Fix typos prior to release

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

doxygen/input/doc_encdec.h

@@ -38,7 +38,7 @@
  * All symmetric encryption algorithms are accessible via the generic cipher layer
  * (see \c mbedtls_cipher_setup()).
  *
- * The asymmetric encryptrion algorithms are accessible via the generic public
+ * The asymmetric encryption algorithms are accessible via the generic public
  * key layer (see \c mbedtls_pk_init()).
  *
  * The following algorithms are provided:

include/mbedtls/bignum.h

@@ -192,7 +192,7 @@
 /** \typedef mbedtls_mpi_sint
  * \brief The signed type corresponding to #mbedtls_mpi_uint.
  *
- * This is always an signed integer type with no padding bits. The size
+ * This is always a signed integer type with no padding bits. The size
  * is platform-dependent.
  */
 

include/mbedtls/config.h

@@ -2427,7 +2427,7 @@
  *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
  *
  * \warning   ARC4 is considered a weak cipher and its use constitutes a
- *            security risk. If possible, we recommend avoidng dependencies on
+ *            security risk. If possible, we recommend avoiding dependencies on
  *            it, and considering stronger ciphers instead.
  *
  */

include/mbedtls/config_psa.h

@@ -7,7 +7,7 @@
  *  those definitions to define symbols used in the library code.
  *
  *  Users and integrators should not edit this file, please edit
- *  include/mbedtls/config.h for MBETLS_XXX settings or
+ *  include/mbedtls/config.h for MBEDTLS_XXX settings or
  *  include/psa/crypto_config.h for PSA_WANT_XXX settings.
  */
 /*

include/mbedtls/ssl.h

@@ -624,7 +624,7 @@ typedef int mbedtls_ssl_recv_t( void *ctx,
  * \param ctx      Context for the receive callback (typically a file descriptor)
  * \param buf      Buffer to write the received data to
  * \param len      Length of the receive buffer
- * \param timeout  Maximum nomber of millisecondes to wait for data
+ * \param timeout  Maximum number of milliseconds to wait for data
  *                 0 means no timeout (potentially waiting forever)
  *
  * \return         The callback must return the number of bytes received,

include/psa/crypto_se_driver.h

@@ -225,7 +225,7 @@ typedef psa_status_t (*psa_drv_se_mac_finish_t)(void *op_context,
  * operation by comparing the resulting MAC against a provided value
  *
  * \param[in,out] op_context    A hardware-specific structure for the previously
- *                              started MAC operation to be fiinished
+ *                              started MAC operation to be finished
  * \param[in] p_mac             The MAC value against which the resulting MAC
  *                              will be compared against
  * \param[in] mac_length        The size in bytes of the value stored in `p_mac`
@@ -336,7 +336,7 @@ typedef struct {
     /** Function that completes a MAC operation with a verify check
      */
     psa_drv_se_mac_finish_verify_t  p_finish_verify;
-    /** Function that aborts a previoustly started MAC operation
+    /** Function that aborts a previously started MAC operation
      */
     psa_drv_se_mac_abort_t          p_abort;
     /** Function that performs a MAC operation in one call
@@ -745,7 +745,7 @@ typedef psa_status_t (*psa_drv_se_aead_encrypt_t)(psa_drv_se_context_t *drv_cont
                                                   size_t ciphertext_size,
                                                   size_t *p_ciphertext_length);
 
-/** A function that peforms a secure element authenticated decryption operation
+/** A function that performs a secure element authenticated decryption operation
  *
  * \param[in,out] drv_context           The driver context structure.
  * \param[in] key_slot                  Slot containing the key to use
@@ -1156,7 +1156,7 @@ typedef struct {
  *
  * Different key derivation algorithms require a different number of inputs.
  * Instead of having an API that takes as input variable length arrays, which
- * can be problemmatic to manage on embedded platforms, the inputs are passed
+ * can be problematic to manage on embedded platforms, the inputs are passed
  * to the driver via a function, `psa_drv_se_key_derivation_collateral`, that
  * is called multiple times with different `collateral_id`s. Thus, for a key
  * derivation algorithm that required 3 parameter inputs, the flow would look
@@ -1270,7 +1270,7 @@ typedef struct {
     psa_drv_se_key_derivation_collateral_t p_collateral;
     /** Function that performs a final key derivation step */
     psa_drv_se_key_derivation_derive_t     p_derive;
-    /** Function that perforsm a final key derivation or agreement and
+    /** Function that performs a final key derivation or agreement and
      * exports the key */
     psa_drv_se_key_derivation_export_t     p_export;
 } psa_drv_se_key_derivation_t;

include/psa/crypto_sizes.h

@@ -716,7 +716,7 @@
     (PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
 
 /* Maximum size of the export encoding of an RSA key pair.
- * Assumes thatthe public exponent is less than 2^32 and that the size
+ * Assumes that the public exponent is less than 2^32 and that the size
  * difference between the two primes is at most 1 bit.
  *
  * RSAPrivateKey ::= SEQUENCE {

include/psa/crypto_types.h

@@ -296,7 +296,7 @@ typedef psa_key_id_t mbedtls_svc_key_id_t;
 
 #else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
 /* Implementation-specific: The Mbed Cryptography library can be built as
- * part of a multi-client service that exposes the PSA Cryptograpy API in each
+ * part of a multi-client service that exposes the PSA Cryptography API in each
  * client and encodes the client identity in the key identifier argument of
  * functions such as psa_open_key().
  */

library/aes.c

@@ -1163,7 +1163,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
         {
             /* We are on the last block in a decrypt operation that has
              * leftover bytes, so we need to use the next tweak for this block,
-             * and this tweak for the lefover bytes. Save the current tweak for
+             * and this tweak for the leftover bytes. Save the current tweak for
              * the leftovers and then update the current tweak for use on this,
              * the last full block. */
             memcpy( prev_tweak, tweak, sizeof( tweak ) );

library/mps_reader.c

@@ -530,7 +530,7 @@ int mbedtls_mps_reader_reclaim( mbedtls_mps_reader *rd,
          * of the accumulator. */
         memmove( acc, acc + acc_backup_offset, acc_backup_len );
 
-        /* Copy uncmmitted parts of the current fragment to the
+        /* Copy uncommitted parts of the current fragment to the
          * accumulator. */
         memcpy( acc + acc_backup_len,
                 frag + frag_backup_offset, frag_backup_len );

library/psa_crypto.c

@@ -5133,7 +5133,7 @@ psa_status_t psa_generate_random( uint8_t *output,
     if( status != PSA_SUCCESS )
         return( status );
     /* Breaking up a request into smaller chunks is currently not supported
-     * for the extrernal RNG interface. */
+     * for the external RNG interface. */
     if( output_length != output_size )
         return( PSA_ERROR_INSUFFICIENT_ENTROPY );
     return( PSA_SUCCESS );

library/psa_crypto_se.h

@@ -143,7 +143,7 @@ psa_status_t psa_find_se_slot_for_key(
     psa_se_drv_table_entry_t *driver,
     psa_key_slot_number_t *slot_number );
 
-/** Destoy a key in a secure element.
+/** Destroy a key in a secure element.
  *
  * This function calls the relevant driver method to destroy a key
  * and updates the driver's persistent data.

library/ssl_cli.c

@@ -2861,7 +2861,7 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl,
 
     /*
      * Note: we currently ignore the PKS identity hint, as we only allow one
-     * PSK to be provisionned on the client. This could be changed later if
+     * PSK to be provisioned on the client. This could be changed later if
      * someone needs that feature.
      */
     *p += len;

library/ssl_msg.c

@@ -4032,7 +4032,7 @@ static int ssl_load_buffered_message( mbedtls_ssl_context *ssl )
     if( hs == NULL )
         return( -1 );
 
-    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) );
+    MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_message" ) );
 
     if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
         ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )

library/ssl_srv.c

@@ -1344,7 +1344,7 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
 
             if( ssl->minor_ver < ssl->conf->max_minor_ver )
             {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "inappropriate fallback" ) );
 
                 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                         MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );
@@ -2126,7 +2126,7 @@ read_record_header:
 
             if( ssl->minor_ver < ssl->conf->max_minor_ver )
             {
-                MBEDTLS_SSL_DEBUG_MSG( 1, ( "inapropriate fallback" ) );
+                MBEDTLS_SSL_DEBUG_MSG( 1, ( "inappropriate fallback" ) );
 
                 mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
                                         MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK );

library/ssl_tls.c

@@ -3414,7 +3414,7 @@ static void ssl_calc_finished_tls_sha384(
                    sha512.state, sizeof( sha512.state ) );
 #endif
     /* mbedtls_sha512_finish_ret's output parameter is declared as a
-     * 64-byte buffer, but sice we're using SHA-384, we know that the
+     * 64-byte buffer, but since we're using SHA-384, we know that the
      * output fits in 48 bytes. This is correct C, but GCC 11.1 warns
      * about it.
      */
@@ -4480,7 +4480,7 @@ static void ssl_conf_remove_psk( mbedtls_ssl_config *conf )
         conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
     }
     /* This and the following branch should never
-     * be taken simultaenously as we maintain the
+     * be taken simultaneously as we maintain the
      * invariant that raw and opaque PSKs are never
      * configured simultaneously. As a safeguard,
      * though, `else` is omitted here. */
@@ -6952,7 +6952,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl )
 }
 
 /*
- * Initialze mbedtls_ssl_config
+ * Initialize mbedtls_ssl_config
  */
 void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
 {

library/timing.c

@@ -262,7 +262,7 @@ static void TimerProc( void *TimerContext )
     Sleep( alarmMs );
     mbedtls_timing_alarmed = 1;
     /* _endthread will be called implicitly on return
-     * That ensures execution of thread funcition's epilogue */
+     * That ensures execution of thread function's epilogue */
 }
 
 void mbedtls_set_alarm( int seconds )

library/x509.c

@@ -189,7 +189,7 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md
  *
  * RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
  * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
- * option. Enfore this at parsing time.
+ * option. Enforce this at parsing time.
  */
 int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
                                 mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,

library/x509_crl.c

@@ -1,5 +1,5 @@
 /*
- *  X.509 Certidicate Revocation List (CRL) parsing
+ *  X.509 Certificate Revocation List (CRL) parsing
  *
  *  Copyright The Mbed TLS Contributors
  *  SPDX-License-Identifier: Apache-2.0

programs/pkey/dh_genprime.c

@@ -46,7 +46,7 @@ int main( void )
 
 #define USAGE \
     "\n usage: dh_genprime param=<>...\n"                                   \
-    "\n acceprable parameters:\n"                                           \
+    "\n acceptable parameters:\n"                                           \
     "    bits=%%d           default: 2048\n"
 
 #define DFL_BITS    2048

programs/ssl/dtls_client.c

@@ -348,6 +348,6 @@ exit:
     mbedtls_exit( ret );
 }
 #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
-          MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+          MBEDTLS_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
           MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_CERTS_C &&
           MBEDTLS_PEM_PARSE_C */

programs/test/udp_proxy.c

@@ -378,7 +378,7 @@ static const char *msg_type( unsigned char *msg, size_t len )
 
 #if defined(MBEDTLS_TIMING_C)
 /* Return elapsed time in milliseconds since the first call */
-static unsigned ellapsed_time( void )
+static unsigned elapsed_time( void )
 {
     static int initialized = 0;
     static struct mbedtls_timing_hr_time hires;
@@ -414,9 +414,9 @@ static int ctx_buffer_flush( ctx_buffer *buf )
     int ret;
 
     mbedtls_printf( "  %05u flush    %s: %u bytes, %u datagrams, last %u ms\n",
-                    ellapsed_time(), buf->description,
+                    elapsed_time(), buf->description,
                     (unsigned) buf->len, buf->num_datagrams,
-                    ellapsed_time() - buf->packet_lifetime );
+                    elapsed_time() - buf->packet_lifetime );
 
     ret = mbedtls_net_send( buf->ctx, buf->data, buf->len );
 
@@ -428,7 +428,7 @@ static int ctx_buffer_flush( ctx_buffer *buf )
 
 static unsigned ctx_buffer_time_remaining( ctx_buffer *buf )
 {
-    unsigned const cur_time = ellapsed_time();
+    unsigned const cur_time = elapsed_time();
 
     if( buf->num_datagrams == 0 )
         return( (unsigned) -1 );
@@ -468,7 +468,7 @@ static int ctx_buffer_append( ctx_buffer *buf,
 
     buf->len += len;
     if( ++buf->num_datagrams == 1 )
-        buf->packet_lifetime = ellapsed_time();
+        buf->packet_lifetime = elapsed_time();
 
     return( (int) len );
 }
@@ -518,10 +518,10 @@ void print_packet( const packet *p, const char *why )
 #if defined(MBEDTLS_TIMING_C)
     if( why == NULL )
         mbedtls_printf( "  %05u dispatch %s %s (%u bytes)\n",
-                ellapsed_time(), p->way, p->type, p->len );
+                elapsed_time(), p->way, p->type, p->len );
     else
         mbedtls_printf( "  %05u dispatch %s %s (%u bytes): %s\n",
-                ellapsed_time(), p->way, p->type, p->len, why );
+                elapsed_time(), p->way, p->type, p->len, why );
 #else
     if( why == NULL )
         mbedtls_printf( "        dispatch %s %s (%u bytes)\n",

programs/x509/cert_req.c

@@ -358,7 +358,7 @@ int main( int argc, char *argv[] )
     if( ( ret = write_certificate_request( &req, opt.output_file,
                                            mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
     {
-        mbedtls_printf( " failed\n  !  write_certifcate_request %d", ret );
+        mbedtls_printf( " failed\n  !  write_certificate_request %d", ret );
         goto exit;
     }
 

programs/x509/cert_write.c

@@ -672,7 +672,7 @@ int main( int argc, char *argv[] )
         if( ret != 0 )
         {
             mbedtls_strerror( ret, buf, 1024 );
-            mbedtls_printf( " failed\n  !  x509write_crt_set_basic_contraints "
+            mbedtls_printf( " failed\n  !  x509write_crt_set_basic_constraints "
                             "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
             goto exit;
         }

tests/include/test/psa_crypto_helpers.h

@@ -189,7 +189,7 @@ psa_status_t mbedtls_test_record_status( psa_status_t status,
  *
  * Do a key policy permission extension on key usage policies always involves
  * permissions of other usage policies
- * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSGAE).
+ * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSAGE).
  */
 psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags );
 

tests/scripts/check_names.py

@@ -620,7 +620,7 @@ class CodeParser():
         self.log.info("Compiling...")
         symbols = []
 
-        # Back up the config and atomically compile with the full configratuion.
+        # Back up the config and atomically compile with the full configuration.
         shutil.copy(
             "include/mbedtls/config.h",
             "include/mbedtls/config.h.bak"
@@ -879,7 +879,7 @@ def main():
     parser.add_argument(
         "-q", "--quiet",
         action="store_true",
-        help="hide unnecessary text, explanations, and highlighs"
+        help="hide unnecessary text, explanations, and highlights"
     )
 
     args = parser.parse_args()

tests/scripts/generate_psa_tests.py

@@ -80,7 +80,7 @@ def automatic_dependencies(*expressions: str) -> List[str]:
 # A temporary hack: at the time of writing, not all dependency symbols
 # are implemented yet. Skip test cases for which the dependency symbols are
 # not available. Once all dependency symbols are available, this hack must
-# be removed so that a bug in the dependency symbols proprely leads to a test
+# be removed so that a bug in the dependency symbols properly leads to a test
 # failure.
 def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
     return frozenset(symbol
@@ -458,7 +458,7 @@ class StorageKey(psa_storage.Key):
         """Prepare to generate a key.
 
         * `usage`                 : The usage flags used for the key.
-        * `without_implicit_usage`: Flag to defide to apply the usage extension
+        * `without_implicit_usage`: Flag to define to apply the usage extension
         """
         usage_flags = set(usage)
         if not without_implicit_usage:

tests/scripts/test_psa_compliance.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 """Run the PSA Crypto API compliance test suite.
 Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
-then complie and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
+then compile and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
 Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
 while unexpected failures AND successes are reported as errors,
 to help keep the list of known defects as up to date as possible.

tests/suites/test_suite_mps.function

@@ -295,7 +295,7 @@ void mbedtls_mps_reader_reclaim_overflow()
     /* This test exercises the behaviour of the MPS reader with accumulator
      * in the situation where upon calling mbedtls_mps_reader_reclaim(), the
      * uncommitted data together with the excess data missing in the last
-     * call to medtls_mps_reader_get() exceeds the bounds of the type
+     * call to mbedtls_mps_reader_get() exceeds the bounds of the type
      * holding the buffer length.
      */
 

tests/suites/test_suite_psa_crypto_driver_wrappers.function

@@ -587,14 +587,14 @@ void cipher_encrypt_multipart( int alg_arg,
     mbedtls_psa_cipher_operation_t mbedtls_operation =
             MBEDTLS_PSA_CIPHER_OPERATION_INIT;
 
-    mbedtls_transparent_test_driver_cipher_operation_t tranparent_operation =
+    mbedtls_transparent_test_driver_cipher_operation_t transparent_operation =
             MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
 
     mbedtls_opaque_test_driver_cipher_operation_t opaque_operation =
             MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
 
     operation.ctx.mbedtls_ctx = mbedtls_operation;
-    operation.ctx.transparent_test_driver_ctx = tranparent_operation;
+    operation.ctx.transparent_test_driver_ctx = transparent_operation;
     operation.ctx.opaque_test_driver_ctx = opaque_operation;
 
     PSA_ASSERT( psa_crypto_init( ) );
@@ -719,14 +719,14 @@ void cipher_decrypt_multipart( int alg_arg,
     mbedtls_psa_cipher_operation_t mbedtls_operation =
             MBEDTLS_PSA_CIPHER_OPERATION_INIT;
 
-    mbedtls_transparent_test_driver_cipher_operation_t tranparent_operation =
+    mbedtls_transparent_test_driver_cipher_operation_t transparent_operation =
             MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
 
     mbedtls_opaque_test_driver_cipher_operation_t opaque_operation =
             MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
 
     operation.ctx.mbedtls_ctx = mbedtls_operation;
-    operation.ctx.transparent_test_driver_ctx = tranparent_operation;
+    operation.ctx.transparent_test_driver_ctx = transparent_operation;
     operation.ctx.opaque_test_driver_ctx = opaque_operation;
 
     PSA_ASSERT( psa_crypto_init( ) );

tests/suites/test_suite_psa_crypto_generate_key.function

@@ -18,7 +18,7 @@ void generate_key( int key_type_arg, int bits_arg, int expected_status_arg)
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
 
-    // key lifetiem, usage flags, algorithm are irrelevant for this test
+    // key lifetime, usage flags, algorithm are irrelevant for this test
     psa_key_type_t key_type = key_type_arg;
     size_t bits = bits_arg;
     psa_status_t expected_status = expected_status_arg;

tests/suites/test_suite_ssl.function

@@ -446,7 +446,7 @@ void mbedtls_mock_socket_close( mbedtls_mock_socket* socket )
  * \p peer1 and \p peer2 must have been previously initialized by calling
  * mbedtls_mock_socket_init().
  *
- * The capacites of the internal buffers are set to \p bufsize. Setting this to
+ * The capacities of the internal buffers are set to \p bufsize. Setting this to
  * the correct value allows for simulation of MTU, sanity testing the mock
  * implementation and mocking TCP connections with lower memory cost.
  */
@@ -587,7 +587,7 @@ void mbedtls_message_socket_init( mbedtls_test_message_socket_context *ctx )
 }
 
 /*
- * Setup a given mesasge socket context including initialization of
+ * Setup a given message socket context including initialization of
  * input/output queues to a chosen capacity of messages. Also set the
  * corresponding mock socket.
  *