lots of typos in comments/docs. Patch from Karsten Weiss after checking

with codespell tool (https://github.com/lucasdemarchi/codespell)

22 files changed, 54 insertions, 54 deletions

diff --git a/usr.bin/ssh/PROTOCOL.certkeys b/usr.bin/ssh/PROTOCOL.certkeys
index 64cb18700ee..65f11f5384e 100644
--- a/usr.bin/ssh/PROTOCOL.certkeys
+++ b/usr.bin/ssh/PROTOCOL.certkeys
@@ -174,7 +174,7 @@ certificate. Each represents a time in seconds since 1970-01-01
 
     valid after <= current time < valid before
 
-criticial options is a set of zero or more key options encoded as
+critical options is a set of zero or more key options encoded as
 below. All such options are "critical" in the sense that an implementation
 must refuse to authorise a key that has an unrecognised option.
 
@@ -291,4 +291,4 @@ permit-user-rc          empty         Flag indicating that execution of
                                       of this script will not be permitted if
                                       this option is not present.
 
-$OpenBSD: PROTOCOL.certkeys,v 1.13 2017/11/03 02:32:19 djm Exp $
+$OpenBSD: PROTOCOL.certkeys,v 1.14 2018/04/10 00:10:49 djm Exp $
diff --git a/usr.bin/ssh/PROTOCOL.chacha20poly1305 b/usr.bin/ssh/PROTOCOL.chacha20poly1305
index 4857d38533d..9ce2a1e3a14 100644
--- a/usr.bin/ssh/PROTOCOL.chacha20poly1305
+++ b/usr.bin/ssh/PROTOCOL.chacha20poly1305
@@ -16,7 +16,7 @@ that computes a 128 bit integrity tag given a message and a single-use
 The chacha20-poly1305@openssh.com combines these two primitives into an
 authenticated encryption mode. The construction used is based on that
 proposed for TLS by Adam Langley in [3], but differs in the layout of
-data passed to the MAC and in the addition of encyption of the packet
+data passed to the MAC and in the addition of encryption of the packet
 lengths.
 
 Negotiation
@@ -103,5 +103,5 @@ References
 [3] "ChaCha20 and Poly1305 based Cipher Suites for TLS", Adam Langley
     http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03
 
-$OpenBSD: PROTOCOL.chacha20poly1305,v 1.3 2016/05/03 13:10:24 djm Exp $
+$OpenBSD: PROTOCOL.chacha20poly1305,v 1.4 2018/04/10 00:10:49 djm Exp $
 
diff --git a/usr.bin/ssh/PROTOCOL.krl b/usr.bin/ssh/PROTOCOL.krl
index b9695107bac..f319bad21d3 100644
--- a/usr.bin/ssh/PROTOCOL.krl
+++ b/usr.bin/ssh/PROTOCOL.krl
@@ -145,7 +145,7 @@ This section may appear multiple times.
 5. KRL signature sections
 
 The KRL_SECTION_SIGNATURE section serves a different purpose to the
-preceeding ones: to provide cryptographic authentication of a KRL that
+preceding ones: to provide cryptographic authentication of a KRL that
 is retrieved over a channel that does not provide integrity protection.
 Its format is slightly different to the previously-described sections:
 in order to simplify the signature generation, it includes as a "body"
@@ -166,4 +166,4 @@ Implementations that retrieve KRLs over untrusted channels must verify
 signatures. Signature sections are optional for KRLs distributed by
 trusted means.
 
-$OpenBSD: PROTOCOL.krl,v 1.3 2015/01/30 01:10:33 djm Exp $
+$OpenBSD: PROTOCOL.krl,v 1.4 2018/04/10 00:10:49 djm Exp $
diff --git a/usr.bin/ssh/auth.h b/usr.bin/ssh/auth.h
index 9302f4d611d..db00668331d 100644
--- a/usr.bin/ssh/auth.h
+++ b/usr.bin/ssh/auth.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth.h,v 1.95 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: auth.h,v 1.96 2018/04/10 00:10:49 djm Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -80,7 +80,7 @@ struct Authctxt {
 	struct sshkey	**prev_keys;
 	u_int		 nprev_keys;
 
-	/* Last used key and ancilliary information from active auth method */
+	/* Last used key and ancillary information from active auth method */
 	struct sshkey	*auth_method_key;
 	char		*auth_method_info;
 
diff --git a/usr.bin/ssh/authfd.c b/usr.bin/ssh/authfd.c
index 358c977438b..45fdd78985b 100644
--- a/usr.bin/ssh/authfd.c
+++ b/usr.bin/ssh/authfd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: authfd.c,v 1.108 2018/02/23 15:58:37 markus Exp $ */
+/* $OpenBSD: authfd.c,v 1.109 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -321,7 +321,7 @@ ssh_free_identitylist(struct ssh_identitylist *idl)
  */
 
 
-/* encode signature algoritm in flag bits, so we can keep the msg format */
+/* encode signature algorithm in flag bits, so we can keep the msg format */
 static u_int
 agent_encode_alg(const struct sshkey *key, const char *alg)
 {
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c
index 00d9f1c5579..c410d7193b1 100644
--- a/usr.bin/ssh/channels.c
+++ b/usr.bin/ssh/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.379 2018/02/05 05:36:49 tb Exp $ */
+/* $OpenBSD: channels.c,v 1.380 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2568,7 +2568,7 @@ channel_output_poll(struct ssh *ssh)
  *      SSH_CHANNEL_MUX_PROXY channel and replace the mux clients ID
  *      with the newly allocated channel ID.
  * 2) Upstream messages are received by matching SSH_CHANNEL_MUX_PROXY
- *    channels and procesed by channel_proxy_upstream(). The local channel ID
+ *    channels and processed by channel_proxy_upstream(). The local channel ID
  *    is then translated back to the original mux client ID.
  * 3) In both cases we need to keep track of matching SSH2_MSG_CHANNEL_CLOSE
  *    messages so we can clean up SSH_CHANNEL_MUX_PROXY channels.
@@ -2579,7 +2579,7 @@ channel_output_poll(struct ssh *ssh)
  *    channel. E.g. client_request_forwarded_tcpip() needs to figure
  *    out whether the request is addressed to the local client or a
  *    specific downstream client based on the listen-address/port.
- * 6) Agent and X11-Forwarding have a similar problem and are currenly
+ * 6) Agent and X11-Forwarding have a similar problem and are currently
  *    not supported as the matching session/channel cannot be identified
  *    easily.
  */
@@ -2756,7 +2756,7 @@ channel_proxy_upstream(Channel *c, int type, u_int32_t seq, struct ssh *ssh)
 	/*
 	 * When receiving packets from the peer we need to check whether we
 	 * need to forward the packets to the mux client. In this case we
-	 * restore the orignal channel id and keep track of CLOSE messages,
+	 * restore the original channel id and keep track of CLOSE messages,
 	 * so we can cleanup the channel.
 	 */
 	if (c == NULL || c->type != SSH_CHANNEL_MUX_PROXY)
diff --git a/usr.bin/ssh/clientloop.c b/usr.bin/ssh/clientloop.c
index 586ee827e74..8cde8986138 100644
--- a/usr.bin/ssh/clientloop.c
+++ b/usr.bin/ssh/clientloop.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.311 2018/02/11 21:16:56 dtucker Exp $ */
+/* $OpenBSD: clientloop.c,v 1.312 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -655,7 +655,7 @@ client_status_confirm(struct ssh *ssh, int type, Channel *c, void *ctx)
 	    options.request_tty == REQUEST_TTY_YES))
 		cr->action = CONFIRM_CLOSE;
 
-	/* XXX supress on mux _client_ quietmode */
+	/* XXX suppress on mux _client_ quietmode */
 	tochan = options.log_level >= SYSLOG_LEVEL_ERROR &&
 	    c->ctl_chan != -1 && c->extended_usage == CHAN_EXTENDED_WRITE;
 
diff --git a/usr.bin/ssh/kexdhs.c b/usr.bin/ssh/kexdhs.c
index 20a061bf502..fb174352a6d 100644
--- a/usr.bin/ssh/kexdhs.c
+++ b/usr.bin/ssh/kexdhs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexdhs.c,v 1.26 2018/02/07 02:06:51 jsing Exp $ */
+/* $OpenBSD: kexdhs.c,v 1.27 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -189,7 +189,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
 
 	/* destroy_sensitive_data(); */
 
-	/* send server hostkey, DH pubkey 'f' and singed H */
+	/* send server hostkey, DH pubkey 'f' and signed H */
 	if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 ||
 	    (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
 	    (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||	/* f */
diff --git a/usr.bin/ssh/kexgexs.c b/usr.bin/ssh/kexgexs.c
index 025ce9af4fa..017e543a73d 100644
--- a/usr.bin/ssh/kexgexs.c
+++ b/usr.bin/ssh/kexgexs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: kexgexs.c,v 1.32 2018/02/07 02:06:51 jsing Exp $ */
+/* $OpenBSD: kexgexs.c,v 1.33 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 2000 Niels Provos.  All rights reserved.
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
@@ -219,7 +219,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
 
 	/* destroy_sensitive_data(); */
 
-	/* send server hostkey, DH pubkey 'f' and singed H */
+	/* send server hostkey, DH pubkey 'f' and signed H */
 	if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 ||
 	    (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
 	    (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||     /* f */
diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c
index 08a6d5ad564..e3af4bbf942 100644
--- a/usr.bin/ssh/scp.c
+++ b/usr.bin/ssh/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.195 2018/02/10 06:15:12 djm Exp $ */
+/* $OpenBSD: scp.c,v 1.196 2018/04/10 00:10:49 djm Exp $ */
 /*
  * scp - secure remote copy.  This is basically patched BSD rcp which
  * uses ssh to do the data transfer (instead of using rcmd).
@@ -293,7 +293,7 @@ do_cmd(char *host, char *remuser, int port, char *cmd, int *fdin, int *fdout)
 }
 
 /*
- * This functions executes a command simlar to do_cmd(), but expects the
+ * This function executes a command similar to do_cmd(), but expects the
  * input and output descriptors to be setup by a previous call to do_cmd().
  * This way the input and output of two commands can be connected.
  */
diff --git a/usr.bin/ssh/servconf.c b/usr.bin/ssh/servconf.c
index e1c97c49650..6022db6a7c6 100644
--- a/usr.bin/ssh/servconf.c
+++ b/usr.bin/ssh/servconf.c
@@ -1,5 +1,5 @@
 
-/* $OpenBSD: servconf.c,v 1.327 2018/04/04 15:12:17 job Exp $ */
+/* $OpenBSD: servconf.c,v 1.328 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1888,7 +1888,7 @@ process_server_config_line(ServerOptions *options, char *line,
 	case sAuthenticationMethods:
 		if (options->num_auth_methods == 0) {
 			value = 0; /* seen "any" pseudo-method */
-			value2 = 0; /* sucessfully parsed any method */
+			value2 = 0; /* successfully parsed any method */
 			while ((arg = strdelim(&cp)) && *arg != '\0') {
 				if (strcmp(arg, "any") == 0) {
 					if (options->num_auth_methods > 0) {
@@ -2072,7 +2072,7 @@ int parse_server_match_testspec(struct connection_info *ci, char *spec)
  *
  * If the preauth flag is set, we do not bother copying the string or
  * array values that are not used pre-authentication, because any that we
- * do use must be explictly sent in mm_getpwnamallow().
+ * do use must be explicitly sent in mm_getpwnamallow().
  */
 void
 copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth)
diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c
index f72e321359f..042780cb7d2 100644
--- a/usr.bin/ssh/sftp.c
+++ b/usr.bin/ssh/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.182 2017/11/03 03:46:52 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.183 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -1815,7 +1815,7 @@ complete_cmd_parse(EditLine *el, char *cmd, int lastarg, char quote,
 		return 0;
 	}
 
-	/* Complete ambigious command */
+	/* Complete ambiguous command */
 	tmp = complete_ambiguous(cmd, list, count);
 	if (count > 1)
 		complete_display(list, 0);
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index 55b1827b028..ffcdb8cd427 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-agent.c,v 1.229 2018/04/09 23:54:49 djm Exp $ */
+/* $OpenBSD: ssh-agent.c,v 1.230 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -694,7 +694,7 @@ process_message(u_int socknum)
 
 	debug("%s: socket %u (fd=%d) type %d", __func__, socknum, e->fd, type);
 
-	/* check wheter agent is locked */
+	/* check whether agent is locked */
 	if (locked && type != SSH_AGENTC_UNLOCK) {
 		sshbuf_reset(e->request);
 		switch (type) {
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 4f2ffd03dd1..e06542a2879 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh.c,v 1.475 2018/02/23 15:58:38 markus Exp $ */
+/* $OpenBSD: ssh.c,v 1.476 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1435,7 +1435,7 @@ main(int ac, char **av)
 	/* load options.identity_files */
 	load_public_identity_files(pw);
 
-	/* optionally set the SSH_AUTHSOCKET_ENV_NAME varibale */
+	/* optionally set the SSH_AUTHSOCKET_ENV_NAME variable */
 	if (options.identity_agent &&
 	    strcmp(options.identity_agent, SSH_AUTHSOCKET_ENV_NAME) != 0) {
 		if (strcmp(options.identity_agent, "none") == 0) {
diff --git a/usr.bin/ssh/ssh_api.h b/usr.bin/ssh/ssh_api.h
index a7e14e06ec5..d5ba574802b 100644
--- a/usr.bin/ssh/ssh_api.h
+++ b/usr.bin/ssh/ssh_api.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh_api.h,v 1.1 2015/01/19 20:30:23 markus Exp $ */
+/* $OpenBSD: ssh_api.h,v 1.2 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 2012 Markus Friedl.  All rights reserved.
  *
@@ -80,7 +80,7 @@ int	ssh_set_verify_host_key_callback(struct ssh *ssh,
  * ssh_packet_next() sets typep if there is no new packet available.
  * in this case the caller must fill the input byte-stream by passing
  * the data received over network to ssh_input_append().
- * additinally, the caller needs to send the resulting output
+ * additionally, the caller needs to send the resulting output
  * byte-stream back over the network. otherwise the key exchange
  * would not proceed. the output byte-stream is accessed through
  * ssh_output_ptr().
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index 1ca0862b88e..bcd18a87221 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.272 2018/04/07 13:50:10 jmc Exp $
-.Dd $Mdocdate: April 7 2018 $
+.\" $OpenBSD: ssh_config.5,v 1.273 2018/04/10 00:10:49 djm Exp $
+.Dd $Mdocdate: April 10 2018 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1308,7 +1308,7 @@ section.
 .It Cm RemoteForward
 Specifies that a TCP port on the remote machine be forwarded over
 the secure channel.
-The remote port may either be fowarded to a specified host and port
+The remote port may either be forwarded to a specified host and port
 from the local machine, or may act as a SOCKS 4/5 proxy that allows a remote
 client to connect to arbitrary destinations from the local machine.
 The first argument must be
diff --git a/usr.bin/ssh/sshbuf.h b/usr.bin/ssh/sshbuf.h
index 13fde3f1aa4..f4cc4a6bec0 100644
--- a/usr.bin/ssh/sshbuf.h
+++ b/usr.bin/ssh/sshbuf.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sshbuf.h,v 1.9 2017/09/12 06:32:07 djm Exp $	*/
+/*	$OpenBSD: sshbuf.h,v 1.10 2018/04/10 00:10:49 djm Exp $	*/
 /*
  * Copyright (c) 2011 Damien Miller
  *
@@ -49,7 +49,7 @@ struct sshbuf {
 #ifndef SSHBUF_NO_DEPREACTED
 /*
  * NB. Please do not use sshbuf_init() in new code. Please use sshbuf_new()
- * instead. sshbuf_init() is deprectated and will go away soon (it is
+ * instead. sshbuf_init() is deprecated and will go away soon (it is
  * only included to allow compat with buffer_* in OpenSSH)
  */
 void sshbuf_init(struct sshbuf *buf);
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 29400574863..b9c58907508 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.297 2018/02/23 15:58:38 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.298 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -262,7 +262,7 @@ ssh_kill_proxy_command(void)
 
 /*
  * Search a interface address list (returned from getifaddrs(3)) for an
- * address that matches the desired address family on the specifed interface.
+ * address that matches the desired address family on the specified interface.
  * Returns 0 and fills in *resultp and *rlenp on success. Returns -1 on failure.
  */
 static int
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index a5e2dd17db8..3d658a9b059 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.506 2018/03/03 03:15:51 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.507 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1263,7 +1263,7 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
  * return an error if any are found).  Basically we are worried about
  * source routing; it can be used to pretend you are somebody
  * (ip-address) you are not. That itself may be "almost acceptable"
- * under certain circumstances, but rhosts autentication is useless
+ * under certain circumstances, but rhosts authentication is useless
  * if source routing is accepted. Notice also that if we just dropped
  * source routing here, the other side could use IP spoofing to do
  * rest of the interaction and could still bypass security.  So we
diff --git a/usr.bin/ssh/sshkey-xmss.c b/usr.bin/ssh/sshkey-xmss.c
index 41cc1bade17..b5d40ac6570 100644
--- a/usr.bin/ssh/sshkey-xmss.c
+++ b/usr.bin/ssh/sshkey-xmss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $ */
+/* $OpenBSD: sshkey-xmss.c,v 1.2 2018/04/10 00:10:49 djm Exp $ */
 /*
  * Copyright (c) 2017 Markus Friedl.  All rights reserved.
  *
@@ -60,7 +60,7 @@ struct ssh_xmss_state {
 	treehash_inst	*treehash;
 
 	u_int32_t	idx;		/* state read from file */
-	u_int32_t	maxidx;		/* resticted # of signatures */
+	u_int32_t	maxidx;		/* restricted # of signatures */
 	int		have_state;	/* .state file exists */
 	int		lockfd;		/* locked in sshkey_xmss_get_state() */
 	int		allow_update;	/* allow sshkey_xmss_update_state() */
@@ -577,7 +577,7 @@ sshkey_xmss_update_state(const struct sshkey *k, sshkey_printfn *pr)
 	}
 	idx = PEEK_U32(k->xmss_sk);
 	if (idx == state->idx) {
-		/* no signature happend, no need to update */
+		/* no signature happened, no need to update */
 		ret = 0;
 		goto done;
 	} else if (idx != state->idx + 1) {
diff --git a/usr.bin/ssh/umac.c b/usr.bin/ssh/umac.c
index f69fb291da9..f3cacdbfa3c 100644
--- a/usr.bin/ssh/umac.c
+++ b/usr.bin/ssh/umac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: umac.c,v 1.16 2017/12/12 15:06:12 naddy Exp $ */
+/* $OpenBSD: umac.c,v 1.17 2018/04/10 00:10:49 djm Exp $ */
 /* -----------------------------------------------------------------------
  *
  * umac.c -- C Implementation UMAC Message Authentication
@@ -59,7 +59,7 @@
 /* #define AES_IMPLEMENTAION   1  1 = OpenSSL, 2 = Barreto, 3 = Gladman   */
 /* #define SSE2                0  Is SSE2 is available?                   */
 /* #define RUN_TESTS           0  Run basic correctness/speed tests       */
-/* #define UMAC_AE_SUPPORT     0  Enable auhthenticated encrytion         */
+/* #define UMAC_AE_SUPPORT     0  Enable authenticated encryption         */
 
 /* ---------------------------------------------------------------------- */
 /* -- Global Includes --------------------------------------------------- */
@@ -291,9 +291,9 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8])
  * Before beginning another hash calculation the nh_reset() routine
  * must be called. The single-buffer routine, nh(), is equivalent to
  * the sequence of calls nh_update() and nh_final(); however it is
- * optimized and should be prefered whenever the multiple-buffer interface
+ * optimized and should be preferred whenever the multiple-buffer interface
  * is not necessary. When using either interface, it is the client's
- * responsability to pass no more than L1_KEY_LEN bytes per hash result.
+ * responsibility to pass no more than L1_KEY_LEN bytes per hash result.
  *
  * The routine nh_init() initializes the nh_ctx data structure and
  * must be called once, before any other PDF routine.
@@ -315,8 +315,8 @@ static void pdf_gen_xor(pdf_ctx *pc, const UINT8 nonce[8], UINT8 buf[8])
 typedef struct {
     UINT8  nh_key [L1_KEY_LEN + L1_KEY_SHIFT * (STREAMS - 1)]; /* NH Key */
     UINT8  data   [HASH_BUF_BYTES];    /* Incoming data buffer           */
-    int next_data_empty;    /* Bookeeping variable for data buffer.       */
-    int bytes_hashed;        /* Bytes (out of L1_KEY_LEN) incorperated.   */
+    int next_data_empty;    /* Bookkeeping variable for data buffer.     */
+    int bytes_hashed;       /* Bytes (out of L1_KEY_LEN) incorporated.   */
     UINT64 state[STREAMS];               /* on-line state     */
 } nh_ctx;
 
@@ -847,7 +847,7 @@ static void poly_hash(uhash_ctx_t hc, UINT32 data_in[])
 
 
 /* The final step in UHASH is an inner-product hash. The poly hash
- * produces a result not neccesarily WORD_LEN bytes long. The inner-
+ * produces a result not necessarily WORD_LEN bytes long. The inner-
  * product hash breaks the polyhash output into 16-bit chunks and
  * multiplies each with a 36 bit key.
  */
diff --git a/usr.bin/ssh/xmss_wots.c b/usr.bin/ssh/xmss_wots.c
index 1d6e88c4922..a29453760c5 100644
--- a/usr.bin/ssh/xmss_wots.c
+++ b/usr.bin/ssh/xmss_wots.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: xmss_wots.c,v 1.2 2018/02/26 03:56:44 dtucker Exp $ */
+/* $OpenBSD: xmss_wots.c,v 1.3 2018/04/10 00:10:49 djm Exp $ */
 /*
 wots.c version 20160722
 Andreas Hülsing
@@ -60,7 +60,7 @@ static void expand_seed(unsigned char *outseeds, const unsigned char *inseed, co
  * Computes the chaining function.
  * out and in have to be n-byte arrays
  *
- * interpretes in as start-th value of the chain
+ * interprets in as start-th value of the chain
  * addr has to contain the address of the chain
  */
 static void gen_chain(unsigned char *out, const unsigned char *in, unsigned int start, unsigned int steps, const wots_params *params, const unsigned char *pub_seed, uint32_t addr[8])