Fixed some typos, courtesy of codespell

conf/strongswan.conf.5.tail.in

@@ -294,7 +294,7 @@ For public key authentication, the responder uses the
 identity. For the initiator, each connection attempt uses a different identity
 in the form
 .BR "\(dqCN=c1-r1, OU=load-test, O=strongSwan\(dq" ,
-where the first number inidicates the client number, the second the
+where the first number indicates the client number, the second the
 authentication round (if multiple authentication rounds are used).
 .PP
 For PSK authentication, FQDN identities are used. The server uses

src/conftest/README

@@ -100,7 +100,7 @@ The IKE_SA configuration uses the following options (as key/value pairs):
                   scenario
   rsa_strength:   Connection requires a trustchain with RSA keys of given bits
   ecdsa_strength: Connection requires a trustchain with ECDSA keys of given bits
-  cert_policy:    Connection requries a certificate with the given OID policy
+  cert_policy:    Connection requires a certificate with the given OID policy
   named_pool:     Name of an IP pool defined e.g. in a database backend
 
 The following CHILD_SA specific configuration options are supported:

src/ipsec/_ipsec.8.in

@@ -323,7 +323,7 @@ IPSEC_CONFDIR           directory containing configuration files
 IPSEC_PIDDIR            directory containing PID/socket files
 IPSEC_SCRIPT            name of the ipsec script
 IPSEC_NAME              name of ipsec distribution
-IPSEC_VERSION           version numer of ipsec userland and kernel
+IPSEC_VERSION           version number of ipsec userland and kernel
 IPSEC_STARTER_PID       PID file for ipsec starter
 IPSEC_CHARON_PID        PID file for IKE keying daemon
 .ad

src/libcharon/attributes/mem_pool.h

@@ -31,7 +31,7 @@ typedef enum mem_pool_op_t mem_pool_op_t;
  * In-memory IP pool acquire operation.
  */
 enum mem_pool_op_t {
-	/** Check for an exsiting lease */
+	/** Check for an existing lease */
 	MEM_POOL_EXISTING,
 	/** Get a new lease */
 	MEM_POOL_NEW,

src/libcharon/config/peer_cfg.c

@@ -126,12 +126,12 @@ struct private_peer_cfg_t {
 	uint32_t over_time;
 
 	/**
-	 * DPD check intervall
+	 * DPD check interval
 	 */
 	uint32_t dpd;
 
 	/**
-	 * DPD timeout intervall (used for IKEv1 only)
+	 * DPD timeout interval (used for IKEv1 only)
 	 */
 	uint32_t dpd_timeout;
 

src/libcharon/plugins/ha/ha_kernel.c

@@ -240,7 +240,7 @@ static void enable_disable(private_ha_kernel_t *this, u_int segment,
 }
 
 /**
- * Get the currenlty active segments in the kernel for a clusterip file
+ * Get the currently active segments in the kernel for a clusterip file
  */
 static segment_mask_t get_active(private_ha_kernel_t *this, char *file)
 {

src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c

@@ -2739,7 +2739,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t,
 	if (update && current_sa)
 	{	/* check if there are actually any relevant changes, if not, we don't
 		 * send an update to the kernel as e.g. FreeBSD doesn't do that
-		 * atomically, causing unecessary traffic loss during rekeyings */
+		 * atomically, causing unnecessary traffic loss during rekeyings */
 		update = policy_update_required(current_sa, assigned_sa);
 	}
 
@@ -2948,7 +2948,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
 		if (is_installed)
 		{	/* check if there are actually any relevant changes, if not, we do
 			 * not send an update to the kernel as e.g. FreeBSD doesn't do that
-			 * atomically, causing unecessary traffic loss during rekeyings */
+			 * atomically, causing unnecessary traffic loss during rekeyings */
 			policy->used_by->get_first(policy->used_by, (void**)&mapping);
 			is_installed = policy_update_required(mapping, to_remove);
 		}

src/libcharon/plugins/load_tester/load_tester_control.c

@@ -69,7 +69,7 @@ struct init_listener_t {
 	hashtable_t *initiated;
 
 	/**
-	 * IKE_SAs we have completed to initate (success or failure)
+	 * IKE_SAs we have completed to initiate (success or failure)
 	 */
 	hashtable_t *completed;
 

src/libcharon/sa/ikev1/phase1.c

@@ -311,7 +311,7 @@ static void save_auth_cfg(private_phase1_t *this,
 		return;
 	}
 	auth = auth_cfg_create();
-	/* for local config, we _copy_ entires from the config, as it contains
+	/* for local config, we _copy_ entries from the config, as it contains
 	 * certificates we must send later. */
 	auth->merge(auth, this->ike_sa->get_auth_cfg(this->ike_sa, local), local);
 	this->ike_sa->add_auth_cfg(this->ike_sa, local, auth);

src/libcharon/sa/ikev1/tasks/isakmp_vendor.c

@@ -59,7 +59,7 @@ struct private_isakmp_vendor_t {
 	ike_sa_t *ike_sa;
 
 	/**
-	 * Are we the inititator of this task
+	 * Are we the initiator of this task
 	 */
 	bool initiator;
 

src/libcharon/sa/ikev2/task_manager_v2.c

@@ -109,7 +109,7 @@ struct private_task_manager_t {
 		array_t *packets;
 
 		/**
-		 * type of the initated exchange
+		 * type of the initiated exchange
 		 */
 		exchange_type_t type;
 

src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.h

@@ -45,7 +45,7 @@ struct ike_auth_lifetime_t {
  * Create a new TASK_IKE_AUTH_LIFETIME task.
  *
  * @param ike_sa		IKE_SA this task works for
- * @param initiator		TRUE if taks is initiated by us
+ * @param initiator		TRUE if task is initiated by us
  * @return				ike_auth_lifetime task to handle by the task_manager
  */
 ike_auth_lifetime_t *ike_auth_lifetime_create(ike_sa_t *ike_sa, bool initiator);

src/libcharon/sa/ikev2/tasks/ike_mobike.h

@@ -91,7 +91,7 @@ struct ike_mobike_t {
  * Create a new ike_mobike task.
  *
  * @param ike_sa		IKE_SA this task works for
- * @param initiator		TRUE if taks is initiated by us
+ * @param initiator		TRUE if task is initiated by us
  * @return				ike_mobike task to handle by the task_manager
  */
 ike_mobike_t *ike_mobike_create(ike_sa_t *ike_sa, bool initiator);

src/libcharon/sa/ikev2/tasks/ike_vendor.c

@@ -59,7 +59,7 @@ struct private_ike_vendor_t {
 	ike_sa_t *ike_sa;
 
 	/**
-	 * Are we the inititator of this task
+	 * Are we the initiator of this task
 	 */
 	bool initiator;
 };

src/libcharon/sa/task.h

@@ -115,7 +115,7 @@ extern enum_name_t *task_type_names;
 /**
  * Interface for a task, an operation handled within exchanges.
  *
- * A task is an elemantary operation. It may be handled by a single or by
+ * A task is an elementary operation. It may be handled by a single or by
  * multiple exchanges. An exchange may even complete multiple tasks.
  * A task has a build() and an process() operation. The build() operation
  * creates payloads and adds it to the message. The process() operation
@@ -128,7 +128,7 @@ extern enum_name_t *task_type_names;
  * that the task completed, even when the task completed unsuccessfully. The
  * manager then removes the task from the list. A NEED_MORE is returned when
  * the task needs further build()/process() calls to complete, the manager
- * leaves the taks in the queue. A returned FAILED indicates a critical failure.
+ * leaves the task in the queue. A returned FAILED indicates a critical failure.
  * The manager closes the IKE_SA whenever a task returns FAILED.
  */
 struct task_t {
@@ -180,7 +180,7 @@ struct task_t {
 	 * Migrate a task to a new IKE_SA.
 	 *
 	 * After migrating a task, it goes back to a state where it can be
-	 * used again to initate an exchange. This is useful when a task
+	 * used again to initiate an exchange. This is useful when a task
 	 * has to get migrated to a new IKE_SA.
 	 * A special usage is when a INVALID_KE_PAYLOAD is received. A call
 	 * to reset resets the task, but uses another DH group for the next

src/libfast/fast_dispatcher.c

@@ -30,7 +30,7 @@
 #include <collections/linked_list.h>
 #include <collections/hashtable.h>
 
-/** Intervall to check for expired sessions, in seconds */
+/** Interval to check for expired sessions, in seconds */
 #define CLEANUP_INTERVAL 30
 
 typedef struct private_fast_dispatcher_t private_fast_dispatcher_t;

src/libfast/fast_dispatcher.h

@@ -83,7 +83,7 @@ struct fast_dispatcher_t {
 	 * The first controller added serves as default controller. Client's
 	 * get redirected to it if no other controller matches.
 	 *
-	 * @param constructor	constructor function to the conntroller
+	 * @param constructor	constructor function to the controller
 	 * @param param			param to pass to constructor
 	 */
 	void (*add_controller)(fast_dispatcher_t *this,

src/libpttls/pt_tls.h

@@ -69,7 +69,7 @@ enum pt_tls_message_type_t {
 extern enum_name_t *pt_tls_message_type_names;
 
 /**
- * Result code for a single SASL mechansim, as sent in PT_TLS_SASL_RESULT
+ * Result code for a single SASL mechanism, as sent in PT_TLS_SASL_RESULT
  */
 enum pt_tls_sasl_result_t {
 	PT_TLS_SASL_RESULT_SUCCESS = 0,

src/libstrongswan/bio/bio_reader.h

@@ -142,7 +142,7 @@ struct bio_reader_t {
 	 * Read a chunk of len bytes from the end of the buffer, reduce remaining.
 	 *
 	 * @param len		number of bytes to read
-	 * @param res		ponter to result, not cloned
+	 * @param res		pointer to result, not cloned
 	 * @return			TRUE if data read successfully
 	 */
 	bool (*read_data_end)(bio_reader_t *this, uint32_t len, chunk_t *res);

src/libstrongswan/credentials/auth_cfg.h

@@ -141,7 +141,7 @@ extern enum_name_t *auth_rule_names;
  * RFC4739 defines multiple authentication rounds. This class defines such
  * a round from a configuration perspective, either for the local or the remote
  * peer. Local configs are called "rulesets". They define how we authenticate.
- * Remote peer configs are called "constraits". They define what is needed to
+ * Remote peer configs are called "constraints". They define what is needed to
  * complete the authentication round successfully.
  *
  * @verbatim

src/libstrongswan/credentials/certificates/certificate_printer.h

@@ -62,7 +62,7 @@ struct certificate_printer_t {
  *
  * @param f				file where print output is directed to (usually stdout)
  * @param detailed		print more detailed certificate information
- * @param utc			print time inforamtion in UTC
+ * @param utc			print time information in UTC
  */
 certificate_printer_t* certificate_printer_create(FILE *f, bool detailed,
 												  bool utc);

src/libstrongswan/crypto/crypto_factory.h

@@ -177,7 +177,7 @@ struct crypto_factory_t {
 	 * Register a crypter constructor.
 	 *
 	 * @param algo			algorithm to constructor
-	 * @param key size		key size to peform benchmarking for
+	 * @param key size		key size to perform benchmarking for
 	 * @param plugin_name	plugin that registered this algorithm
 	 * @param create		constructor function for that algorithm
 	 * @return				TRUE if registered, FALSE if test vector failed
@@ -204,7 +204,7 @@ struct crypto_factory_t {
 	 * Register a aead constructor.
 	 *
 	 * @param algo			algorithm to constructor
-	 * @param key size		key size to peform benchmarking for
+	 * @param key size		key size to perform benchmarking for
 	 * @param plugin_name	plugin that registered this algorithm
 	 * @param create		constructor function for that algorithm
 	 * @return				TRUE if registered, FALSE if test vector failed

src/libstrongswan/plugins/gcm/gcm_aead.c

@@ -62,7 +62,7 @@ struct private_gcm_aead_t {
 };
 
 /**
- * Find a suiteable word size and network order conversion functions
+ * Find a suitable word size and network order conversion functions
  */
 #if ULONG_MAX == 18446744073709551615UL && defined(htobe64)
 #	define htobeword htobe64

src/libstrongswan/plugins/newhope/newhope_ke.c

@@ -306,7 +306,7 @@ METHOD(diffie_hellman_t, get_my_public_value, bool,
 		rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
 		if (!rng)
 		{
-			DBG1(DBG_LIB, "could not instatiate random source");
+			DBG1(DBG_LIB, "could not instantiate random source");
 			return FALSE;
 		}
 		if (!rng->get_bytes(rng, seed_len, a_seed.ptr))
@@ -463,7 +463,7 @@ METHOD(diffie_hellman_t, set_other_public_value, bool,
 		rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG);
 		if (!rng)
 		{
-			DBG1(DBG_LIB, "could not instatiate random source");
+			DBG1(DBG_LIB, "could not instantiate random source");
 			goto end;
 		}
 		if (!rng->get_bytes(rng, seed_len, noise_seed.ptr))

src/libstrongswan/plugins/ntru/ntru_drbg.h

@@ -71,7 +71,7 @@ struct ntru_drbg_t {
 };
 
 /**
- * Create and instantiate a new DRBG objet.
+ * Create and instantiate a new DRBG object.
  *
  * @param strength		security strength in bits
  * @param pers_str		personalization string

src/libstrongswan/plugins/ntru/ntru_poly.h

@@ -49,7 +49,7 @@ struct ntru_poly_t {
 	void (*get_array)(ntru_poly_t *this, uint16_t *array);
 
 	/**
-	 * Multiply polynomial a with ntru_poly_t object b having sparse coeffients
+	 * Multiply polynomial a with ntru_poly_t object b having sparse coefficients
 	 * to form result polynomial c = a * b
 	 *
 	 * @param a			input polynomial a

src/libstrongswan/selectors/traffic_selector.h

@@ -395,7 +395,7 @@ traffic_selector_t *traffic_selector_create_from_subnet(
  * greater or equal to 256 they are assumed to be type and code as defined
  * for traffic_selector_t.
  *
- * @param protocol		upper layer protocl to allow
+ * @param protocol		upper layer protocol to allow
  * @param from_port		start of allowed port range
  * @param to_port		end of range
  * @return

src/libstrongswan/settings/settings_lexer.l

@@ -29,7 +29,7 @@ static void include_files(parser_helper_t *ctx);
 /* use start conditions stack */
 %option stack
 
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
 %option noinput noyywrap
 
 /* don't use global variables, and interact properly with bison */

src/libstrongswan/tests/suites/test_printf.c

@@ -204,7 +204,7 @@ Suite *printf_suite_create()
 	tcase_add_test(tc, test_printf_err);
 	suite_add_tcase(s, tc);
 
-	tc = tcase_create("unsiged");
+	tc = tcase_create("unsigned");
 	tcase_add_test(tc, test_printf_unsigned);
 	suite_add_tcase(s, tc);
 

src/libstrongswan/threading/windows/mutex.c

@@ -112,7 +112,7 @@ METHOD(condvar_t, timed_wait, bool,
 	thread_set_active_condvar(&this->cv);
 
 	/* while a CriticalSection is recursive, waiting in a condvar releases
-	 * only one mutex. So release (and reaquire) all locks except the last. */
+	 * only one mutex. So release (and reacquire) all locks except the last. */
 	times = mutex->times;
 	while (mutex->times-- > 1)
 	{

src/libtls/tls_socket.h

@@ -104,7 +104,7 @@ struct tls_socket_t {
  * @param peer				client identity, NULL for no client authentication
  * @param fd				socket to read/write from
  * @param cache				session cache to use, or NULL
- * @param max_version		maximun TLS version to negotiate
+ * @param max_version		maximum TLS version to negotiate
  * @param nullok			accept NULL encryption ciphers
  * @return					TLS socket wrapper
  */

src/starter/parser/lexer.l

@@ -30,7 +30,7 @@ static void include_files(parser_helper_t *ctx);
 /* use start conditions stack */
 %option stack
 
-/* do not declare unneded functions */
+/* do not declare unneeded functions */
 %option noinput noyywrap
 
 /* don't use global variables, and interact properly with bison */

src/swanctl/commands/initiate.c

@@ -131,7 +131,7 @@ static void __attribute__ ((constructor))reg()
 		{"--child <name> [--ike <name>] [--timeout <s>] [--raw|--pretty]"},
 		{
 			{"help",		'h', 0, "show usage information"},
-			{"child",		'c', 1, "initate a CHILD_SA configuration"},
+			{"child",		'c', 1, "initiate a CHILD_SA configuration"},
 			{"ike",			'i', 1, "name of the connection to which the child belongs"},
 			{"timeout",		't', 1, "timeout in seconds before detaching"},
 			{"raw",			'r', 0, "dump raw response message"},