter( void *opaque, int control,
 	*ret_len = n;
     }
     else if( control == IOBUFCTRL_UNDERFLOW ) {
-        /* We need some space for the faked packet.  The minmum
+        /* We need some space for the faked packet.  The minimum
          * required size is the PARTIAL_CHUNK size plus a byte for the
          * length itself */
 	if( size < PARTIAL_CHUNK+1 )
@@ -1495,7 +1495,7 @@ armor_filter( void *opaque, int control,
     else if( control == IOBUFCTRL_FREE ) {
 	if( afx->cancel )
 	    ;
-	else if( afx->status ) { /* pad, write cecksum, and bottom line */
+	else if( afx->status ) { /* pad, write checksum, and bottom line */
 	    gcry_md_final (afx->crc_md);
 	    crc = get_afx_crc (afx);
 	    idx = afx->idx;

g10/call-agent.c

@@ -791,7 +791,7 @@ learn_status_cb (void *opaque, const char *line)
  * Used by:
  *  card-util.c
  *  keyedit_menu
- *  card_store_key_with_backup  (Woth force to remove secret key data)
+ *  card_store_key_with_backup  (With force to remove secret key data)
  */
 int
 agent_scd_learn (struct agent_card_info_s *info, int force)
@@ -2316,7 +2316,7 @@ agent_probe_secret_key (ctrl_t ctrl, PKT_public_key *pk)
   else if (!result && result2)
     return 0;       /* Only first key available - return no key.  */
   else if (result && !result2)
-    return 0;       /* Only second key not availabale - return no key.  */
+    return 0;       /* Only second key not available - return no key.  */
   else if (result == 4 || result == 2)
     return result;  /* First key on card - don't care where the second is.  */
   else
@@ -2345,7 +2345,7 @@ agent_probe_any_secret_key (ctrl_t ctrl, kbnode_t keyblock)
     return err;
 
   /* If we have not yet issued a "HAVEKEY --list" do that now.  We use
-   * a more or less arbitray limit of 1000 keys.  */
+   * a more or less arbitrary limit of 1000 keys.  */
   if (ctrl && !ctrl->secret_keygrips && !ctrl->no_more_secret_keygrips)
     {
       membuf_t data;

g10/call-dirmngr.c

@@ -390,7 +390,7 @@ ks_status_cb (void *opaque, const char *line)
                 {
                   /* This is an LDAP config entry like
                    * "foo:389:user:pass:base:flags"
-                   * we strip off everything beyound the port.  */
+                   * we strip off everything beyond the port.  */
                   if ((p = strchr (p+1, ':')))
                     {
                       if (p[-1] == ':')

g10/call-keyboxd.c

@@ -47,7 +47,7 @@
 
 
 /* Data used to keep track of keybox daemon sessions.  This allows us
- * to use several sessions with the keyboxd and also to re-use already
+ * to use several sessions with the keyboxd and also to reuse already
  * established sessions.  Note that gpg.h defines the type
  * keyboxd_local_t for this structure. */
 struct keyboxd_local_s
@@ -631,7 +631,7 @@ keydb_search_reset (KEYDB_HANDLE hd)
 
 
 
-/* Status callback for SEARCH and NEXT operaions.  */
+/* Status callback for SEARCH and NEXT operations.  */
 static gpg_error_t
 search_status_cb (void *opaque, const char *line)
 {

g10/card-util.c

@@ -1778,7 +1778,7 @@ card_generate_subkey (ctrl_t ctrl, kbnode_t pub_keyblock)
 /* Store the key at NODE into the smartcard and modify NODE to carry
    the serialno stuff instead of the actual secret key parameters.
    USE is the usage for that key; 0 means any usage.  If
-   PROCESSED_KEYS is not NULL it is a poiter to an strlist which will
+   PROCESSED_KEYS is not NULL it is a pointer to an strlist which will
    be filled with the keygrips of successfully stored keys.  */
 int
 card_store_subkey (KBNODE node, int use, strlist_t *processed_keys)

g10/encrypt.c

@@ -68,7 +68,7 @@ encrypt_store (const char *filename)
 }
 
 
-/* Create and setup a DEK structure and print approriate warnings.
+/* Create and setup a DEK structure and print appropriate warnings.
  * PK_LIST gives the list of public keys.  Always returns a DEK.  The
  * actual session needs to be added later.  */
 static DEK *
@@ -94,7 +94,7 @@ create_dek_with_warnings (pk_list_t pk_list)
 
       /* In case 3DES has been selected, print a warning if any key
        * does not have a preference for AES.  This should help to
-       * indentify why encrypting to several recipients falls back to
+       * identify why encrypting to several recipients falls back to
        * 3DES. */
       if (opt.verbose && dek->algo == CIPHER_ALGO_3DES)
         warn_missing_aes_from_pklist (pk_list);
@@ -1128,7 +1128,7 @@ write_pubkey_enc (ctrl_t ctrl,
    * the structure DEK and want to encode this session key in an
    * integer value of n bits. pubkey_nbits gives us the number of
    * bits we have to use.  We then encode the session key in some
-   * way and we get it back in the big intger value FRAME.  Then
+   * way and we get it back in the big integer value FRAME.  Then
    * we use FRAME, the public key PK->PKEY and the algorithm
    * number PK->PUBKEY_ALGO and pass it to pubkey_encrypt which
    * returns the encrypted value in the array ENC->DATA.  This

g10/export.c

@@ -2134,7 +2134,7 @@ do_export_revocs (ctrl_t ctrl, kbnode_t keyblock, u32 *keyid,
         continue;
       sig = node->pkt->pkt.signature;
 
-      /* We are only interested in revocation certifcates.  */
+      /* We are only interested in revocation certificates.  */
       if (!(IS_KEY_REV (sig) || IS_UID_REV (sig) || IS_SUBKEY_REV (sig)))
         continue;
 

g10/getkey.c

@@ -446,7 +446,7 @@ leave:
 
 
 /* Same as get_pubkey but if the key was not found the function tries
- * to import it from LDAP.  FIXME: We should not need this but swicth
+ * to import it from LDAP.  FIXME: We should not need this but switch
  * to a fingerprint lookup.  */
 gpg_error_t
 get_pubkey_with_ldap_fallback (ctrl_t ctrl, PKT_public_key *pk, u32 *keyid)
@@ -992,7 +992,7 @@ get_pubkey_byname (ctrl_t ctrl, enum get_pubkey_modes mode,
   /* If we are called due to --locate-external-key Check whether NAME
    * is a fingerprint and then try to lookup that key by configured
    * method which support lookup by fingerprint.  FPRBUF carries the
-   * parsed fingerpint iff IS_FPR is true.  */
+   * parsed fingerprint iff IS_FPR is true.  */
   is_fpr = 0;
   if (!is_mbox && mode == GET_PUBKEY_NO_LOCAL)
     {
@@ -2525,7 +2525,7 @@ parse_key_usage (PKT_signature * sig)
 
 /* Apply information from SIGNODE (which is the valid self-signature
  * associated with that UID) to the UIDNODE:
- * - wether the UID has been revoked
+ * - whether the UID has been revoked
  * - assumed creation date of the UID
  * - temporary store the keyflags here
  * - temporary store the key expiration time here

g10/gpg.c

@@ -2003,7 +2003,7 @@ gpgconf_list (void)
    * compliance mode.  This does not test all parameters but the basic
    * conditions like a proper RNG and Libgcrypt.  AS of now we always
    * return 0 because this version of gnupg has not yet received an
-   * appoval. */
+   * approval. */
   es_printf ("compliance_de_vs:%lu:%d:\n", GC_OPT_FLAG_DEFAULT,
              0 /*gnupg_rng_is_compliant (CO_DE_VS)*/);
 
@@ -2609,7 +2609,7 @@ main (int argc, char **argv)
     pargs.argc = &argc;
     pargs.argv = &argv;
     /* We are re-using the struct, thus the reset flag.  We OR the
-     * flags so that the internal intialized flag won't be cleared. */
+     * flags so that the internal initialized flag won't be cleared. */
     pargs.flags |= (ARGPARSE_FLAG_RESET
                     | ARGPARSE_FLAG_KEEP
                     | ARGPARSE_FLAG_SYS
@@ -2619,7 +2619,7 @@ main (int argc, char **argv)
     /* By this point we have a homedir, and cannot change it. */
     check_permissions (gnupg_homedir (), 0);
 
-    /* The configuraton directories for use by gpgrt_argparser.  */
+    /* The configuration directories for use by gpgrt_argparser.  */
     gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
     gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 

g10/import.c

@@ -231,7 +231,7 @@ parse_import_options(char *str,unsigned int *options,int noisy)
   int rc;
   int saved_self_sigs_only, saved_import_clean;
 
-  /* We need to set flags indicating wether the user has set certain
+  /* We need to set flags indicating whether the user has set certain
    * options or if they came from the default.  */
   saved_self_sigs_only = (*options & IMPORT_SELF_SIGS_ONLY);
   saved_self_sigs_only &= ~IMPORT_SELF_SIGS_ONLY;

g10/key-clean.c

@@ -612,7 +612,7 @@ clean_all_subkeys (ctrl_t ctrl, kbnode_t keyblock, int noisy, int clean_level,
   /* Do the selected cleaning.  */
   if (clean_level > KEY_CLEAN_NONE)
     {
-      /* Clean enitre subkeys.  */
+      /* Clean entire subkeys.  */
       for (node = first_subkey; node; node = node->next)
         {
           if (is_deleted_kbnode (node))

g10/keyedit.c

@@ -1445,7 +1445,7 @@ keyedit_menu (ctrl_t ctrl, const char *username, strlist_t locusr,
      inhibits that and flushing the cache right before the stale
      check is not easy to implement.  Thus we take the easy way out
      and run the stale check as early as possible.  Note, that for
-     non- W32 platforms it is run indirectly trough a call to
+     non- W32 platforms it is run indirectly through a call to
      get_validity ().  */
   check_trustdb_stale (ctrl);
 #endif
@@ -2894,7 +2894,7 @@ find_by_primary_fpr (ctrl_t ctrl, const char *fpr,
 }
 
 
-/* Unattended key signing function.  If the key specifified by FPR is
+/* Unattended key signing function.  If the key specified by FPR is
    available and FPR is the primary fingerprint all user ids of the
    key are signed using the default signing key.  If UIDS is an empty
    list all usable UIDs are signed, if it is not empty, only those
@@ -3153,7 +3153,7 @@ keyedit_quick_revsig (ctrl_t ctrl, const char *username, const char *sigtorev,
           unsigned int sigcount = 0;
           kbnode_t *sigarray;
 
-          /* Allocate an array large enogh for all signatures.  */
+          /* Allocate an array large enough for all signatures.  */
           for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
             sigcount++;
           sigarray = xtrycalloc (sigcount, sizeof *sigarray);

g10/keygen.c

@@ -4470,7 +4470,7 @@ parse_parameter_usage (const char *fname,
 
 /* Parse the revocation key specified by NAME, check that the public
  * key exists (so that we can get the required public key algorithm),
- * and return a parameter wit the revocation key information.  On
+ * and return a parameter with the revocation key information.  On
  * error print a diagnostic and return NULL.  */
 static struct para_data_s *
 prepare_desig_revoker (ctrl_t ctrl, const char *name)
@@ -4790,7 +4790,7 @@ proc_parameter_file (ctrl_t ctrl, struct para_data_s *para, const char *fname,
   if (parse_revocation_key (fname, para, pREVOKER))
     return -1;
 
-  /* Check and appened revokers from the config file.  */
+  /* Check and append revokers from the config file.  */
   for (sl = opt.desig_revokers; sl; sl = sl->next)
     {
       r = prepare_desig_revoker (ctrl, sl->d);

g10/keyid.c

@@ -336,7 +336,7 @@ do_hash_public_key (gcry_md_hd_t md, PKT_public_key *pk, int use_v5)
             {
               /* Ugly: We need to re-construct the wire format of the
                * key parameter.  It would be easier to use a second
-               * index for pp and nn which we could bump independet of
+               * index for pp and nn which we could bump independent of
                * i.  */
               const char *p;
 
@@ -870,7 +870,7 @@ nbits_from_pk (PKT_public_key *pk)
         case 800:  nbits =  512; break;
         case 1184: nbits =  768; break;
         case 1568: nbits = 1024; break;
-        default:   nbits = 0;    break;  /* Unkown version.  */
+        default:   nbits = 0;    break;  /* Unknown version.  */
         }
       return nbits;
     }
@@ -1093,7 +1093,7 @@ fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)
  * Return a byte array with the fingerprint for the given PK/SK The
  * length of the array is returned in ret_len. Caller must free the
  * array or provide an array of length MAX_FINGERPRINT_LEN.  This
- * version creates a v5 fingerprint even vor v4 keys.
+ * version creates a v5 fingerprint even for v4 keys.
  */
 byte *
 v5_fingerprint_from_pk (PKT_public_key *pk, byte *array, size_t *ret_len)

g10/options.h

@@ -383,7 +383,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define COMPAT_T7014_OLD      2  /* Use initial T7014 test data.  */
 
 
-/* Compliance test macors.  */
+/* Compliance test macros.  */
 #define GNUPG   (opt.compliance==CO_GNUPG || opt.compliance==CO_DE_VS)
 #define RFC2440 (opt.compliance==CO_RFC2440)
 #define RFC4880 (opt.compliance==CO_RFC4880)

g10/packet.h

@@ -251,7 +251,7 @@ typedef struct
   const byte *trust_regexp;
   struct revocation_key *revkey;
   int numrevkeys;
-  int help_counter;          /* Used internally bu some functions.  */
+  int help_counter;          /* Used internally by some functions.  */
   char *signers_uid;         /* Malloced value of the SIGNERS_UID
                               * subpacket or NULL.  This string has
                               * already been sanitized.  */

g10/pkclist.c

@@ -618,7 +618,7 @@ check_signatures_trust (ctrl_t ctrl, kbnode_t keyblock, PKT_public_key *pk,
   targetuid = NULL;
   if (uidbased)
     {
-      u32 tmpcreated = 0; /* Helper to find the lates user ID.  */
+      u32 tmpcreated = 0; /* Helper to find the latest user ID.  */
       PKT_user_id *tmpuid;
 
       for (n=keyblock; n; n = n->next)

g10/pkglue.c

@@ -486,7 +486,7 @@ do_encrypt_kem (PKT_public_key *pk, gcry_mpi_t data, int seskey_algo,
     {
       if (!strcmp (ecc_oid, "1.3.6.1.4.1.3029.1.5.1"))
         log_info ("Warning: "
-                  "legacy OID for cv25519 accepted during develpment\n");
+                  "legacy OID for cv25519 accepted during development\n");
       ecc_pubkey = gcry_mpi_get_opaque (pk->pkey[1], &nbits);
       ecc_pubkey_len = (nbits+7)/8;
       if (ecc_pubkey_len == 33 && *ecc_pubkey == 0x40)

g10/sig-check.c

@@ -992,7 +992,7 @@ check_signature_over_key_or_uid (ctrl_t ctrl, PKT_public_key *signer,
               if (ret_pk)
                 {
                   signer = ret_pk;
-                  /* FIXME: Using memset here is probematic because it
+                  /* FIXME: Using memset here is problematic because it
                    * assumes that there are no allocated fields in
                    * SIGNER.  */
                   memset (signer, 0, sizeof (*signer));

g10/sign.c

@@ -684,7 +684,7 @@ hash_for (PKT_public_key *pk)
 	 like a new DSA key that just happens to have a 160-bit q
 	 (i.e. allow truncation).  If q is not 160, by definition it
 	 must be a new DSA key.  We ignore the personal_digest_prefs
-	 for ECDSA because they should always macth the curve and
+	 for ECDSA because they should always match the curve and
 	 truncated hashes are not useful either.  Even worse,
 	 smartcards may reject non matching hash lengths for curves
 	 (e.g. using SHA-512 with brainpooolP385r1 on a Yubikey).  */
@@ -1322,7 +1322,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
 
           if (opt.verbose)
             log_info (_("signing:") );
-          /* Must walk reverse trough this list.  */
+          /* Must walk reverse through this list.  */
           for (sl = strlist_last(filenames);
                sl;
                sl = strlist_prev( filenames, sl))

g10/tofu.c

@@ -3655,7 +3655,7 @@ tofu_wot_trust_combine (int tofu_base, int wot_base)
               || wot == TRUST_FULLY
               || wot == TRUST_ULTIMATE);
 
-  /* We first consider negative trust policys.  These trump positive
+  /* We first consider negative trust policies.  These trump positive
      trust policies.  */
   if (tofu == TRUST_NEVER || wot == TRUST_NEVER)
     /* TRUST_NEVER trumps everything else.  */

g10/trustdb.c

@@ -1505,7 +1505,7 @@ list_trust_path( const char *username )
 /****************
  * Enumerate all keys, which are needed to build all trust paths for
  * the given key.  This function does not return the key itself or
- * the ultimate key (the last point in cerificate chain).  Only
+ * the ultimate key (the last point in certificate chain).  Only
  * certificate chains which ends up at an ultimately trusted key
  * are listed.	If ownertrust or validity is not NULL, the corresponding
  * value for the returned LID is also returned in these variable(s).

g13/g13-syshelp.c

@@ -314,7 +314,7 @@ main (int argc, char **argv)
   ctrl.no_server = 1;
   ctrl.status_fd = -1; /* No status output. */
 
-  /* The configuraton directories for use by gpgrt_argparser.  */
+  /* The configuration directories for use by gpgrt_argparser.  */
   gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
   gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 

g13/g13.c

@@ -443,12 +443,12 @@ main (int argc, char **argv)
   ctrl.no_server = 1;
   ctrl.status_fd = -1; /* No status output. */
 
-  /* The configuraton directories for use by gpgrt_argparser.  */
+  /* The configuration directories for use by gpgrt_argparser.  */
   gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
   gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 
   /* We are re-using the struct, thus the reset flag.  We OR the
-   * flags so that the internal intialized flag won't be cleared. */
+   * flags so that the internal initialized flag won't be cleared. */
   argc        = orig_argc;
   argv        = orig_argv;
   pargs.argc  = &argc;

g13/sh-dmcrypt.c

@@ -66,7 +66,7 @@
 #define HEADER_SECTORS (SETUP_AREA_SECTORS * HEADER_SETUP_AREA_COPIES)
 #define FOOTER_SECTORS (SETUP_AREA_SECTORS * FOOTER_SETUP_AREA_COPIES)
 
-/* Minimim size of the encrypted space in blocks.  This is more or
+/* Minimum size of the encrypted space in blocks.  This is more or
    less an arbitrary value.  */
 #define MIN_ENCRYPTED_SPACE 32
 

kbx/backend-sqlite.c

@@ -884,7 +884,7 @@ run_select_statement (ctrl_t ctrl, be_sqlite_local_t ctx,
       goto leave;
     }
 
-  /* Check whether we can re-use the current select statement.  */
+  /* Check whether we can reuse the current select statement.  */
   if (!ctx->select_stmt)
     ;
   else if (ctx->select_mode != desc[descidx].mode)

kbx/backend-support.c

@@ -207,7 +207,7 @@ be_is_x509_blob (const unsigned char *blob, size_t bloblen)
    *  SEQUENCE    SEQUENCE    [0]   INTEGER  INTEGER
    *              (tbs)            (version) (s/n)
    *
-   *  Note that v0 certificates don't have an explict version number.
+   *  Note that v0 certificates don't have an explicit version number.
    */
 
   p = blob;
@@ -229,7 +229,7 @@ be_is_x509_blob (const unsigned char *blob, size_t bloblen)
   if (!(class == CLASS_CONTEXT && tag == 0 && cons))
     {
       if (class == CLASS_UNIVERSAL && tag == TAG_INTEGER && !cons)
-        return 1; /* Might be a X.509 v0 cert with implict version.  */
+        return 1; /* Might be a X.509 v0 cert with implicit version.  */
       return 0; /* No context tag.  */
     }
 

kbx/frontend.c

@@ -1,4 +1,4 @@
-/* frontend.c - Database fronend code for keyboxd
+/* frontend.c - Database frontend code for keyboxd
  * Copyright (C) 2019 g10 Code GmbH
  *
  * This file is part of GnuPG.

kbx/kbxserver.c

@@ -93,7 +93,7 @@ struct server_local_s
    * multi_search_desc_len.  If a search description has ever been
    * allocated the allocated size is stored at multi_search_desc_size.
    * multi_search_store is allocated at the same size as
-   * multi_search_desc and used to provde backing store for the SN and
+   * multi_search_desc and used to provide backing store for the SN and
    * NAME elements of KEYBOX_SEARCH_DESC.  */
   KEYBOX_SEARCH_DESC search_desc;
   KEYBOX_SEARCH_DESC *multi_search_desc;

kbx/keybox-init.c

@@ -103,7 +103,7 @@ keybox_is_writable (void *token)
 }
 
 
-/* Change the default buffering to KBYTES KiB; using 0 uses the syste
+/* Change the default buffering to KBYTES KiB; using 0 uses the system
  * buffers.  This function must be called early.  */
 void
 keybox_set_buffersize (unsigned int kbytes, int reserved)

kbx/keybox-search-desc.h

@@ -1,4 +1,4 @@
-/* keybox-search-desc.h - Keybox serch description
+/* keybox-search-desc.h - Keybox search description
  *	Copyright (C) 2001 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.

kbx/keyboxd.c

@@ -529,7 +529,7 @@ main (int argc, char **argv )
   /* Reset the flags.  */
   pargs.flags &= ~(ARGPARSE_FLAG_KEEP | ARGPARSE_FLAG_NOVERSION);
 
-  /* The configuraton directories for use by gpgrt_argparser.  */
+  /* The configuration directories for use by gpgrt_argparser.  */
   gpgrt_set_confdir (GPGRT_CONFDIR_SYS, gnupg_sysconfdir ());
   gpgrt_set_confdir (GPGRT_CONFDIR_USER, gnupg_homedir ());
 

m4/gpg-error.m4

@@ -145,7 +145,7 @@ dnl                   [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
 dnl
 dnl Test for libgpg-error and define GPG_ERROR_CFLAGS, GPG_ERROR_LIBS,
 dnl GPG_ERROR_MT_CFLAGS, and GPG_ERROR_MT_LIBS.  The _MT_ variants are
-dnl used for programs requireing real multi thread support.
+dnl used for programs requiring real multi thread support.
 dnl
 dnl If a prefix option is not used, the config script is first
 dnl searched in $SYSROOT/bin and then along $PATH.  If the used

m4/ksba.m4

@@ -100,9 +100,9 @@ AC_DEFUN([_AM_PATH_GPGRT_CONFIG],[dnl
 dnl AM_PATH_KSBA([MINIMUM-VERSION,
 dnl              [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
 dnl Test for libksba and define KSBA_CFLAGS and KSBA_LIBS
-dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
+dnl MINIMUM-VERSION is a string with the version number optionally prefixed
 dnl with the API version to also check the API compatibility. Example:
-dnl a MINIMUN-VERSION of 1:1.0.7 won't pass the test unless the installed
+dnl a MINIMUM-VERSION of 1:1.0.7 won't pass the test unless the installed
 dnl version of libksba is at least 1.0.7 *and* the API number is 1.  Using
 dnl this features allows to prevent build against newer versions of libksba
 dnl with a changed API.

m4/ntbtls.m4

@@ -16,9 +16,9 @@ dnl AM_PATH_NTBTLS([MINIMUM-VERSION,
 dnl                   [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND ]]])
 dnl
 dnl Test for NTBTLS and define NTBTLS_CFLAGS and NTBTLS_LIBS.
-dnl MINIMUN-VERSION is a string with the version number optionalliy prefixed
+dnl MINIMUM-VERSION is a string with the version number optionally prefixed
 dnl with the API version to also check the API compatibility. Example:
-dnl a MINIMUN-VERSION of 1:1.2.5 won't pass the test unless the installed
+dnl a MINIMUM-VERSION of 1:1.2.5 won't pass the test unless the installed
 dnl version of libgcrypt is at least 1.2.5 *and* the API number is 1.  Using
 dnl this features allows to prevent build against newer versions of libgcrypt
 dnl with a changed API.

regexp/jimregexp.c

@@ -1278,7 +1278,7 @@ static int prefix_cmp(const int *prog, int proglen, const char *string, int noca
 }
 
 /**
- * Searchs for 'c' in the range 'range'.
+ * Searches for 'c' in the range 'range'.
  *
  * Returns 1 if found, or 0 if not.
  */

scd/apdu.c

@@ -2310,7 +2310,7 @@ apdu_open_reader (struct dev_list *dl)
 /* Open an remote reader and return an internal slot number or -1 on
    error. This function is an alternative to apdu_open_reader and used
    with remote readers only.  Note that the supplied CLOSEFNC will
-   only be called once and the slot will not be valid afther this.
+   only be called once and the slot will not be valid after this.
 
    If PORTSTR is NULL we default to the first available port.
 */

scd/app-nks.c

@@ -528,7 +528,7 @@ find_fid_by_keyref (app_t app, const char *keyref, int *r_idx, int *r_algo)
               break;
           if (!filelist[idx].fid)
             {
-              log_debug ("nks: Ooops: Unkown FID cached!\n");
+              log_debug ("nks: Ooops: Unknown FID cached!\n");
               err = gpg_error (GPG_ERR_BUG);
               goto leave;
             }