Spelling fixes

* accumulating
* acquire
* alignment
* appropriate
* argument
* assign
* attribute
* authenticate
* authentication
* authenticator
* authority
* auxiliary
* brackets
* callback
* camellia
* can't
* cancelability
* certificate
* choinyambuu
* chunk
* collector
* collision
* communicating
* compares
* compatibility
* compressed
* confidentiality
* configuration
* connection
* consistency
* constraint
* construction
* constructor
* database
* decapsulated
* declaration
* decrypt
* derivative
* destination
* destroyed
* details
* devised
* dynamic
* ecapsulation
* encoded
* encoding
* encrypted
* enforcing
* enumerator
* establishment
* excluded
* exclusively
* exited
* expecting
* expire
* extension
* filter
* firewall
* foundation
* fulfillment
* gateways
* hashing
* hashtable
* heartbeats
* identifier
* identifiers
* identities
* identity
* implementers
* indicating
* initialize
* initiate
* initiation
* initiator
* inner
* instantiate
* legitimate
* libraries
* libstrongswan
* logger
* malloc
* manager
* manually
* measurement
* mechanism
* message
* network
* nonexistent
* object
* occurrence
* optional
* outgoing
* packages
* packets
* padding
* particular
* passphrase
* payload
* periodically
* policies
* possible
* previously
* priority
* proposal
* protocol
* provide
* provider
* pseudo
* pseudonym
* public
* qualifier
* quantum
* quintuplets
* reached
* reading
* recommendation to
* recommendation
* recursive
* reestablish
* referencing
* registered
* rekeying
* reliable
* replacing
* representing
* represents
* request
* request
* resolver
* result
* resulting
* resynchronization
* retriable
* revocation
* right
* rollback
* rule
* rules
* runtime
* scenario
* scheduled
* security
* segment
* service
* setting
* signature
* specific
* specified
* speed
* started
* steffen
* strongswan
* subjectaltname
* supported
* threadsafe
* traffic
* tremendously
* treshold
* unique
* uniqueness
* unknown
* until
* upper
* using
* validator
* verification
* version
* version
* warrior

Closes strongswan/strongswan#164.

NEWS

@@ -188,7 +188,7 @@ strongswan-5.7.0
   for low-exponent keys (i.e. with e=3).  CVE-2018-16151 has been assigned to
   the problem of accepting random bytes after the OID of the hash function in
   such signatures, and CVE-2018-16152 has been assigned to the issue of not
-  verifying that the parameters in the ASN.1 algorithmIdentitifer structure is
+  verifying that the parameters in the ASN.1 algorithmIdentifier structure is
   empty.  Other flaws that don't lead to a vulnerability directly (e.g. not
   checking for at least 8 bytes of padding) have no separate CVE assigned.
 
@@ -694,7 +694,7 @@ strongswan-5.3.3
 
 - In the bliss plugin the c_indices derivation using a SHA-512 based random
   oracle has been fixed, generalized and standardized by employing the MGF1 mask
-  generation function with SHA-512. As a consequence BLISS signatures unsing the
+  generation function with SHA-512. As a consequence BLISS signatures using the
   improved oracle are not compatible with the earlier implementation.
 
 - Support for auto=route with right=%any for transport mode connections has
@@ -1269,7 +1269,7 @@ strongswan-5.0.1
 - The PA-TNC and PB-TNC protocols can now process huge data payloads
   >64 kB by distributing PA-TNC attributes over multiple PA-TNC messages
   and these messages over several PB-TNC batches. As long as no
-  consolidated recommandation from all IMVs can be obtained, the TNC
+  consolidated recommendation from all IMVs can be obtained, the TNC
   server requests more client data by sending an empty SDATA batch.
 
 - The rightgroups2 ipsec.conf option can require group membership during
@@ -1991,7 +1991,7 @@ strongswan-4.3.1
 
 - The nm plugin also accepts CA certificates for gateway authentication. If
   a CA certificate is configured, strongSwan uses the entered gateway address
-  as its idenitity, requiring the gateways certificate to contain the same as
+  as its identity, requiring the gateways certificate to contain the same as
   subjectAltName. This allows a gateway administrator to deploy the same
   certificates to Windows 7 and NetworkManager clients.
 
@@ -2038,7 +2038,7 @@ strongswan-4.3.0
   Initiators and responders can use several authentication rounds (e.g. RSA
   followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and
   leftauth2/rightauth2 parameters define own authentication rounds or setup
-  constraints for the remote peer. See the ipsec.conf man page for more detials.
+  constraints for the remote peer. See the ipsec.conf man page for more details.
 
 - If glibc printf hooks (register_printf_function) are not available,
   strongSwan can use the vstr string library to run on non-glibc systems.
@@ -2784,7 +2784,7 @@ strongswan-4.0.4
 
 - Added support for preshared keys in IKEv2. PSK keys configured in
   ipsec.secrets are loaded. The authby parameter specifies the authentication
-  method to authentificate ourself, the other peer may use PSK or RSA.
+  method to authenticate ourself, the other peer may use PSK or RSA.
 
 - Changed retransmission policy to respect the keyingtries parameter.
 
@@ -2922,7 +2922,7 @@ strongswan-2.7.0
   left|rightfirewall keyword causes the automatic insertion
   and deletion of ACCEPT rules for tunneled traffic upon
   the successful setup and teardown of an IPsec SA, respectively.
-  left|rightfirwall can be used with KLIPS under any Linux 2.4
+  left|rightfirewall can be used with KLIPS under any Linux 2.4
   kernel or with NETKEY under a Linux kernel version >= 2.6.16
   in conjunction with iptables >= 1.3.5. For NETKEY under a Linux
   kernel version < 2.6.16 which does not support IPsec policy
@@ -3043,7 +3043,7 @@ strongswan-2.6.0
   to replace the various shell and awk starter scripts (setup, _plutoload,
   _plutostart, _realsetup, _startklips, _confread, and auto). Since
   ipsec.conf is now parsed only once, the starting of multiple tunnels is
-  accelerated tremedously.
+  accelerated tremendously.
 
 - Added support of %defaultroute to the ipsec starter. If the IP address
   changes, a HUP signal to the ipsec starter will automatically
@@ -3177,9 +3177,9 @@ strongswan-2.5.1
 
 - Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
   installed either by setting auto=route in ipsec.conf or by
-  a connection put into hold, generates an XFRM_AQUIRE event
+  a connection put into hold, generates an XFRM_ACQUIRE event
   for each packet that wants to use the not-yet existing
-  tunnel. Up to now each XFRM_AQUIRE event led to an entry in
+  tunnel. Up to now each XFRM_ACQUIRE event led to an entry in
   the Quick Mode queue, causing multiple IPsec SA to be
   established in rapid succession. Starting with strongswan-2.5.1
   only a single IPsec SA is established per host-pair connection.

README_LEGACY.md

@@ -639,7 +639,7 @@ following entries are required in `/etc/ipsec.conf`:
 
     conn rw1
         right=%any
-        righsubnet=10.4.0.5/32
+        rightsubnet=10.4.0.5/32
 
     conn rw2
         right=%any

conf/plugins/load-tester.opt

@@ -25,7 +25,7 @@ charon.plugins.load-tester.crl
 	certificates.
 
 charon.plugins.load-tester.delay = 0
-	Delay between initiatons for each thread.
+	Delay between initiations for each thread.
 
 charon.plugins.load-tester.delete_after_established = no
 	Delete an IKE_SA as soon as it has been established.
@@ -66,7 +66,7 @@ charon.plugins.load-tester.initiators = 0
 	Number of concurrent initiator threads to use in load test.
 
 charon.plugins.load-tester.initiator_auth = pubkey
-	Authentication method(s) the intiator uses.
+	Authentication method(s) the initiator uses.
 
 charon.plugins.load-tester.initiator_id =
 	Initiator ID used in load test.

conf/strongswan.conf.5.tail.in

@@ -74,7 +74,7 @@ libtls library messages
 libipsec library messages
 .TP
 .B lib
-libstrongwan library messages
+libstrongswan library messages
 .TP
 .B tnc
 Trusted Network Connect

configure.ac

@@ -55,7 +55,7 @@ ARG_WITH_SUBST([piddir],             [/var/run], [set path for PID and UNIX sock
 ARG_WITH_SUBST([ipsecdir],           [${libexecdir%/}/ipsec], [set installation path for ipsec tools])
 ARG_WITH_SUBST([ipseclibdir],        [${libdir%/}/ipsec], [set installation path for ipsec libraries])
 ARG_WITH_SUBST([plugindir],          [${ipseclibdir%/}/plugins], [set the installation path of plugins])
-ARG_WITH_SUBST([imcvdir],            [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic librariers])
+ARG_WITH_SUBST([imcvdir],            [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic libraries])
 ARG_WITH_SUBST([nm-ca-dir],          [/usr/share/ca-certificates], [directory the NM backend uses to look up trusted root certificates])
 ARG_WITH_SUBST([swanctldir],         [${sysconfdir}/swanctl], [base directory for swanctl configuration files and credentials])
 ARG_WITH_SUBST([linux-headers],      [\${top_srcdir}/src/include], [set directory of linux header files to use])
@@ -1035,7 +1035,7 @@ if test x$tss_tss2 = xtrue; then
 		AC_SUBST(tss2_LIBS, "$tss2_sys_LIBS")
 	else
 		PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
-			[tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])],
+			[tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Manager])],
 			[tss2_tabrmd=false])
 		PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
 			[tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],

src/charon-nm/nm/nm_backend.c

@@ -44,7 +44,7 @@ struct nm_backend_t {
 	nm_creds_t *creds;
 
 	/**
-	 * attribute handler regeisterd at the daemon
+	 * attribute handler registered at the daemon
 	 */
 	nm_handler_t *handler;
 };

src/charon-nm/nm/nm_service.c

@@ -561,7 +561,7 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
 				return FALSE;
 			}
 		}
-		/* ... or certificate/private key authenitcation */
+		/* ... or certificate/private key authentication */
 		else if ((str = nm_setting_vpn_get_data_item(vpn, "usercert")))
 		{
 			public_key_t *public;

src/charon-tkm/src/tkm/tkm_listener.c

@@ -45,7 +45,7 @@ struct private_tkm_listener_t {
 /**
  * Return id of remote identity.
  *
- * TODO: Replace this with the lookup for the remote identitiy id.
+ * TODO: Replace this with the lookup for the remote identity id.
  *
  * Currently the reqid of the first child SA in peer config of IKE SA is
  * returned. Might choose wrong reqid if IKE SA has multiple child configs

src/conftest/README

@@ -108,7 +108,7 @@ The following CHILD_SA specific configuration options are supported:
   lts:         Local side traffic selectors, comma separated CIDR subnets
   rts:         Remote side traffic selectors, comma separated CIDR subnets
   transport:   Propose IPsec transport mode instead of tunnel mode
-  tfc_padding: Inject Traffic Flow Confidentialty bytes to align packets to the
+  tfc_padding: Inject Traffic Flow Confidentiality bytes to align packets to the
                given length
   proposal:    CHILD_SA proposal list, same syntax as IKE_SA proposal list
 
@@ -271,7 +271,7 @@ Currently, the following hooks are defined with the following options:
     request:          yes to set in request, no in response
     id:               IKEv2 message identifier of message to mangle
     from:             proposal number to mangle
-    to:               new porposal number to set instead of from
+    to:               new proposal number to set instead of from
   set_reserved:       set arbitrary reserved bits/bytes in payloads
     request:          yes to set in request, no in response
     id:               IKEv2 message identifier of message to mangle

src/conftest/conftest.c

@@ -129,7 +129,7 @@ static bool load_cert(settings_t *settings, bool trusted)
 }
 
 /**
- * Load certificates from the confiuguration file
+ * Load certificates from the configuration file
  */
 static bool load_certs(settings_t *settings, char *dir)
 {
@@ -163,7 +163,7 @@ static bool load_certs(settings_t *settings, char *dir)
 }
 
 /**
- * Load private keys from the confiuguration file
+ * Load private keys from the configuration file
  */
 static bool load_keys(settings_t *settings, char *dir)
 {

src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_ipsec.c

@@ -38,7 +38,7 @@ struct private_kernel_android_ipsec_t {
 };
 
 /**
- * Callback registrered with libipsec.
+ * Callback registered with libipsec.
  */
 static void expire(uint8_t protocol, uint32_t spi, host_t *dst, bool hard)
 {

src/frontends/gnome/configure.ac

@@ -68,7 +68,7 @@ AC_ARG_ENABLE(
 )
 AC_ARG_WITH(
 	[libnm-glib],
-	AS_HELP_STRING([--without-libnm-glib], [build NetworkManager-strongswan without libnm-glib comatibility]),
+	AS_HELP_STRING([--without-libnm-glib], [build NetworkManager-strongswan without libnm-glib compatibility]),
 	[with_libnm_glib=no],
 	[with_libnm_glib=yes]
 )

src/frontends/gnome/properties/nm-strongswan-dialog.ui

@@ -27,7 +27,7 @@
           </packing>
         </child>
         <child>
-          <object class="GtkAlignment" id="gateway-alignement">
+          <object class="GtkAlignment" id="gateway-alignment">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
             <property name="left_padding">12</property>
@@ -135,7 +135,7 @@
           </packing>
         </child>
         <child>
-          <object class="GtkAlignment" id="client-aligement">
+          <object class="GtkAlignment" id="client-alignment">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
             <property name="left_padding">12</property>
@@ -351,7 +351,7 @@
           </packing>
         </child>
         <child>
-          <object class="GtkAlignment" id="options-alignement">
+          <object class="GtkAlignment" id="options-alignment">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
             <property name="left_padding">12</property>

src/include/linux/xfrm.h

@@ -219,7 +219,7 @@ enum {
 #define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
 
 /*
- * Generic LSM security context for comunicating to user space
+ * Generic LSM security context for communicating to user space
  * NOTE: Same format as sadb_x_sec_ctx
  */
 struct xfrm_user_sec_ctx {

src/libcharon/attributes/attribute_handler.h

@@ -37,7 +37,7 @@ struct attribute_handler_t {
 	/**
 	 * Handle a configuration attribute.
 	 *
-	 * After receiving a configuration attriubte, it is passed to each
+	 * After receiving a configuration attribute, it is passed to each
 	 * attribute handler until it is handled.
 	 *
 	 * @param ike_sa	IKE_SA under which attribute is received

src/libcharon/attributes/attribute_manager.c

@@ -233,7 +233,7 @@ typedef struct {
 	enumerator_t *inner;
 	/** IKE_SA to request attributes for */
 	ike_sa_t *ike_sa;
-	/** virtual IPs we are requesting along with attriubutes */
+	/** virtual IPs we are requesting along with attributes */
 	linked_list_t *vips;
 } initiator_enumerator_t;
 

src/libcharon/attributes/mem_pool.c

@@ -85,7 +85,7 @@ typedef struct {
  * Lease entry.
  */
 typedef struct {
-	/* identitiy reference */
+	/* identity reference */
 	identification_t *id;
 	/* array of online leases, as unique_lease_t */
 	array_t *online;

src/libcharon/bus/bus.h

@@ -461,7 +461,7 @@ struct bus_t {
 	 * CHILD_SA migration hook.
 	 *
 	 * @param new		ID of new SA when called for the old, NULL otherwise
-	 * @param uniue		unique ID of new SA when called for the old, 0 otherwise
+	 * @param unique	unique ID of new SA when called for the old, 0 otherwise
 	 */
 	void (*children_migrate)(bus_t *this, ike_sa_id_t *new, uint32_t unique);
 

src/libcharon/config/child_cfg.c

@@ -114,12 +114,12 @@ struct private_child_cfg_t {
 	uint32_t reqid;
 
 	/**
-	 * Optionl interface ID to use for inbound CHILD_SA
+	 * Optional interface ID to use for inbound CHILD_SA
 	 */
 	uint32_t if_id_in;
 
 	/**
-	 * Optionl interface ID to use for outbound CHILD_SA
+	 * Optional interface ID to use for outbound CHILD_SA
 	 */
 	uint32_t if_id_out;
 

src/libcharon/config/child_cfg.h

@@ -96,7 +96,7 @@ struct child_cfg_t {
 	/**
 	 * Select a proposal from a supplied list.
 	 *
-	 * Returned propsal is newly created and must be destroyed after usage.
+	 * Returned proposal is newly created and must be destroyed after usage.
 	 *
 	 * @param proposals		list from which proposals are selected
 	 * @param flags			flags to consider during proposal selection
@@ -124,7 +124,7 @@ struct child_cfg_t {
 	 * side, one for the remote side.
 	 * If a list with traffic selectors is supplied, these are used to narrow
 	 * down the traffic selector list to the greatest common divisor.
-	 * Some traffic selector may be "dymamic", meaning they are narrowed down
+	 * Some traffic selector may be "dynamic", meaning they are narrowed down
 	 * to a specific address (host-to-host or virtual-IP setups). Use
 	 * the "host" parameter to narrow such traffic selectors to that address.
 	 * Resulted list and its traffic selectors must be destroyed after use.

src/libcharon/config/peer_cfg.c

@@ -156,12 +156,12 @@ struct private_peer_cfg_t {
 	linked_list_t *remote_auth;
 
 	/**
-	 * Optionl interface ID to use for inbound CHILD_SA
+	 * Optional interface ID to use for inbound CHILD_SA
 	 */
 	uint32_t if_id_in;
 
 	/**
-	 * Optionl interface ID to use for outbound CHILD_SA
+	 * Optional interface ID to use for outbound CHILD_SA
 	 */
 	uint32_t if_id_out;
 

src/libcharon/config/peer_cfg.h

@@ -134,7 +134,7 @@ struct peer_cfg_t {
 	ike_version_t (*get_ike_version)(peer_cfg_t *this);
 
 	/**
-	 * Get the IKE config to use for initiaton.
+	 * Get the IKE config to use for initiation.
 	 *
 	 * @return				the IKE config to use
 	 */

src/libcharon/daemon.h

@@ -150,7 +150,7 @@
  * synchronization:
  * Each IKE_SA must be checked out strictly and checked in again after use. The
  * manager guarantees that only one thread may check out a single IKE_SA. This
- * allows us to write the (complex) IKE_SAs routines non-threadsave.
+ * allows us to write the (complex) IKE_SAs routines non-threadsafe.
  * The IKE_SA contain the state and the logic of each IKE_SA and handle the
  * messages.
  *

src/libcharon/encoding/message.c

@@ -78,9 +78,9 @@ typedef struct {
 	/* Payload type */
 	 payload_type_t type;
 	/* Minimal occurrence of this payload. */
-	size_t min_occurence;
+	size_t min_occurrence;
 	/* Max occurrence of this payload. */
-	size_t max_occurence;
+	size_t max_occurrence;
 	/* TRUE if payload must be encrypted */
 	bool encrypted;
 	/* If payload occurs, the message rule is fulfilled */
@@ -1653,7 +1653,7 @@ static ike_header_t *create_header(private_message_t *this)
 /**
  * Generates the message, if needed, wraps the payloads in an encrypted payload.
  *
- * The generator and the possible enrypted payload are returned.  The latter
+ * The generator and the possible encrypted payload are returned.  The latter
  * is not yet encrypted (but the transform is set).  It is also not added to
  * the payload list (so unless there are unencrypted payloads that list will
  * be empty afterwards).
@@ -2600,11 +2600,11 @@ static status_t verify(private_message_t *this)
 				found++;
 				DBG2(DBG_ENC, "found payload of type %N",
 					 payload_type_names, type);
-				if (found > rule->max_occurence)
+				if (found > rule->max_occurrence)
 				{
 					DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
 						 "occurred in current message", payload_type_names,
-						 type, rule->max_occurence, found);
+						 type, rule->max_occurrence, found);
 					enumerator->destroy(enumerator);
 					return VERIFY_ERROR;
 				}
@@ -2612,10 +2612,10 @@ static status_t verify(private_message_t *this)
 		}
 		enumerator->destroy(enumerator);
 
-		if (!complete && found < rule->min_occurence)
+		if (!complete && found < rule->min_occurrence)
 		{
 			DBG1(DBG_ENC, "payload of type %N not occurred %d times (%d)",
-				 payload_type_names, rule->type, rule->min_occurence, found);
+				 payload_type_names, rule->type, rule->min_occurrence, found);
 			return VERIFY_ERROR;
 		}
 		if (found && rule->sufficient)

src/libcharon/encoding/parser.c

@@ -391,7 +391,7 @@ METHOD(parser_t, parse_payload, status_t,
 
 	/* base pointer for output, avoids casting in every rule */
 	output = pld;
-	/* parse the payload with its own rulse */
+	/* parse the payload with its own rules */
 	rule_count = pld->get_encoding_rules(pld, &this->rules);
 	for (rule_number = 0; rule_number < rule_count; rule_number++)
 	{
@@ -618,7 +618,7 @@ METHOD(parser_t, parse_payload, status_t,
 				return PARSE_ERROR;
 			}
 		}
-		/* process next rulue */
+		/* process next rule */
 		rule++;
 	}
 

src/libcharon/encoding/payloads/cp_payload.h

@@ -58,7 +58,7 @@ struct cp_payload_t {
 	/**
 	 * Creates an enumerator of stored configuration_attribute_t objects.
 	 *
-	 * @return			enumerator over configration_attribute_T
+	 * @return			enumerator over configuration_attribute_t
 	 */
 	enumerator_t *(*create_attribute_enumerator) (cp_payload_t *this);
 

src/libcharon/encoding/payloads/eap_payload.c

@@ -83,7 +83,7 @@ static encoding_rule_t encodings[] = {
 	{ RESERVED_BIT,		offsetof(private_eap_payload_t, reserved[6])	},
 	/* Length of the whole payload*/
 	{ PAYLOAD_LENGTH,	offsetof(private_eap_payload_t, payload_length)	},
-	/* chunt to data, starting at "code" */
+	/* chunk to data, starting at "code" */
 	{ CHUNK_DATA,		offsetof(private_eap_payload_t, data)			},
 };
 

src/libcharon/encoding/payloads/encodings.h

@@ -179,7 +179,7 @@ enum encoding_type_t {
 	/**
 	 * Representing a spi field.
 	 *
-	 * When generating the content of the chunkt pointing to
+	 * When generating the content of the chunk pointing to
 	 * is written.
 	 *
 	 * When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
@@ -248,7 +248,7 @@ enum encoding_type_t {
 	 * this field is available or missing and so parsed/generated
 	 * or not parsed/not generated.
 	 *
-	 * When generating the content of the chunkt pointing to
+	 * When generating the content of the chunk pointing to
 	 * is written.
 	 *
 	 * When parsing SPI_SIZE bytes are read and written into the chunk pointing to.
@@ -274,7 +274,7 @@ enum encoding_type_t {
 	 * Depending on the last field of type TS_TYPE
 	 * this field is either 4 or 16 byte long.
 	 *
-	 * When generating the content of the chunkt pointing to
+	 * When generating the content of the chunk pointing to
 	 * is written.
 	 *
 	 * When parsing 4 or 16 bytes are read and written into the chunk pointing to.
@@ -290,7 +290,7 @@ enum encoding_type_t {
 	 * Representing an IKE_SPI field in an IKEv2 Header.
 	 *
 	 * When generating the value of the uint64_t pointing to
-	 * is written (host and networ order is not changed).
+	 * is written (host and network order is not changed).
 	 *
 	 * When parsing 8 bytes are read and written into the uint64_t pointing to.
 	 */
@@ -302,7 +302,7 @@ enum encoding_type_t {
 	ENCRYPTED_DATA,
 
 	/**
-	 * Reprensenting a field containing a set of wrapped payloads.
+	 * Representing a field containing a set of wrapped payloads.
 	 *
 	 * This type is not used directly, but as an offset to the wrapped payloads.
 	 * The type of the wrapped payload is added to this encoding type.

src/libcharon/encoding/payloads/fragment_payload.h

@@ -61,7 +61,7 @@ struct fragment_payload_t {
 	/**
 	 * Get the fragment data.
 	 *
-	 * @return				chunkt to internal fragment data
+	 * @return				chunk to internal fragment data
 	 */
 	chunk_t (*get_data)(fragment_payload_t *this);
 

src/libcharon/encoding/payloads/hash_payload.h

@@ -46,7 +46,7 @@ struct hash_payload_t {
 	/**
 	 * Get the hash value.
 	 *
-	 * @return				chunkt to internal hash data
+	 * @return				chunk to internal hash data
 	 */
 	chunk_t (*get_hash) (hash_payload_t *this);
 

src/libcharon/encoding/payloads/id_payload.h

@@ -89,7 +89,7 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type,
  * Create an IKEv1 ID_ADDR_SUBNET/RANGE identity from a traffic selector.
  *
  * @param ts		traffic selector
- * @return			PLV1_ID id_paylad_t object.
+ * @return			PLV1_ID id_payload_t object.
  */
 id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts);
 

src/libcharon/encoding/payloads/payload.h

@@ -168,7 +168,7 @@ enum payload_type_t {
 	PLV2_NONCE = 40,
 
 	/**
-	 * Notify paylaod (N).
+	 * Notify payload (N).
 	 */
 	PLV2_NOTIFY = 41,
 
@@ -178,7 +178,7 @@ enum payload_type_t {
 	PLV2_DELETE = 42,
 
 	/**
-	 * Vendor id paylpoad (V).
+	 * Vendor id payload (V).
 	 */
 	PLV2_VENDOR_ID = 43,
 
@@ -382,9 +382,9 @@ struct payload_t {
 	size_t (*get_length) (payload_t *this);
 
 	/**
-	 * Verifies payload structure and makes consistence check.
+	 * Verifies payload structure and makes consistency check.
 	 *
-	 * @return				SUCCESS,  FAILED if consistence not given
+	 * @return				SUCCESS,  FAILED if consistency not given
 	 */
 	status_t (*verify) (payload_t *this);
 
@@ -399,7 +399,7 @@ struct payload_t {
  *
  * Useful for the parser, who wants a generic constructor for all payloads.
  * It supports all payload_t methods. If a payload type is not known,
- * an unknwon_paylod is created with the chunk of data in it.
+ * an unknown_payload is created with the chunk of data in it.
  *
  * @param type		type of the payload to create
  * @return			payload_t object

src/libcharon/encoding/payloads/proposal_substructure.h

@@ -117,7 +117,7 @@ struct proposal_substructure_t {
 	bool (*get_cpi) (proposal_substructure_t *this, uint16_t *cpi);
 
 	/**
-	 * Get proposals contained in a propsal_substructure_t.
+	 * Get proposals contained in a proposal_substructure_t.
 	 *
 	 * @param list		list to add created proposals to
 	 */

src/libcharon/encoding/payloads/traffic_selector_substructure.h

@@ -134,7 +134,7 @@ struct traffic_selector_substructure_t {
 traffic_selector_substructure_t *traffic_selector_substructure_create(void);
 
 /**
- * Creates an initialized traffif selector substructure using
+ * Creates an initialized traffic selector substructure using
  * the values from a traffic_selector_t.
  *
  * @param traffic_selector	traffic_selector_t to use for initialization

src/libcharon/kernel/kernel_interface.h

@@ -361,7 +361,7 @@ struct kernel_interface_t {
 	 *
 	 * @param virtual_ip	virtual ip address to remove
 	 * @param prefix		prefix length of the IP to uninstall, -1 for auto
-	 * @param wait			TRUE to wait untily IP is gone
+	 * @param wait			TRUE to wait until IP is gone
 	 * @return				SUCCESS if operation completed
 	 */
 	status_t (*del_ip) (kernel_interface_t *this, host_t *virtual_ip,
@@ -433,7 +433,7 @@ struct kernel_interface_t {
 	/**
 	 * Check if interfaces are excluded by config.
 	 *
-	 * @return				TRUE if no interfaces are exclued by config
+	 * @return				TRUE if no interfaces are excluded by config
 	 */
 	bool (*all_interfaces_usable)(kernel_interface_t *this);
 

src/libcharon/kernel/kernel_listener.h

@@ -47,7 +47,7 @@ struct kernel_listener_t {
 					traffic_selector_t *src_ts, traffic_selector_t *dst_ts);
 
 	/**
-	 * Hook called if an exire event for an IPsec SA is received.
+	 * Hook called if an expire event for an IPsec SA is received.
 	 *
 	 * @param protocol		protocol of the expired SA
 	 * @param spi			spi of the expired SA
@@ -63,7 +63,7 @@ struct kernel_listener_t {
 	 *
 	 * @param protocol		IPsec protocol of affected SA
 	 * @param spi			spi of the SA
-	 * @param dst			old destinatino address of SA
+	 * @param dst			old destination address of SA
 	 * @param remote		new remote host
 	 * @return				TRUE to remain registered, FALSE to unregister
 	 */

src/libcharon/network/receiver.c

@@ -302,7 +302,7 @@ static bool cookie_required(private_receiver_t *this,
 		/* We don't disable cookies unless we haven't seen IKE_SA_INITs
 		 * for COOKIE_CALMDOWN_DELAY seconds. This avoids jittering between
 		 * cookie on / cookie off states, which is problematic. Consider the
-		 * following: A legitimiate initiator sends a IKE_SA_INIT while we
+		 * following: A legitimate initiator sends a IKE_SA_INIT while we
 		 * are under a DoS attack. If we toggle our cookie behavior,
 		 * multiple retransmits of this IKE_SA_INIT might get answered with
 		 * and without cookies. The initiator goes on and retries with

src/libcharon/plugins/dhcp/dhcp_provider.h

@@ -33,7 +33,7 @@ typedef struct dhcp_provider_t dhcp_provider_t;
 struct dhcp_provider_t {
 
 	/**
-	 * Implements attribute_provier_t interface.
+	 * Implements attribute_provider_t interface.
 	 */
 	attribute_provider_t provider;
 

src/libcharon/plugins/eap_aka_3gpp/eap_aka_3gpp_functions.h

@@ -63,7 +63,7 @@ typedef struct eap_aka_3gpp_functions_t eap_aka_3gpp_functions_t;
  * @param id			user identity
  * @param[out] k		(16 byte) scratchpad to receive secret key K
  * @param[out] opc		(16 byte) scratchpad to receive operator variant key
- *						derivate OPc
+ *						derivative OPc
  */
 bool eap_aka_3gpp_get_k_opc(identification_t *id, uint8_t k[AKA_K_LEN],
 							uint8_t opc[AKA_OPC_LEN]);
@@ -88,7 +88,7 @@ struct eap_aka_3gpp_functions_t {
 	 * f1 : Calculate MAC-A from RAND, SQN, AMF using K and OPc
 	 *
 	 * @param k			(128 bit) secret key K
-	 * @param opc		(128 bit) operator variant key derivate OPc
+	 * @param opc		(128 bit) operator variant key derivative OPc
 	 * @param rand		(128 bit) random value RAND
 	 * @param sqn		 (48 bit) sequence number SQN
 	 * @param amf		 (16 bit) authentication management field AMF
@@ -106,7 +106,7 @@ struct eap_aka_3gpp_functions_t {
 	 * f1* : Calculate MAC-S from RAND, SQN, AMF using K and OPc
 	 *
 	 * @param k			(128 bit) secret key K
-	 * @param opc		(128 bit) operator variant key derivate OPc
+	 * @param opc		(128 bit) operator variant key derivative OPc
 	 * @param rand		(128 bit) random value RAND
 	 * @param sqn		 (48 bit) sequence number SQN
 	 * @param amf		 (16 bit) authentication management field AMF
@@ -127,7 +127,7 @@ struct eap_aka_3gpp_functions_t {
 	 * f5 : Calculates AK  from RAND using K and OPc
 	 *
 	 * @param k			(128 bit) secret key K
-	 * @param opc		(128 bit) operator variant key derivate OPc
+	 * @param opc		(128 bit) operator variant key derivative OPc
 	 * @param rand		(128 bit) random value RAND
 	 * @param[out] res	 (64 bit) scratchpad to receive signed response RES
 	 * @param[out] ck	(128 bit) scratchpad to receive encryption key CK
@@ -146,7 +146,7 @@ struct eap_aka_3gpp_functions_t {
 	 * f5* : Calculates resync AKS from RAND using K and OPc
 	 *
 	 * @param k			(128 bit) secret key K
-	 * @param opc		(128 bit) operator variant key derivate OPc
+	 * @param opc		(128 bit) operator variant key derivative OPc
 	 * @param rand		(128 bit) random value RAND
 	 * @param[out] aks	 (48 bit) scratchpad to receive resync anonymity key AKS
 	 * @return				TRUE if calculations successful

src/libcharon/plugins/eap_gtc/eap_gtc.c

@@ -44,7 +44,7 @@ struct private_eap_gtc_t {
 	identification_t *peer;
 
 	/**
-	 * EAP message identififier
+	 * EAP message identifier
 	 */
 	uint8_t identifier;
 };

src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c

@@ -1161,7 +1161,7 @@ static status_t process_server_retry(private_eap_mschapv2_t *this,
 	/* delay the response for some time to make brute-force attacks harder */
 	sleep(RETRY_DELAY);
 
-	/* since the error is retryable the state does not change, we still
+	/* since the error is retriable the state does not change, we still
 	 * expect an MSCHAPV2_RESPONSE from the peer */
 	return NEED_MORE;
 }

src/libcharon/plugins/eap_radius/eap_radius.c

@@ -383,7 +383,7 @@ static void process_filter_id(radius_message_t *msg)
 }
 
 /**
- * Handle Session-Timeout attribte and Interim updates
+ * Handle Session-Timeout attribute and Interim updates
  */
 static void process_timeout(radius_message_t *msg)
 {
@@ -502,7 +502,7 @@ static void add_unity_split_attribute(eap_radius_provider_t *provider,
 		}
 		writer->write_data(writer, net->get_address(net));
 		writer->write_data(writer, mask->get_address(mask));
-		padding = writer->skip(writer, 6); /* 6 bytes pdding */
+		padding = writer->skip(writer, 6); /* 6 bytes padding */
 		memset(padding.ptr, 0, padding.len);
 		mask->destroy(mask);
 		net->destroy(net);

src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_provider.h

@@ -18,8 +18,8 @@
  * @{ @ingroup eap_simaka_pseudonym
  */
 
-#ifndef EAP_SIMAKA_PSEDUONYM_PROVIDER_H_
-#define EAP_SIMAKA_PSEDUONYM_PROVIDER_H_
+#ifndef EAP_SIMAKA_PSEUDONYM_PROVIDER_H_
+#define EAP_SIMAKA_PSEUDONYM_PROVIDER_H_
 
 #include <simaka_provider.h>
 
@@ -46,4 +46,4 @@ struct eap_simaka_pseudonym_provider_t {
  */
 eap_simaka_pseudonym_provider_t *eap_simaka_pseudonym_provider_create();
 
-#endif /** EAP_SIMAKA_PSEDUONYM_PROVIDER_H_ @}*/
+#endif /** EAP_SIMAKA_PSEUDONYM_PROVIDER_H_ @}*/

src/libcharon/plugins/forecast/forecast_listener.h

@@ -39,7 +39,7 @@ struct forecast_listener_t {
 	 * Create an enumerator over active tunnels.
 	 *
 	 * The enumerator enumerates over local or remote traffic selectors,
-	 * associated firewall marks and if decasulated packets should get
+	 * associated firewall marks and if decapsulated packets should get
 	 * reinjected into other tunnels.
 	 *
 	 * @param local		TRUE to enumerate local, FALSE to enumerate remote TS

src/libcharon/plugins/ha/ha_kernel.c

@@ -160,7 +160,7 @@ static uint32_t jhash(jhash_version_t version, uint32_t a, uint32_t b)
 }
 
 /**
- * Segmentate a calculated hash
+ * Segment a calculated hash
  */
 static u_int hash2segment(private_ha_kernel_t *this, uint64_t hash)
 {

src/libcharon/plugins/ha/ha_kernel.h

@@ -50,7 +50,7 @@ struct ha_kernel_t {
 	/**
 	 * Get the segment an arbitrary integer is in.
 	 *
-	 * @param n			integer to segmentate
+	 * @param n			integer to segment
 	 */
 	u_int (*get_segment_int)(ha_kernel_t *this, int n);
 

src/libcharon/plugins/ha/ha_segments.c

@@ -82,7 +82,7 @@ struct private_ha_segments_t {
 	bool heartbeat_active;
 
 	/**
-	 * Interval we send hearbeats
+	 * Interval we send heartbeats
 	 */
 	int heartbeat_delay;
 

src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c

@@ -432,7 +432,7 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this,
 		.prefixlen = policy->dst.mask,
 	);
 #ifndef __linux__
-	/* on Linux we cant't install a gateway */
+	/* on Linux we can't install a gateway */
 	route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src,
 												 NULL);
 #endif

src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c

@@ -145,7 +145,7 @@ static bool equals_sa(sa_entry_t *a, sa_entry_t *b)
 typedef struct {
 	/** policy source addresses */
 	traffic_selector_t *src;
-	/** policy destinaiton addresses */
+	/** policy destination addresses */
 	traffic_selector_t *dst;
 	/** WFP allocated LUID for inbound filter ID */
 	uint64_t policy_in;

src/libcharon/plugins/load_tester/load_tester_config.c

@@ -327,7 +327,7 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str,
 		if (this->initiator_id)
 		{
 			if (this->initiator_match && (!local && !num))
-			{	/* as responder, use the secified identity that matches
+			{	/* as responder, use the specified identity that matches
 				 * all used initiator identities, if given. */
 				snprintf(buf, sizeof(buf), this->initiator_match, rnd);
 				id = identification_create_from_string(buf);

src/libcharon/plugins/socket_default/socket_default_socket.c

@@ -142,7 +142,7 @@ struct private_socket_default_socket_t {
 	bool set_source;
 
 	/**
-	 * TRUE to force sending source interface on outbound packetrs
+	 * TRUE to force sending source interface on outbound packets
 	 */
 	bool set_sourceif;
 

src/libcharon/plugins/stroke/stroke_ca.h

@@ -63,7 +63,7 @@ struct stroke_ca_t {
 	 * otherwise returns the same certificate.
 	 *
 	 * @param cert		certificate to check
-	 * @return			reference to stored CA certifiate, or original
+	 * @return			reference to stored CA certificate, or original
 	 */
 	certificate_t *(*get_cert_ref)(stroke_ca_t *this, certificate_t *cert);
 

src/libcharon/plugins/stroke/stroke_config.c

@@ -176,7 +176,7 @@ static bool add_proposals(private_stroke_config_t *this, char *string,
 		{
 			return TRUE;
 		}
-		/* add default porposal to the end if not strict */
+		/* add default proposal to the end if not strict */
 	}
 	if (ike_cfg)
 	{

src/libcharon/plugins/stroke/stroke_cred.h

@@ -47,7 +47,7 @@ struct stroke_cred_t {
 	 * Reread secrets from config files.
 	 *
 	 * @param msg		stroke message
-	 * @param prompt	I/O channel to prompt for private key passhprase
+	 * @param prompt	I/O channel to prompt for private key passphrase
 	 */
 	void (*reread)(stroke_cred_t *this, stroke_msg_t *msg, FILE *prompt);
 

src/libcharon/plugins/uci/uci_creds.c

@@ -41,7 +41,7 @@ struct private_uci_creds_t {
 typedef struct {
 	/** implements enumerator */
 	enumerator_t public;
-	/** inneer UCI enumerator */
+	/** inner UCI enumerator */
 	enumerator_t *inner;
 	/** currently enumerated shared shared */
 	shared_key_t *current;

src/libcharon/plugins/unity/unity_provider.h

@@ -31,7 +31,7 @@ typedef struct unity_provider_t unity_provider_t;
 struct unity_provider_t {
 
 	/**
-	 * Implements attribute_provier_t interface.
+	 * Implements attribute_provider_t interface.
 	 */
 	attribute_provider_t provider;
 

src/libcharon/plugins/vici/README.md

@@ -1271,7 +1271,7 @@ subdirectory, and gets built and installed if strongSwan has been
 The _Vici::Session_ module provides a _new()_ constructor for a high level
 interface, the underlying _Vici::Packet_ and _Vici::Transport_ classes are
 usually not required to build Perl applications using VICI. The _Vici::Session_
-class provides methods for the supported VICI commands. The auxiliare
+class provides methods for the supported VICI commands. The auxiliary
  _Vici::Message_ class is used to encode configuration parameters sent to
 the daemon and decode data returned by the daemon.
 

src/libcharon/plugins/vici/libvici.h

@@ -324,7 +324,7 @@ vici_parse_t vici_parse(vici_res_t *res);
 char* vici_parse_name(vici_res_t *res);
 
 /**
- * Compare name tag / key of a previusly parsed element.
+ * Compare name tag / key of a previously parsed element.
  *
  * This call is valid only after vici_parse() returned VICI_PARSE_KEY_VALUE,
  * VICI_PARSE_BEGIN_SECTION or VICI_PARSE_BEGIN_LIST.

src/libcharon/plugins/vici/ruby/vici.gemspec.in

@@ -7,7 +7,7 @@ Gem::Specification.new do |s|
     The strongSwan VICI protocol allows external application to monitor,
     configure and control the IKE daemon charon. This Ruby Gem provides a
     native client side implementation of the VICI protocol, well suited to
-    script automated tasks in a relaible way.
+    script automated tasks in a reliable way.
   }
   s.summary       = "Native Ruby interface for strongSwan VICI"
   s.homepage      = "https://wiki.strongswan.org/projects/strongswan/wiki/Vici"

src/libcharon/plugins/vici/vici_authority.c

@@ -68,7 +68,7 @@ typedef struct authority_t authority_t;
 struct authority_t {
 
 	/**
-	 * Name of the certification authoritiy
+	 * Name of the certification authority
 	 */
 	char *name;
 

src/libcharon/plugins/vici/vici_logger.c

@@ -80,7 +80,7 @@ static job_requeue_t raise_events(private_vici_logger_t *this)
 /**
  * Queue a message for async processing
  */
-static void queue_messsage(private_vici_logger_t *this, vici_message_t *message)
+static void queue_message(private_vici_logger_t *this, vici_message_t *message)
 {
 	this->queue->insert_last(this->queue, message);
 	if (this->queue->get_count(this->queue) == 1)
@@ -124,7 +124,7 @@ METHOD(logger_t, log_, void,
 		message = builder->finalize(builder);
 		if (message)
 		{
-			queue_messsage(this, message);
+			queue_message(this, message);
 		}
 	}
 	this->recursive--;