Fix typos.

Typos found with codespell.

Please keep in mind that this should have impact on actual code
and must be carefully evaluated:

src/core/or/lttng_circuit.inc
-    ctf_enum_value("CONTROLER", CIRCUIT_PURPOSE_CONTROLLER)
+    ctf_enum_value("CONTROLLER", CIRCUIT_PURPOSE_CONTROLLER)

.gitlab-ci.yml

@@ -96,7 +96,7 @@ variables:
     - if [ "$CHUTNEY" = yes ]; then git clone --depth 1 https://git.torproject.org/chutney.git ;  export CHUTNEY_PATH="$(pwd)/chutney"; fi
     - if [ "$TRACING" = yes ]; then apt install liblttng-ust-dev; fi
 
-# Minmal check on debian: just make, make check.
+# Minimal check on debian: just make, make check.
 #
 debian-minimal:
   image: debian:stable

configure.ac

@@ -1501,7 +1501,7 @@ dnl These cflags add bunches of branches, and we haven't been able to
 dnl persuade ourselves that they're suitable for code that needs to be
 dnl constant time.
 AC_SUBST(CFLAGS_BUGTRAP)
-dnl These cflags are variant ones sutable for code that needs to be
+dnl These cflags are variant ones suitable for code that needs to be
 dnl constant-time.
 AC_SUBST(CFLAGS_CONSTTIME)
 

contrib/or-tools/exitlist

@@ -6,7 +6,7 @@
 
 """
  exitlist -- Given a Tor directory on stdin, lists the Tor servers
- that accept connections to given addreses.
+ that accept connections to given addresses.
 
  example usage:
 

doc/HACKING/GettingStartedRust.md

@@ -124,7 +124,7 @@ the module calls.  Modules which call fewer other modules are better targets.
 
 Strive to change the C API as little as possible.
 
-We are currently targetting Rust stable. (See `CodingStandardsRust.md` for more
+We are currently targeting Rust stable. (See `CodingStandardsRust.md` for more
 details.)
 
 It is on our TODO list to try to cultivate good

doc/HACKING/ReleaseSeriesLifecycle.md

@@ -102,7 +102,7 @@ they do not apply to security-related patch release versions.
 4. Open tickets for connecting the new branches to various other
    places.  See section 2 above for a list of affected locations.
 
-5. Stop running practracker on maintainence and release branches:
+5. Stop running practracker on maintenance and release branches:
    * Remove "check-best-practices" from the check-local Makefile
      target in the maint-x.y.z branch only.
    * Delete the file scripts/maint/practracker/.enable_practracker_in_hooks

doc/HACKING/tracing/README.md

@@ -47,7 +47,7 @@ A trace event in tor has the following standard format:
 tor_trace(subsystem, event_name, args...);
 ```
 
-The `subsystem` parameter is the name of the subsytem the trace event is in.
+The `subsystem` parameter is the name of the subsystem the trace event is in.
 For example that could be "scheduler" or "vote" or "hs". The idea is to add
 some context to the event so when we collect them we know where it's coming
 from.
@@ -135,7 +135,7 @@ This is pretty easy. Let's say you want to add a trace event in
 #include "lib/trace/events.h"
 ```
 
-Then, the `tor_trace()` macro can be used with the specific format detailled
+Then, the `tor_trace()` macro can be used with the specific format detailed
 before in a previous section. As an example:
 
 ```c

doc/TUNING

@@ -13,7 +13,7 @@ opened on your host at the same time.
 FreeBSD
 -------
 
-Tune the followind sysctl(8) variables:
+Tune the following sysctl(8) variables:
  * kern.maxfiles - maximum allowed file descriptors (for entire system)
  * kern.maxfilesperproc - maximum file descriptors one process is allowed
    to use

m4/pc_from_ucontext.m4

@@ -54,7 +54,7 @@ AC_DEFUN([AC_PC_FROM_UCONTEXT],
    else
      AC_CHECK_HEADERS(sys/ucontext.h)       # ucontext on OS X 10.6 (at least)
    fi
-   AC_CHECK_HEADERS(cygwin/signal.h)        # ucontext on cywgin
+   AC_CHECK_HEADERS(cygwin/signal.h)        # ucontext on cygwin
    AC_MSG_CHECKING([how to access the program counter from a struct ucontext])
    pc_fields="           uc_mcontext.gregs[[REG_PC]]"  # Solaris x86 (32 + 64 bit)
    pc_fields="$pc_fields uc_mcontext.gregs[[REG_EIP]]" # Linux (i386)

m4/pkg.m4

@@ -53,7 +53,7 @@ fi[]dnl
 # to PKG_CHECK_MODULES(), but does not set variables or print errors.
 #
 # Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-# only at the first occurence in configure.ac, so if the first place
+# only at the first occurrence in configure.ac, so if the first place
 # it's called might be skipped (such as if it is within an "if", you
 # have to call PKG_CHECK_EXISTS manually
 # --------------------------------------------------------------

scripts/ci/ci-driver.sh

@@ -461,7 +461,7 @@ fi
 if [[ "${STEM}" = "yes" ]]; then
    start_section "Stem"
    if [[ "${TOR_VER_AT_LEAST_044}" = 'yes' ]]; then
-     # XXXX This shold probably be part some test-stem make target.
+     # XXXX This should probably be part of some test-stem make target.
      if runcmd timelimit -p -t 520 -s USR1 -T 30 -S ABRT \
            python3 "${STEM_PATH}/run_tests.py" \
            --tor src/app/tor \

scripts/git/git-setup-dirs.sh

@@ -494,7 +494,7 @@ set_tor_github_pr_fetch_config
 fetch_remote "tor-github"
 
 # GitLab remote
-printf "%s Seting up remote %s\\n" "$MARKER" "${BYEL}tor-gitlab${CNRM}"
+printf "%s Setting up remote %s\\n" "$MARKER" "${BYEL}tor-gitlab${CNRM}"
 add_remote "tor-gitlab" "$GITLAB_PULL"
 set_remote_push "tor-gitlab" "$GITLAB_PUSH"
 # Add custom fetch for MRs

scripts/git/pre-commit.git-hook

@@ -3,7 +3,7 @@
 # To install this script, copy it to .git/hooks/pre-commit in local copy of
 # tor git repo and make sure it has permission to execute.
 #
-# This is pre-commit git hook script that prevents commiting your changeset if
+# This is pre-commit git hook script that prevents committing your changeset if
 # it fails our code formatting, changelog entry formatting, module include
 # rules, etc...
 

scripts/maint/annotate_ifdef_directives.py

@@ -70,7 +70,7 @@ LINE_OBVIOUSNESS_LIMIT = 4
 # Maximum line width.  This includes a terminating newline character.
 #
 # (This is the maximum before encoding, so that if the the operating system
-# uses multiple characers to encode newline, that's still okay.)
+# uses multiple characters to encode newline, that's still okay.)
 LINE_WIDTH=80
 
 class Problem(Exception):

scripts/maint/codetool.py

@@ -11,7 +11,7 @@
 #
 
 """
-   This program uses a set of plugable filters to inspect and transform
+   This program uses a set of pluggable filters to inspect and transform
    our C code.
 """
 

scripts/maint/rename_c_identifier.py

@@ -153,7 +153,7 @@ This is an automated commit, generated by this command:
     if no_verify:
         msg += """
 It was generated with --no-verify, so it probably breaks some commit hooks.
-The commiter should be sure to fix them up in a subsequent commit.
+The committer should be sure to fix them up in a subsequent commit.
 """
 
     return msg

src/app/config/config.c

@@ -1518,7 +1518,7 @@ compute_group_readable_flag(const char *datadir,
      * the datadirectory */
     return datadir_gr;
   } else {
-    /* The directores are different, so we default to "not group-readable" */
+    /* The directories are different, so we default to "not group-readable" */
     return 0;
   }
 }
@@ -5872,9 +5872,9 @@ warn_client_dns_cache(const char *option, int disabling)
     return;
 
   warn_deprecated_option(option,
-      "Client-side DNS cacheing enables a wide variety of route-"
+      "Client-side DNS caching enables a wide variety of route-"
       "capture attacks. If a single bad exit node lies to you about "
-      "an IP address, cacheing that address would make you visit "
+      "an IP address, caching that address would make you visit "
       "an address of the attacker's choice every time you connected "
       "to your destination.");
 }
@@ -7009,7 +7009,7 @@ options_get_dir_fname2_suffix,(const or_options_t *options,
   return fname;
 }
 
-/** Check wether the data directory has a private subdirectory
+/** Check whether the data directory has a private subdirectory
  * <b>subdir</b>. If not, try to create it. Return 0 on success,
  * -1 otherwise. */
 int

src/app/config/or_options_st.h

@@ -1041,7 +1041,7 @@ struct or_options_t {
   /** Maximum allowed burst of circuits. Reaching that value, the address is
    * detected as malicious and a defense might be used. */
   int DoSCircuitCreationBurst;
-  /** When an address is marked as malicous, what defense should be used
+  /** When an address is marked as malicious, what defense should be used
    * against it. See the dos_cc_defense_type_t enum. */
   int DoSCircuitCreationDefenseType;
   /** For how much time (in seconds) the defense is applicable for a malicious

src/app/config/or_state_st.h

@@ -21,7 +21,7 @@ struct config_suite_t;
 struct or_state_t {
   uint32_t magic_;
   /** The time at which we next plan to write the state to the disk.  Equal to
-   * TIME_MAX if there are no savable changes, 0 if there are changes that
+   * TIME_MAX if there are no saveable changes, 0 if there are changes that
    * should be saved right away. */
   time_t next_write;
 

src/app/config/resolve_addr.h

@@ -17,7 +17,7 @@
 /** Method used to resolved an address. In other words, how was the address
  * discovered by tor. */
 typedef enum {
-  /* Default value. Indiate that no method found the address. */
+  /* Default value. Indicate that no method found the address. */
   RESOLVED_ADDR_NONE              = 0,
   /* Found from the "Address" configuration option. */
   RESOLVED_ADDR_CONFIGURED        = 1,

src/config/torrc.minimal.in-staging

@@ -88,7 +88,7 @@
 ## yourself to make this work.
 #ORPort 443 NoListen
 #ORPort 127.0.0.1:9090 NoAdvertise
-## If you want to listen on IPv6 your numeric address must be explictly
+## If you want to listen on IPv6 your numeric address must be explicitly
 ## between square brackets as follows. You must also listen on IPv4.
 #ORPort [2001:DB8::1]:9050
 

src/config/torrc.sample.in

@@ -88,7 +88,7 @@
 ## yourself to make this work.
 #ORPort 443 NoListen
 #ORPort 127.0.0.1:9090 NoAdvertise
-## If you want to listen on IPv6 your numeric address must be explictly
+## If you want to listen on IPv6 your numeric address must be explicitly
 ## between square brackets as follows. You must also listen on IPv4.
 #ORPort [2001:DB8::1]:9050
 

src/core/mainloop/cpuworker.c

@@ -246,7 +246,7 @@ estimated_usec_for_onionskins(uint32_t n_requests, uint16_t onionskin_type)
   if (onionskin_type > MAX_ONION_HANDSHAKE_TYPE) /* should be impossible */
     return 1000 * (uint64_t)n_requests;
   if (PREDICT_UNLIKELY(onionskins_n_processed[onionskin_type] < 100)) {
-    /* Until we have 100 data points, just asssume everything takes 1 msec. */
+    /* Until we have 100 data points, just assume everything takes 1 msec. */
     return 1000 * (uint64_t)n_requests;
   } else {
     /* This can't overflow: we'll never have more than 500000 onionskins

src/core/mainloop/mainloop.c

@@ -1475,7 +1475,7 @@ get_my_roles(const or_options_t *options)
 
   /* We also consider tor to have the role of a client if the ControlPort is
    * set because a lot of things can be done over the control port which
-   * requires tor to have basic functionnalities. */
+   * requires tor to have basic functionalities. */
   int is_client = options_any_client_port_set(options) ||
                   options->ControlPort_set ||
                   options->OwningControllerFD != UINT64_MAX;

src/core/mainloop/netstatus.c

@@ -72,7 +72,7 @@ note_user_activity(time_t now)
 }
 
 /**
- * Change the time at which "user activitiy" was last seen to <b>now</b>.
+ * Change the time at which "user activity" was last seen to <b>now</b>.
  *
  * Unlike note_user_actity, this function sets the time without checking
  * whether it is in the past, and without causing any rescan of periodic events

src/core/mainloop/periodic.c

@@ -90,7 +90,7 @@ periodic_event_dispatch(mainloop_event_t *ev, void *data)
     next_interval = r;
   } else {
     /* no action was taken, it is likely a precondition failed,
-     * we should reschedule for next second incase the precondition
+     * we should reschedule for next second in case the precondition
      * passes then */
     next_interval = 1;
   }

src/core/or/channel.c

@@ -32,7 +32,7 @@
  *
  * NOTE: For now, the separation between channels and specialized channels
  * (like channeltls) is not that well defined. So the channeltls layer calls
- * channel_process_cell() which originally comes from the connection subsytem.
+ * channel_process_cell() which originally comes from the connection subsystem.
  * This should be hopefully be fixed with #23993.
  *
  * For *outbound* cells, the entry point is: channel_write_packed_cell().
@@ -2387,7 +2387,7 @@ channel_is_better(channel_t *a, channel_t *b)
  * Get a channel to extend a circuit.
  *
  * Given the desired relay identity, pick a suitable channel to extend a
- * circuit to the target IPv4 or IPv6 address requsted by the client. Search
+ * circuit to the target IPv4 or IPv6 address requested by the client. Search
  * for an existing channel for the requested endpoint. Make sure the channel
  * is usable for new circuits, and matches one of the target addresses.
  *

src/core/or/circuitbuild.c

@@ -7,7 +7,7 @@
 /**
  * \file circuitbuild.c
  *
- * \brief Implements the details of building circuits (by chosing paths,
+ * \brief Implements the details of building circuits (by choosing paths,
  * constructing/sending create/extend cells, and so on).
  *
  * On the client side, this module handles launching circuits. Circuit

src/core/or/circuitmux.h

@@ -127,7 +127,7 @@ MOCK_DECL(unsigned int, circuitmux_num_cells, (circuitmux_t *cmux));
 unsigned int circuitmux_num_circuits(circuitmux_t *cmux);
 unsigned int circuitmux_num_active_circuits(circuitmux_t *cmux);
 
-/* Debuging interface - slow. */
+/* Debugging interface - slow. */
 int64_t circuitmux_count_queued_destroy_cells(const channel_t *chan,
                                               const circuitmux_t *cmux);
 

src/core/or/circuitpadding.c

@@ -1536,7 +1536,7 @@ circpad_machine_schedule_padding,(circpad_machine_runtime_t *mi))
 /**
  * If the machine transitioned to the END state, we need
  * to check to see if it wants us to shut it down immediately.
- * If it does, then we need to send the appropiate negotiation commands
+ * If it does, then we need to send the appropriate negotiation commands
  * depending on which side it is.
  *
  * After this function is called, mi may point to freed memory. Do
@@ -2076,7 +2076,7 @@ circpad_machine_conditions_keep(origin_circuit_t *circ,
  *
  * The padding code only cares if the circuit is building,
  * opened, used for streams, and/or still has relay early cells.
- * This returns a bitmask of all state properities that apply to
+ * This returns a bitmask of all state properties that apply to
  * this circuit.
  */
 static inline
@@ -2390,7 +2390,7 @@ circpad_deliver_unrecognized_cell_events(circuit_t *circ,
  * Deliver circpad events for "recognized" relay cells.
  *
  * Recognized cells are destined for this hop, either client or middle.
- * Check if this is a padding cell or not, and send the appropiate
+ * Check if this is a padding cell or not, and send the appropriate
  * received event.
  */
 void
@@ -2682,7 +2682,7 @@ circpad_circ_responder_machine_init(void)
      serialize this into the consensus or the torrc */
 
   /* We transition to the burst state on padding receive and on non-padding
-   * recieve */
+   * receive */
   circ_responder_machine->states[CIRCPAD_STATE_START].
       next_state[CIRCPAD_EVENT_PADDING_RECV] = CIRCPAD_STATE_BURST;
   circ_responder_machine->states[CIRCPAD_STATE_START].
@@ -2711,7 +2711,7 @@ circpad_circ_responder_machine_init(void)
   /* During burst state we wait forever for padding to arrive.
 
      We are waiting for a padding cell from the client to come in, so that we
-     respond, and we immitate how extend looks like */
+     respond, and we imitate how extend looks like */
   circ_responder_machine->states[CIRCPAD_STATE_BURST].histogram[0] = 0;
   // Only infinity bin:
   circ_responder_machine->states[CIRCPAD_STATE_BURST].histogram[1] = 1;

src/core/or/circuitpadding_machines.c

@@ -25,7 +25,7 @@
  * Client-side introduction circuit hiding machine:
  *
  *    This machine hides client-side introduction circuits by making their
- *    circuit consruction sequence look like normal general circuits that
+ *    circuit construction sequence look like normal general circuits that
  *    download directory information. Furthermore, the circuits are kept open
  *    until all the padding has been sent, since intro circuits are usually
  *    very short lived and this act as a distinguisher. For more info see

src/core/or/circuituse.c

@@ -1991,7 +1991,7 @@ circuit_purpose_is_hidden_service(uint8_t purpose)
   return 0;
 }
 
-/** Retrun true iff the given circuit is an HS client circuit. */
+/** Return true iff the given circuit is an HS client circuit. */
 bool
 circuit_purpose_is_hs_client(const uint8_t purpose)
 {
@@ -1999,7 +1999,7 @@ circuit_purpose_is_hs_client(const uint8_t purpose)
           purpose <= CIRCUIT_PURPOSE_C_HS_MAX_);
 }
 
-/** Retrun true iff the given circuit is an HS service circuit. */
+/** Return true iff the given circuit is an HS service circuit. */
 bool
 circuit_purpose_is_hs_service(const uint8_t purpose)
 {
@@ -2007,14 +2007,14 @@ circuit_purpose_is_hs_service(const uint8_t purpose)
           purpose <= CIRCUIT_PURPOSE_S_HS_MAX_);
 }
 
-/** Retrun true iff the given circuit is an HS Vanguards circuit. */
+/** Return true iff the given circuit is an HS Vanguards circuit. */
 bool
 circuit_purpose_is_hs_vanguards(const uint8_t purpose)
 {
   return (purpose == CIRCUIT_PURPOSE_HS_VANGUARDS);
 }
 
-/** Retrun true iff the given circuit is an HS v2 circuit. */
+/** Return true iff the given circuit is an HS v2 circuit. */
 bool
 circuit_is_hs_v2(const circuit_t *circ)
 {
@@ -2022,7 +2022,7 @@ circuit_is_hs_v2(const circuit_t *circ)
           (CONST_TO_ORIGIN_CIRCUIT(circ)->rend_data != NULL));
 }
 
-/** Retrun true iff the given circuit is an HS v3 circuit. */
+/** Return true iff the given circuit is an HS v3 circuit. */
 bool
 circuit_is_hs_v3(const circuit_t *circ)
 {

src/core/or/connection_edge.c

@@ -19,7 +19,7 @@
  * TCP application socket that has arrived via (e.g.) a SOCKS request, or an
  * exit connection.
  *
- * Not every instance of edge_connection_t truly represents an edge connction,
+ * Not every instance of edge_connection_t truly represents an edge connection,
  * however. (Sorry!) We also create edge_connection_t objects for streams that
  * we will not be handling with TCP.  The types of these streams are:
  *   <ul>
@@ -578,8 +578,8 @@ connection_edge_end(edge_connection_t *conn, uint8_t reason)
 /**
  * Helper function for bsearch.
  *
- * As per smartlist_bsearch, return < 0 if key preceeds member,
- * > 0 if member preceeds key, and 0 if they are equal.
+ * As per smartlist_bsearch, return < 0 if key precedes member,
+ * > 0 if member precedes key, and 0 if they are equal.
  *
  * This is equivalent to subtraction of the values of key - member
  * (why does no one ever say that explicitly?).
@@ -2066,7 +2066,7 @@ connection_ap_handle_onion(entry_connection_t *conn,
       log_info(LD_GENERAL, "Found %s descriptor in cache for %s. %s.",
                (descriptor_is_usable) ? "usable" : "unusable",
                safe_str_client(onion_address),
-               (descriptor_is_usable) ? "Not fetching." : "Refecting.");
+               (descriptor_is_usable) ? "Not fetching." : "Refetching.");
     } else {
       rend_cache_lookup_result = -ENOENT;
     }
@@ -2655,8 +2655,8 @@ destination_from_socket(entry_connection_t *conn, socks_request_t *req)
       break;
 #endif /* defined(TRANS_NETFILTER_IPV6) */
     default:
-      log_warn(LD_BUG,
-               "Received transparent data from an unsuported socket family %d",
+      log_warn(LD_BUG, "Received transparent data from an unsupported "
+                       "socket family %d",
                ENTRY_TO_CONN(conn)->socket_family);
       return -1;
   }

src/core/or/lttng_circuit.inc

@@ -28,7 +28,7 @@
 /*
  * Circuit Purposes
  *
- * The following defines an enumeration of all possible circuit purpose so
+ * The following defines an enumeration of all possible circuit purposes so
  * they appear in the trace with the define name (first parameter of
  * ctf_enum_value) instead of the numerical value.
  */
@@ -70,7 +70,7 @@ TRACEPOINT_ENUM(tor_circuit, purpose,
 
     /* Misc. */
     ctf_enum_value("TESTING", CIRCUIT_PURPOSE_TESTING)
-    ctf_enum_value("CONTROLER", CIRCUIT_PURPOSE_CONTROLLER)
+    ctf_enum_value("CONTROLLER", CIRCUIT_PURPOSE_CONTROLLER)
     ctf_enum_value("PATH_BIAS_TESTING", CIRCUIT_PURPOSE_PATH_BIAS_TESTING)
 
     /* VanGuard */

src/core/or/onion.h

@@ -50,7 +50,7 @@ typedef struct extend_cell_t {
   tor_addr_port_t orport_ipv4;
   /** An IPv6 address and port for the node we're connecting to. */
   tor_addr_port_t orport_ipv6;
-  /** Identity fingerprint of the node we're conecting to.*/
+  /** Identity fingerprint of the node we're connecting to.*/
   uint8_t node_id[DIGEST_LEN];
   /** Ed25519 public identity key. Zero if not set. */
   struct ed25519_public_key_t ed_pubkey;

src/core/or/or_connection_st.h

@@ -31,7 +31,7 @@ struct or_connection_t {
   /** This is the ClientHash value we expect to receive from the
    *  client during the Extended ORPort authentication protocol. We
    *  compute it upon receiving the ClientNoce from the client, and we
-   *  compare it with the acual ClientHash value sent by the
+   *  compare it with the actual ClientHash value sent by the
    *  client. */
   char *ext_or_auth_correct_client_hash;
   /** String carrying the name of the pluggable transport
@@ -74,7 +74,7 @@ struct or_connection_t {
   unsigned int is_outgoing:1;
   unsigned int proxy_type:3; /**< One of PROXY_NONE...PROXY_HAPROXY */
   unsigned int wide_circ_ids:1;
-  /** True iff a failure on this connection indicates a posssible
+  /** True iff a failure on this connection indicates a possible
    * bootstrapping problem.  We set this as true if we notice that this
    * connection could handle a pending origin circuit, or if we launch it to
    * handle an origin circuit. */

src/core/or/origin_circuit_st.h

@@ -54,7 +54,7 @@ enum path_state_t {
     /** Did any SOCKS streams or hidserv introductions actually succeed on
       * this circuit?
       *
-      * If any streams detatch/fail from this circuit, the code transitions
+      * If any streams detach/fail from this circuit, the code transitions
       * the circuit back to PATH_STATE_USE_ATTEMPTED to ensure we probe. See
       * pathbias_mark_use_rollback() for that.
       */

src/core/or/policies.c

@@ -1849,7 +1849,7 @@ policies_log_first_redundant_entry(const smartlist_t *policy)
     int found_ipv4_wildcard = 0, found_ipv6_wildcard = 0;
     const int i = p_sl_idx;
 
-    /* Look for accept/reject *[4|6|]:* entires */
+    /* Look for accept/reject *[4|6|]:* entries */
     if (p->prt_min <= 1 && p->prt_max == 65535 && p->maskbits == 0) {
       family = tor_addr_family(&p->addr);
       /* accept/reject *:* may have already been expanded into

src/core/or/sendme.c

@@ -678,7 +678,7 @@ sendme_record_received_cell_digest(circuit_t *circ, crypt_path_t *cpath)
     /* Record incoming digest. */
     cpath_sendme_record_cell_digest(cpath, false);
   } else {
-    /* Record foward digest. */
+    /* Record forward digest. */
     relay_crypto_record_sendme_digest(&TO_OR_CIRCUIT(circ)->crypto, true);
   }
 }

src/core/or/server_port_cfg_st.h

@@ -6,7 +6,7 @@
 
 /**
  * @file server_port_cfg_st.h
- * @brief Cnfiguration structure for server ports.
+ * @brief Configuration structure for server ports.
  **/
 
 #ifndef SERVER_PORT_CFG_ST_H

src/core/proto/proto_socks.c

@@ -479,7 +479,7 @@ parse_socks5_userpass_auth(const uint8_t *raw_data, socks_request_t *req,
 /**
  * Validate and respond to SOCKS5 username/password request we
  * parsed in parse_socks5_userpass_auth (corresponding to <b>req</b>.
- * Set <b>req->reply</b> to appropriate responsed. Return
+ * Set <b>req->reply</b> to appropriate response. Return
  * SOCKS_RESULT_DONE on success or SOCKS_RESULT_INVALID on failure.
  */
 static socks_result_t

src/ext/curve25519_donna/README

@@ -6,7 +6,7 @@ If you run `make`, two .a archives will be built, similar to djb's curve25519
 code. Alternatively, read on:
 
 The C implementation is contained within curve25519-donna.c. It has no external
-dependancies and is BSD licenced. You can copy/include/link it directly in with
+dependencies and is BSD licenced. You can copy/include/link it directly in with
 your program. Recommended C flags: -O2
 
 The x86-64 bit implementation is contained within curve25519-donna-x86-64.c and

src/ext/ed25519/donna/README.md

@@ -1,5 +1,5 @@
 [ed25519](http://ed25519.cr.yp.to/) is an 
-[Elliptic Curve Digital Signature Algortithm](http://en.wikipedia.org/wiki/Elliptic_Curve_DSA), 
+[Elliptic Curve Digital Signature Algorithm](http://en.wikipedia.org/wiki/Elliptic_Curve_DSA), 
 developed by [Dan Bernstein](http://cr.yp.to/djb.html), 
 [Niels Duif](http://www.nielsduif.nl/), 
 [Tanja Lange](http://hyperelliptic.org/tanja), 
@@ -56,7 +56,7 @@ No configuration is needed **if you are compiling against OpenSSL**.
 
 ##### Hash Options
 
-If you are not compiling aginst OpenSSL, you will need a hash function.
+If you are not compiling against OpenSSL, you will need a hash function.
 
 To use a simple/**slow** implementation of SHA-512, use `-DED25519_REFHASH` when compiling `ed25519.c`. 
 This should never be used except to verify the code works when OpenSSL is not available.
@@ -73,7 +73,7 @@ custom hash implementation in ed25519-hash-custom.h. The hash must have a 512bit
 
 ##### Random Options
 
-If you are not compiling aginst OpenSSL, you will need a random function for batch verification.
+If you are not compiling against OpenSSL, you will need a random function for batch verification.
 
 To use a custom random function, use `-DED25519_CUSTOMRANDOM` when compiling `ed25519.c` and put your 
 custom hash implementation in ed25519-randombytes-custom.h. The random function must implement:
@@ -170,7 +170,7 @@ signing due to both using the same code for the scalar multiply.
 
 #### Testing
 
-Fuzzing against reference implemenations is now available. See [fuzz/README](fuzz/README.md).
+Fuzzing against reference implementations is now available. See [fuzz/README](fuzz/README.md).
 
 Building `ed25519.c` with `-DED25519_TEST` and linking with `test.c` will run basic sanity tests
 and benchmark each function. `test-batch.c` has been incorporated in to `test.c`.
@@ -180,4 +180,4 @@ with extreme values to ensure they function correctly. SSE2 is now supported.
 
 #### Papers
 
-[Available on the Ed25519 website](http://ed25519.cr.yp.to/papers.html)
+[Available on the Ed25519 website](http://ed25519.cr.yp.to/papers.html)

src/ext/ed25519/donna/fuzz/build-nix.php

@@ -6,7 +6,7 @@
 
 	function usage($reason) {
 		echoln("Usage: php build-nix.php [flags]");
-		echoln("Flags in parantheses are optional");
+		echoln("Flags in parentheses are optional");
 		echoln("");
 		echoln("  --bits=[32,64]");
 		echoln("  --function=[curve25519,ed25519]");

src/ext/ed25519/donna/test-internals.c

@@ -1,4 +1,4 @@
-/* Tor: Removed, file is inclued in ed25519.c instead. */
+/* Tor: Removed, file is included in ed25519.c instead. */
 /* #include <stdio.h> */
 /* #include "ed25519-donna.h" */
 

src/feature/client/addressmap.c

@@ -422,7 +422,7 @@ addressmap_rewrite(char *address, size_t maxlen,
       goto done;
     }
 
-    /* Check wither the flags we were passed tell us not to use this
+    /* Check whether the flags we were passed tell us not to use this
      * mapping. */
     switch (ent->source) {
       case ADDRMAPSRC_DNS:
@@ -515,7 +515,7 @@ addressmap_rewrite_reverse(char *address, size_t maxlen, unsigned flags,
     else if (f == AF_INET6 && !(flags & AMR_FLAG_USE_IPV6_DNS))
       return 0;
     /* FFFF we should reverse-map virtual addresses even if we haven't
-     * enabled DNS cacheing. */
+     * enabled DNS caching. */
   }
 
   tor_asprintf(&s, "REVERSE[%s]", address);

src/feature/client/bridges.c

@@ -934,7 +934,7 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache)
       if (!from_cache) {
         /* This schedules the re-fetch at a constant interval, which produces
          * a pattern of bridge traffic. But it's better than trying all
-         * configured briges several times in the first few minutes. */
+         * configured bridges several times in the first few minutes. */
         download_status_reset(&bridge->fetch_status);
       }
 

src/feature/client/circpathbias.c

@@ -683,7 +683,7 @@ pathbias_mark_use_success(origin_circuit_t *circ)
 }
 
 /**
- * If a stream ever detatches from a circuit in a retriable way,
+ * If a stream ever detaches from a circuit in a retriable way,
  * we need to mark this circuit as still needing either another
  * successful stream, or in need of a probe.
  *

src/feature/client/entrynodes.c

@@ -342,7 +342,7 @@ entry_guard_get_pathbias_state(entry_guard_t *guard)
 
 HANDLE_IMPL(entry_guard, entry_guard_t, ATTR_UNUSED STATIC)
 
-/** Return an interval betweeen 'now' and 'max_backdate' seconds in the past,
+/** Return an interval between 'now' and 'max_backdate' seconds in the past,
  * chosen uniformly at random.  We use this before recording persistent
  * dates, so that we aren't leaking exactly when we recorded it.
  */
@@ -3359,7 +3359,7 @@ get_guard_state_for_bridge_desc_fetch(const char *digest)
   }
 
   /* Update the guard last_tried_to_connect time since it's checked by the
-   * guard susbsystem. */
+   * guard subsystem. */
   guard->last_tried_to_connect = approx_time();
 
   /* Create the guard state */

src/feature/client/transports.c

@@ -16,7 +16,7 @@
  * managed proxies that are still unconfigured.
  *
  * In every run_scheduled_event() tick, we attempt to launch and then
- * configure the unconfiged managed proxies, using the configuration
+ * configure the unconfigured managed proxies, using the configuration
  * protocol defined in the 180_pluggable_transport.txt proposal. A
  * managed proxy might need several ticks to get fully configured.
  *
@@ -71,7 +71,7 @@
  *
  * We then start parsing torrc again.
  *
- * Everytime we encounter a transport line using a managed proxy that
+ * Every time we encounter a transport line using a managed proxy that
  * was around before the config read, we cleanse that proxy from the
  * removal mark.  We also toggle the <b>check_if_restarts_needed</b>
  * flag, so that on the next <b>pt_configure_remaining_proxies</b>

src/feature/control/control.c

@@ -280,7 +280,7 @@ is_valid_initial_command(control_connection_t *conn, const char *cmd)
 #define MAX_COMMAND_LINE_LENGTH (1024*1024)
 
 /** Wrapper around peek_buf_has_control0 command: presents the same
- * interface as that underlying functions, but takes a connection_t intead of
+ * interface as that underlying functions, but takes a connection_t instead of
  * a buf_t.
  */
 static int

src/feature/control/getinfo_geoip.c

@@ -5,7 +5,7 @@
 
 /**
  * @file getinfo_geoip.c
- * @brief GEOIP-related contoller GETINFO commands.
+ * @brief GEOIP-related controller GETINFO commands.
  **/
 
 #include "core/or/or.h"

src/feature/dirauth/dirauth_options.inc

@@ -47,7 +47,7 @@ CONF_VAR(AuthDirTestEd25519LinkKeys, BOOL, 0, "1")
 /**
  * Bool (default 1): As an authority, should we launch tests for
  * reachability, and use those results to vote on "Running"?  If 0,
- * we assume that every relay is Runnning.
+ * we assume that every relay is Running.
  **/
 CONF_VAR(AuthDirTestReachability, BOOL, 0, "1")
 

src/feature/dirauth/keypin.c

@@ -70,7 +70,7 @@
  *
  * We persist these entries to disk using a simple format, where each line
  * has a base64-encoded RSA SHA1 hash, then a base64-endoded Ed25519 key.
- * Empty lines, misformed lines, and lines beginning with # are
+ * Empty lines, malformed lines, and lines beginning with # are
  * ignored. Lines beginning with @ are reserved for future extensions.
  *
  * The dirserv.c module is the main user of these functions.
@@ -507,7 +507,7 @@ keypin_clear(void)
   HT_CLEAR(rsamap,&the_rsa_map);
 
   if (bad_entries) {
-    log_warn(LD_BUG, "Found %d discrepencies in the keypin database.",
+    log_warn(LD_BUG, "Found %d discrepancies in the keypin database.",
              bad_entries);
   }
 }

src/feature/dirauth/shared_random.c

@@ -52,7 +52,7 @@
  *   saves the current state of the protocol on disk so that it can resume
  *   normally in case of reboot. The disk state (sr_disk_state_t) is managed by
  *   shared_random_state.c:state_query() and we go to extra lengths to ensure
- *   that the state is flushed on disk everytime we receive any useful
+ *   that the state is flushed on disk every time we receive any useful
  *   information like commits or SRVs.
  *
  * - When we receive a commit from a vote, we examine it to see if it's useful
@@ -62,7 +62,7 @@
  *   receive the reveal information corresponding to a commitment, we verify
  *   that they indeed match using verify_commit_and_reveal().
  *
- * - We treat consensuses as the ground truth, so everytime we generate a new
+ * - We treat consensuses as the ground truth, so every time we generate a new
  *   consensus we update our SR state accordingly even if our local view was
  *   different (see sr_act_post_consensus()).
  *
@@ -170,7 +170,7 @@ commit_log(const sr_commit_t *commit)
 
 /** Make sure that the commitment and reveal information in <b>commit</b>
  * match. If they match return 0, return -1 otherwise. This function MUST be
- * used everytime we receive a new reveal value. Furthermore, the commit
+ * used every time we receive a new reveal value. Furthermore, the commit
  * object MUST have a reveal value and the hash of the reveal value. */
 STATIC int
 verify_commit_and_reveal(const sr_commit_t *commit)

src/feature/dirauth/shared_random_state.c

@@ -780,7 +780,7 @@ new_protocol_run(time_t valid_after)
     sr_compute_srv();
   }
 
-  /* Prepare for the new protocol run by reseting the state */
+  /* Prepare for the new protocol run by resetting the state */
   reset_state_for_new_protocol_run(valid_after);
 
   /* Do some logging */

src/feature/dirauth/vote_microdesc_hash_st.h

@@ -6,7 +6,7 @@
 
 /**
  * @file vote_microdesc_hash_st.h
- * @brief Microdescriptor-hash voting strcture.
+ * @brief Microdescriptor-hash voting structure.
  **/
 
 #ifndef VOTE_MICRODESC_HASH_ST_H

src/feature/dirauth/voting_schedule.h

@@ -45,7 +45,7 @@ typedef struct {
   /* True iff this voting schedule was set on demand meaning not through the
    * normal vote operation of a dirauth or when a consensus is set. This only
    * applies to a directory authority that needs to recalculate the voting
-   * timings only for the first vote even though this object was initilized
+   * timings only for the first vote even though this object was initialized
    * prior to voting. */
   int created_on_demand;
 

src/feature/dircache/dircache.c

@@ -735,7 +735,7 @@ digest_list_contains_best_consensus(consensus_flavor_t flavor,
 typedef struct {
   /** name of the flavor to retrieve. */
   char *flavor;
-  /** flavor to retrive, as enum. */
+  /** flavor to retrieve, as enum. */
   consensus_flavor_t flav;
   /** plus-separated list of authority fingerprints; see
    * client_likes_consensus(). Aliases the URL in the request passed to

src/feature/dircommon/consdiff.c

@@ -829,7 +829,7 @@ gen_ed_diff(const smartlist_t *cons1_orig, const smartlist_t *cons2,
 }
 
 /* Helper: Read a base-10 number between 0 and INT32_MAX from <b>s</b> and
- * store it in <b>num_out</b>.  Advance <b>s</b> to the characer immediately
+ * store it in <b>num_out</b>.  Advance <b>s</b> to the character immediately
  * after the number.  Return 0 on success, -1 on failure. */
 static int
 get_linenum(const char **s, int *num_out)
@@ -1335,7 +1335,7 @@ consensus_join_lines(const smartlist_t *inp)
 }
 
 /** Given two consensus documents, try to compute a diff between them.  On
- * success, retun a newly allocated string containing that diff.  On failure,
+ * success, return a newly allocated string containing that diff.  On failure,
  * return NULL. */
 char *
 consensus_diff_generate(const char *cons1, size_t cons1len,

src/feature/dirparse/ns_parse.c

@@ -247,7 +247,7 @@ routerstatus_parse_guardfraction(const char *guardfraction_str,
 
   tor_assert(bool_eq(vote, vote_rs));
 
-  /* If this info comes from a consensus, but we should't apply
+  /* If this info comes from a consensus, but we shouldn't apply
      guardfraction, just exit. */
   if (is_consensus && !should_apply_guardfraction(NULL)) {
     return 0;

src/feature/dirparse/routerparse.c

@@ -653,17 +653,18 @@ router_parse_entry_from_string(const char *s, const char *end,
         goto err;
       }
       if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
-        log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
+        log_warn(LD_DIR, "Wrong object type on identity-ed25519 "
+                         "in descriptor");
         goto err;
       }
       if (strcmp(cc_ntor_tok->object_type, "ED25519 CERT")) {
         log_warn(LD_DIR, "Wrong object type on ntor-onion-key-crosscert "
-                 "in decriptor");
+                 "in descriptor");
         goto err;
       }
       if (strcmp(cc_tap_tok->object_type, "CROSSCERT")) {
         log_warn(LD_DIR, "Wrong object type on onion-key-crosscert "
-                 "in decriptor");
+                 "in descriptor");
         goto err;
       }
       if (strcmp(cc_ntor_tok->args[0], "0") &&
@@ -1065,7 +1066,8 @@ extrainfo_parse_entry_from_string(const char *s, const char *end,
         goto err;
       }
       if (strcmp(ed_cert_tok->object_type, "ED25519 CERT")) {
-        log_warn(LD_DIR, "Wrong object type on identity-ed25519 in decriptor");
+        log_warn(LD_DIR, "Wrong object type on identity-ed25519 "
+                         "in descriptor");
         goto err;
       }
 

src/feature/hibernate/hibernate.h

@@ -48,7 +48,7 @@ typedef enum {
   /** We are hibernating, and we won't wake up till there's more bandwidth to
    * use. */
   HIBERNATE_STATE_DORMANT=4,
-  /** We start out in state default, which means we havent decided which state
+  /** We start out in state default, which means we haven't decided which state
    * we're in. */
   HIBERNATE_STATE_INITIAL=5
 } hibernate_state_t;

src/feature/hs/hs_cache.c

@@ -854,7 +854,7 @@ hs_cache_lookup_as_client(const ed25519_public_key_t *key)
  *                                  was not usable but the descriptor was
  *                                  still stored.
  *
- *  Any other codes means indicate where the error occured and the descriptor
+ *  Any other codes means indicate where the error occurred and the descriptor
  *  was not stored. */
 hs_desc_decode_status_t
 hs_cache_store_as_client(const char *desc_str,
@@ -1019,7 +1019,7 @@ hs_cache_client_intro_state_purge(void)
 }
 
 /* This is called when new client authorization was added to the global state.
- * It attemps to decode the descriptor of the given service identity key.
+ * It attempts to decode the descriptor of the given service identity key.
  *
  * Return true if decoding was successful else false. */
 bool

src/feature/hs/hs_cell.c

@@ -56,7 +56,7 @@ compute_introduce_mac(const uint8_t *encoded_cell, size_t encoded_cell_len,
   /* First, put the encoded cell in the msg. */
   memcpy(mac_msg, encoded_cell, encoded_cell_len);
   offset += encoded_cell_len;
-  /* Second, put the CLIENT_PK + ENCRYPTED_DATA but ommit the MAC field (which
+  /* Second, put the CLIENT_PK + ENCRYPTED_DATA but omit the MAC field (which
    * is junk at this point). */
   memcpy(mac_msg + offset, encrypted, (encrypted_len - DIGEST256_LEN));
   offset += (encrypted_len - DIGEST256_LEN);
@@ -293,7 +293,7 @@ introduce1_set_encrypted_link_spec(trn_cell_introduce_encrypted_t *cell,
 }
 
 /** Set padding in the enc_cell only if needed that is the total length of both
- * sections are below the mininum required for an INTRODUCE1 cell. */
+ * sections are below the minimum required for an INTRODUCE1 cell. */
 static void
 introduce1_set_encrypted_padding(const trn_cell_introduce1_t *cell,
                                  trn_cell_introduce_encrypted_t *enc_cell)

src/feature/hs/hs_cell.h

@@ -3,7 +3,7 @@
 
 /**
  * \file hs_cell.h
- * \brief Header file containing cell data for the whole HS subsytem.
+ * \brief Header file containing cell data for the whole HS subsystem.
  **/
 
 #ifndef TOR_HS_CELL_H

src/feature/hs/hs_circuit.c

@@ -817,7 +817,7 @@ hs_circ_service_intro_has_opened(hs_service_t *service,
   tor_assert(desc);
   tor_assert(circ);
 
-  /* Cound opened circuits that have sent ESTABLISH_INTRO cells or are already
+  /* Count opened circuits that have sent ESTABLISH_INTRO cells or are already
    * established introduction circuits */
   num_intro_circ = count_opened_desc_intro_point_circuits(service, desc);
   num_needed_circ = service->config.num_intro_points;

src/feature/hs/hs_circuit.h

@@ -3,7 +3,7 @@
 
 /**
  * \file hs_circuit.h
- * \brief Header file containing circuit data for the whole HS subsytem.
+ * \brief Header file containing circuit data for the whole HS subsystem.
  **/
 
 #ifndef TOR_HS_CIRCUIT_H

src/feature/hs/hs_client.c

@@ -329,7 +329,7 @@ retry_all_socks_conn_waiting_for_desc(void)
        * a descriptor but we do have it in the cache.
        *
        * This can happen is tor comes back from suspend where it previously
-       * had the descriptor but the intro points were not usuable. Once it
+       * had the descriptor but the intro points were not usable. Once it
        * came back to life, the intro point failure cache was cleaned up and
        * thus the descriptor became usable again leaving us in this code path.
        *
@@ -1756,7 +1756,7 @@ remove_client_auth_creds_file(const char *filename)
     goto end;
   }
 
-  log_warn(LD_REND, "Successfuly removed client auth file (%s).",
+  log_warn(LD_REND, "Successfully removed client auth file (%s).",
            creds_file_path);
 
  end:

src/feature/hs/hs_client.h

@@ -3,7 +3,7 @@
 
 /**
  * \file hs_client.h
- * \brief Header file containing client data for the HS subsytem.
+ * \brief Header file containing client data for the HS subsystem.
  **/
 
 #ifndef TOR_HS_CLIENT_H
@@ -35,12 +35,12 @@ typedef enum {
 
 /* Status code of client auth credential registration */
 typedef enum {
-  /* We successfuly registered these credentials */
+  /* We successfully registered these credentials */
   REGISTER_SUCCESS,
   /* We successfully registered these credentials, but had to replace some
    * existing ones. */
   REGISTER_SUCCESS_ALREADY_EXISTS,
-  /* We successfuly registered these credentials, and also decrypted a cached
+  /* We successfully registered these credentials, and also decrypted a cached
    * descriptor. */
   REGISTER_SUCCESS_AND_DECRYPTED,
   /* We failed to register these credentials, because of a bad HS address. */
@@ -51,7 +51,7 @@ typedef enum {
 
 /* Status code of client auth credential removal */
 typedef enum {
-  /* We successfuly removed these credentials */
+  /* We successfully removed these credentials */
   REMOVAL_SUCCESS,
   /* No need to remove those credentials, because they were not there. */
   REMOVAL_SUCCESS_NOT_FOUND,

src/feature/hs/hs_common.c

@@ -1814,7 +1814,7 @@ hs_get_extend_info_from_lspecs(const smartlist_t *lspecs,
 
 /***********************************************************************/
 
-/** Initialize the entire HS subsytem. This is called in tor_init() before any
+/** Initialize the entire HS subsystem. This is called in tor_init() before any
  * torrc options are loaded. Only for >= v3. */
 void
 hs_init(void)

src/feature/hs/hs_common.h

@@ -3,7 +3,7 @@
 
 /**
  * \file hs_common.h
- * \brief Header file containing common data for the whole HS subsytem.
+ * \brief Header file containing common data for the whole HS subsystem.
  **/
 
 #ifndef TOR_HS_COMMON_H

src/feature/hs/hs_config.c

@@ -16,7 +16,7 @@
  * options and then put in a staging list. It will stay there until
  * hs_service_load_all_keys() is called. That function is responsible to
  * load/generate the keys for the service in the staging list and if
- * successful, transfert the service to the main global service list where
+ * successful, transferred the service to the main global service list where
  * at that point it is ready to be used.
  *
  * Configuration functions are per-version and there is a main generic one for
@@ -362,7 +362,7 @@ config_validate_service(const hs_service_config_t *config)
   return -1;
 }
 
-/** Configuration funcion for a version 3 service. The given service
+/** Configuration function for a version 3 service. The given service
  * object must be already allocated and passed through
  * config_generic_service() prior to calling this function.
  *

src/feature/hs/hs_config.h

@@ -3,7 +3,7 @@
 
 /**
  * \file hs_config.h
- * \brief Header file containing configuration ABI/API for the HS subsytem.
+ * \brief Header file containing configuration ABI/API for the HS subsystem.
  **/
 
 #ifndef TOR_HS_CONFIG_H

src/feature/hs/hs_descriptor.c

@@ -186,7 +186,7 @@ build_mac(const uint8_t *mac_key, size_t mac_key_len,
   crypto_digest_free(digest);
 }
 
-/** Using a secret data and a given decriptor object, build the secret
+/** Using a secret data and a given descriptor object, build the secret
  * input needed for the KDF.
  *
  * secret_input = SECRET_DATA | subcredential | INT_8(revision_counter)
@@ -1407,7 +1407,7 @@ build_descriptor_cookie_keys(const hs_subcredential_t *subcredential,
 }
 
 /** Decrypt the descriptor cookie given the descriptor, the auth client,
- * and the client secret key. On sucess, return 0 and a newly allocated
+ * and the client secret key. On success, return 0 and a newly allocated
  * descriptor cookie descriptor_cookie_out. On error or if the client id
  * is invalid, return -1 and descriptor_cookie_out is set to
  * NULL. */
@@ -1433,7 +1433,7 @@ decrypt_descriptor_cookie(const hs_descriptor_t *desc,
   tor_assert(!fast_mem_is_zero((char *) desc->subcredential.subcred,
                                DIGEST256_LEN));
 
-  /* Catch potential code-flow cases of an unitialized private key sneaking
+  /* Catch potential code-flow cases of an uninitialized private key sneaking
    * into this function. */
   if (BUG(fast_mem_is_zero((char *)client_auth_sk, sizeof(*client_auth_sk)))) {
     goto done;
@@ -1448,7 +1448,7 @@ decrypt_descriptor_cookie(const hs_descriptor_t *desc,
   tor_assert(keystream_length > 0);
 
   /* If the client id of auth client is not the same as the calculcated
-   * client id, it means that this auth client is invaild according to the
+   * client id, it means that this auth client is invalid according to the
    * client secret key client_auth_sk. */
   if (tor_memneq(client->client_id, keystream, HS_DESC_CLIENT_ID_LEN)) {
     goto done;
@@ -1481,7 +1481,7 @@ decrypt_descriptor_cookie(const hs_descriptor_t *desc,
  *  the descriptor object <b>desc</b> and <b>descriptor_cookie</b>
  *  to generate the right decryption keys; set <b>decrypted_out</b> to
  *  the plaintext. If <b>is_superencrypted_layer</b> is set, this is
- *  the outter encrypted layer of the descriptor.
+ *  the outer encrypted layer of the descriptor.
  *
  * On any error case, including an empty output, return 0 and set
  * *<b>decrypted_out</b> to NULL.
@@ -2003,7 +2003,7 @@ desc_sig_is_valid(const char *b64_sig,
   /* Signature length check. */
   if (strlen(b64_sig) != ED25519_SIG_BASE64_LEN) {
     log_warn(LD_REND, "Service descriptor has an invalid signature length."
-                      "Exptected %d but got %lu",
+                      "Expected %d but got %lu",
              ED25519_SIG_BASE64_LEN, (unsigned long) strlen(b64_sig));
     goto err;
   }

src/feature/hs/hs_ident.c

@@ -4,7 +4,7 @@
 /**
  * \file hs_ident.c
  * \brief Contains circuit and connection identifier code for the whole HS
- *        subsytem.
+ *        subsystem.
  **/
 
 #include "lib/crypt_ops/crypto_util.h"

src/feature/hs/hs_ident.h

@@ -4,7 +4,7 @@
 /**
  * \file hs_ident.h
  * \brief Header file containing circuit and connection identifier data for
- *        the whole HS subsytem.
+ *        the whole HS subsystem.
  *
  * \details
  * This interface is used to uniquely identify a hidden service on a circuit

src/feature/hs/hs_ob.c

@@ -120,7 +120,7 @@ get_onion_public_key(const char *value, ed25519_public_key_t *pkey_out)
   }
 
   /* We don't want the .onion so we add 2 because size - 1 is copied with
-   * strlcpy() in order to accomodate the NUL byte and sizeof() counts the NUL
+   * strlcpy() in order to accommodate the NUL byte and sizeof() counts the NUL
    * byte so we need to remove them from the equation. */
   strlcpy(address, value, strlen(value) - sizeof(".onion") + 2);
 
@@ -264,10 +264,10 @@ hs_ob_parse_config_file(hs_service_config_t *config)
 
 /** Compute all possible subcredentials for every onion master key in the given
  * service config object. subcredentials_out is allocated and set as an
- * continous array containing all possible values.
+ * continuous array containing all possible values.
  *
  * On success, return the number of subcredential put in the array which will
- * correspond to an arry of size: n * DIGEST256_LEN where DIGEST256_LEN is the
+ * correspond to an array of size: n * DIGEST256_LEN where DIGEST256_LEN is the
  * length of a single subcredential.
  *
  * If the given configuration object has no OB master keys configured, 0 is
@@ -300,7 +300,7 @@ compute_subcredentials(const hs_service_t *service,
   /* Time to build all the subcredentials for each time period: two for each
    * instance descriptor plus three for the onionbalance frontend service: the
    * previous one (-1), the current one (0) and the next one (1) for each
-   * configured key in order to accomodate client and service consensus skew.
+   * configured key in order to accommodate client and service consensus skew.
    *
    * If the client consensus after_time is at 23:00 but the service one is at
    * 01:00, the client will be using the previous time period where the
@@ -356,9 +356,10 @@ compute_subcredentials(const hs_service_t *service,
  *  If we are not an Onionbalance instance or we are not ready to do so, this
  *  is a NOP.
  *
- *  This function is called everytime we build a new descriptor. That's because
- *  we want our Onionbalance keys to always use up-to-date subcredentials both
- *  for the instance (ourselves) and for the onionbalance frontend.
+ *  This function is called every time we build a new descriptor. That's
+ *  because we want our Onionbalance keys to always use up-to-date
+ *  subcredentials both for the instance (ourselves) and for the onionbalance
+ *  frontend.
  */
 void
 hs_ob_refresh_keys(hs_service_t *service)

src/feature/hs/hs_service.c

@@ -546,7 +546,7 @@ service_intro_point_remove(const hs_service_t *service,
   /* Trying all descriptors. */
   FOR_EACH_DESCRIPTOR_BEGIN(service, desc) {
     /* We'll try to remove the descriptor on both descriptors which is not
-     * very expensive to do instead of doing loopup + remove. */
+     * very expensive to do instead of doing lookup + remove. */
     digest256map_remove(desc->intro_points.map,
                         ip->auth_key_kp.pubkey.pubkey);
   } FOR_EACH_DESCRIPTOR_END;
@@ -567,7 +567,7 @@ service_intro_point_find(const hs_service_t *service,
    *
    * Even if we use the same node as intro point in both descriptors, the node
    * will have a different intro auth key for each descriptor since we generate
-   * a new one everytime we pick an intro point.
+   * a new one every time we pick an intro point.
    *
    * After #22893 gets implemented, intro points will be moved to be
    * per-service instead of per-descriptor so this function will need to
@@ -784,7 +784,7 @@ close_service_rp_circuits(hs_service_t *service)
         ed25519_pubkey_eq(&ocirc->hs_ident->identity_pk,
                           &service->keys.identity_pk)) {
       /* Reason is FINISHED because service has been removed and thus the
-       * circuit is considered old/uneeded. When freed, it is removed from the
+       * circuit is considered old/unneeded. When freed, it is removed from the
        * hs circuitmap. */
       circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
     }
@@ -802,7 +802,7 @@ close_intro_circuits(hs_service_intropoints_t *intro_points)
     origin_circuit_t *ocirc = hs_circ_service_get_intro_circ(ip);
     if (ocirc) {
       /* Reason is FINISHED because service has been removed and thus the
-       * circuit is considered old/uneeded. When freed, the circuit is removed
+       * circuit is considered old/unneeded. When freed, the circuit is removed
        * from the HS circuitmap. */
       circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
     }
@@ -1086,7 +1086,7 @@ load_service_keys(hs_service_t *service)
     goto end;
   }
 
-  /* Succes. */
+  /* Success. */
   ret = 0;
  end:
   tor_free(fname);
@@ -2194,7 +2194,7 @@ pick_needed_intro_points(hs_service_t *service,
   }
 
   /* Build an exclude list of nodes of our intro point(s). The expiring intro
-   * points are OK to pick again because this is afterall a concept of round
+   * points are OK to pick again because this is after all a concept of round
    * robin so they are considered valid nodes to pick again. */
   DIGEST256MAP_FOREACH(desc->intro_points.map, key,
                        hs_service_intro_point_t *, ip) {
@@ -2378,7 +2378,7 @@ should_remove_intro_point(hs_service_intro_point_t *ip, time_t now)
 
   tor_assert(ip);
 
-  /* Any one of the following needs to be True to furfill the criteria to
+  /* Any one of the following needs to be True to fulfill the criteria to
    * remove an intro point. */
   bool has_no_retries = (ip->circuit_retries >
                          MAX_INTRO_POINT_CIRCUIT_RETRIES);
@@ -2997,7 +2997,7 @@ upload_descriptor_to_all(const hs_service_t *service,
   /* Get our list of responsible HSDir. */
   responsible_dirs = smartlist_new();
   /* The parameter 0 means that we aren't a client so tell the function to use
-   * the spread store consensus paremeter. */
+   * the spread store consensus parameter. */
   hs_get_responsible_hsdirs(&desc->blinded_kp.pubkey, desc->time_period_num,
                             service->desc_next == desc, 0, responsible_dirs);
 
@@ -3231,7 +3231,7 @@ refresh_service_descriptor(const hs_service_t *service,
                            hs_service_descriptor_t *desc, time_t now)
 {
   /* There are few fields that we consider "mutable" in the descriptor meaning
-   * we need to update them regurlarly over the lifetime fo the descriptor.
+   * we need to update them regularly over the lifetime for the descriptor.
    * The rest are set once and should not be modified.
    *
    *  - Signing key certificate.
@@ -3529,7 +3529,7 @@ service_add_fnames_to_list(const hs_service_t *service, smartlist_t *list)
   s_dir = service->config.directory_path;
   /* The hostname file. */
   smartlist_add(list, hs_path_from_filename(s_dir, fname_hostname));
-  /* The key files splitted in two. */
+  /* The key files split in two. */
   tor_snprintf(fname, sizeof(fname), "%s_secret_key", fname_keyfile_prefix);
   smartlist_add(list, hs_path_from_filename(s_dir, fname));
   tor_snprintf(fname, sizeof(fname), "%s_public_key", fname_keyfile_prefix);
@@ -3617,7 +3617,7 @@ hs_service_circuit_cleanup_on_close(const circuit_t *circ)
   }
 }
 
-/** This is called everytime the service map (v2 or v3) changes that is if an
+/** This is called every time the service map (v2 or v3) changes that is if an
  * element is added or removed. */
 void
 hs_service_map_has_changed(void)
@@ -3907,7 +3907,7 @@ hs_service_set_conn_addr_port(const origin_circuit_t *circ,
     goto err_no_close;
   }
 
-  /* Find a virtual port of that service mathcing the one in the connection if
+  /* Find a virtual port of that service matching the one in the connection if
    * successful, set the address in the connection. */
   if (hs_set_conn_addr_port(service->config.ports, conn) < 0) {
     log_info(LD_REND, "No virtual port mapping exists for port %d for "
@@ -4240,7 +4240,7 @@ hs_service_find(const ed25519_public_key_t *identity_pk)
   return find_service(hs_service_map, identity_pk);
 }
 
-/** Allocate and initilize a service object. The service configuration will
+/** Allocate and initialize a service object. The service configuration will
  * contain the default values. Return the newly allocated object pointer. This
  * function can't fail. */
 hs_service_t *

src/feature/hs/hs_service.h

@@ -3,7 +3,7 @@
 
 /**
  * \file hs_service.h
- * \brief Header file containing service data for the HS subsytem.
+ * \brief Header file containing service data for the HS subsystem.
  **/
 
 #ifndef TOR_HS_SERVICE_H
@@ -121,9 +121,9 @@ typedef struct hs_service_intropoints_t {
  *
  * Mutable elements are initialized when we build the descriptor but they are
  * also altered during the lifetime of the descriptor. They could be
- * _refreshed_ everytime we upload the descriptor (which happens multiple times
- * over the lifetime of the descriptor), or through periodic events. We do this
- * for elements like the descriptor revision counter and various
+ * _refreshed_ every time we upload the descriptor (which happens multiple
+ * times over the lifetime of the descriptor), or through periodic events. We
+ * do this for elements like the descriptor revision counter and various
  * certificates. See refresh_service_descriptor() and
  * update_service_descriptor_intro_points().
  */
@@ -299,7 +299,7 @@ typedef struct hs_service_state_t {
 /** Representation of a service running on this tor instance. */
 typedef struct hs_service_t {
   /** Onion address base32 encoded and NUL terminated. We keep it for logging
-   * purposes so we don't have to build it everytime. */
+   * purposes so we don't have to build it every time. */
   char onion_address[HS_SERVICE_ADDR_LEN_BASE32 + 1];
 
   /** Hashtable node: use to look up the service by its master public identity

src/feature/keymgt/loadkey.c

@@ -638,7 +638,7 @@ ed_key_init_from_file(const char *fname, uint32_t flags,
     bad_cert = 1;
   } else if (signing_key && cert->signing_key_included &&
              ! ed25519_pubkey_eq(&signing_key->pubkey, &cert->signing_key)) {
-    tor_log(severity, LD_OR, "Certificate signed by unexpectd key!");
+    tor_log(severity, LD_OR, "Certificate signed by unexpected key!");
     bad_cert = 1;
   }
 

src/feature/nodelist/dirlist.c

@@ -66,7 +66,7 @@ add_trusted_dir_to_nodelist_addr_set(const dir_server_t *dir)
 }
 
 /** Go over the trusted directory server list and add their address(es) to the
- * nodelist address set. This is called everytime a new consensus is set. */
+ * nodelist address set. This is called every time a new consensus is set. */
 MOCK_IMPL(void,
 dirlist_add_trusted_dir_addresses, (void))
 {

src/feature/nodelist/nodelist.c

@@ -127,7 +127,7 @@ typedef struct nodelist_t {
    *
    * Whenever a node's routerinfo or microdescriptor is about to change,
    * you should remove it from this map with node_remove_from_ed25519_map().
-   * Whenever a node's routerinfo or microdescriptor has just chaned,
+   * Whenever a node's routerinfo or microdescriptor has just changed,
    * you should add it to this map with node_add_to_ed25519_map().
    */
   HT_HEAD(nodelist_ed_map, node_t) nodes_by_ed_id;
@@ -1200,7 +1200,7 @@ node_supports_v3_rendezvous_point(const node_t *node)
 }
 
 /** Return true iff <b>node</b> supports the DoS ESTABLISH_INTRO cell
- * extenstion. */
+ * extension. */
 bool
 node_supports_establish_intro_dos_extension(const node_t *node)
 {

src/feature/nodelist/routerlist.c

@@ -531,7 +531,7 @@ routers_have_same_or_addrs(const routerinfo_t *r1, const routerinfo_t *r2)
  * Nodes that don't have a routerinfo must be general-purpose nodes, because
  * routerstatuses and microdescriptors only come via consensuses.
  *
- * The <b>flags</b> chech that <b>node</b>:
+ * The <b>flags</b> check that <b>node</b>:
  *  - <b>CRN_NEED_UPTIME</b>: has more than a minimum uptime;
  *  - <b>CRN_NEED_CAPACITY</b>: has more than a minimum capacity;
  *  - <b>CRN_NEED_GUARD</b>: is a Guard;

src/feature/relay/dns.c

@@ -1691,7 +1691,7 @@ launch_one_resolve(const char *address, uint8_t query_type,
       log_warn(LD_BUG, "Called with PTR query and unexpected address family");
     break;
   default:
-    log_warn(LD_BUG, "Called with unexpectd query type %d", (int)query_type);
+    log_warn(LD_BUG, "Called with unexpected query type %d", (int)query_type);
     break;
   }
 

src/feature/relay/ext_orport.c

@@ -391,7 +391,7 @@ connection_ext_or_auth_handle_client_hash(connection_t *conn)
 }
 
 /** Handle data from <b>or_conn</b> received on Extended ORPort.
- *  Return -1 on error. 0 on unsufficient data. 1 on correct. */
+ *  Return -1 on error. 0 on insufficient data. 1 on correct. */
 static int
 connection_ext_or_auth_process_inbuf(or_connection_t *or_conn)
 {

src/feature/relay/relay_periodic.c

@@ -6,7 +6,7 @@
 
 /**
  * @file relay_periodic.c
- * @brief Periodic functions for the relay subsytem
+ * @brief Periodic functions for the relay subsystem
  **/
 
 #include "orconfig.h"

src/feature/relay/selftest.c

@@ -174,7 +174,7 @@ router_should_check_reachability(int test_or, int test_dir)
 #define SELF_EXCLUDED_WARN_INTERVAL 3600
       static ratelim_t warning_limit=RATELIM_INIT(SELF_EXCLUDED_WARN_INTERVAL);
       log_fn_ratelim(&warning_limit, LOG_WARN, LD_CIRC,
-                 "Can't peform self-tests for this relay: we have "
+                 "Can't perform self-tests for this relay: we have "
                  "listed ourself in ExcludeNodes, and StrictNodes is set. "
                  "We cannot learn whether we are usable, and will not "
                  "be able to advertise ourself.");

src/feature/rend/rendcache.c

@@ -37,7 +37,7 @@ STATIC digestmap_t *rend_cache_v2_dir = NULL;
  * or discard a new descriptor we just fetched. Here is a description of the
  * cache behavior.
  *
- * Everytime tor discards an IP (ex: receives a NACK), we add an entry to
+ * Every time tor discards an IP (ex: receives a NACK), we add an entry to
  * this cache noting the identity digest of the IP and it's failure type for
  * the service ID. The reason we indexed this cache by service ID is to
  * differentiate errors that can occur only for a specific service like a
@@ -257,7 +257,7 @@ rend_cache_free_all(void)
 /** Remove all entries that re REND_CACHE_FAILURE_MAX_AGE old. This is
  * called every second.
  *
- * We have to clean these regurlarly else if for whatever reasons an hidden
+ * We have to clean these regularly else if for whatever reasons an hidden
  * service goes offline and a client tries to connect to it during that
  * time, a failure entry is created and the client will be unable to connect
  * for a while even though the service has return online.  */

src/feature/rend/rendservice.c

@@ -671,7 +671,7 @@ rend_service_prune_list_impl_(void)
                                         ocirc->build_state->chosen_exit)),
              safe_str_client(rend_data_get_address(ocirc->rend_data)));
     /* Reason is FINISHED because service has been removed and thus the
-     * circuit is considered old/uneeded. */
+     * circuit is considered old/unneeded. */
     circuit_mark_for_close(TO_CIRCUIT(ocirc), END_CIRC_REASON_FINISHED);
   }
   smartlist_free(surviving_services);
@@ -4138,7 +4138,7 @@ rend_consider_services_intro_points(time_t now)
      * list of the service. */
     unsigned int n_intro_points_to_open;
     /* Have an unsigned len so we can use it to compare values else gcc is
-     * not happy with unmatching signed comparaison. */
+     * not happy with unmatching signed comparison. */
     unsigned int intro_nodes_len;
     /* Different service are allowed to have the same introduction point as
      * long as they are on different circuit thus why we clear this list. */
@@ -4184,7 +4184,7 @@ rend_consider_services_intro_points(time_t now)
       intro->circuit_retries++;
     } SMARTLIST_FOREACH_END(intro);
 
-    /* Avoid mismatched signed comparaison below. */
+    /* Avoid mismatched signed comparison below. */
     intro_nodes_len = (unsigned int) smartlist_len(service->intro_nodes);
 
     /* Quiescent state, we have more or the equal amount of wanted node for
@@ -4274,7 +4274,7 @@ rend_consider_services_intro_points(time_t now)
         log_warn(LD_REND, "Error launching circuit to node %s for service %s.",
                  safe_str_client(extend_info_describe(intro->extend_info)),
                  safe_str_client(service->service_id));
-        /* This funcion will be called again by the main loop so this intro
+        /* This function will be called again by the main loop so this intro
          * point without a intro circuit will be retried on or removed after
          * a maximum number of attempts. */
       }

src/feature/stats/geoip_stats.c

@@ -774,7 +774,7 @@ geoip_get_dirreq_history(dirreq_type_t type)
  *
  * Store a newly allocated comma-separated string in <a>ipver_str</a>
  * containing entries for clients connecting over IPv4 and IPv6. The
- * format is family=num where num is the nubmer of IPs we've seen
+ * format is family=num where num is the number of IPs we've seen
  * connecting over that protocol family, and family is 'v4' or 'v6'.
  *
  * Return 0 on success and -1 if we're missing geoip data. */

src/feature/stats/rephist.c

@@ -1829,7 +1829,7 @@ rep_hist_stored_maybe_new_hs(const crypto_pk_t *pubkey)
 
 /* The number of cells that are supposed to be hidden from the adversary
  * by adding noise from the Laplace distribution.  This value, divided by
- * EPSILON, is Laplace parameter b. It must be greather than 0. */
+ * EPSILON, is Laplace parameter b. It must be greater than 0. */
 #define REND_CELLS_DELTA_F 2048
 /* Security parameter for obfuscating number of cells with a value between
  * ]0.0, 1.0]. Smaller values obfuscate observations more, but at the same

src/lib/buf/buffers.c

@@ -14,7 +14,7 @@
  *
  * All socket-backed and TLS-based connection_t objects have a pair of
  * buffers: one for incoming data, and one for outcoming data.  These are fed
- * and drained from functions in connection.c, trigged by events that are
+ * and drained from functions in connection.c, triggered by events that are
  * monitored in main.c.
  *
  * This module only handles the buffer implementation itself. To use a buffer

src/lib/conf/conftypes.h

@@ -273,7 +273,7 @@ typedef struct config_deprecation_t {
 #endif /* !defined(COCCI) */
 
 /**
- * Validation function: verify whether a configuation object is well-formed
+ * Validation function: verify whether a configuration object is well-formed
  * and consistent.
  *
  * On success, return 0.  On failure, set <b>msg_out</b> to a newly allocated

src/lib/confmgt/typedvar.c

@@ -156,7 +156,7 @@ typed_var_copy(void *dest, const void *src, const var_type_def_t *def)
   if (BUG(!def))
     return -1; // LCOV_EXCL_LINE
   if (def->fns->copy) {
-    // If we have been provided a copy fuction, use it.
+    // If we have been provided a copy function, use it.
     return def->fns->copy(dest, src, def);
   }
 

src/lib/container/namemap.c

@@ -82,7 +82,7 @@ namemap_fmt_name(const namemap_t *map, unsigned id)
 
 /**
  * Helper: As namemap_get_id(), but requires that <b>name</b> is
- * <b>namelen</b> charaters long, and that <b>namelen</b> is no more than
+ * <b>namelen</b> characters long, and that <b>namelen</b> is no more than
  * MAX_NAMEMAP_NAME_LEN.
  */
 static unsigned

src/lib/crypt_ops/crypto_dh_openssl.c

@@ -163,7 +163,7 @@ crypto_dh_init_openssl(void)
 
 /** Number of bits to use when choosing the x or y value in a Diffie-Hellman
  * handshake.  Since we exponentiate by this value, choosing a smaller one
- * lets our handhake go faster.
+ * lets our handshake go faster.
  */
 #define DH_PRIVATE_KEY_BITS 320
 

src/lib/crypt_ops/crypto_openssl_mgt.h

@@ -57,7 +57,7 @@
 #if OPENSSL_VERSION_NUMBER >= OPENSSL_VER(1,1,0,0,5) && \
   !defined(LIBRESSL_VERSION_NUMBER)
 /* OpenSSL as of 1.1.0pre4 has an "new" thread API, which doesn't require
- * seting up various callbacks.
+ * setting up various callbacks.
  *
  * OpenSSL 1.1.0pre4 has a messed up `ERR_remove_thread_state()` prototype,
  * while the previous one was restored in pre5, and the function made a no-op

src/lib/dispatch/dispatch.h

@@ -37,7 +37,7 @@
  * configure messages with their types, channels, and receivers.  Then, use
  * dispatch_new() with that dispatch_cfg_t to create the dispatch_t object.
  *
- * (We use a two-phase contruction procedure here to enable better static
+ * (We use a two-phase construction procedure here to enable better static
  * reasoning about publish/subscribe relationships.)
  *
  * Once you have a dispatch_t, you can queue messages on it with

src/lib/encoding/binascii.c

@@ -275,7 +275,7 @@ base64_encode(char *dest, size_t destlen, const char *src, size_t srclen,
   }
   switch (n_idx) {
   case 0:
-    /* 0 leftover bits, no pading to add. */
+    /* 0 leftover bits, no padding to add. */
     break;
   case 1:
     /* 8 leftover bits, pad to 12 bits, write the 2 6-bit values followed

src/lib/fs/path.c

@@ -180,7 +180,7 @@ clean_fname_for_stat(char *name)
 /** Modify <b>fname</b> to contain the name of its parent directory.  Doesn't
  * actually examine the filesystem; does a purely syntactic modification.
  *
- * The parent of the root director is considered to be iteself.
+ * The parent of the root director is considered to be itself.
  *
  * Path separators are the forward slash (/) everywhere and additionally
  * the backslash (\) on Win32.
@@ -319,7 +319,7 @@ make_path_absolute(const char *fname)
  * picture explanation here should be read first.
  *
  * Purpose of the functions:
- * - tor_glob - recevies a pattern and returns all the paths that result from
+ * - tor_glob - receives a pattern and returns all the paths that result from
  *   its glob expansion, globs can be present on all path components.
  * - get_glob_opened_files - receives a pattern and returns all the paths that
  *   are opened during its expansion (the paths before any path fragment that
@@ -328,10 +328,10 @@ make_path_absolute(const char *fname)
  *   allowed list.
  *
  * Due to OS API differences explained below, the implementation of tor_glob is
- * completly different for Windows and POSIX systems, so we ended up with three
- * different implementations:
+ * completely different for Windows and POSIX systems, so we ended up with
+ * three different implementations:
  * - tor_glob for POSIX - as POSIX glob does everything we need, we simply call
- *   it and process the results. This is completly implemented in tor_glob.
+ *   it and process the results. This is completely implemented in tor_glob.
  * - tor_glob for WIN32 - because the WIN32 API only supports expanding globs
  *   in the last path fragment, we need to expand the globs in each path
  *   fragment manually and call recursively to get the same behaviour as POSIX