Redo of PR#5345. Fixed spelling and typographical errors found by Cod…

…eSpell.

Signed-off-by: Shaun Case <[email protected]>
Signed-off-by: Dave Rodgman <[email protected]>

3rdparty/everest/README.md

@@ -2,4 +2,4 @@ The files in this directory stem from [Project Everest](https://project-everest.
 
 This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS.
 
-The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).
+The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explicitly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later).

CMakeLists.txt

@@ -6,7 +6,7 @@
 #     command but rather at the target level using the
 #     target_include_directories command. That way, it is easier to guarantee
 #     that targets are built using the proper list of include directories.
-#   + Use the PUBLIC and PRIVATE keywords to specifiy the scope of include
+#   + Use the PUBLIC and PRIVATE keywords to specify the scope of include
 #     directories. That way, a target linking to a library (using the
 #     target_link_librairies command) inherits from the library PUBLIC include
 #     directories and not from the PRIVATE ones.

ChangeLog

@@ -709,7 +709,7 @@ Security
      applications calling mbedtls_mpi_sub_abs() directly are affected:
      all calls inside the library were safe since this function is
      only called with |A| >= |B|. Reported by Guido Vranken in #4042.
-   * Fix an errorneous estimation for an internal buffer in
+   * Fix an erroneous estimation for an internal buffer in
      mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
      value the function might fail to write a private RSA keys of the largest
      supported size.
@@ -722,7 +722,7 @@ Security
 
 Bugfix
    * Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c
-   * Fix memory leak that occured when calling psa_close_key() on a
+   * Fix memory leak that occurred when calling psa_close_key() on a
      wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined.
    * Fix an incorrect error code if an RSA private operation glitched.
    * Fix a memory leak in an error case in psa_generate_derived_key_internal().
@@ -1149,7 +1149,7 @@ Changes
      executable.
    * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
      `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
-     coutermeasures. If side channels are not a concern, this dependency can
+     countermeasures. If side channels are not a concern, this dependency can
      be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
    * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes
      Martinho. #3147
@@ -1817,7 +1817,7 @@ New deprecations
      platform error.
    * All module specific generic hardware acceleration errors following the
      form MBEDTLS_ERR_XXX_HW_ACCEL_FAILED that are deprecated and are replaced
-     by the equivalent plaform error.
+     by the equivalent platform error.
    * Deprecate the function mbedtls_mpi_is_prime() in favor of
      mbedtls_mpi_is_prime_ext() which allows specifying the number of
      Miller-Rabin rounds.
@@ -2637,7 +2637,7 @@ Bugfix
      a negative MPI. Previously the result was always negative. Found by Guido
      Vranken.
    * Fix a numerical underflow leading to stack overflow in mpi_read_file()
-     that was triggered uppon reading an empty line. Found by Guido Vranken.
+     that was triggered upon reading an empty line. Found by Guido Vranken.
 
 Changes
    * Send fatal alerts in more cases. The previous behaviour was to skip
@@ -2812,7 +2812,7 @@ Bugfix
    * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf
      data structure until after error checks are successful. Found by
      subramanyam-c. #622
-   * Fix documentation and implementation missmatch for function arguments of
+   * Fix documentation and implementation mismatch for function arguments of
      mbedtls_gcm_finish(). Found by cmiatpaar. #602
    * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558
    * Fix potential byte overread when verifying malformed SERVER_HELLO in
@@ -2935,7 +2935,7 @@ Security
 Features
    * Experimental support for EC J-PAKE as defined in Thread 1.0.0.
      Disabled by default as the specification might still change.
-   * Added a key extraction callback to accees the master secret and key
+   * Added a key extraction callback to access the master secret and key
      block. (Potential uses include EAP-TLS and Thread.)
 
 Bugfix
@@ -2970,7 +2970,7 @@ Security
      overflow of the hostname or session ticket. Found by Guido Vranken,
      Intelworks.
    * Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than
-     once in the same handhake and mbedtls_ssl_conf_psk() was used.
+     once in the same handshake and mbedtls_ssl_conf_psk() was used.
      Found and patch provided by Guido Vranken, Intelworks. Cannot be forced
      remotely.
    * Fix stack buffer overflow in pkcs12 decryption (used by
@@ -3245,7 +3245,7 @@ Default behavior changes
 
 Requirement changes
    * The minimum MSVC version required is now 2010 (better C99 support).
-   * The NET layer now unconditionnaly relies on getaddrinfo() and select().
+   * The NET layer now unconditionally relies on getaddrinfo() and select().
    * Compiler is required to support C99 types such as long long and uint32_t.
 
 API changes from the 1.4 preview branch
@@ -3458,7 +3458,7 @@ Bugfix
      are defined but not POLARSSL_HAVE_TIME (found by Stephane Di Vito).
    * Remove non-existent file from VS projects (found by Peter Vaskovic).
    * ssl_read() could return non-application data records on server while
-     renegotation was pending, and on client when a HelloRequest was received.
+     renegotiation was pending, and on client when a HelloRequest was received.
    * Server-initiated renegotiation would fail with non-blocking I/O if the
      write callback returned WANT_WRITE when requesting renegotiation.
    * ssl_close_notify() could send more than one message in some circumstances
@@ -3942,7 +3942,7 @@ Bugfix
    * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel).
    * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce).
    * ssl_read() could return non-application data records on server while
-     renegotation was pending, and on client when a HelloRequest was received.
+     renegotiation was pending, and on client when a HelloRequest was received.
    * Fix warnings from Clang's scan-build (contributed by Alfred Klomp).
 
 Changes
@@ -4378,7 +4378,7 @@ Changes
      x509parse_crtfile(). With permissive parsing the parsing does not stop on
      encountering a parse-error. Beware that the meaning of return values has
      changed!
-   * All error codes are now negative. Even on mermory failures and IO errors.
+   * All error codes are now negative. Even on memory failures and IO errors.
 
 Bugfix
    * Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes
@@ -4538,7 +4538,7 @@ Features
 Changes
    * Made Makefile cleaner
    * Removed dependency on rand() in rsa_pkcs1_encrypt().
-     Now using random fuction provided to function and
+     Now using random function provided to function and
      changed the prototype of rsa_pkcs1_encrypt(),
      rsa_init() and rsa_gen_key().
    * Some SSL defines were renamed in order to avoid

SECURITY.md

@@ -6,7 +6,7 @@ send an email to the security team at
 
 ## Security Incident Handling Process
 
-Our security process is detailled in our
+Our security process is detailed in our
 [security
 center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/).
 

configs/config-suite-b.h

@@ -104,7 +104,7 @@
 
 /*
  * Save RAM at the expense of interoperability: do this only if you control
- * both ends of the connection!  (See coments in "mbedtls/ssl.h".)
+ * both ends of the connection!  (See comments in "mbedtls/ssl.h".)
  * The minimum size here depends on the certificate chain used as well as the
  * typical size of records.
  */

docs/architecture/testing/psa-storage-format-testing.md

@@ -40,7 +40,7 @@ If the way certain keys are stored changes, and we don't deliberately decide to
 
 ## Storage architecture overview
 
-The PSA subsystem provides storage on top of the PSA trusted storage interface. The state of the storage is a mapping from file identifer (a 64-bit number) to file content (a byte array). These files include:
+The PSA subsystem provides storage on top of the PSA trusted storage interface. The state of the storage is a mapping from file identifier (a 64-bit number) to file content (a byte array). These files include:
 
 * [Key files](#key-storage) (files containing one key's metadata and, except for some secure element keys, key material).
 * The [random generator injected seed or state file](#random-generator-state) (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`).

include/mbedtls/aria.h

@@ -41,7 +41,7 @@
 #define MBEDTLS_ARIA_DECRYPT     0 /**< ARIA decryption. */
 
 #define MBEDTLS_ARIA_BLOCKSIZE   16 /**< ARIA block size in bytes. */
-#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maxiumum number of rounds in ARIA. */
+#define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maximum number of rounds in ARIA. */
 #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
 
 /** Bad input data. */

include/mbedtls/asn1.h

@@ -253,7 +253,7 @@ int mbedtls_asn1_get_len( unsigned char **p,
  *              with the requested tag.
  * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
  *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
  */
 int mbedtls_asn1_get_tag( unsigned char **p,
                           const unsigned char *end,

include/mbedtls/check_config.h

@@ -146,7 +146,7 @@
 #endif
 
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
@@ -334,11 +334,11 @@
 #endif
 
 #if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
+#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
@@ -792,12 +792,12 @@
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) &&   \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)

include/mbedtls/debug.h

@@ -139,7 +139,7 @@ extern "C" {
  *          discarded.
  *          (Default value: 0 = No debug )
  *
- * \param threshold     theshold level of messages to filter on. Messages at a
+ * \param threshold     threshold level of messages to filter on. Messages at a
  *                      higher level will be discarded.
  *                          - Debug levels
  *                              - 0 No debug

include/mbedtls/ecjpake.h

@@ -65,7 +65,7 @@ typedef enum {
  * (KeyExchange) as defined by the Thread spec.
  *
  * In order to benefit from this symmetry, we choose a different naming
- * convetion from the Thread v1.0 spec. Correspondance is indicated in the
+ * convention from the Thread v1.0 spec. Correspondence is indicated in the
  * description as a pair C: client name, S: server name
  */
 typedef struct mbedtls_ecjpake_context

include/mbedtls/hmac_drbg.h

@@ -204,7 +204,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
                     size_t len );
 
 /**
- * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
+ * \brief               Initialisation of simplified HMAC_DRBG (never reseeds).
  *
  * This function is meant for use in algorithms that need a pseudorandom
  * input such as deterministic ECDSA.

include/mbedtls/mbedtls_config.h

@@ -330,7 +330,7 @@
 //#define MBEDTLS_SHA512_ALT
 
 /*
- * When replacing the elliptic curve module, pleace consider, that it is
+ * When replacing the elliptic curve module, please consider, that it is
  * implemented with two .c files:
  *      - ecp.c
  *      - ecp_curves.c
@@ -1416,7 +1416,7 @@
  * Enable support for RFC 7627: Session Hash and Extended Master Secret
  * Extension.
  *
- * This was introduced as "the proper fix" to the Triple Handshake familiy of
+ * This was introduced as "the proper fix" to the Triple Handshake family of
  * attacks, but it is recommended to always use it (even if you disable
  * renegotiation), since it actually fixes a more fundamental issue in the
  * original SSL/TLS design, and has implications beyond Triple Handshake.
@@ -1442,7 +1442,7 @@
  * \note This option has no influence on the protection against the
  *       triple handshake attack. Even if it is disabled, Mbed TLS will
  *       still ensure that certificates do not change during renegotiation,
- *       for exaple by keeping a hash of the peer's certificate.
+ *       for example by keeping a hash of the peer's certificate.
  *
  * Comment this macro to disable storing the peer's certificate
  * after the handshake.
@@ -2554,7 +2554,7 @@
 /**
  * \def MBEDTLS_PK_C
  *
- * Enable the generic public (asymetric) key layer.
+ * Enable the generic public (asymmetric) key layer.
  *
  * Module:  library/pk.c
  * Caller:  library/psa_crypto_rsa.c
@@ -2572,7 +2572,7 @@
 /**
  * \def MBEDTLS_PK_PARSE_C
  *
- * Enable the generic public (asymetric) key parser.
+ * Enable the generic public (asymmetric) key parser.
  *
  * Module:  library/pkparse.c
  * Caller:  library/x509_crt.c
@@ -2587,7 +2587,7 @@
 /**
  * \def MBEDTLS_PK_WRITE_C
  *
- * Enable the generic public (asymetric) key writer.
+ * Enable the generic public (asymmetric) key writer.
  *
  * Module:  library/pkwrite.c
  * Caller:  library/x509write.c

include/mbedtls/private_access.h

@@ -1,7 +1,7 @@
  /**
  * \file private_access.h
  *
- * \brief Macro wrapper for struct's memebrs.
+ * \brief Macro wrapper for struct's members.
  */
 /*
  *  Copyright The Mbed TLS Contributors

include/mbedtls/rsa.h

@@ -74,7 +74,7 @@
 
 /*
  * The above constants may be used even if the RSA module is compile out,
- * eg for alternative (PKCS#11) RSA implemenations in the PK layers.
+ * eg for alternative (PKCS#11) RSA implementations in the PK layers.
  */
 
 #ifdef __cplusplus
@@ -540,7 +540,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
  *
  * \note           Blinding is used if and only if a PRNG is provided.
  *
- * \note           If blinding is used, both the base of exponentation
+ * \note           If blinding is used, both the base of exponentiation
  *                 and the exponent are blinded, providing protection
  *                 against some side-channel attacks.
  *