More typo and spelling fixes.

Reported by `git ls-tree -rz --name-only | grep -Evz -e '\.(pdf|xz)$' -e
^po/ | xargs -r0 spellintian --`.  All changes are
documentation-related (comments, manuals, etc.) except for s/fial/fail/
in tests/unit-wipe-test.

The remaining entry are AFAICT all false positives, mostly annotations
such as `@param name name of xyz` or `struct foo foo`:

	$ git ls-tree -rz HEAD --name-only | grep -Evz -e '\.(pdf|xz)$' -e ^po/ | xargs -r0 spellintian --
	COPYING.LGPL: "GNU Library Public License" -> "GNU Library General Public License"
	autogen.sh: echo echo (duplicate word) -> echo
	configure.ac: fi fi (duplicate word) -> fi
	docs/v1.7.2-ReleaseNotes: option option (duplicate word) -> option
	lib/crypto_backend/cipher_check.c: block block (duplicate word) -> block
	lib/libcryptsetup.h: name name (duplicate word) -> name
	lib/libcryptsetup.h: type type (duplicate word) -> type
	lib/libcryptsetup.h: passphrase passphrase (duplicate word) -> passphrase
	lib/libcryptsetup.h: flags flags (duplicate word) -> flags
	lib/libcryptsetup.h: password password (duplicate word) -> password
	lib/libcryptsetup.h: salt salt (duplicate word) -> salt
	lib/libcryptsetup.h: keyslot keyslot (duplicate word) -> keyslot
	lib/libcryptsetup.h: priority priority (duplicate word) -> priority
	lib/libcryptsetup.h: offset offset (duplicate word) -> offset
	lib/libcryptsetup.h: length length (duplicate word) -> length
	lib/libcryptsetup.h: keyfile keyfile (duplicate word) -> keyfile
	lib/libcryptsetup.h: token token (duplicate word) -> token
	lib/libcryptsetup.h: cipher cipher (duplicate word) -> cipher
	lib/libcryptsetup.h: size size (duplicate word) -> size
	lib/luks2/luks2_json_metadata.c: long long (duplicate word) -> long
	lib/luks2/luks2_keyslot_luks2.c: AFEKSize AFEKSize (duplicate word) -> AFEKSize
	lib/luks2/luks2_reencrypt.c: alignment alignment (duplicate word) -> alignment
	lib/luks2/luks2_reencrypt_digest.c: ptr ptr (duplicate word) -> ptr
	lib/luks2/luks2_reencrypt_digest.c: buffer buffer (duplicate word) -> buffer
	lib/luks2/luks2_segment.c: min min (duplicate word) -> min
	lib/verity/verity_fec.c: blocks blocks (duplicate word) -> blocks
	man/cryptsetup.8.adoc: LUKS LUKS (duplicate word) -> LUKS
	scripts/cryptsetup.conf.in: root root (duplicate word) -> root
	src/Makemodule.am: endif endif (duplicate word) -> endif
	src/cryptsetup.c: long long (duplicate word) -> long
	src/utils_args.c: long long (duplicate word) -> long
	tests/compat-test2: fi fi (duplicate word) -> fi
	tests/device-test: echo echo (duplicate word) -> echo
	tests/differ.c: long long (duplicate word) -> long
	tests/loopaes-test: done done (duplicate word) -> done
	tests/luks2-integrity-test: aead aead (duplicate word) -> aead
	tests/luks2-reencryption-test: fi fi (duplicate word) -> fi
	tests/mode-test: done done (duplicate word) -> done
	tests/password-hash-test: cat cat (duplicate word) -> cat
	tests/password-hash-test: fi fi (duplicate word) -> fi
	tests/unit-wipe.c: long long (duplicate word) -> long
	tests/verity-compat-test: done done (duplicate word) -> done
	tests/verity-compat-test: fi fi (duplicate word) -> fi
	tokens/ssh/cryptsetup-ssh.c: argp argp (duplicate word) -> argp
	tokens/ssh/cryptsetup-ssh.c: arguments arguments (duplicate word) -> arguments

(Treated COPYING.LGPL as a false positive too since it's the exact text
from https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html .)

FAQ.md

@@ -1192,7 +1192,7 @@
 
   More references can be found at the end of this document.  Note that
   these are estimates from the defender side, so assuming something is
-  easier than it actually is is fine.  An attacker may still have
+  easier than it actually is fine.  An attacker may still have
   significantly higher cost than estimated here.
 
   LUKS1 used SHA1 (since version 1.7.0 it uses SHA256) for hashing per
@@ -1864,11 +1864,11 @@
 
   This basically means that if you already have a slot-key, and you have
   set the PBKDF2 iteration count to 1 (it is > 10'000 normally), you could
-  (maybe) derive a different passphrase that gives you the the same
+  (maybe) derive a different passphrase that gives you the same slot-key.
-  slot-key.  But if you have the slot-key, you can already unlock the
+  But if you have the slot-key, you can already unlock the key-slot and
-  key-slot and get the volume key, breaking everything.  So basically,
+  get the volume key, breaking everything.  So basically, this SHA-1
-  this SHA-1 vulnerability allows you to open a LUKS1 container with high
+  vulnerability allows you to open a LUKS1 container with high effort when
-  effort when you already have it open.
+  you already have it open.
 
   The real problem here is people that do not understand crypto and claim
   things are broken just because some mechanism is used that has been
@@ -3014,9 +3014,9 @@ offset  length  name                  data type  description
   currently associated with any data/crypt segment (encrypted area) in the 
   LUKS2 'Segments' section (displayed by luksDump).
 
-  This is a bit of a more general idea. It basically allows to use a keyslot
+  This is a bit of a more general idea. It basically allows one to use a
-  as a container for a key to be used in other things than decrypting a 
+  keyslot as a container for a key to be used in other things than decrypting
-  data segment.
+  a data segment.
 
   As of April 2020, the following uses are defined:
 

docs/ChangeLog.old

@@ -74,7 +74,7 @@
 2012-03-16  Milan Broz  <gmazyland@gmail.com>
 	* Add --keyfile-offset and --new-keyfile-offset parameters to API and CLI.
 	* Add repair command and crypt_repair() for known LUKS metadata problems repair.
-	* Allow to specify --align-payload only for luksFormat.
+	* Allow one to specify --align-payload only for luksFormat.
 
 2012-03-16  Milan Broz  <mbroz@redhat.com>
 	* Unify password verification option.
@@ -228,7 +228,7 @@
 	* Fix password callback call.
 	* Fix default plain password entry from terminal in activate_by_passphrase.
 	* Add --dump-master-key option for luksDump to allow volume key dump.
-	* Allow to activate by internally cached volume key
+	* Allow one to activate by internally cached volume key
 	  (format/activate without keyslots active - used for temporary devices).
 	* Initialize volume key from active device in crypt_init_by_name()
 	* Fix cryptsetup binary exitcodes.

docs/v1.2.0-ReleaseNotes

@@ -85,7 +85,7 @@ Libcryptsetup API additions:
 
  * Fix optional password callback handling.
 
- * Allow to activate by internally cached volume key immediately after
+ * Allow one to activate by internally cached volume key immediately after
  crypt_format() without active slot (for temporary devices with
  on-disk metadata)
 

docs/v1.4.2-ReleaseNotes

@@ -24,7 +24,7 @@ Changes since version 1.4.1
 * Fix header check to support old (cryptsetup 1.0.0) header alignment.
   (Regression in 1.4.0)
 
-* Allow to specify --align-payload only for luksFormat.
+* Allow one to specify --align-payload only for luksFormat.
 
 * Add --master-key-file option to luksOpen (open using volume key).
 

docs/v1.4.3-ReleaseNotes

@@ -32,7 +32,7 @@ Changes since version 1.4.2
   Device-mapper now retry removal if device is busy.
 
 * Allow "private" activation (skip some udev global rules) flag.
-  Cryptsetup library API now allows to specify CRYPT_ACTIVATE_PRIVATE,
+  Cryptsetup library API now allows one to specify CRYPT_ACTIVATE_PRIVATE,
   which means that some udev rules are not processed.
   (Used for temporary devices, like internal keyslot mappings where
   it is not desirable to run any device scans.)

docs/v1.6.0-ReleaseNotes

@@ -4,7 +4,7 @@ Cryptsetup 1.6.0 Release Notes
 Changes since version 1.6.0-rc1
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
- * Change LUKS default cipher to to use XTS encryption mode,
+ * Change LUKS default cipher to use XTS encryption mode,
    aes-xts-plain64 (i.e. using AES128-XTS).
 
    XTS mode becomes standard in hard disk encryption.
@@ -209,7 +209,7 @@ Important changes
 
      WARNING: these tests do not use dmcrypt, only crypto API.
      You have to benchmark the whole device stack and you can get completely
-     different results. But is is usable for basic comparison.
+     different results. But it is usable for basic comparison.
      (Note for example AES-NI decryption optimization effect in example above.)
 
 Features

docs/v1.6.2-ReleaseNotes

@@ -8,7 +8,7 @@ Changes since version 1.6.1
 * Fix cipher specification string parsing (found by gcc -fsanitize=address option).
 
 * Try to map TCRYPT system encryption through partition
-  (allows to activate mapping when other partition on the same device is mounted).
+  (allows one to activate mapping when other partition on the same device is mounted).
 
 * Print a warning if system encryption is used and device is a partition.
   (TCRYPT system encryption uses whole device argument.)

docs/v1.6.4-ReleaseNotes

@@ -25,7 +25,7 @@ Changes since version 1.6.3
 
   Please refer to cryptsetup FAQ for detail how to fix this situation.
 
-* Allow to use --disable-gcrypt-pbkdf2 during configuration
+* Allow one to use --disable-gcrypt-pbkdf2 during configuration
   to force use internal PBKDF2 code.
 
 * Require gcrypt 1.6.1 for imported implementation of PBKDF2

docs/v1.6.5-ReleaseNotes

@@ -38,7 +38,7 @@ Changes since version 1.6.4
   The command "cryptsetup status" will print basic info, even if you
   do not provide detached header argument.
 
-* Allow to specify ECB mode in cryptsetup benchmark.
+* Allow one to specify ECB mode in cryptsetup benchmark.
 
 * Add some LUKS images for regression testing.
   Note that if image with Whirlpool fails, the most probable cause is that

docs/v1.6.7-ReleaseNotes

@@ -35,14 +35,14 @@ Changes since version 1.6.6
 * Support permanent device decryption for cryptsetup-reencrypt.
   To remove LUKS encryption from a device, you can now use --decrypt option.
 
-* Allow to use --header option in all LUKS commands.
+* Allow one to use --header option in all LUKS commands.
   The --header always takes precedence over positional device argument.
 
 * Allow luksSuspend without need to specify a detached header.
 
 * Detect if O_DIRECT is usable on a device allocation.
   There are some strange storage stack configurations which wrongly allows
-  to open devices with direct-io but fails on all IO operations later.
+  one to open devices with direct-io but fails on all IO operations later.
 
   Cryptsetup now tries to read the device first sector to ensure it can use
   direct-io.

docs/v1.6.8-ReleaseNotes

@@ -30,7 +30,7 @@ Changes since version 1.6.7
   cryptsetup resize will try to resize underlying loop device as well.
   (It can be used to grow up file-backed device in one step.)
 
-* Cryptsetup now allows to use empty password through stdin pipe.
+* Cryptsetup now allows one to use empty password through stdin pipe.
   (Intended only for testing in scripts.)
 
 Cryptsetup API NOTE:

docs/v1.7.4-ReleaseNotes

@@ -3,7 +3,7 @@ Cryptsetup 1.7.4 Release Notes
 
 Changes since version 1.7.3
 
-* Allow to specify LUKS1 hash algorithm in Python luksFormat wrapper.
+* Allow one to specify LUKS1 hash algorithm in Python luksFormat wrapper.
 
 * Use LUKS1 compiled-in defaults also in Python wrapper.
 

docs/v2.0.2-ReleaseNotes

@@ -30,7 +30,7 @@ Changes since version 2.0.1
 
 * Add LUKS2 specific options for cryptsetup-reencrypt.
   Tokens and persistent flags are now transferred during reencryption;
-  change of PBKDF keyslot parameters is now supported and allows
+  change of PBKDF keyslot parameters is now supported and allows one
   to set precalculated values (no benchmarks).
 
 * Do not allow LUKS2 --persistent and --test-passphrase cryptsetup flags

docs/v2.0.3-ReleaseNotes

@@ -28,7 +28,7 @@ Changes since version 2.0.2
 
 * New API extensions for unbound keyslots (LUKS2 only)
   crypt_keyslot_get_key_size() and crypt_volume_key_get()
-  These functions allow to get key and key size for unbound keyslots.
+  These functions allow one to get key and key size for unbound keyslots.
 
 * New enum value CRYPT_SLOT_UNBOUND for keyslot status (LUKS2 only).
 

docs/v2.1.0-ReleaseNotes

@@ -170,21 +170,21 @@ These new calls are now exported, for details see libcryptsetup.h:
 
  * crypt_get_metadata_size
  * crypt_set_metadata_size
-     allows to set/get area sizes in LUKS header
+     allows one to set/get area sizes in LUKS header
      (according to specification).
 
  * crypt_get_default_type
      get default compiled-in LUKS type (version).
 
  * crypt_get_pbkdf_type_params
-     allows to get compiled-in PBKDF parameters.
+     allows one to get compiled-in PBKDF parameters.
 
  * crypt_keyslot_set_encryption
  * crypt_keyslot_get_encryption
-     allows to set/get per-keyslot encryption algorithm for LUKS2.
+     allows one to set/get per-keyslot encryption algorithm for LUKS2.
 
  * crypt_keyslot_get_pbkdf
-     allows to get PBKDF parameters per-keyslot.
+     allows one to get PBKDF parameters per-keyslot.
 
  and these new defines:
  * CRYPT_LOG_DEBUG_JSON (message type for JSON debug)

docs/v2.3.0-ReleaseNotes

@@ -9,7 +9,7 @@ native read-write access to BitLocker Full Disk Encryption devices.
 
 The BITLK implementation is based on publicly available information
 and it is an independent and opensource implementation that allows
-to access this proprietary disk encryption.
+one to access this proprietary disk encryption.
 
 Changes since version 2.2.2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~

docs/v2.3.2-ReleaseNotes

@@ -18,7 +18,7 @@ Changes since version 2.3.1
   The slot number --key-slot (-S) option is mandatory here.
 
   An unbound keyslot store a key is that is not assigned to data
-  area on disk (LUKS2 allows to store arbitrary keys).
+  area on disk (LUKS2 allows one to store arbitrary keys).
 
 * Rephrase some error messages and remove redundant end-of-lines.
 

lib/libdevmapper.c

@@ -2736,7 +2736,7 @@ static int _dm_query_device(struct crypt_device *cd, const char *name,
 		goto out;
 	}
 
-	/* Never allow to return empty key */
+	/* Never allow one to return empty key */
 	if ((get_flags & DM_ACTIVE_CRYPT_KEY) && dmi.suspended) {
 		log_dbg(cd, "Cannot read volume key while suspended.");
 		r = -EINVAL;

lib/luks2/luks2_token.c

@@ -726,7 +726,7 @@ int LUKS2_token_unlock_volume_key(struct crypt_device *cd,
 		/*
 		 * return priorities (ordered form least to most significant):
 		 * ENOENT - unusable for activation (no token handler, invalid token metadata, not assigned to volume segment, etc)
-		 * EPERM  - usable but token provided passphrase did not not unlock any assigned keyslot
+		 * EPERM  - usable but token provided passphrase did not unlock any assigned keyslot
 		 * EAGAIN - usable but not ready (token HW is missing)
 		 * ENOANO - ready, but token pin is wrong or missing
 		 *

man/common_options.adoc

@@ -350,7 +350,7 @@ endif::[]
 +
 ifndef::ACTION_OPEN[]
 The --offset option sets the data offset (payload) of data
-device and must be be aligned to 4096-byte sectors (must be multiple of
+device and must be aligned to 4096-byte sectors (must be multiple of
 8). This option cannot be combined with --align-payload option.
 endif::[]
 endif::[]
@@ -935,10 +935,9 @@ Creates new or dumps existing LUKS2 unbound keyslot.
 +
 endif::[]
 ifdef::ACTION_OPEN[]
-Allowed only only together with --test-passphrase parameter, it allows
+Allowed only together with --test-passphrase parameter, it allows one to test
-to test passphrase for unbound LUKS2 keyslot. Otherwise, unbound keyslot
+passphrase for unbound LUKS2 keyslot. Otherwise, unbound keyslot passphrase
-passphrase can be tested only when specific keyslot is selected via
+can be tested only when specific keyslot is selected via --key-slot parameter.
---key-slot parameter.
 endif::[]
 endif::[]
 

misc/keyslot_checker/chk_luks_keyslots.c

@@ -45,7 +45,7 @@ const char *help =
 "\n"
 "This tool checks all keyslots of a LUKS device for \n"
 "low entropy sections. If any are found, they are reported. \n"
-"This allows to find areas damaged by things like filesystem \n"
+"This allows one to find areas damaged by things like filesystem \n"
 "creation or RAID superblocks. \n"
 "\n"
 "Options: \n"

src/utils_reencrypt.c

@@ -138,7 +138,7 @@ static int get_active_device_name(struct crypt_device *cd,
 			r = noDialog(msg, _("Operation aborted.\n")) ? 0 : -EINVAL;
 			free(msg);
 		} else {
-			/* FIXME: This is temporary message to be replaced in before final relase. */
+			/* FIXME: This is temporary message to be replaced in before final release. */
 			log_err("Unable to decide if device %s is activated or not.\n"
 				"Use --force-offline-reencrypt to bypass the check and run in offline mode (dangerous!).", data_device);
 		}

tests/api-test-2.c

@@ -4606,7 +4606,7 @@ static void Luks2Reencryption(void)
 	OK_(crypt_init_data_device(&cd, DMDIR H_DEVICE, DMDIR L_DEVICE_OK));
 	OK_(crypt_load(cd, CRYPT_LUKS2, NULL));
 	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 0, CRYPT_ANY_SLOT, NULL, NULL, &rparams), "Illegal data offset");
-	/* reencryption must not initalize */
+	/* reencryption must not initialize */
 	EQ_(crypt_reencrypt_status(cd, NULL), CRYPT_REENCRYPT_NONE);
 	CRYPT_FREE(cd);
 	/* original data device must stay untouched */

tests/compat-test2

@@ -991,7 +991,7 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q "3: luks2 (unbound)" || fail
 # unbound key size is required
 echo $PWD1 | $CRYPTSETUP -q luksAddKey --unbound $LOOPDEV 2>/dev/null && fail
 echo $PWD3 | $CRYPTSETUP -q luksAddKey --unbound --volume-key-file /dev/urandom $LOOPDEV 2> /dev/null && fail
-# do not allow to replace keyslot by unbound slot
+# do not allow one to replace keyslot by unbound slot
 echo $PWD1 | $CRYPTSETUP -q luksAddKey -S5 --unbound -s 32 $LOOPDEV 2>/dev/null && fail
 echo $PWD2 | $CRYPTSETUP -q open $LOOPDEV $DEV_NAME 2> /dev/null && fail
 echo $PWD2 | $CRYPTSETUP -q open -S2 $LOOPDEV $DEV_NAME 2> /dev/null && fail

tests/luks2-reencryption-test

@@ -1590,14 +1590,14 @@ echo -e "$PWD1\n$PWD2" | $CRYPTSETUP luksAddKey -S2 $DEV -q $FAST_PBKDF_ARGON ||
 # there is not enough space in binary area for keyslot id 4 (replacement for id 2)
 echo -e "$PWD1\n$PWD2\n$PWD2" | $CRYPTSETUP reencrypt $DEV --init-only -q 2>/dev/null && fail
 $CRYPTSETUP luksDump $DEV | grep -q "online-reencrypt" && fail
-# check cli removed all unbound keyslots created in-before reencryption intialization
+# check cli removed all unbound keyslots created in-before reencryption initialization
 $CRYPTSETUP luksDump $DEV | grep -q "unbound" && fail
 
 echo $PWD1 | $CRYPTSETUP luksKillSlot $DEV 2 || fail
 # there is not enough space in binary area for reencryption keyslot
 echo -e "$PWD1\n$PWD2" | $CRYPTSETUP reencrypt $DEV --init-only -q 2>/dev/null && fail
 $CRYPTSETUP luksDump $DEV | grep -q "online-reencrypt" && fail
-# check cli removed all unbound keyslots created in-before reencryption intialization
+# check cli removed all unbound keyslots created in-before reencryption initialization
 $CRYPTSETUP luksDump $DEV | grep -q "unbound" && fail
 
 echo "[23] Reencryption with specified new volume key"

tests/unit-wipe-test

@@ -70,7 +70,7 @@ function init_hash_dd() # $1 dev, $dev orig
 
 function add_file()
 {
-	dd if=/dev/zero of=$FILE      bs=1M count=$DEVSIZEMB 2> /dev/null || fial
+	dd if=/dev/zero of=$FILE      bs=1M count=$DEVSIZEMB 2> /dev/null || fail
 	dd if=/dev/zero of=$FILE_RAND bs=1M count=$DEVSIZEMB 2> /dev/null || fail
 	check_hash $FILE $HASH_EMPTY || fail
 	check_hash $FILE_RAND $HASH_EMPTY || fail