hx509: Fix code spelling

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

lib/hx509/cert.c

@@ -237,13 +237,13 @@ hx509_set_warn_dest(hx509_context context, heim_log_facility *fac)
 
 /**
  * Selects if the hx509_revoke_verify() function is going to require
- * the existans of a revokation method (OCSP, CRL) or not. Note that
- * hx509_verify_path(), hx509_cms_verify_signed(), and other function
+ * the existence of a revocation method (OCSP, CRL) or not. Note that
+ * hx509_verify_path(), hx509_cms_verify_signed(), and other functions
  * call hx509_revoke_verify().
  *
  * @param context hx509 context to change the flag for.
- * @param flag zero, revokation method required, non zero missing
- * revokation method ok
+ * @param flag zero, revocation method required, non zero missing
+ * revocation method ok
  *
  * @ingroup hx509_verify
  */
@@ -555,7 +555,7 @@ hx509_cert_ref(hx509_cert cert)
 }
 
 /**
- * Allocate an verification context that is used fo control the
+ * Allocate an verification context that is used to control the
  * verification process.
  *
  * @param context A hx509 context.
@@ -2436,7 +2436,7 @@ hx509_verify_path(hx509_context context,
 
 		/*
 		 * The subject name of the proxy certificate should be
-		 * CN=XXX,<proxy issuer>, prune of CN and check if its
+		 * CN=XXX,<proxy issuer>. Prune off CN and check if it's
 		 * the same over the whole chain of proxy certs and
 		 * then check with the EE cert when we get to it.
 		 */
@@ -2496,7 +2496,7 @@ hx509_verify_path(hx509_context context,
 	    } else {
 		/*
 		 * Now we are done with the proxy certificates, this
-		 * cert was an EE cert and we we will fall though to
+		 * cert was an EE cert and we will fall though to
 		 * EE checking below.
 		 */
 		type = EE_CERT;
@@ -2505,9 +2505,9 @@ hx509_verify_path(hx509_context context,
         HEIM_FALLTHROUGH;
 	case EE_CERT:
 	    /*
-	     * If there where any proxy certificates in the chain
+	     * If there were any proxy certificates in the chain
 	     * (proxy_cert_depth > 0), check that the proxy issuer
-	     * matched proxy certificates "base" subject.
+	     * matched the proxy certificate's "base" subject.
 	     */
 	    if (proxy_cert_depth) {
 
@@ -2598,7 +2598,7 @@ hx509_verify_path(hx509_context context,
     }
 
     /*
-     * Verify that no certificates has been revoked.
+     * Verify that no certificates have been revoked.
      */
 
     if (ctx->revoke_ctx) {
@@ -2681,7 +2681,7 @@ hx509_verify_path(hx509_context context,
 	    goto out;
 	}
 	/*
-	 * Verify that the sigature algorithm is not weak. Ignore
+	 * Verify that the signature algorithm is not weak. Ignore
 	 * trust anchors since they are provisioned by the user.
 	 */
 
@@ -2708,7 +2708,7 @@ out:
  * @param signer the certificate that made the signature.
  * @param alg algorthm that was used to sign the data.
  * @param data the data that was signed.
- * @param sig the sigature to verify.
+ * @param sig the signature to verify.
  *
  * @return An hx509 error code, see hx509_get_error_string().
  *

lib/hx509/cms.c

@@ -117,8 +117,8 @@ hx509_cms_wrap_ContentInfo(const heim_oid *oid,
  * @param in the encoded buffer.
  * @param oid type of the content.
  * @param out data to be wrapped.
- * @param have_data since the data is optional, this flags show dthe
- * diffrence between no data and the zero length data.
+ * @param have_data since the data is optional, this flag shows the
+ * difference between no data and the zero length data.
  *
  * @return Returns an hx509 error code.
  *
@@ -328,7 +328,7 @@ find_CMSIdentifier(hx509_context context,
 /**
  * Decode and unencrypt EnvelopedData.
  *
- * Extract data and parameteres from from the EnvelopedData. Also
+ * Extract data and parameters from the EnvelopedData. Also
  * supports using detached EnvelopedData.
  *
  * @param context A hx509 context.
@@ -339,7 +339,7 @@ find_CMSIdentifier(hx509_context context,
  * EnvelopedData stucture.
  * @param length length of the data that data point to.
  * @param encryptedContent in case of detached signature, this
- * contains the actual encrypted data, othersize its should be NULL.
+ * contains the actual encrypted data, otherwise it should be NULL.
  * @param time_now set the current time, if zero the library uses now as the date.
  * @param contentType output type oid, should be freed with der_free_oid().
  * @param content the data, free with der_free_octet_string().
@@ -434,7 +434,7 @@ hx509_cms_unenvelope(hx509_context context,
 
 	hx509_cert_free(cert);
 	if (ret == 0)
-	    break; /* succuessfully decrypted cert */
+	    break; /* successfully decrypted cert */
 	cert = NULL;
 	ret2 = unparse_CMSIdentifier(context, &ri->rid, &str);
 	if (ret2 == 0) {
@@ -528,17 +528,17 @@ out:
 }
 
 /**
- * Encrypt end encode EnvelopedData.
+ * Encrypt and encode EnvelopedData.
  *
  * Encrypt and encode EnvelopedData. The data is encrypted with a
  * random key and the the random key is encrypted with the
- * certificates private key. This limits what private key type can be
+ * certificate's private key. This limits what private key type can be
  * used to RSA.
  *
  * @param context A hx509 context.
  * @param flags flags to control the behavior.
  *    - HX509_CMS_EV_NO_KU_CHECK - Don't check KU on certificate
- *    - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
+ *    - HX509_CMS_EV_ALLOW_WEAK - Allow weak crypto
  *    - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
  * @param cert Certificate to encrypt the EnvelopedData encryption key
  * with.
@@ -770,12 +770,12 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid)
  *
  * @param context A hx509 context.
  * @param ctx a hx509 verify context.
- * @param flags to control the behaivor of the function.
+ * @param flags to control the behavior of the function.
  *    - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage
  *    - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
  *    - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
  * @param data pointer to CMS SignedData encoded data.
- * @param length length of the data that data point to.
+ * @param length length of the data that data points to.
  * @param signedContent external data used for signature.
  * @param pool certificate pool to build certificates paths.
  * @param contentType free with der_free_oid().
@@ -826,7 +826,7 @@ hx509_cms_verify_signed(hx509_context context,
  *    - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
  *    - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
  * @param data pointer to CMS SignedData encoded data.
- * @param length length of the data that data point to.
+ * @param length length of the data that data points to.
  * @param signedContent external data used for signature.
  * @param pool certificate pool to build certificates paths.
  * @param contentType free with der_free_oid().
@@ -969,7 +969,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
 	    sa.val = signer_info->signedAttrs->val;
 	    sa.len = signer_info->signedAttrs->len;
 
-	    /* verify that sigature exists */
+	    /* verify that signature exists */
 	    attr = find_attribute(&sa, &asn1_oid_id_pkcs9_messageDigest);
 	    if (attr == NULL) {
 		ret = HX509_CRYPTO_SIGNATURE_MISSING;
@@ -1114,10 +1114,10 @@ hx509_cms_verify_signed_ext(hx509_context context,
     }
     /**
      * If HX509_CMS_VS_ALLOW_ZERO_SIGNER is set, allow empty
-     * SignerInfo (no signatures). If SignedData have no signatures,
+     * SignerInfo (no signatures). If SignedData has no signatures,
      * the function will return 0 with signer_certs set to NULL. Zero
-     * signers is allowed by the standard, but since its only useful
-     * in corner cases, it make into a flag that the caller have to
+     * signers is allowed by the standard, but since it's only useful
+     * in corner cases, it's made into a flag that the caller has to
      * turn on.
      */
     if (sd.signerInfos.len == 0 && (flags & HX509_CMS_VS_ALLOW_ZERO_SIGNER)) {
@@ -1193,10 +1193,10 @@ add_one_attribute(Attribute **attr,
  * @param flags
  * @param eContentType the type of the data.
  * @param data data to sign
- * @param length length of the data that data point to.
+ * @param length length of the data that data points to.
  * @param digest_alg digest algorithm to use, use NULL to get the
  * default or the peer determined algorithm.
- * @param cert certificate to use for sign the data.
+ * @param cert certificate to use for signing the data.
  * @param peer info about the peer the message to send the message to,
  * like what digest algorithm to use.
  * @param anchors trust anchors that the client will use, used to

lib/hx509/revoke.c

@@ -81,10 +81,10 @@ struct hx509_revoke_ctx_data {
 };
 
 /**
- * Allocate a revokation context. Free with hx509_revoke_free().
+ * Allocate a revocation context. Free with hx509_revoke_free().
  *
  * @param context A hx509 context.
- * @param ctx returns a newly allocated revokation context.
+ * @param ctx returns a newly allocated revocation context.
  *
  * @return An hx509 error code, see hx509_get_error_string().
  *
@@ -130,7 +130,7 @@ free_ocsp(struct revoke_ocsp *ocsp)
 }
 
 /**
- * Free a hx509 revokation context.
+ * Free a hx509 revocation context.
  *
  * @param ctx context to be freed
  *
@@ -208,8 +208,8 @@ verify_ocsp(hx509_context context,
 	goto out;
 
     /*
-     * If signer certificate isn't the CA certificate, lets check the
-     * it is the CA that signed the signer certificate and the OCSP EKU
+     * If signer certificate isn't the CA certificate, let's check that
+     * it is the CA that signed the signer certificate and that the OCSP EKU
      * is set.
      */
     if (hx509_cert_cmp(signer, parent) != 0) {
@@ -390,10 +390,10 @@ load_ocsp(hx509_context context, struct revoke_ocsp *ocsp)
 }
 
 /**
- * Add a OCSP file to the revokation context.
+ * Add a OCSP file to the revocation context.
  *
  * @param context hx509 context
- * @param ctx hx509 revokation context
+ * @param ctx hx509 revocation context
  * @param path path to file that is going to be added to the context.
  *
  * @return An hx509 error code, see hx509_get_error_string().
@@ -525,7 +525,7 @@ verify_crl(hx509_context context,
     /*
      * If signer is not CA cert, need to check revoke status of this
      * CRL signing cert too, this include all parent CRL signer cert
-     * up to the root *sigh*, assume root at least hve CERTSIGN flag
+     * up to the root *sigh*, assume root at least has CERTSIGN flag
      * set.
      */
     while (_hx509_check_key_usage(context, signer, 1 << 5, TRUE)) {
@@ -626,10 +626,10 @@ load_crl(hx509_context context, const char *path, time_t *t, CRLCertificateList
 }
 
 /**
- * Add a CRL file to the revokation context.
+ * Add a CRL file to the revocation context.
  *
  * @param context hx509 context
- * @param ctx hx509 revokation context
+ * @param ctx hx509 revocation context
  * @param path path to file that is going to be added to the context.
  *
  * @return An hx509 error code, see hx509_get_error_string().
@@ -691,12 +691,12 @@ hx509_revoke_add_crl(hx509_context context,
 }
 
 /**
- * Check that a certificate is not expired according to a revokation
- * context. Also need the parent certificte to the check OCSP
+ * Check that a certificate is not expired according to a revocation
+ * context. Also need the parent certificate to check the OCSP
  * parent identifier.
  *
  * @param context hx509 context
- * @param ctx hx509 revokation context
+ * @param ctx hx509 revocation context
  * @param certs
  * @param now
  * @param cert
@@ -726,7 +726,7 @@ hx509_revoke_verify(hx509_context context,
 	struct revoke_ocsp *ocsp = &ctx->ocsps.val[i];
 	struct stat sb;
 
-	/* check this ocsp apply to this cert */
+	/* check if this ocsp applies to this cert */
 
 	/* check if there is a newer version of the file */
 	ret = stat(ocsp->path, &sb);