Documentation fixes according to review
Improve grammar and replace the word 'fresh' with
an explanation what is going to be verified.
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 6e841c7..87d0c6e 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1353,9 +1353,10 @@
/**
* \def MBEDTLS_SSL_RECORD_CHECKING
*
- * Enable the API mbedtls_ssl_check_record() which allows to check the
- * validity, freshness and authenticity of an incoming record without
- * modifying the externally visible state of the SSL context.
+ * Enable the function mbedtls_ssl_check_record() which can be used to check
+ * the validity and authenticity of an incoming record, to verify that it has
+ * not been seen before. These checks are performed without modifying the
+ * externally visible state of the SSL context.
*
* See mbedtls_ssl_check_record() for more information.
*
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 955104a..2c7f050 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1758,8 +1758,8 @@
#if defined(MBEDTLS_SSL_RECORD_CHECKING)
/**
- * \brief Check whether a buffer contains a valid, fresh
- * and authentic record (DTLS only).
+ * \brief Check whether a buffer contains a valid and authentic record
+ * that has not been seen before. (DTLS only).
*
* This function does not change the user-visible state
* of the SSL context. Its sole purpose is to provide
@@ -1774,19 +1774,21 @@
*
* \param ssl The SSL context to use.
* \param buf The address of the buffer holding the record to be checked.
- * This must be an R/W buffer of length \p buflen Bytes.
+ * This must be a read/write buffer of length \p buflen Bytes.
* \param buflen The length of \p buf in Bytes.
*
* \note This routine only checks whether the provided buffer begins
- * with a valid, fresh and authentic record, but does not check
- * potential data following the initial record. In particular,
- * it is possible to pass DTLS datagrams containing multiple
- * records, in which case only the first record is checked.
+ * with a valid and authentic record that has not been seen
+ * before, but does not check potential data following the
+ * initial record. In particular, it is possible to pass DTLS
+ * datagrams containing multiple records, in which case only
+ * the first record is checked.
*
* \note This function modifies the input buffer \p buf. If you need
* to preserve the original record, you have to maintain a copy.
*
- * \return \c 0 if the record is valid, fresh and authentic.
+ * \return \c 0 if the record is valid and authentic and has not been
+ * seen before.
* \return MBEDTLS_ERR_SSL_INVALID_MAC if the check completed
* successfully but the record was found to be not authentic.
* \return MBEDTLS_ERR_SSL_INVALID_RECORD if the check completed
