diff options
78 files changed, 151 insertions, 151 deletions
diff --git a/3rdparty/everest/README.md b/3rdparty/everest/README.md index 0e25466..bcf12c0 100644 --- a/3rdparty/everest/README.md +++ b/3rdparty/everest/README.md @@ -2,4 +2,4 @@ The files in this directory stem from [Project Everest](https://project-everest. This is a formally verified implementation of Curve25519-based handshakes. The C code is automatically derived from the (verified) [original implementation](https://github.com/project-everest/hacl-star/tree/master/code/curve25519) in the [F* language](https://github.com/fstarlang/fstar) by [KreMLin](https://github.com/fstarlang/kremlin). In addition to the improved safety and security of the implementation, it is also significantly faster than the default implementation of Curve25519 in mbedTLS. -The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explictly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later). +The caveat is that not all platforms are supported, although the version in `everest/library/legacy` should work on most systems. The main issue is that some platforms do not provide a 128-bit integer type and KreMLin therefore has to use additional (also verified) code to simulate them, resulting in less of a performance gain overall. Explicitly supported platforms are currently `x86` and `x86_64` using gcc or clang, and Visual C (2010 and later). diff --git a/CMakeLists.txt b/CMakeLists.txt index 0fccd3d..7550f45 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -6,7 +6,7 @@ # command but rather at the target level using the # target_include_directories command. That way, it is easier to guarantee # that targets are built using the proper list of include directories. -# + Use the PUBLIC and PRIVATE keywords to specifiy the scope of include +# + Use the PUBLIC and PRIVATE keywords to specify the scope of include # directories. That way, a target linking to a library (using the # target_link_librairies command) inherits from the library PUBLIC include # directories and not from the PRIVATE ones. @@ -709,7 +709,7 @@ Security applications calling mbedtls_mpi_sub_abs() directly are affected: all calls inside the library were safe since this function is only called with |A| >= |B|. Reported by Guido Vranken in #4042. - * Fix an errorneous estimation for an internal buffer in + * Fix an erroneous estimation for an internal buffer in mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd value the function might fail to write a private RSA keys of the largest supported size. @@ -722,7 +722,7 @@ Security Bugfix * Fix use-after-scope error in programs/ssl/ssl_client2.c and ssl_server2.c - * Fix memory leak that occured when calling psa_close_key() on a + * Fix memory leak that occurred when calling psa_close_key() on a wrapped key with MBEDTLS_PSA_CRYPTO_SE_C defined. * Fix an incorrect error code if an RSA private operation glitched. * Fix a memory leak in an error case in psa_generate_derived_key_internal(). @@ -1149,7 +1149,7 @@ Changes executable. * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel - coutermeasures. If side channels are not a concern, this dependency can + countermeasures. If side channels are not a concern, this dependency can be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`. * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes Martinho. #3147 @@ -1817,7 +1817,7 @@ New deprecations platform error. * All module specific generic hardware acceleration errors following the form MBEDTLS_ERR_XXX_HW_ACCEL_FAILED that are deprecated and are replaced - by the equivalent plaform error. + by the equivalent platform error. * Deprecate the function mbedtls_mpi_is_prime() in favor of mbedtls_mpi_is_prime_ext() which allows specifying the number of Miller-Rabin rounds. @@ -2637,7 +2637,7 @@ Bugfix a negative MPI. Previously the result was always negative. Found by Guido Vranken. * Fix a numerical underflow leading to stack overflow in mpi_read_file() - that was triggered uppon reading an empty line. Found by Guido Vranken. + that was triggered upon reading an empty line. Found by Guido Vranken. Changes * Send fatal alerts in more cases. The previous behaviour was to skip @@ -2812,7 +2812,7 @@ Bugfix * Fix mbedtls_x509_get_sig() to update the ASN1 type in the mbedtls_x509_buf data structure until after error checks are successful. Found by subramanyam-c. #622 - * Fix documentation and implementation missmatch for function arguments of + * Fix documentation and implementation mismatch for function arguments of mbedtls_gcm_finish(). Found by cmiatpaar. #602 * Guarantee that P>Q at RSA key generation. Found by inestlerode. #558 * Fix potential byte overread when verifying malformed SERVER_HELLO in @@ -2935,7 +2935,7 @@ Security Features * Experimental support for EC J-PAKE as defined in Thread 1.0.0. Disabled by default as the specification might still change. - * Added a key extraction callback to accees the master secret and key + * Added a key extraction callback to access the master secret and key block. (Potential uses include EAP-TLS and Thread.) Bugfix @@ -2970,7 +2970,7 @@ Security overflow of the hostname or session ticket. Found by Guido Vranken, Intelworks. * Fix potential double-free if mbedtls_ssl_set_hs_psk() is called more than - once in the same handhake and mbedtls_ssl_conf_psk() was used. + once in the same handshake and mbedtls_ssl_conf_psk() was used. Found and patch provided by Guido Vranken, Intelworks. Cannot be forced remotely. * Fix stack buffer overflow in pkcs12 decryption (used by @@ -3245,7 +3245,7 @@ Default behavior changes Requirement changes * The minimum MSVC version required is now 2010 (better C99 support). - * The NET layer now unconditionnaly relies on getaddrinfo() and select(). + * The NET layer now unconditionally relies on getaddrinfo() and select(). * Compiler is required to support C99 types such as long long and uint32_t. API changes from the 1.4 preview branch @@ -3458,7 +3458,7 @@ Bugfix are defined but not POLARSSL_HAVE_TIME (found by Stephane Di Vito). * Remove non-existent file from VS projects (found by Peter Vaskovic). * ssl_read() could return non-application data records on server while - renegotation was pending, and on client when a HelloRequest was received. + renegotiation was pending, and on client when a HelloRequest was received. * Server-initiated renegotiation would fail with non-blocking I/O if the write callback returned WANT_WRITE when requesting renegotiation. * ssl_close_notify() could send more than one message in some circumstances @@ -3942,7 +3942,7 @@ Bugfix * Don't print uninitialised buffer in ssl_mail_client (found by Marc Abel). * Fix net_accept() regarding non-blocking sockets (found by Luca Pesce). * ssl_read() could return non-application data records on server while - renegotation was pending, and on client when a HelloRequest was received. + renegotiation was pending, and on client when a HelloRequest was received. * Fix warnings from Clang's scan-build (contributed by Alfred Klomp). Changes @@ -4378,7 +4378,7 @@ Changes x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error. Beware that the meaning of return values has changed! - * All error codes are now negative. Even on mermory failures and IO errors. + * All error codes are now negative. Even on memory failures and IO errors. Bugfix * Fixed faulty HMAC-MD2 implementation. Found by dibac. (Closes @@ -4538,7 +4538,7 @@ Features Changes * Made Makefile cleaner * Removed dependency on rand() in rsa_pkcs1_encrypt(). - Now using random fuction provided to function and + Now using random function provided to function and changed the prototype of rsa_pkcs1_encrypt(), rsa_init() and rsa_gen_key(). * Some SSL defines were renamed in order to avoid diff --git a/SECURITY.md b/SECURITY.md index bd18f6c..26b77ab 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -6,7 +6,7 @@ send an email to the security team at ## Security Incident Handling Process -Our security process is detailled in our +Our security process is detailed in our [security center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/). diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h index 68ccf10..35622fc 100644 --- a/configs/config-suite-b.h +++ b/configs/config-suite-b.h @@ -104,7 +104,7 @@ /* * Save RAM at the expense of interoperability: do this only if you control - * both ends of the connection! (See coments in "mbedtls/ssl.h".) + * both ends of the connection! (See comments in "mbedtls/ssl.h".) * The minimum size here depends on the certificate chain used as well as the * typical size of records. */ diff --git a/docs/architecture/testing/psa-storage-format-testing.md b/docs/architecture/testing/psa-storage-format-testing.md index 0e20a8b..5514dfa 100644 --- a/docs/architecture/testing/psa-storage-format-testing.md +++ b/docs/architecture/testing/psa-storage-format-testing.md @@ -40,7 +40,7 @@ If the way certain keys are stored changes, and we don't deliberately decide to ## Storage architecture overview -The PSA subsystem provides storage on top of the PSA trusted storage interface. The state of the storage is a mapping from file identifer (a 64-bit number) to file content (a byte array). These files include: +The PSA subsystem provides storage on top of the PSA trusted storage interface. The state of the storage is a mapping from file identifier (a 64-bit number) to file content (a byte array). These files include: * [Key files](#key-storage) (files containing one key's metadata and, except for some secure element keys, key material). * The [random generator injected seed or state file](#random-generator-state) (`PSA_CRYPTO_ITS_RANDOM_SEED_UID`). diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index 1a96d15..296f9a8 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -41,7 +41,7 @@ #define MBEDTLS_ARIA_DECRYPT 0 /**< ARIA decryption. */ #define MBEDTLS_ARIA_BLOCKSIZE 16 /**< ARIA block size in bytes. */ -#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maxiumum number of rounds in ARIA. */ +#define MBEDTLS_ARIA_MAX_ROUNDS 16 /**< Maximum number of rounds in ARIA. */ #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */ /** Bad input data. */ diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 30b0ed2..f71a060 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -253,7 +253,7 @@ int mbedtls_asn1_get_len( unsigned char **p, * with the requested tag. * \return #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element * would end beyond \p end. - * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable. + * \return #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable. */ int mbedtls_asn1_get_tag( unsigned char **p, const unsigned char *end, diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 93d2ae1..316fd75 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -146,7 +146,7 @@ #endif #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) -#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites" +#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C) @@ -334,11 +334,11 @@ #endif #if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites" +#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequisites" #endif #if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) -#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites" +#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequisites" #endif #if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM) @@ -792,12 +792,12 @@ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites" +#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites" #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \ !defined(MBEDTLS_SSL_PROTO_TLS1_2) -#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites" +#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequisites" #endif #if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C) diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index 0aed596..5c8aba8 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -139,7 +139,7 @@ extern "C" { * discarded. * (Default value: 0 = No debug ) * - * \param threshold theshold level of messages to filter on. Messages at a + * \param threshold threshold level of messages to filter on. Messages at a * higher level will be discarded. * - Debug levels * - 0 No debug diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index a73f624..7853a6a 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -65,7 +65,7 @@ typedef enum { * (KeyExchange) as defined by the Thread spec. * * In order to benefit from this symmetry, we choose a different naming - * convetion from the Thread v1.0 spec. Correspondance is indicated in the + * convention from the Thread v1.0 spec. Correspondence is indicated in the * description as a pair C: client name, S: server name */ typedef struct mbedtls_ecjpake_context diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h index 37702b5..f2cf2c0 100644 --- a/include/mbedtls/hmac_drbg.h +++ b/include/mbedtls/hmac_drbg.h @@ -204,7 +204,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx, size_t len ); /** - * \brief Initilisation of simpified HMAC_DRBG (never reseeds). + * \brief Initialisation of simplified HMAC_DRBG (never reseeds). * * This function is meant for use in algorithms that need a pseudorandom * input such as deterministic ECDSA. diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h index 21596da..7d0fa63 100644 --- a/include/mbedtls/mbedtls_config.h +++ b/include/mbedtls/mbedtls_config.h @@ -330,7 +330,7 @@ //#define MBEDTLS_SHA512_ALT /* - * When replacing the elliptic curve module, pleace consider, that it is + * When replacing the elliptic curve module, please consider, that it is * implemented with two .c files: * - ecp.c * - ecp_curves.c @@ -1416,7 +1416,7 @@ * Enable support for RFC 7627: Session Hash and Extended Master Secret * Extension. * - * This was introduced as "the proper fix" to the Triple Handshake familiy of + * This was introduced as "the proper fix" to the Triple Handshake family of * attacks, but it is recommended to always use it (even if you disable * renegotiation), since it actually fixes a more fundamental issue in the * original SSL/TLS design, and has implications beyond Triple Handshake. @@ -1442,7 +1442,7 @@ * \note This option has no influence on the protection against the * triple handshake attack. Even if it is disabled, Mbed TLS will * still ensure that certificates do not change during renegotiation, - * for exaple by keeping a hash of the peer's certificate. + * for example by keeping a hash of the peer's certificate. * * Comment this macro to disable storing the peer's certificate * after the handshake. @@ -2554,7 +2554,7 @@ /** * \def MBEDTLS_PK_C * - * Enable the generic public (asymetric) key layer. + * Enable the generic public (asymmetric) key layer. * * Module: library/pk.c * Caller: library/psa_crypto_rsa.c @@ -2572,7 +2572,7 @@ /** * \def MBEDTLS_PK_PARSE_C * - * Enable the generic public (asymetric) key parser. + * Enable the generic public (asymmetric) key parser. * * Module: library/pkparse.c * Caller: library/x509_crt.c @@ -2587,7 +2587,7 @@ /** * \def MBEDTLS_PK_WRITE_C * - * Enable the generic public (asymetric) key writer. + * Enable the generic public (asymmetric) key writer. * * Module: library/pkwrite.c * Caller: library/x509write.c diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h index 98d3419..85461f6 100644 --- a/include/mbedtls/private_access.h +++ b/include/mbedtls/private_access.h @@ -1,7 +1,7 @@ /** * \file private_access.h * - * \brief Macro wrapper for struct's memebrs. + * \brief Macro wrapper for struct's members. */ /* * Copyright The Mbed TLS Contributors diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index d03c31d..7562d1c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -74,7 +74,7 @@ /* * The above constants may be used even if the RSA module is compile out, - * eg for alternative (PKCS#11) RSA implemenations in the PK layers. + * eg for alternative (PKCS#11) RSA implementations in the PK layers. */ #ifdef __cplusplus @@ -540,7 +540,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * * \note Blinding is used if and only if a PRNG is provided. * - * \note If blinding is used, both the base of exponentation + * \note If blinding is used, both the base of exponentiation * and the exponent are blinded, providing protection * against some side-channel attacks. * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index c8c1219..3d369ea 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -2130,7 +2130,7 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl, #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ /** - * \brief Set the Maximum Tranport Unit (MTU). + * \brief Set the Maximum Transport Unit (MTU). * Special value: 0 means unset (no limit). * This represents the maximum size of a datagram payload * handled by the transport layer (usually UDP) as determined @@ -3454,7 +3454,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf, * Both sides: limits the set of curves accepted for use in * ECDHE and in the peer's end-entity certificate. * - * \deprecated Superseeded by mbedtls_ssl_conf_groups(). + * \deprecated Superseded by mbedtls_ssl_conf_groups(). * * \note This has no influence on which curves are allowed inside the * certificate chains, see \c mbedtls_ssl_conf_cert_profile() @@ -3725,7 +3725,7 @@ int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl, * \param protos Pointer to a NULL-terminated list of supported protocols, * in decreasing preference order. The pointer to the list is * recorded by the library for later reference as required, so - * the lifetime of the table must be atleast as long as the + * the lifetime of the table must be at least as long as the * lifetime of the SSL configuration structure. * * \return 0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA. @@ -3739,7 +3739,7 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot * * \param ssl SSL context * - * \return Protcol name, or NULL if no protocol was negotiated. + * \return Protocol name, or NULL if no protocol was negotiated. */ const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl ); #endif /* MBEDTLS_SSL_ALPN */ @@ -3822,7 +3822,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, unsigned char *mki_value, uint16_t mki_len ); /** - * \brief Get the negotiated DTLS-SRTP informations: + * \brief Get the negotiated DTLS-SRTP information: * Protection profile and MKI value. * * \warning This function must be called after the handshake is @@ -3830,7 +3830,7 @@ int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl, * not be trusted or acted upon before the handshake completes. * * \param ssl The SSL context to query. - * \param dtls_srtp_info The negotiated DTLS-SRTP informations: + * \param dtls_srtp_info The negotiated DTLS-SRTP information: * - Protection profile in use. * A direct mapping of the iana defined value for protection * profile on an uint16_t. @@ -4053,7 +4053,7 @@ void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets * initiated by peer * (Default: MBEDTLS_SSL_RENEGOTIATION_DISABLED) * - * \warning It is recommended to always disable renegotation unless you + * \warning It is recommended to always disable renegotiation unless you * know you need it and you know what you're doing. In the * past, there have been several issues associated with * renegotiation or a poor understanding of its properties. @@ -4116,7 +4116,7 @@ void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_ * scenario. * * \note With DTLS and server-initiated renegotiation, the - * HelloRequest is retransmited every time mbedtls_ssl_read() times + * HelloRequest is retransmitted every time mbedtls_ssl_read() times * out or receives Application Data, until: * - max_records records have beens seen, if it is >= 0, or * - the number of retransmits that would happen during an @@ -4775,7 +4775,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ); * \return \c 0 if successful. * \return #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small. * \return #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed - * while reseting the context. + * while resetting the context. * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in * progress, or there is pending data for reading or sending, * or the connection does not use DTLS 1.2 with an AEAD diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h index c5b80d9..a1ca74b 100644 --- a/include/mbedtls/ssl_cookie.h +++ b/include/mbedtls/ssl_cookie.h @@ -90,7 +90,7 @@ int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx, * \brief Set expiration delay for cookies * (Default MBEDTLS_SSL_COOKIE_TIMEOUT) * - * \param ctx Cookie contex + * \param ctx Cookie context * \param delay Delay, in seconds if HAVE_TIME, or in number of cookies * issued in the meantime. * 0 to disable expiration (NOT recommended) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 51ce257..9ed2bbe 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -968,7 +968,7 @@ void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx ); void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ); /** - * \brief Set the verion for a Certificate + * \brief Set the version for a Certificate * Default: MBEDTLS_X509_CRT_VERSION_3 * * \param ctx CRT context to use diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 20a516e..44b7aab 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -184,7 +184,7 @@ int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx, * private key used to sign the CSR when writing it) * * \param ctx CSR context to use - * \param key Asymetric key to include + * \param key Asymmetric key to include */ void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key ); diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 5f4a9be..2234e56 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -1023,7 +1023,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation, * This function calculates the hash of the message formed by concatenating * the inputs passed to preceding calls to psa_hash_update(). * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_hash_abort(). * @@ -1073,7 +1073,7 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation, * compares the calculated hash with the expected hash passed as a * parameter to this function. * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_hash_abort(). * @@ -1458,7 +1458,7 @@ psa_status_t psa_mac_update(psa_mac_operation_t *operation, * This function calculates the MAC of the message formed by concatenating * the inputs passed to preceding calls to psa_mac_update(). * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_mac_abort(). * @@ -1511,7 +1511,7 @@ psa_status_t psa_mac_sign_finish(psa_mac_operation_t *operation, * compares the calculated MAC with the expected MAC passed as a * parameter to this function. * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_mac_abort(). * @@ -1971,7 +1971,7 @@ psa_status_t psa_cipher_update(psa_cipher_operation_t *operation, * formed by concatenating the inputs passed to preceding calls to * psa_cipher_update(). * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_cipher_abort(). * @@ -2638,7 +2638,7 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation, * preceding calls to psa_aead_update(). * - \p tag contains the authentication tag. * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_aead_abort(). * @@ -2728,7 +2728,7 @@ psa_status_t psa_aead_finish(psa_aead_operation_t *operation, * plaintext and reports success. If the authentication tag is not correct, * this function returns #PSA_ERROR_INVALID_SIGNATURE. * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling psa_aead_abort(). * @@ -3026,7 +3026,7 @@ psa_status_t psa_sign_hash(mbedtls_svc_key_id_t key, * \retval #PSA_ERROR_INVALID_HANDLE * \retval #PSA_ERROR_NOT_PERMITTED * \retval #PSA_ERROR_INVALID_SIGNATURE - * The calculation was perfomed successfully, but the passed + * The calculation was performed successfully, but the passed * signature is not a valid signature. * \retval #PSA_ERROR_NOT_SUPPORTED * \retval #PSA_ERROR_INVALID_ARGUMENT @@ -3050,7 +3050,7 @@ psa_status_t psa_verify_hash(mbedtls_svc_key_id_t key, /** * \brief Encrypt a short message with a public key. * - * \param key Identifer of the key to use for the operation. + * \param key Identifier of the key to use for the operation. * It must be a public key or an asymmetric key * pair. It must allow the usage * #PSA_KEY_USAGE_ENCRYPT. diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index df28fef..8fb1a21 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -348,7 +348,7 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * length of the byte string is the private key size in bytes (leading zeroes * are not stripped). * - * Determinstic DSA key derivation with psa_generate_derived_key follows + * Deterministic DSA key derivation with psa_generate_derived_key follows * FIPS 186-4 §B.1.2: interpret the byte string as integer * in big-endian order. Discard it if it is not in the range * [0, *N* - 2] where *N* is the boundary of the private key domain @@ -1145,7 +1145,7 @@ typedef uint32_t psa_pake_primitive_t; */ #define PSA_PAKE_STEP_ZK_PROOF ((psa_pake_step_t)0x03) -/** The type of the data strucure for PAKE cipher suites. +/** The type of the data structure for PAKE cipher suites. * * This is an implementation-defined \c struct. Applications should not * make any assumptions about the content of this structure. diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h index f333db1..434554d 100644 --- a/include/psa/crypto_struct.h +++ b/include/psa/crypto_struct.h @@ -462,7 +462,7 @@ static inline void psa_set_key_type( psa_key_attributes_t *attributes, } else { - /* Call the bigger function to free the old domain paramteres. + /* Call the bigger function to free the old domain parameters. * Ignore any errors which may arise due to type requiring * non-default domain parameters, since this function can't * report errors. */ diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 2f9a15a..057aca1 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1456,7 +1456,7 @@ * with a random per-message secret number (*k*). * * The representation of the signature as a byte string consists of - * the concatentation of the signature values *r* and *s*. Each of + * the concatenation of the signature values *r* and *s*. Each of * *r* and *s* is encoded as an *N*-octet string, where *N* is the length * of the base point of the curve in octets. Each value is represented * in big-endian order (most significant octet first). diff --git a/library/aes.c b/library/aes.c index d2b05e2..bf5d432 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1089,7 +1089,7 @@ typedef unsigned char mbedtls_be128[16]; * * This function multiplies a field element by x in the polynomial field * representation. It uses 64-bit word operations to gain speed but compensates - * for machine endianess and hence works correctly on both big and little + * for machine endianness and hence works correctly on both big and little * endian machines. */ static void mbedtls_gf128mul_x_ble( unsigned char r[16], @@ -1189,7 +1189,7 @@ int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx, unsigned char *prev_output = output - 16; /* Copy ciphertext bytes from the previous block to our output for each - * byte of cyphertext we won't steal. At the same time, copy the + * byte of ciphertext we won't steal. At the same time, copy the * remainder of the input for this final round (since the loop bounds * are the same). */ for( i = 0; i < leftover; i++ ) diff --git a/library/bignum.c b/library/bignum.c index f06eff0..11acc01 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2278,7 +2278,7 @@ int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B * TA-TB is even so the division by 2 has an integer result. * Invariant (I) is preserved since any odd divisor of both TA and TB * also divides |TA-TB|/2, and any odd divisor of both TA and |TA-TB|/2 - * also divides TB, and any odd divisior of both TB and |TA-TB|/2 also + * also divides TB, and any odd divisor of both TB and |TA-TB|/2 also * divides TA. */ if( mbedtls_mpi_cmp_mpi( &TA, &TB ) >= 0 ) diff --git a/library/constant_time.c b/library/constant_time.c index a6451bb..8475b0c 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -690,7 +690,7 @@ cleanup: /* * Conditionally swap X and Y, without leaking information * about whether the swap was made or not. - * Here it is not ok to simply swap the pointers, which whould lead to + * Here it is not ok to simply swap the pointers, which would lead to * different memory access patterns when X and Y are used afterwards. */ int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, diff --git a/library/ecjpake.c b/library/ecjpake.c index 738a977..d467a65 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -449,7 +449,7 @@ cleanup: /* * Read a ECJPAKEKeyKPPairList (7.4.2.3) and check proofs - * Ouputs: verified peer public keys Xa, Xb + * Outputs: verified peer public keys Xa, Xb */ static int ecjpake_kkpp_read( const mbedtls_md_info_t *md_info, const mbedtls_ecp_group *grp, diff --git a/library/ecp.c b/library/ecp.c index f39cb02..8b32caa 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1267,7 +1267,7 @@ cleanup: * For curves in short Weierstrass form, we do all the internal operations in * Jacobian coordinates. * - * For multiplication, we'll use a comb method with coutermeasueres against + * For multiplication, we'll use a comb method with countermeasures against * SPA, hence timing attacks. */ @@ -2231,7 +2231,7 @@ static unsigned char ecp_pick_window_size( const mbedtls_ecp_group *grp, * This function is mainly responsible for administrative work: * - managing the restart context if enabled * - managing the table of precomputed points (passed between the below two - * functions): allocation, computation, ownership tranfer, freeing. + * functions): allocation, computation, ownership transfer, freeing. * * It delegates the actual arithmetic work to: * ecp_precompute_comb() and ecp_mul_comb_with_precomp() @@ -2365,7 +2365,7 @@ cleanup: /* * For Montgomery curves, we do all the internal arithmetic in projective * coordinates. Import/export of points uses only the x coordinates, which is - * internaly represented as X / Z. + * internally represented as X / Z. * * For scalar multiplication, we'll use a Montgomery ladder. */ @@ -2519,7 +2519,7 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MPI_ECP_LSET( &R->Z, 0 ); mbedtls_mpi_free( &R->Y ); - /* RP.X might be sligtly larger than P, so reduce it */ + /* RP.X might be slightly larger than P, so reduce it */ MOD_ADD( &RP.X ); /* Randomize coordinates of the starting point */ diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 8c6b442..61432d8 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -561,8 +561,8 @@ static void *buffer_alloc_calloc_mutexed( size_t n, size_t size ) static void buffer_alloc_free_mutexed( void *ptr ) { - /* We have to good option here, but corrupting the heap seems - * worse than loosing memory. */ + /* We have no good option here, but corrupting the heap seems + * worse than losing memory. */ if( mbedtls_mutex_lock( &heap.mutex ) ) return; buffer_alloc_free( ptr ); diff --git a/library/pkparse.c b/library/pkparse.c index 22dab3a..89398b7 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -475,7 +475,7 @@ static int pk_use_ecparams( const mbedtls_asn1_buf *params, mbedtls_ecp_group *g } /* - * grp may already be initilialized; if so, make sure IDs match + * grp may already be initialized; if so, make sure IDs match */ if( grp->id != MBEDTLS_ECP_DP_NONE && grp->id != grp_id ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); @@ -808,7 +808,7 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, goto cleanup; #else - /* Verify existance of the CRT params */ + /* Verify existence of the CRT params */ if( ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 || ( ret = asn1_get_nonzero_mpi( &p, end, &T ) ) != 0 ) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index fa6800b..6bb745d 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -913,7 +913,7 @@ static psa_status_t psa_get_and_lock_key_slot_with_policy( goto error; } - /* Enforce that the usage policy permits the requested algortihm. */ + /* Enforce that the usage policy permits the requested algorithm. */ if( alg != 0 ) { status = psa_key_policy_permits( &slot->attr.policy, diff --git a/library/psa_crypto_aead.h b/library/psa_crypto_aead.h index e82e1cc..17b3953 100644 --- a/library/psa_crypto_aead.h +++ b/library/psa_crypto_aead.h @@ -428,7 +428,7 @@ psa_status_t mbedtls_psa_aead_update( * preceding calls to mbedtls_psa_aead_update(). * - \p tag contains the authentication tag. * - * Whether or not this function returns successfuly, the PSA core subsequently + * Whether or not this function returns successfully, the PSA core subsequently * calls mbedtls_psa_aead_abort() to deactivate the operation. * * \param[in,out] operation Active AEAD operation. diff --git a/library/psa_crypto_hash.h b/library/psa_crypto_hash.h index 7091dc5..3bcea59 100644 --- a/library/psa_crypto_hash.h +++ b/library/psa_crypto_hash.h @@ -175,7 +175,7 @@ psa_status_t mbedtls_psa_hash_update( * This function calculates the hash of the message formed by concatenating * the inputs passed to preceding calls to mbedtls_psa_hash_update(). * - * When this function returns successfuly, the operation becomes inactive. + * When this function returns successfully, the operation becomes inactive. * If this function returns an error status, the operation enters an error * state and must be aborted by calling mbedtls_psa_hash_abort(). * diff --git a/library/rsa.c b/library/rsa.c index 497fc21..6a9e402 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -848,10 +848,10 @@ cleanup: * the more bits of the key can be recovered. See [3]. * * Collecting n collisions with m bit long blinding value requires 2^(m-m/n) - * observations on avarage. + * observations on average. * * For example with 28 byte blinding to achieve 2 collisions the adversary has - * to make 2^112 observations on avarage. + * to make 2^112 observations on average. * * (With the currently (as of 2017 April) known best algorithms breaking 2048 * bit RSA requires approximately as much time as trying out 2^112 random keys. diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 3be4b45..0f2bc60 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -62,7 +62,7 @@ /* * Cookies are formed of a 4-bytes timestamp (or serial number) and - * an HMAC of timestemp and client ID. + * an HMAC of timestamp and client ID. */ #define COOKIE_LEN ( 4 + COOKIE_HMAC_LEN ) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 083c8d2..e1ea440 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1234,7 +1234,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, add_data, add_data_len ); /* Because of the check above, we know that there are - * explicit_iv_len Bytes preceeding data, and taglen + * explicit_iv_len Bytes preceding data, and taglen * bytes following data + data_len. This justifies * the debug message and the invocation of * mbedtls_cipher_auth_decrypt_ext() below. */ @@ -2404,7 +2404,7 @@ int mbedtls_ssl_start_handshake_msg( mbedtls_ssl_context *ssl, unsigned hs_type, unsigned char **buf, size_t *buf_len ) { /* - * Reserve 4 bytes for hanshake header. ( Section 4,RFC 8446 ) + * Reserve 4 bytes for handshake header. ( Section 4,RFC 8446 ) * ... * HandshakeType msg_type; * uint24 length; diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 1c05001..e1439f0 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -37,7 +37,7 @@ #include <string.h> /* - * Initialze context + * Initialize context */ void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx ) { diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ae697b1..3e8caf6 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4017,7 +4017,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl ) } /* - * Initialze mbedtls_ssl_config + * Initialize mbedtls_ssl_config */ void mbedtls_ssl_config_init( mbedtls_ssl_config *conf ) { @@ -6614,7 +6614,7 @@ void mbedtls_ssl_handshake_wrapup_free_hs_transform( mbedtls_ssl_context *ssl ) ssl->handshake = NULL; /* - * Free the previous transform and swith in the current one + * Free the previous transform and switch in the current one */ if( ssl->transform ) { diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 095db8f..f516efa 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -2276,7 +2276,7 @@ start_processing: MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_DECODE_ERROR ); } - } /* FALLTROUGH */ + } /* FALLTHROUGH */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \ diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a1505d1..590c874 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -1261,7 +1261,7 @@ read_record_header: * Handshake layer: * 0 . 0 handshake type * 1 . 3 handshake length - * 4 . 5 DTLS only: message seqence number + * 4 . 5 DTLS only: message sequence number * 6 . 8 DTLS only: fragment offset * 9 . 11 DTLS only: fragment length */ diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c index 8ffd9a1..072c869 100644 --- a/library/ssl_tls13_keys.c +++ b/library/ssl_tls13_keys.c @@ -1110,7 +1110,7 @@ int mbedtls_ssl_tls13_populate_transform( mbedtls_ssl_transform *transform, transform->tls_version = MBEDTLS_SSL_VERSION_TLS1_3; /* We add the true record content type (1 Byte) to the plaintext and - * then pad to the configured granularity. The mimimum length of the + * then pad to the configured granularity. The minimum length of the * type-extended and padded plaintext is therefore the padding * granularity. */ transform->minlen = @@ -1425,7 +1425,7 @@ int mbedtls_ssl_tls13_generate_application_keys( hash_alg = mbedtls_psa_translate_md( handshake->ciphersuite_info->mac ); hash_len = PSA_HASH_LENGTH( hash_alg ); - /* Compute current handshake transcript. It's the caller's responsiblity + /* Compute current handshake transcript. It's the caller's responsibility * to call this at the right time, that is, after the ServerFinished. */ ret = mbedtls_ssl_get_handshake_transcript( ssl, md_type, diff --git a/programs/fuzz/README.md b/programs/fuzz/README.md index b6a4333..aaef030 100644 --- a/programs/fuzz/README.md +++ b/programs/fuzz/README.md @@ -35,10 +35,10 @@ make Finally, you can run the targets like `./test/fuzz/fuzz_client`. -Corpus generation for network trafic targets +Corpus generation for network traffic targets ------ -These targets use network trafic as inputs : +These targets use network traffic as inputs : * client : simulates a client against (fuzzed) server traffic * server : simulates a server against (fuzzed) client traffic * dtls_client @@ -48,7 +48,7 @@ They also use the last bytes as configuration options. To generate corpus for these targets, you can do the following, not fully automated steps : * Build mbedtls programs ssl_server2 and ssl_client2 -* Run them one against the other with `reproducible` option turned on while capturing trafic into test.pcap +* Run them one against the other with `reproducible` option turned on while capturing traffic into test.pcap * Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt` * Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor` * Finally, you can add the options by appending the last bytes to the file test.cor diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c index efd8dbb..730be36 100644 --- a/programs/fuzz/onefile.c +++ b/programs/fuzz/onefile.c @@ -47,7 +47,7 @@ int main(int argc, char** argv) return 2; } - //lauch fuzzer + //launch fuzzer LLVMFuzzerTestOneInput(Data, Size); free(Data); fclose(fp); diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c index 97bfe68..8f2fed8 100644 --- a/programs/ssl/mini_client.c +++ b/programs/ssl/mini_client.c @@ -37,7 +37,7 @@ * dominate memory usage in small configurations. For the sake of simplicity, * only a Unix version is implemented. * - * Warning: we are breaking some of the abtractions from the NET layer here. + * Warning: we are breaking some of the abstractions from the NET layer here. * This is not a good example for general use. This programs has the specific * goal of minimizing use of the libc functions on full-blown OSes. */ diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 2cfdde6..c678ce0 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -507,7 +507,7 @@ struct options int transport; /* TLS or DTLS? */ uint32_t hs_to_min; /* Initial value of DTLS handshake timer */ uint32_t hs_to_max; /* Max value of DTLS handshake timer */ - int dtls_mtu; /* UDP Maximum tranport unit for DTLS */ + int dtls_mtu; /* UDP Maximum transport unit for DTLS */ int fallback; /* is this a fallback connection? */ int dgram_packing; /* allow/forbid datagram packing */ int extended_ms; /* negotiate extended master secret? */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 0047cab..aca7caa 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -651,7 +651,7 @@ struct options int anti_replay; /* Use anti-replay for DTLS? -1 for default */ uint32_t hs_to_min; /* Initial value of DTLS handshake timer */ uint32_t hs_to_max; /* Max value of DTLS handshake timer */ - int dtls_mtu; /* UDP Maximum tranport unit for DTLS */ + int dtls_mtu; /* UDP Maximum transport unit for DTLS */ int dgram_packing; /* allow/forbid datagram packing */ int badmac_limit; /* Limit of records with bad MAC */ int eap_tls; /* derive EAP-TLS keying material? */ diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h index f0d0c3b..48da1bf 100644 --- a/programs/ssl/ssl_test_lib.h +++ b/programs/ssl/ssl_test_lib.h @@ -278,7 +278,7 @@ int ca_callback( void *data, mbedtls_x509_crt const *child, /* * Test recv/send functions that make sure each try returns - * WANT_READ/WANT_WRITE at least once before sucesseding + * WANT_READ/WANT_WRITE at least once before succeeding */ int delayed_recv( void *ctx, unsigned char *buf, size_t len ); int delayed_send( void *ctx, const unsigned char *buf, size_t len ); diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 6ff2eb8..efc905c 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -179,7 +179,7 @@ do { \ * * This computes the maximum length of a title +3, because we appends "/s" and * want at least one space. (If the value is too small, the only consequence - * is poor alignement.) */ + * is poor alignment.) */ #define TITLE_SPACE 17 #define MEMORY_MEASURE_INIT \ diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c index 41a90a9..971fdb4 100644 --- a/programs/test/udp_proxy.c +++ b/programs/test/udp_proxy.c @@ -1,5 +1,5 @@ /* - * UDP proxy: emulate an unreliable UDP connexion for DTLS testing + * UDP proxy: emulate an unreliable UDP connection for DTLS testing * * Copyright The Mbed TLS Contributors * SPDX-License-Identifier: Apache-2.0 diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index a44099d..d6e5561 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -63,7 +63,7 @@ int main( int argc, char** argv ) if( argc != 2 ) { - mbedtls_printf( "This program takes exactly 1 agument\n" ); + mbedtls_printf( "This program takes exactly 1 argument\n" ); usage(); mbedtls_exit( exit_code ); } diff --git a/scripts/code_size_compare.py b/scripts/code_size_compare.py index 85393d0..0ef438d 100755 --- a/scripts/code_size_compare.py +++ b/scripts/code_size_compare.py @@ -37,7 +37,7 @@ class CodeSizeComparison: """ old_revision: revision to compare against new_revision: - result_dir: directory for comparision result + result_dir: directory for comparison result """ self.repo_path = "." self.result_dir = os.path.abspath(result_dir) @@ -140,7 +140,7 @@ class CodeSizeComparison: + "-" + self.new_rev + ".csv"), "w") res_file.write("file_name, this_size, old_size, change, change %\n") - print("Generating comparision results.") + print("Generating comparison results.") old_ds = {} for line in old_file.readlines()[1:]: @@ -199,7 +199,7 @@ def main(): parser.add_argument( "-n", "--new-rev", type=str, default=None, help="new revision for comparison, default is the current work \ - directory, including uncommited changes." + directory, including uncommitted changes." ) comp_args = parser.parse_args() diff --git a/scripts/config.py b/scripts/config.py index c09212b..356b998 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -418,7 +418,7 @@ class ConfigFile(Config): value = setting.value if value is None: value = '' - # Normally the whitespace to separte the symbol name from the + # Normally the whitespace to separate the symbol name from the # value is part of middle, and there's no whitespace for a symbol # with no value. But if a symbol has been changed from having a # value to not having one, the whitespace is wrong, so fix it. diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py index 4be6fd6..1dc75c8 100755 --- a/scripts/generate_ssl_debug_helpers.py +++ b/scripts/generate_ssl_debug_helpers.py @@ -53,7 +53,7 @@ def preprocess_c_source_code(source, *classes): """ Simple preprocessor for C source code. - Only processses condition directives without expanding them. + Only processes condition directives without expanding them. Yield object according to the classes input. Most match firstly If the directive pair does not match , raise CondDirectiveNotMatch. diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt index d07241a..84c775f 100644 --- a/tests/data_files/Readme-x509.txt +++ b/tests/data_files/Readme-x509.txt @@ -89,8 +89,8 @@ List of certificates: _int-ca.crt: S7 + I1 _int-ca_ca2.crt: S7 + I1 + 2 _all_space.crt: S7 + I1 both with misplaced spaces (invalid PEM) - _pem_space.crt: S7 with misplace space (invalid PEM) + I1 - _trailing_space.crt: S7 + I1 both with trainling space (valid PEM) + _pem_space.crt: S7 with misplaced space (invalid PEM) + I1 + _trailing_space.crt: S7 + I1 both with trailing space (valid PEM) _spurious_int-ca.crt: S7 + I2(spurious) + I1 - server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2) - server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS diff --git a/tests/data_files/base64/def_b64_too_big_1.txt b/tests/data_files/base64/def_b64_too_big_1.txt index 0fe8a18..47be05c 100644 --- a/tests/data_files/base64/def_b64_too_big_1.txt +++ b/tests/data_files/base64/def_b64_too_big_1.txt @@ -1,2 +1,2 @@ -// Context with added '1234' at the begining to simulate too much data in the base64 code +// Context with added '1234' at the beginning to simulate too much data in the base64 code 1234AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 9fa4d28..29a6201 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -259,7 +259,7 @@ General options: --no-force Refuse to overwrite modified files (default). --no-keep-going Stop at the first error (default). --no-memory No additional memory tests (default). - --no-quiet Print full ouput from components. + --no-quiet Print full output from components. --out-of-source-dir=<path> Directory used for CMake out-of-source build tests. --outcome-file=<path> File where test outcomes are written (not done if empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py index 8857e00..a0f5e1f 100755 --- a/tests/scripts/check_files.py +++ b/tests/scripts/check_files.py @@ -187,7 +187,7 @@ class ShebangIssueTracker(FileIssueTracker): # Allow either /bin/sh, /bin/bash, or /usr/bin/env. # Allow at most one argument (this is a Linux limitation). # For sh and bash, the argument if present must be options. - # For env, the argument must be the base name of the interpeter. + # For env, the argument must be the base name of the interpreter. _shebang_re = re.compile(rb'^#! ?(?:/bin/(bash|sh)(?: -[^\n ]*)?' rb'|/usr/bin/env ([^\n /]+))$') _extensions = { diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py index 8bb4923..96117a2 100755 --- a/tests/scripts/check_names.py +++ b/tests/scripts/check_names.py @@ -813,7 +813,7 @@ class NameChecker(): def check_for_typos(self): """ - Perform a check that all words in the soure code beginning with MBED are + Perform a check that all words in the source code beginning with MBED are either defined as macros, or as enum constants. Assumes parse_names_in_source() was called before this. diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index cd17066..20612da 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -46,12 +46,12 @@ my $config_h = 'include/mbedtls/mbedtls_config.h'; # as many SSL options depend on specific hashes, # and SSL is not in the test suites anyways, -# disable it to avoid dependcies issues +# disable it to avoid dependencies issues my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p'; my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` ); # Each element of this array holds list of configuration options that -# should be tested together. Certain options depend on eachother and +# should be tested together. Certain options depend on each other and # separating them would generate invalid configurations. my @hash_configs = ( ['unset MBEDTLS_MD5_C'], diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index ea00290..6287718 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -831,7 +831,7 @@ class StorageFormatV0(StorageFormat): def gather_key_types_for_sign_alg(self) -> Dict[str, List[str]]: # pylint: disable=too-many-locals """Match possible key types for sign algorithms.""" - # To create a valid combinaton both the algorithms and key types + # To create a valid combination both the algorithms and key types # must be filtered. Pair them with keywords created from its names. incompatible_alg_keyword = frozenset(['RAW', 'ANY', 'PURE']) incompatible_key_type_keywords = frozenset(['MONTGOMERY']) @@ -855,7 +855,7 @@ class StorageFormatV0(StorageFormat): if re.match(pattern, keyword): alg_keywords.remove(keyword) alg_keywords.add(replace) - # Filter out incompatible algortihms + # Filter out incompatible algorithms if not alg_keywords.isdisjoint(incompatible_alg_keyword): continue @@ -863,7 +863,7 @@ class StorageFormatV0(StorageFormat): # Generate keywords from the of the key type key_type_keywords = set(key_type.translate(translation_table).split(sep='_')[3:]) - # Remove ambigious keywords + # Remove ambiguous keywords for keyword1, keyword2 in exclusive_keywords.items(): if keyword1 in key_type_keywords: key_type_keywords.remove(keyword2) @@ -880,7 +880,7 @@ class StorageFormatV0(StorageFormat): """Generate test keys for usage flag extensions.""" # Generate a key type and algorithm pair for each extendable usage # flag to generate a valid key for exercising. The key is generated - # without usage extension to check the extension compatiblity. + # without usage extension to check the extension compatibility. alg_with_keys = self.gather_key_types_for_sign_alg() for usage in sorted(StorageKey.IMPLICIT_USAGE_FLAGS, key=str): diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl index e4b2d94..2a7dba5 100755 --- a/tests/scripts/recursion.pl +++ b/tests/scripts/recursion.pl @@ -4,7 +4,7 @@ # (Multiple recursion where a() calls b() which calls a() not covered.) # # When the recursion depth might depend on data controlled by the attacker in -# an unbounded way, those functions should use interation instead. +# an unbounded way, those functions should use iteration instead. # # Typical usage: scripts/recursion.pl library/*.c # diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 3e7a9a6..55529c8 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -1,5 +1,5 @@ #!/usr/bin/env python3 -"""Run the PSA Cryto API compliance test suite. +"""Run the PSA Crypto API compliance test suite. Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF, then complie and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests. Known defects in either the test suite or mbedtls - identified by their test number - are ignored, diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 9576afd..d1650f1 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -221,7 +221,7 @@ static int exercise_cipher_key( mbedtls_svc_key_id_t key, sizeof( decrypted ) - part_length, &part_length ); /* For a stream cipher, all inputs are valid. For a block cipher, - * if the input is some aribtrary data rather than an actual + * if the input is some arbitrary data rather than an actual ciphertext, a padding error is likely. */ if( maybe_invalid_padding ) TEST_ASSERT( status == PSA_SUCCESS || @@ -929,7 +929,7 @@ int mbedtls_test_psa_exercise_key( mbedtls_svc_key_id_t key, return( 0 ); if( alg == 0 ) - ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */ + ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */ else if( PSA_ALG_IS_MAC( alg ) ) ok = exercise_mac_key( key, usage, alg ); else if( PSA_ALG_IS_CIPHER( alg ) ) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index c9ec7b1..019b020 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4580,7 +4580,7 @@ run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ -C "error" \ -s "Extra-header:" -# Test for the "secure renegotation" extension only (no actual renegotiation) +# Test for the "secure renegotiation" extension only (no actual renegotiation) requires_gnutls requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 @@ -5317,7 +5317,7 @@ run_test "Authentication, CA callback: client max_int chain, server required" -s "use CA callback for X.509 CRT verification" \ -S "X509 - A fatal error occurred" -# Tests for certificate selection based on SHA verson +# Tests for certificate selection based on SHA version requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ @@ -9068,7 +9068,7 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ # certificate obtained from the server. Here, however, it # connects to 127.0.0.1 while our test certificates use 'localhost' # as the server name in the certificate. This will make the -# certifiate validation fail, but passing --insecure makes +# certificate validation fail, but passing --insecure makes # GnuTLS continue the connection nonetheless. requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 17926eb..b9ea3d6 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -519,7 +519,7 @@ int execute_tests( int argc , const char ** argv ) FILE *file; char buf[5000]; char *params[50]; - /* Store for proccessed integer params. */ + /* Store for processed integer params. */ int32_t int_params[50]; void *pointer; #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 0426324..ad7c773 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -1,7 +1,7 @@ /* BEGIN_HEADER */ #include "mbedtls/aria.h" -/* Maxium size of data used by test vectors +/* Maximum size of data used by test vectors * WARNING: to be adapted if and when adding larger test cases */ #define ARIA_MAX_DATASIZE 160 diff --git a/tests/suites/test_suite_ecjpake.data b/tests/suites/test_suite_ecjpake.data index fe14f88..73808c9 100644 --- a/tests/suites/test_suite_ecjpake.data +++ b/tests/suites/test_suite_ecjpake.data @@ -49,7 +49,7 @@ read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779 ECJPAKE round one: KKP1: no second point data read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA -ECJPAKE round one: KKP1: unknow second point format +ECJPAKE round one: KKP1: unknown second point format read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ECJPAKE round one: KKP1: nothing after second point @@ -97,7 +97,7 @@ read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5 ECJPAKE round one: KKP2: no second point data read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA -ECJPAKE round one: KKP2: unknow second point format +ECJPAKE round one: KKP2: unknown second point format read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE ECJPAKE round one: KKP2: nothing after second point @@ -190,7 +190,7 @@ read_round_two_srv:"410469d54ee85e90ce3f1246742de507e939e81d1dc1c5cb988b58c310c9 ECJPAKE round two server: no data read_round_two_srv:"":MBEDTLS_ERR_ECP_BAD_INPUT_DATA -ECJPAKE round two server: length of forst point too small +ECJPAKE round two server: length of first point too small read_round_two_srv:"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA ECJPAKE round two server: length of first point too big diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 2deb92a..602afa4 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -21,7 +21,7 @@ void mbedtls_md_process( ) /* * Very minimal testing of mbedtls_md_process, just make sure the various * xxx_process_wrap() function pointers are valid. (Testing that they - * indeed do the right thing whould require messing with the internal + * indeed do the right thing would require messing with the internal * state of the underlying mbedtls_md/sha context.) * * Also tests that mbedtls_md_list() only returns valid MDs. diff --git a/tests/suites/test_suite_net.function b/tests/suites/test_suite_net.function index 513b723..08d48b3 100644 --- a/tests/suites/test_suite_net.function +++ b/tests/suites/test_suite_net.function @@ -28,7 +28,7 @@ * On success, it refers to the opened file (\p wanted_fd). * \param wanted_fd The desired file descriptor. * - * \return \c 0 on succes, a negative error code on error. + * \return \c 0 on success, a negative error code on error. */ static int open_file_on_fd( mbedtls_net_context *ctx, int wanted_fd ) { diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 2d69d1b..91fbb2c 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -1080,7 +1080,7 @@ void pk_rsa_alt( ) memset( ciph, 0, sizeof ciph ); memset( test, 0, sizeof test ); - /* Initiliaze PK RSA context with random key */ + /* Initialize PK RSA context with random key */ TEST_ASSERT( mbedtls_pk_setup( &rsa, mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 ); TEST_ASSERT( pk_genkey( &rsa, RSA_KEY_SIZE ) == 0 ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 14343aa..513e7a6 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -2259,7 +2259,7 @@ PSA symmetric decrypt: AES-CBC-nopad, input too short (5 bytes) depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT -PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes) +PSA symmetric decrypt: CCM*-no-tag, input too short (15 bytes) depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:MBEDTLS_AES_C cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index 6cd6bee..8dd8e39 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -834,7 +834,7 @@ void import_large_key( int type_arg, int byte_size_arg, size_t n; /* Skip the test case if the target running the test cannot - * accomodate large keys due to heap size constraints */ + * accommodate large keys due to heap size constraints */ ASSERT_ALLOC_WEAK( buffer, buffer_size ); memset( buffer, 'K', byte_size ); @@ -1198,7 +1198,7 @@ void key_attributes_init( ) /* Test each valid way of initializing the object, except for `= {0}`, as * Clang 5 complains when `-Wmissing-field-initializers` is used, even * though it's OK by the C standard. We could test for this, but we'd need - * to supress the Clang warning for the test. */ + * to suppress the Clang warning for the test. */ psa_key_attributes_t func = psa_key_attributes_init( ); psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t zero; @@ -1989,7 +1989,7 @@ void hash_operation_init( ) /* Test each valid way of initializing the object, except for `= {0}`, as * Clang 5 complains when `-Wmissing-field-initializers` is used, even * though it's OK by the C standard. We could test for this, but we'd need - * to supress the Clang warning for the test. */ + * to suppress the Clang warning for the test. */ psa_hash_operation_t func = psa_hash_operation_init( ); psa_hash_operation_t init = PSA_HASH_OPERATION_INIT; psa_hash_operation_t zero; @@ -2518,7 +2518,7 @@ void mac_operation_init( ) /* Test each valid way of initializing the object, except for `= {0}`, as * Clang 5 complains when `-Wmissing-field-initializers` is used, even * though it's OK by the C standard. We could test for this, but we'd need - * to supress the Clang warning for the test. */ + * to suppress the Clang warning for the test. */ psa_mac_operation_t func = psa_mac_operation_init( ); psa_mac_operation_t init = PSA_MAC_OPERATION_INIT; psa_mac_operation_t zero; @@ -2941,7 +2941,7 @@ void cipher_operation_init( ) /* Test each valid way of initializing the object, except for `= {0}`, as * Clang 5 complains when `-Wmissing-field-initializers` is used, even * though it's OK by the C standard. We could test for this, but we'd need - * to supress the Clang warning for the test. */ + * to suppress the Clang warning for the test. */ psa_cipher_operation_t func = psa_cipher_operation_init( ); psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT; psa_cipher_operation_t zero; @@ -5964,7 +5964,7 @@ void sign_hash_deterministic( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); - /* Allocate a buffer which has the size advertized by the + /* Allocate a buffer which has the size advertised by the * library. */ signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); @@ -6063,7 +6063,7 @@ void sign_verify_hash( int key_type_arg, data_t *key_data, PSA_ASSERT( psa_get_key_attributes( key, &attributes ) ); key_bits = psa_get_key_bits( &attributes ); - /* Allocate a buffer which has the size advertized by the + /* Allocate a buffer which has the size advertised by the * library. */ signature_size = PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ); @@ -6697,7 +6697,7 @@ void key_derivation_init( ) /* Test each valid way of initializing the object, except for `= {0}`, as * Clang 5 complains when `-Wmissing-field-initializers` is used, even * though it's OK by the C standard. We could test for this, but we'd need - * to supress the Clang warning for the test. */ + * to suppress the Clang warning for the test. */ size_t capacity; psa_key_derivation_operation_t func = psa_key_derivation_operation_init( ); psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT; @@ -7617,7 +7617,7 @@ void key_agreement_capacity( int alg_arg, NULL, 0 ) ); } - /* Test the advertized capacity. */ + /* Test the advertised capacity. */ PSA_ASSERT( psa_key_derivation_get_capacity( &operation, &actual_capacity ) ); TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg ); diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index a5ea840..128352b 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -995,7 +995,7 @@ void cipher_entry_points( int alg_arg, int key_type_arg, /* * Test encrypt failure * First test that if we don't force a driver error, encryption is - * successfull, then force driver error. + * successful, then force driver error. */ status = psa_cipher_encrypt( key, alg, input->x, input->len, diff --git a/tests/suites/test_suite_psa_crypto_entropy.data b/tests/suites/test_suite_psa_crypto_entropy.data index 49d3f69..322363d 100644 --- a/tests/suites/test_suite_psa_crypto_entropy.data +++ b/tests/suites/test_suite_psa_crypto_entropy.data @@ -7,7 +7,7 @@ external_rng_failure_generate: # randomization for (e.g.) blinding. An external implementation could use # its own randomness source which is not affected by the forced failure of # the RNG driver. -# Key types and non-randomized auxilary algorithms (in practice, hashes) can +# Key types and non-randomized auxiliary algorithms (in practice, hashes) can # use an external implementation. PSA external RNG failure: randomized ECDSA depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256 diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index aa3ce28..d577663 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -325,7 +325,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int owner_id_arg, int id_arg, case INVALIDATE_BY_DESTROYING: case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN: /* - * Test that the key handle and identifier are now not refering to an + * Test that the key handle and identifier are now not referring to an * existing key. */ TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ), diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 848a497..16b23d9 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -10,7 +10,7 @@ test_multiple_psks_opaque:1 Attempt to register multiple PSKs, incl. opaque PSK, #2 test_multiple_psks_opaque:2 -Test calback buffer sanity +Test callback buffer sanity test_callback_buffer_sanity: Callback buffer test: Exercise simple write/read @@ -624,7 +624,7 @@ ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12350000":0 SSL DTLS replay: delayed ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0 -SSL DTLS replay: lastest replayed +SSL DTLS replay: latest replayed ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1 SSL DTLS replay: older replayed diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 35f1638..2685e6a 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2229,7 +2229,7 @@ void perform_handshake( handshake_test_options* options ) /* After calling mbedtls_ssl_renegotiate for the client all renegotiation * should happen inside this function. However in this test, we cannot - * perform simultaneous communication betwen client and server so this + * perform simultaneous communication between client and server so this * function will return waiting error on the socket. All rest of * renegotiation should happen during data exchanging */ ret = mbedtls_ssl_renegotiate( &(client.ssl) ); @@ -2321,7 +2321,7 @@ void test_callback_buffer_sanity() TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 ); /* Make sure calling put and get on a buffer that hasn't been set up results - * in eror. */ + * in error. */ mbedtls_test_buffer_init( &buf ); TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 ); diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 0ce4a2e..da12382 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,4 +1,4 @@ -Check compiletime library version +Check compile time library version check_compiletime_version:"3.1.0" Check runtime library version |