Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.

Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt
index d07241a..84c775f 100644
--- a/tests/data_files/Readme-x509.txt
+++ b/tests/data_files/Readme-x509.txt
@@ -89,8 +89,8 @@
     _int-ca.crt: S7 + I1
     _int-ca_ca2.crt: S7 + I1 + 2
     _all_space.crt: S7 + I1 both with misplaced spaces (invalid PEM)
-    _pem_space.crt: S7 with misplace space (invalid PEM) + I1
-    _trailing_space.crt: S7 + I1 both with trainling space (valid PEM)
+    _pem_space.crt: S7 with misplaced space (invalid PEM) + I1
+    _trailing_space.crt: S7 + I1 both with trailing space (valid PEM)
     _spurious_int-ca.crt: S7 + I2(spurious) + I1
 - server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
 - server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
diff --git a/tests/data_files/base64/def_b64_too_big_1.txt b/tests/data_files/base64/def_b64_too_big_1.txt
index 0fe8a18..47be05c 100644
--- a/tests/data_files/base64/def_b64_too_big_1.txt
+++ b/tests/data_files/base64/def_b64_too_big_1.txt
@@ -1,2 +1,2 @@
-// Context with added '1234' at the begining to simulate too much data in the base64 code
+// Context with added '1234' at the beginning to simulate too much data in the base64 code
 1234AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA==
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 9fa4d28..29a6201 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -259,7 +259,7 @@
      --no-force         Refuse to overwrite modified files (default).
      --no-keep-going    Stop at the first error (default).
      --no-memory        No additional memory tests (default).
-     --no-quiet         Print full ouput from components.
+     --no-quiet         Print full output from components.
      --out-of-source-dir=<path>  Directory used for CMake out-of-source build tests.
      --outcome-file=<path>  File where test outcomes are written (not done if
                             empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index 8857e00..a0f5e1f 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -187,7 +187,7 @@
     # Allow either /bin/sh, /bin/bash, or /usr/bin/env.
     # Allow at most one argument (this is a Linux limitation).
     # For sh and bash, the argument if present must be options.
-    # For env, the argument must be the base name of the interpeter.
+    # For env, the argument must be the base name of the interpreter.
     _shebang_re = re.compile(rb'^#! ?(?:/bin/(bash|sh)(?: -[^\n ]*)?'
                              rb'|/usr/bin/env ([^\n /]+))$')
     _extensions = {
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 8bb4923..96117a2 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -813,7 +813,7 @@
 
     def check_for_typos(self):
         """
-        Perform a check that all words in the soure code beginning with MBED are
+        Perform a check that all words in the source code beginning with MBED are
         either defined as macros, or as enum constants.
         Assumes parse_names_in_source() was called before this.
 
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
index cd17066..20612da 100755
--- a/tests/scripts/depends-hashes.pl
+++ b/tests/scripts/depends-hashes.pl
@@ -46,12 +46,12 @@
 
 # as many SSL options depend on specific hashes,
 # and SSL is not in the test suites anyways,
-# disable it to avoid dependcies issues
+# disable it to avoid dependencies issues
 my $ssl_sed_cmd = 's/^#define \(MBEDTLS_SSL.*\)/\1/p';
 my @ssl = split( /\s+/, `sed -n -e '$ssl_sed_cmd' $config_h` );
 
 # Each element of this array holds list of configuration options that
-# should be tested together. Certain options depend on eachother and
+# should be tested together. Certain options depend on each other and
 # separating them would generate invalid configurations.
 my @hash_configs = (
     ['unset MBEDTLS_MD5_C'],
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index ea00290..6287718 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -831,7 +831,7 @@
     def gather_key_types_for_sign_alg(self) -> Dict[str, List[str]]:
         # pylint: disable=too-many-locals
         """Match possible key types for sign algorithms."""
-        # To create a valid combinaton both the algorithms and key types
+        # To create a valid combination both the algorithms and key types
         # must be filtered. Pair them with keywords created from its names.
         incompatible_alg_keyword = frozenset(['RAW', 'ANY', 'PURE'])
         incompatible_key_type_keywords = frozenset(['MONTGOMERY'])
@@ -855,7 +855,7 @@
                     if re.match(pattern, keyword):
                         alg_keywords.remove(keyword)
                         alg_keywords.add(replace)
-            # Filter out incompatible algortihms
+            # Filter out incompatible algorithms
             if not alg_keywords.isdisjoint(incompatible_alg_keyword):
                 continue
 
@@ -863,7 +863,7 @@
                 # Generate keywords from the of the key type
                 key_type_keywords = set(key_type.translate(translation_table).split(sep='_')[3:])
 
-                # Remove ambigious keywords
+                # Remove ambiguous keywords
                 for keyword1, keyword2 in exclusive_keywords.items():
                     if keyword1 in key_type_keywords:
                         key_type_keywords.remove(keyword2)
@@ -880,7 +880,7 @@
         """Generate test keys for usage flag extensions."""
         # Generate a key type and algorithm pair for each extendable usage
         # flag to generate a valid key for exercising. The key is generated
-        # without usage extension to check the extension compatiblity.
+        # without usage extension to check the extension compatibility.
         alg_with_keys = self.gather_key_types_for_sign_alg()
 
         for usage in sorted(StorageKey.IMPLICIT_USAGE_FLAGS, key=str):
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
index e4b2d94..2a7dba5 100755
--- a/tests/scripts/recursion.pl
+++ b/tests/scripts/recursion.pl
@@ -4,7 +4,7 @@
 # (Multiple recursion where a() calls b() which calls a() not covered.)
 #
 # When the recursion depth might depend on data controlled by the attacker in
-# an unbounded way, those functions should use interation instead.
+# an unbounded way, those functions should use iteration instead.
 #
 # Typical usage: scripts/recursion.pl library/*.c
 #
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 3e7a9a6..55529c8 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -1,5 +1,5 @@
 #!/usr/bin/env python3
-"""Run the PSA Cryto API compliance test suite.
+"""Run the PSA Crypto API compliance test suite.
 Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
 then complie and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
 Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 9576afd..d1650f1 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -221,7 +221,7 @@
                                     sizeof( decrypted ) - part_length,
                                     &part_length );
         /* For a stream cipher, all inputs are valid. For a block cipher,
-         * if the input is some aribtrary data rather than an actual
+         * if the input is some arbitrary data rather than an actual
          ciphertext, a padding error is likely.  */
         if( maybe_invalid_padding )
             TEST_ASSERT( status == PSA_SUCCESS ||
@@ -929,7 +929,7 @@
         return( 0 );
 
     if( alg == 0 )
-        ok = 1; /* If no algorihm, do nothing (used for raw data "keys"). */
+        ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */
     else if( PSA_ALG_IS_MAC( alg ) )
         ok = exercise_mac_key( key, usage, alg );
     else if( PSA_ALG_IS_CIPHER( alg ) )
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c9ec7b1..019b020 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -4580,7 +4580,7 @@
             -C "error" \
             -s "Extra-header:"
 
-# Test for the "secure renegotation" extension only (no actual renegotiation)
+# Test for the "secure renegotiation" extension only (no actual renegotiation)
 
 requires_gnutls
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -5317,7 +5317,7 @@
             -s "use CA callback for X.509 CRT verification" \
             -S "X509 - A fatal error occurred"
 
-# Tests for certificate selection based on SHA verson
+# Tests for certificate selection based on SHA version
 
 requires_config_disabled MBEDTLS_X509_REMOVE_INFO
 run_test    "Certificate hash: client TLS 1.2 -> SHA-2" \
@@ -9068,7 +9068,7 @@
 # certificate obtained from the server. Here, however, it
 # connects to 127.0.0.1 while our test certificates use 'localhost'
 # as the server name in the certificate. This will make the
-# certifiate validation fail, but passing --insecure makes
+# certificate validation fail, but passing --insecure makes
 # GnuTLS continue the connection nonetheless.
 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
 requires_config_enabled MBEDTLS_RSA_C
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 17926eb..b9ea3d6 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -519,7 +519,7 @@
     FILE *file;
     char buf[5000];
     char *params[50];
-    /* Store for proccessed integer params. */
+    /* Store for processed integer params. */
     int32_t int_params[50];
     void *pointer;
 #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index 0426324..ad7c773 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -1,7 +1,7 @@
 /* BEGIN_HEADER */
 #include "mbedtls/aria.h"
 
-/* Maxium size of data used by test vectors
+/* Maximum size of data used by test vectors
  * WARNING: to be adapted if and when adding larger test cases */
 #define ARIA_MAX_DATASIZE  160
 
diff --git a/tests/suites/test_suite_ecjpake.data b/tests/suites/test_suite_ecjpake.data
index fe14f88..73808c9 100644
--- a/tests/suites/test_suite_ecjpake.data
+++ b/tests/suites/test_suite_ecjpake.data
@@ -49,7 +49,7 @@
 ECJPAKE round one: KKP1: no second point data
 read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
 
-ECJPAKE round one: KKP1: unknow second point format
+ECJPAKE round one: KKP1: unknown second point format
 read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
 
 ECJPAKE round one: KKP1: nothing after second point
@@ -97,7 +97,7 @@
 ECJPAKE round one: KKP2: no second point data
 read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b0104":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
 
-ECJPAKE round one: KKP2: unknow second point format
+ECJPAKE round one: KKP2: unknown second point format
 read_round_one:MBEDTLS_ECJPAKE_CLIENT:"4104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb1241047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410509f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb516":MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE
 
 ECJPAKE round one: KKP2: nothing after second point
@@ -190,7 +190,7 @@
 ECJPAKE round two server: no data
 read_round_two_srv:"":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
 
-ECJPAKE round two server: length of forst point too small
+ECJPAKE round two server: length of first point too small
 read_round_two_srv:"00":MBEDTLS_ERR_ECP_BAD_INPUT_DATA
 
 ECJPAKE round two server: length of first point too big
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 2deb92a..602afa4 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -21,7 +21,7 @@
     /*
      * Very minimal testing of mbedtls_md_process, just make sure the various
      * xxx_process_wrap() function pointers are valid. (Testing that they
-     * indeed do the right thing whould require messing with the internal
+     * indeed do the right thing would require messing with the internal
      * state of the underlying mbedtls_md/sha context.)
      *
      * Also tests that mbedtls_md_list() only returns valid MDs.
diff --git a/tests/suites/test_suite_net.function b/tests/suites/test_suite_net.function
index 513b723..08d48b3 100644
--- a/tests/suites/test_suite_net.function
+++ b/tests/suites/test_suite_net.function
@@ -28,7 +28,7 @@
  *                      On success, it refers to the opened file (\p wanted_fd).
  * \param wanted_fd     The desired file descriptor.
  *
- * \return              \c 0 on succes, a negative error code on error.
+ * \return              \c 0 on success, a negative error code on error.
  */
 static int open_file_on_fd( mbedtls_net_context *ctx, int wanted_fd )
 {
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 2d69d1b..91fbb2c 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -1080,7 +1080,7 @@
     memset( ciph, 0, sizeof ciph );
     memset( test, 0, sizeof test );
 
-    /* Initiliaze PK RSA context with random key */
+    /* Initialize PK RSA context with random key */
     TEST_ASSERT( mbedtls_pk_setup( &rsa,
                               mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
     TEST_ASSERT( pk_genkey( &rsa, RSA_KEY_SIZE ) == 0 );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 14343aa..513e7a6 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2259,7 +2259,7 @@
 depends_on:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_KEY_TYPE_AES
 cipher_decrypt_fail:PSA_ALG_CBC_NO_PADDING:PSA_KEY_TYPE_AES:"2b7e151628aed2a6abf7158809cf4f3c":"2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a":"6bc1bee223":PSA_ERROR_INVALID_ARGUMENT
 
-PSA symetric decrypt: CCM*-no-tag, input too short (15 bytes)
+PSA symmetric decrypt: CCM*-no-tag, input too short (15 bytes)
 depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG:MBEDTLS_AES_C
 cipher_decrypt_fail:PSA_ALG_CCM_STAR_NO_TAG:PSA_KEY_TYPE_AES:"19ebfde2d5468ba0a3031bde629b11fd":"5a8aa485c316e9":"2a2a2a2a2a2a2a2a":PSA_ERROR_INVALID_ARGUMENT
 
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 6cd6bee..8dd8e39 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -834,7 +834,7 @@
     size_t n;
 
     /* Skip the test case if the target running the test cannot
-     * accomodate large keys due to heap size constraints */
+     * accommodate large keys due to heap size constraints */
     ASSERT_ALLOC_WEAK( buffer, buffer_size );
     memset( buffer, 'K', byte_size );
 
@@ -1198,7 +1198,7 @@
     /* Test each valid way of initializing the object, except for `= {0}`, as
      * Clang 5 complains when `-Wmissing-field-initializers` is used, even
      * though it's OK by the C standard. We could test for this, but we'd need
-     * to supress the Clang warning for the test. */
+     * to suppress the Clang warning for the test. */
     psa_key_attributes_t func = psa_key_attributes_init( );
     psa_key_attributes_t init = PSA_KEY_ATTRIBUTES_INIT;
     psa_key_attributes_t zero;
@@ -1989,7 +1989,7 @@
     /* Test each valid way of initializing the object, except for `= {0}`, as
      * Clang 5 complains when `-Wmissing-field-initializers` is used, even
      * though it's OK by the C standard. We could test for this, but we'd need
-     * to supress the Clang warning for the test. */
+     * to suppress the Clang warning for the test. */
     psa_hash_operation_t func = psa_hash_operation_init( );
     psa_hash_operation_t init = PSA_HASH_OPERATION_INIT;
     psa_hash_operation_t zero;
@@ -2518,7 +2518,7 @@
     /* Test each valid way of initializing the object, except for `= {0}`, as
      * Clang 5 complains when `-Wmissing-field-initializers` is used, even
      * though it's OK by the C standard. We could test for this, but we'd need
-     * to supress the Clang warning for the test. */
+     * to suppress the Clang warning for the test. */
     psa_mac_operation_t func = psa_mac_operation_init( );
     psa_mac_operation_t init = PSA_MAC_OPERATION_INIT;
     psa_mac_operation_t zero;
@@ -2941,7 +2941,7 @@
     /* Test each valid way of initializing the object, except for `= {0}`, as
      * Clang 5 complains when `-Wmissing-field-initializers` is used, even
      * though it's OK by the C standard. We could test for this, but we'd need
-     * to supress the Clang warning for the test. */
+     * to suppress the Clang warning for the test. */
     psa_cipher_operation_t func = psa_cipher_operation_init( );
     psa_cipher_operation_t init = PSA_CIPHER_OPERATION_INIT;
     psa_cipher_operation_t zero;
@@ -5964,7 +5964,7 @@
     PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
     key_bits = psa_get_key_bits( &attributes );
 
-    /* Allocate a buffer which has the size advertized by the
+    /* Allocate a buffer which has the size advertised by the
      * library. */
     signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
                                                       key_bits, alg );
@@ -6063,7 +6063,7 @@
     PSA_ASSERT( psa_get_key_attributes( key, &attributes ) );
     key_bits = psa_get_key_bits( &attributes );
 
-    /* Allocate a buffer which has the size advertized by the
+    /* Allocate a buffer which has the size advertised by the
      * library. */
     signature_size = PSA_SIGN_OUTPUT_SIZE( key_type,
                                                       key_bits, alg );
@@ -6697,7 +6697,7 @@
     /* Test each valid way of initializing the object, except for `= {0}`, as
      * Clang 5 complains when `-Wmissing-field-initializers` is used, even
      * though it's OK by the C standard. We could test for this, but we'd need
-     * to supress the Clang warning for the test. */
+     * to suppress the Clang warning for the test. */
     size_t capacity;
     psa_key_derivation_operation_t func = psa_key_derivation_operation_init( );
     psa_key_derivation_operation_t init = PSA_KEY_DERIVATION_OPERATION_INIT;
@@ -7617,7 +7617,7 @@
                                                     NULL, 0 ) );
     }
 
-    /* Test the advertized capacity. */
+    /* Test the advertised capacity. */
     PSA_ASSERT( psa_key_derivation_get_capacity(
                     &operation, &actual_capacity ) );
     TEST_EQUAL( actual_capacity, (size_t) expected_capacity_arg );
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index a5ea840..128352b 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -995,7 +995,7 @@
     /*
      * Test encrypt failure
      * First test that if we don't force a driver error, encryption is
-     * successfull, then force driver error.
+     * successful, then force driver error.
      */
     status = psa_cipher_encrypt(
         key, alg, input->x, input->len,
diff --git a/tests/suites/test_suite_psa_crypto_entropy.data b/tests/suites/test_suite_psa_crypto_entropy.data
index 49d3f69..322363d 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.data
+++ b/tests/suites/test_suite_psa_crypto_entropy.data
@@ -7,7 +7,7 @@
 # randomization for (e.g.) blinding. An external implementation could use
 # its own randomness source which is not affected by the forced failure of
 # the RNG driver.
-# Key types and non-randomized auxilary algorithms (in practice, hashes) can
+# Key types and non-randomized auxiliary algorithms (in practice, hashes) can
 # use an external implementation.
 PSA external RNG failure: randomized ECDSA
 depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index aa3ce28..d577663 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -325,7 +325,7 @@
         case INVALIDATE_BY_DESTROYING:
         case INVALIDATE_BY_DESTROYING_WITH_SHUTDOWN:
             /*
-             * Test that the key handle and identifier are now not refering to an
+             * Test that the key handle and identifier are now not referring to an
              * existing key.
              */
             TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 848a497..16b23d9 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -10,7 +10,7 @@
 Attempt to register multiple PSKs, incl. opaque PSK, #2
 test_multiple_psks_opaque:2
 
-Test calback buffer sanity
+Test callback buffer sanity
 test_callback_buffer_sanity:
 
 Callback buffer test: Exercise simple write/read
@@ -624,7 +624,7 @@
 SSL DTLS replay: delayed
 ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0
 
-SSL DTLS replay: lastest replayed
+SSL DTLS replay: latest replayed
 ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1
 
 SSL DTLS replay: older replayed
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 35f1638..2685e6a 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -2229,7 +2229,7 @@
 
         /* After calling mbedtls_ssl_renegotiate for the client all renegotiation
          * should happen inside this function. However in this test, we cannot
-         * perform simultaneous communication betwen client and server so this
+         * perform simultaneous communication between client and server so this
          * function will return waiting error on the socket. All rest of
          * renegotiation should happen during data exchanging */
         ret = mbedtls_ssl_renegotiate( &(client.ssl) );
@@ -2321,7 +2321,7 @@
     TEST_ASSERT( mbedtls_test_buffer_get( NULL, NULL, 0 ) == -1 );
 
     /* Make sure calling put and get on a buffer that hasn't been set up results
-     * in eror. */
+     * in error. */
     mbedtls_test_buffer_init( &buf );
 
     TEST_ASSERT( mbedtls_test_buffer_put( &buf, input, sizeof( input ) ) == -1 );
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 0ce4a2e..da12382 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,4 +1,4 @@
-Check compiletime library version
+Check compile time library version
 check_compiletime_version:"3.1.0"
 
 Check runtime library version