Fix a number of typos

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>

Co-authored-by: Ronald Cron <ronald.cron@arm.com>

ChangeLog

@@ -49,7 +49,7 @@ Removals
    * Remove the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
      compile-time option, which was off by default. Users should not trust
      certificates signed with SHA-1 due to the known attacks against SHA-1.
-     If needed, SHA-1 cerificates can still be verified by using a custom
+     If needed, SHA-1 certificates can still be verified by using a custom
      verification profile.
 
    * Removed deprecated things in psa/crypto_compat.h. Fixes #4284

docs/3.0-migration-guide.md

@@ -30,7 +30,7 @@ function with the same name with `_ret` appended and check the return value.
 - The function `mbedtls_md_init_ctx()` was removed; please use
   `mbedtls_md_setup()` instead.
 - The functions `mbedtls_xxx_process()` were removed. You normally don't need
-  to call that from application code. However it you do (or it you want to
+  to call that from application code. However if you do (or if you want to
 provide your own version of that function), please use
 `mbedtls_internal_xxx_process()` instead, and check the return value.
 
@@ -47,7 +47,7 @@ Deprecated names for PSA constants and types were removed
 ---------------------------------------------------------
 
 Some constants and types that were present in beta versions of the PSA Crypto
-API were removed from in version 1.0 of specification. Please switch to the new
+API were removed from version 1.0 of specification. Please switch to the new
 names provided by the 1.0 specification instead.
 
 Internal / alt-focused headers were moved to a private location
@@ -108,7 +108,7 @@ This doesn't affect people using the default configuration as it was already
 disabled by default.
 
 This only affects users who called the HAVEGE modules directly (not
-recommended), or users who used it though the entropy module but had it as the
+recommended), or users who used it through the entropy module but had it as the
 only source of entropy. If you're in that case, please declare OS or hardware
 RNG interfaces with `mbedtls_entropy_add_source()` and/or use an entropy seed
 file created securely during device provisioning. See
@@ -121,7 +121,7 @@ Remove support for parsing SSLv2 ClientHello
 This doesn't affect people using the default configuration as it was already
 disabled by default.
 
-This only affects TLS servers that have clients who send a SSLv2 ClientHello.
+This only affects TLS servers that have clients who send an SSLv2 ClientHello.
 These days clients are very unlikely to do that. If you have a client that
 does, please try contacting them and encouraging them to upgrade their
 software.
@@ -134,7 +134,7 @@ disabled by default.
 
 This only affects TLS users who explicitly enabled `MBEDTLS_SSL_PROTO_SSL3`
 and relied on that version in order to communicate with peers that are not up
-to date. If one of your peers in in that case, please try contacting them and
+to date. If one of your peers is in that case, please try contacting them and
 encouraging them to upgrade their software.
 
 Remove support for compatibility with old Mbed TLS's truncated HMAC
@@ -143,10 +143,10 @@ Remove support for compatibility with old Mbed TLS's truncated HMAC
 This doesn't affect people using the default configuration as it was already
 disabled by default.
 
-This only affects TLS users enabled `MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT` and
+This only affects TLS users who enabled `MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT` and
 used the Truncated HMAC extension to communicate with peers using old version
 of Mbed TLS. Please consider using a CCM-8 ciphersuite instead of the
-Truncated HMAC extension, or convicing your peer to upgrade their version of
+Truncated HMAC extension, or convincing your peer to upgrade their version of
 Mbed TLS.
 
 Remove support for TLS record-level compression