Fix additional misspellings found by codespell

Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

docs/architecture/psa-migration/psa-limitations.md

@@ -84,7 +84,7 @@ the hash algorithm potentially used to hash the message being signed:
   - most commonly MGF1, which in turn is parametrized by a hash algorithm
 - a salt length
 - a trailer field - the value is fixed to 0xBC by PKCS#1 v2.1, but was left
-  configurable in the original scheme; 0xBC is used everywhere in pratice.
+  configurable in the original scheme; 0xBC is used everywhere in practice.
 
 Both the existing `mbedtls_` API and the PSA API support only MGF1 as the
 generation function (and only 0xBC as the trailer field), but there are
@@ -317,7 +317,7 @@ strong security arguments, so it's unclear whether it would be accepted.
 HKDF: Expand not exposed on its own (TLS 1.3)
 ---------------------------------------------
 
-The HKDF function uses and Extract-then-Expand approch, that is:
+The HKDF function uses and Extract-then-Expand approach, that is:
 
         HKDF(x, ...) = HKDF-Expand(HKDF-Extract(x, ...), ...)
 

include/mbedtls/asn1.h

@@ -228,7 +228,7 @@ mbedtls_asn1_named_data;
  * \return      0 if successful.
  * \return      #MBEDTLS_ERR_ASN1_OUT_OF_DATA if the ASN.1 element
  *              would end beyond \p end.
- * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
+ * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparsable.
  */
 int mbedtls_asn1_get_len( unsigned char **p,
                           const unsigned char *end,

include/mbedtls/check_config.h

@@ -150,7 +150,7 @@
 #endif
 
 #if defined(MBEDTLS_PKCS5_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_PKCS5_C defined, but not all prerequesites"
+#error "MBEDTLS_PKCS5_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PKCS12_C) && !defined(MBEDTLS_MD_C)

include/mbedtls/mbedtls_config.h

@@ -1576,7 +1576,7 @@
  * unless you know for sure amplification cannot be a problem in the
  * environment in which your server operates.
  *
- * \warning Disabling this can ba a security risk! (see above)
+ * \warning Disabling this can be a security risk! (see above)
  *
  * Requires: MBEDTLS_SSL_PROTO_DTLS
  *

include/mbedtls/ssl.h

@@ -2735,7 +2735,7 @@ void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
  *                 ones going through the authentication-decryption phase.
  *
  * \note           This is a security trade-off related to the fact that it's
- *                 often relatively easy for an active attacker ot inject UDP
+ *                 often relatively easy for an active attacker to inject UDP
  *                 datagrams. On one hand, setting a low limit here makes it
  *                 easier for such an attacker to forcibly terminated a
  *                 connection. On the other hand, a high limit or no limit

include/psa/crypto.h

@@ -3783,7 +3783,7 @@ psa_status_t psa_key_derivation_output_key(
  *
  * \param[in,out] operation The key derivation operation object to read from.
  * \param[in] expected_output Buffer containing the expected derivation output.
- * \param output_length     Length ot the expected output; this is also the
+ * \param output_length     Length of the expected output; this is also the
  *                          number of bytes that will be read.
  *
  * \retval #PSA_SUCCESS

library/psa_crypto.c

@@ -4810,7 +4810,7 @@ static psa_status_t psa_generate_derived_ecc_key_weierstrass_helper(
 
         /* 4. If k > N - 2, discard the result and return to step 1.
         *    Result of comparison is returned. When it indicates error
-        *    then this fuction is called again.
+        *    then this function is called again.
         */
         MBEDTLS_MPI_CHK( mbedtls_mpi_lt_mpi_ct( &diff_N_2, &k, &key_out_of_range ) );
     }

library/ssl_misc.h

@@ -1854,7 +1854,7 @@ static inline int mbedtls_ssl_tls12_named_group_is_ecdhe( uint16_t named_group )
             named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1   ||
             named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1   ||
             named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448      ||
-            /* Below deprected curves should be removed with notice to users */
+            /* Below deprecated curves should be removed with notice to users */
             named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
             named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
             named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
@@ -2167,7 +2167,7 @@ static inline int mbedtls_ssl_sig_alg_is_supported(
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 /* Corresponding PSA algorithm for MBEDTLS_CIPHER_NULL.
- * Same value is used fo PSA_ALG_CATEGORY_CIPHER, hence it is
+ * Same value is used for PSA_ALG_CATEGORY_CIPHER, hence it is
  * guaranteed to not be a valid PSA algorithm identifier.
  */
 #define MBEDTLS_SSL_NULL_CIPHER 0x04000000

library/ssl_tls.c

@@ -2918,7 +2918,7 @@ static int ssl_prepare_handshake_step( mbedtls_ssl_context *ssl )
      * In the case of TLS 1.3, handshake step handlers do not send data to the
      * peer. Data are only sent here and through
      * `mbedtls_ssl_handle_pending_alert` in case an error that triggered an
-     * alert occured.
+     * alert occurred.
      */
     if( ( ret = mbedtls_ssl_flush_output( ssl ) ) != 0 )
         return( ret );

library/ssl_tls13_generic.c

@@ -982,7 +982,7 @@ static int ssl_tls13_get_sig_alg_from_pk( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_RSA_C */
         default:
             MBEDTLS_SSL_DEBUG_MSG( 1,
-                                   ( "unkown signature type : %u", sig ) );
+                                   ( "unknown signature type : %u", sig ) );
             break;
     }
     return( -1 );

programs/psa/aead_demo.c

@@ -156,7 +156,7 @@ static psa_status_t aead_prepare( const char *info,
         return( PSA_ERROR_INVALID_ARGUMENT );
     }
 
-    /* Prepare key attibutes */
+    /* Prepare key attributes */
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_ENCRYPT );
     psa_set_key_algorithm( &attributes, *alg );

scripts/generate_driver_wrappers.py

@@ -1,7 +1,7 @@
 #!/usr/bin/env python3
 """Generate library/psa_crypto_driver_wrappers.c
 
-   This module is invoked by the build sripts to auto generate the
+   This module is invoked by the build scripts to auto generate the
    psa_crypto_driver_wrappers.c based on template files in
    script/data_files/driver_templates/.
 """

scripts/generate_ssl_debug_helpers.py

@@ -289,7 +289,7 @@ class SignatureAlgorithmDefinition:
             {translation_table}
                 }};
 
-                return "UNKOWN";
+                return "UNKNOWN";
             }}''')
         body = body.format(translation_table='\n'.join(translation_table))
         return body

tests/scripts/generate_psa_tests.py

@@ -923,7 +923,7 @@ class TestGenerator:
         filename = self.filename_for(basename)
         test_case.write_data_file(filename, test_cases)
 
-    # Note that targets whose name containns 'test_format' have their content
+    # Note that targets whose name contains 'test_format' have their content
     # validated by `abi_check.py`.
     TARGETS = {
         'test_suite_psa_crypto_generate_key.generated':

tests/ssl-opt.sh

@@ -10839,7 +10839,7 @@ run_test    "TLS 1.3: Client authentication, client alg not in server list - ope
             -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
             -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
             -c "signature algorithm not in received or offered list." \
-            -C "unkown pk type"
+            -C "unknown pk type"
 
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
@@ -10857,7 +10857,7 @@ run_test    "TLS 1.3: Client authentication, client alg not in server list - gnu
             -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
             -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
             -c "signature algorithm not in received or offered list." \
-            -C "unkown pk type"
+            -C "unknown pk type"
 
 # Test using an opaque private key for client authentication
 requires_openssl_tls1_3

tests/suites/test_suite_ecdh.function

@@ -262,7 +262,7 @@ void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z,
     rnd_info_B.buf = dB->x;
     rnd_info_B.length = dB->len;
 
-    /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure
+    /* The ECDH context is not guaranteed to have an mbedtls_ecp_group structure
      * in every configuration, therefore we load it separately. */
     TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
 

tests/suites/test_suite_pk.function

@@ -168,12 +168,12 @@ void pk_psa_utils( int key_is_rsa )
 
     if( key_is_rsa )
     {
-        bitlen = 1024; /* harcoded in genkey() */
+        bitlen = 1024; /* hardcoded in genkey() */
         key = pk_psa_genkey_rsa();
     }
     else
     {
-        bitlen = 256; /* harcoded in genkey() */
+        bitlen = 256; /* hardcoded in genkey() */
         key = pk_psa_genkey_ecc();
     }
     if( mbedtls_svc_key_id_is_null( key ) )