22 files changed, 54 insertions, 54 deletions

diff --git a/PROTOCOL.certkeys b/PROTOCOL.certkeys
index 64cb18700..65f11f538 100644
--- a/PROTOCOL.certkeys
+++ b/PROTOCOL.certkeys
@@ -174,7 +174,7 @@ certificate. Each represents a time in seconds since 1970-01-01
 
     valid after <= current time < valid before
 
-criticial options is a set of zero or more key options encoded as
+critical options is a set of zero or more key options encoded as
 below. All such options are "critical" in the sense that an implementation
 must refuse to authorise a key that has an unrecognised option.
 
@@ -291,4 +291,4 @@ permit-user-rc          empty         Flag indicating that execution of
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.13 2017/11/03 02:32:19 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.14 2018/04/10 00:10:49 djm Exp $
diff --git a/PROTOCOL.chacha20poly1305 b/PROTOCOL.chacha20poly1305
index 4857d3853..9ce2a1e3a 100644
--- a/PROTOCOL.chacha20poly1305
+++ b/PROTOCOL.chacha20poly1305
@@ -16,7 +16,7 @@ that computes a 128 bit integrity tag given a message and a single-use
 The chacha20-poly1305@openssh.com combines these two primitives into an
 authenticated encryption mode. The construction used is based on that
 proposed for TLS by Adam Langley in [3], but differs in the layout of
-data passed to the MAC and in the addition of encyption of the packet
+data passed to the MAC and in the addition of encryption of the packet
 lengths.
 
 Negotiation
@@ -103,5 +103,5 @@ References
 [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley
     http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
 
-$OpenBSD: PROTOCOL.chacha20poly1305,v 1.3 2016/05/03 13:10:24 djm Exp $
+$OpenBSD: PROTOCOL.chacha20poly1305,v 1.4 2018/04/10 00:10:49 djm Exp $
 
diff --git a/PROTOCOL.krl b/PROTOCOL.krl
index b9695107b..f319bad21 100644
--- a/PROTOCOL.krl
+++ b/PROTOCOL.krl
@@ -145,7 +145,7 @@ This section may appear multiple times.
 5. KRL signature sections
 
 The KRL_SECTION_SIGNATURE section serves a different purpose to the
-preceeding ones: to provide cryptographic authentication of a KRL that
+preceding ones: to provide cryptographic authentication of a KRL that
 is retrieved over a channel that does not provide integrity protection.
 Its format is slightly different to the previously-described sections:
 in order to simplify the signature generation, it includes as a "body"
@@ -166,4 +166,4 @@ Implementations that retrieve KRLs over untrusted channels must verify
 signatures. Signature sections are optional for KRLs distributed by
 trusted means.
 
-$OpenBSD: PROTOCOL.krl,v 1.3 2015/01/30 01:10:33 djm Exp $
+$OpenBSD: PROTOCOL.krl,v 1.4 2018/04/10 00:10:49 djm Exp $
diff --git a/auth.h b/auth.h
index 23ce67caf..29491df98 100644
--- a/auth.h
+++ b/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.95 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.96 2018/04/10 00:10:49 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -89,7 +89,7 @@ struct Authctxt {
         struct sshkey   **prev_keys;
         u_int            nprev_keys;
 
-        /* Last used key and ancilliary information from active auth method */
+        /* Last used key and ancillary information from active auth method */
         struct sshkey   *auth_method_key;
         char            *auth_method_info;
 
diff --git a/authfd.c b/authfd.c
index 1eff7ba94..3ee7dffa5 100644
--- a/authfd.c
+++ b/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.108 2018/02/23 15:58:37 markus Exp $ */
+/* $OpenBSD: authfd.c,v 1.109 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -323,7 +323,7 @@ ssh_free_identitylist(struct ssh_identitylist *idl)
  */
 
 
-/* encode signature algoritm in flag bits, so we can keep the msg format */
+/* encode signature algorithm in flag bits, so we can keep the msg format */
 static u_int
 agent_encode_alg(const struct sshkey *key, const char *alg)
 {
diff --git a/channels.c b/channels.c
index bdee1f386..65d9dbd5f 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.379 2018/02/05 05:36:49 tb Exp $ */
+/* $OpenBSD: channels.c,v 1.380 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2599,7 +2599,7 @@ channel_output_poll(struct ssh *ssh)
  *      SSH_CHANNEL_MUX_PROXY channel and replace the mux clients ID
  *      with the newly allocated channel ID.
  * 2) Upstream messages are received by matching SSH_CHANNEL_MUX_PROXY
- *    channels and procesed by channel_proxy_upstream(). The local channel ID
+ *    channels and processed by channel_proxy_upstream(). The local channel ID
  *    is then translated back to the original mux client ID.
  * 3) In both cases we need to keep track of matching SSH2_MSG_CHANNEL_CLOSE
  *    messages so we can clean up SSH_CHANNEL_MUX_PROXY channels.
@@ -2610,7 +2610,7 @@ channel_output_poll(struct ssh *ssh)
  *    channel. E.g. client_request_forwarded_tcpip() needs to figure
  *    out whether the request is addressed to the local client or a
  *    specific downstream client based on the listen-address/port.
- * 6) Agent and X11-Forwarding have a similar problem and are currenly
+ * 6) Agent and X11-Forwarding have a similar problem and are currently
  *    not supported as the matching session/channel cannot be identified
  *    easily.
  */
@@ -2787,7 +2787,7 @@ channel_proxy_upstream(Channel *c, int type, u_int32_t seq, struct ssh *ssh)
         /*
          * When receiving packets from the peer we need to check whether we
          * need to forward the packets to the mux client. In this case we
-         * restore the orignal channel id and keep track of CLOSE messages,
+         * restore the original channel id and keep track of CLOSE messages,
          * so we can cleanup the channel.
          */
         if (c == NULL || c->type != SSH_CHANNEL_MUX_PROXY)
diff --git a/clientloop.c b/clientloop.c
index 7bcf22e38..4801f4a77 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.311 2018/02/11 21:16:56 dtucker Exp $ */
+/* $OpenBSD: clientloop.c,v 1.312 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -664,7 +664,7 @@ client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx)
             options.request_tty == REQUEST_TTY_YES))
                 cr->action = CONFIRM_CLOSE;
 
-        /* XXX supress on mux _client_ quietmode */
+        /* XXX suppress on mux _client_ quietmode */
         tochan = options.log_level >= SYSLOG_LEVEL_ERROR &&
             c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE;
 
diff --git a/kexdhs.c b/kexdhs.c
index da8f4c439..5dfca0a24 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.26 2018/02/07 02:06:51 jsing Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.27 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -194,7 +194,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
 
         /* destroy_sensitive_data(); */
 
-        /* send server hostkey, DH pubkey 'f' and singed H */
+        /* send server hostkey, DH pubkey 'f' and signed H */
         if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 ||
             (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
             (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||     /* f */
diff --git a/kexgexs.c b/kexgexs.c
index d7b48ea88..f6983fd69 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.32 2018/02/07 02:06:51 jsing Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.33 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -224,7 +224,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
 
         /* destroy_sensitive_data(); */
 
-        /* send server hostkey, DH pubkey 'f' and singed H */
+        /* send server hostkey, DH pubkey 'f' and signed H */
         if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 ||
             (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
             (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||     /* f */
diff --git a/scp.c b/scp.c
index 31e6709fb..80aed84b6 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.195 2018/02/10 06:15:12 djm Exp $ */
+/* $OpenBSD: scp.c,v 1.196 2018/04/10 00:10:49 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -311,7 +311,7 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
 }
 
 /*
- * This functions executes a command simlar to do_cmd(), but expects the
+ * This function executes a command similar to do_cmd(), but expects the
  * input and output descriptors to be setup by a previous call to do_cmd().
  * This way the input and output of two commands can be connected.
  */
diff --git a/servconf.c b/servconf.c
index 4a508f138..5ca84515f 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.327 2018/04/04 15:12:17 job Exp $ */
+/* $OpenBSD: servconf.c,v 1.328 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1951,7 +1951,7 @@ process_server_config_line(ServerOptions *options, char *line,
         case sAuthenticationMethods:
                 if (options->num_auth_methods == 0) {
                         value = 0; /* seen "any" pseudo-method */
-                        value2 = 0; /* sucessfully parsed any method */
+                        value2 = 0; /* successfully parsed any method */
                         while ((arg = strdelim(&cp)) && *arg != '\0') {
                                 if (strcmp(arg, "any") == 0) {
                                         if (options->num_auth_methods > 0) {
@@ -2135,7 +2135,7 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec)
  *
  * If the preauth flag is set, we do not bother copying the string or
  * array values that are not used pre-authentication, because any that we
- * do use must be explictly sent in mm_getpwnamallow().
+ * do use must be explicitly sent in mm_getpwnamallow().
  */
 void
 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
diff --git a/sftp.c b/sftp.c
index 5ce864eeb..279f7d46e 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.182 2017/11/03 03:46:52 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.183 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -1844,7 +1844,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote,
                 return 0;
         }
 
-        /* Complete ambigious command */
+        /* Complete ambiguous command */
         tmp = complete_ambiguous(cmd, list, count);
         if (count > 1)
                 complete_display(list, 0);
diff --git a/ssh-agent.c b/ssh-agent.c
index 68de56ce6..cd028913e 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.229 2018/04/09 23:54:49 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.230 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -709,7 +709,7 @@ process_message(u_int socknum)
 
         debug("%s: socket %u (fd=%d) type %d", __func__, socknum, e->fd, type);
 
-        /* check wheter agent is locked */
+        /* check whether agent is locked */
         if (locked && type != SSH_AGENTC_UNLOCK) {
                 sshbuf_reset(e->request);
                 switch (type) {
diff --git a/ssh.c b/ssh.c
index d3619fe29..a361500f1 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.475 2018/02/23 15:58:38 markus Exp $ */
+/* $OpenBSD: ssh.c,v 1.476 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1485,7 +1485,7 @@ main(int ac, char **av)
         /* load options.identity_files */
         load_public_identity_files(pw);
 
-        /* optionally set the SSH_AUTHSOCKET_ENV_NAME varibale */
+        /* optionally set the SSH_AUTHSOCKET_ENV_NAME variable */
         if (options.identity_agent &&
             strcmp(options.identity_agent, SSH_AUTHSOCKET_ENV_NAME) != 0) {
                 if (strcmp(options.identity_agent, "none") == 0) {
diff --git a/ssh_api.h b/ssh_api.h
index 642acd5b2..584f896a7 100644
--- a/ssh_api.h
+++ b/ssh_api.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.h,v 1.1 2015/01/19 20:30:23 markus Exp $ */
+/* $OpenBSD: ssh_api.h,v 1.2 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 2012 Markus Friedl.  All rights reserved.
  *
@@ -81,7 +81,7 @@ int	ssh_set_verify_host_key_callback(struct ssh *ssh,
  * ssh_packet_next() sets typep if there is no new packet available.
  * in this case the caller must fill the input byte-stream by passing
  * the data received over network to ssh_input_append().
- * additinally, the caller needs to send the resulting output
+ * additionally, the caller needs to send the resulting output
  * byte-stream back over the network. otherwise the key exchange
  * would not proceed. the output byte-stream is accessed through
  * ssh_output_ptr().
diff --git a/ssh_config.5 b/ssh_config.5
index 1ca0862b8..bcd18a872 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.272 2018/04/07 13:50:10 jmc Exp $
-.Dd $Mdocdate: April 7 2018 $
+.\" $OpenBSD: ssh_config.5,v 1.273 2018/04/10 00:10:49 djm Exp $
+.Dd $Mdocdate: April 10 2018 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1308,7 +1308,7 @@ section.
 .It Cm RemoteForward
 Specifies that a TCP port on the remote machine be forwarded over
 the secure channel.
-The remote port may either be fowarded to a specified host and port
+The remote port may either be forwarded to a specified host and port
 from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
 client to connect to arbitrary destinations from the local machine.
 The first argument must be
diff --git a/sshbuf.h b/sshbuf.h
index 77f1e9e6d..25b4e69aa 100644
--- a/sshbuf.h
+++ b/sshbuf.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: sshbuf.h,v 1.9 2017/09/12 06:32:07 djm Exp $  */
+/*      $OpenBSD: sshbuf.h,v 1.10 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -53,7 +53,7 @@ struct sshbuf {
 #ifndef SSHBUF_NO_DEPREACTED
 /*
  * NB. Please do not use sshbuf_init() in new code. Please use sshbuf_new()
- * instead. sshbuf_init() is deprectated and will go away soon (it is
+ * instead. sshbuf_init() is deprecated and will go away soon (it is
  * only included to allow compat with buffer_* in OpenSSH)
  */
 void sshbuf_init(struct sshbuf *buf);
diff --git a/sshconnect.c b/sshconnect.c
index 3805d35d9..32f9c8b3a 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.297 2018/02/23 15:58:38 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.298 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -277,7 +277,7 @@ ssh_kill_proxy_command(void)
 #ifdef HAVE_IFADDRS_H
 /*
  * Search a interface address list (returned from getifaddrs(3)) for an
- * address that matches the desired address family on the specifed interface.
+ * address that matches the desired address family on the specified interface.
  * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure.
  */
 static int
diff --git a/sshd.c b/sshd.c
index fd95b681b..f0ba35074 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.507 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1336,7 +1336,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
  * return an error if any are found).  Basically we are worried about
  * source routing; it can be used to pretend you are somebody
  * (ip-address) you are not. That itself may be "almost acceptable"
- * under certain circumstances, but rhosts autentication is useless
+ * under certain circumstances, but rhosts authentication is useless
  * if source routing is accepted. Notice also that if we just dropped
  * source routing here, the other side could use IP spoofing to do
  * rest of the interaction and could still bypass security.  So we
diff --git a/sshkey-xmss.c b/sshkey-xmss.c
index 5d66ee790..2c50f75f8 100644
--- a/sshkey-xmss.c
+++ b/sshkey-xmss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $ */
+/* $OpenBSD: sshkey-xmss.c,v 1.2 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 2017 Markus Friedl.  All rights reserved.
  *
@@ -66,7 +66,7 @@ struct ssh_xmss_state {
         treehash_inst   *treehash;
 
         u_int32_t       idx;            /* state read from file */
-        u_int32_t       maxidx;         /* resticted # of signatures */
+        u_int32_t       maxidx;         /* restricted # of signatures */
         int             have_state;     /* .state file exists */
         int             lockfd;         /* locked in sshkey_xmss_get_state() */
         int             allow_update;   /* allow sshkey_xmss_update_state() */
@@ -583,7 +583,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr)
         }
         idx = PEEK_U32(k->xmss_sk);
         if (idx == state->idx) {
-                /* no signature happend, no need to update */
+                /* no signature happened, no need to update */
                 ret = 0;
                 goto done;
         } else if (idx != state->idx + 1) {
diff --git a/umac.c b/umac.c
index eab831072..ccae39f30 100644
--- a/umac.c
+++ b/umac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: umac.c,v 1.16 2017/12/12 15:06:12 naddy Exp $ */
+/* $OpenBSD: umac.c,v 1.17 2018/04/10 00:10:49 djm Exp $ */
 /* -----------------------------------------------------------------------
  *
  * umac.c -- C Implementation UMAC Message Authentication
@@ -65,7 +65,7 @@
 /* #define AES_IMPLEMENTAION   1  1 = OpenSSL, 2 = Barreto, 3 = Gladman   */
 /* #define SSE2                0  Is SSE2 is available?                   */
 /* #define RUN_TESTS           0  Run basic correctness/speed tests       */
-/* #define UMAC_AE_SUPPORT     0  Enable auhthenticated encrytion         */
+/* #define UMAC_AE_SUPPORT     0  Enable authenticated encryption         */
 
 /* ---------------------------------------------------------------------- */
 /* -- Global Includes --------------------------------------------------- */
@@ -295,9 +295,9 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8])
  * Before beginning another hash calculation the nh_reset() routine
  * must be called. The single-buffer routine, nh(), is equivalent to
  * the sequence of calls nh_update() and nh_final(); however it is
- * optimized and should be prefered whenever the multiple-buffer interface
+ * optimized and should be preferred whenever the multiple-buffer interface
  * is not necessary. When using either interface, it is the client's
- * responsability to pass no more than L1_KEY_LEN bytes per hash result.
+ * responsibility to pass no more than L1_KEY_LEN bytes per hash result.
  *
  * The routine nh_init() initializes the nh_ctx data structure and
  * must be called once, before any other PDF routine.
@@ -319,8 +319,8 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8])
 typedef struct {
     UINT8  nh_key [L1_KEY_LEN + L1_KEY_SHIFT * (STREAMS - 1)]; /* NH Key */
     UINT8  data   [HASH_BUF_BYTES];    /* Incoming data buffer           */
-    int next_data_empty;    /* Bookeeping variable for data buffer.       */
-    int bytes_hashed;        /* Bytes (out of L1_KEY_LEN) incorperated.   */
+    int next_data_empty;    /* Bookkeeping variable for data buffer.     */
+    int bytes_hashed;       /* Bytes (out of L1_KEY_LEN) incorporated.   */
     UINT64 state[STREAMS];               /* on-line state     */
 } nh_ctx;
 
@@ -851,7 +851,7 @@ static void poly_hash(uhash_ctx_t hc, UINT32 data_in[])
 
 
 /* The final step in UHASH is an inner-product hash. The poly hash
- * produces a result not neccesarily WORD_LEN bytes long. The inner-
+ * produces a result not necessarily WORD_LEN bytes long. The inner-
  * product hash breaks the polyhash output into 16-bit chunks and
  * multiplies each with a 36 bit key.
  */
diff --git a/xmss_wots.c b/xmss_wots.c
index b4702ed8d..ed904cd75 100644
--- a/xmss_wots.c
+++ b/xmss_wots.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xmss_wots.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */
+/* $OpenBSD: xmss_wots.c,v 1.3 2018/04/10 00:10:49 djm Exp $ */
 /*
 wots.c version 20160722
 Andreas Hülsing
@@ -65,7 +65,7 @@ static void expand_seed(unsigned char *outseeds, const unsigned char *inseed, co
  * Computes the chaining function.
  * out and in have to be n-byte arrays
  *
- * interpretes in as start-th value of the chain
+ * interprets in as start-th value of the chain
  * addr has to contain the address of the chain
  */
 static void gen_chain(unsigned char *out, const unsigned char *in, unsigned int start, unsigned int steps, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])