diff --git a/HACKING b/HACKING
index ee985d723..3b24558a9 100644
--- a/HACKING
+++ b/HACKING
@@ -9,7 +9,7 @@ For interested developers, we have a public repository. To check out and
 compile the code, you need the following tools:
 
     - Git
-    - a recent GNU C complier (>= 3.x)
+    - a recent GNU C compiler (>= 3.x)
     - automake
     - autoconf
     - libtool
diff --git a/NEWS b/NEWS
index 63bd34067..cdd2dcf83 100644
--- a/NEWS
+++ b/NEWS
@@ -520,7 +520,7 @@ strongswan-4.3.1
   CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either
   a missing TSi or TSr payload caused a null pointer derefence because the
   checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was
-  developped by the Orange Labs vulnerability research team. The tool was
+  developed by the Orange Labs vulnerability research team. The tool was
   initially written by Gabriel Campana and is now maintained by Laurent Butti.
 
 - Added support for AES counter mode in ESP in IKEv2 using the proposal
@@ -560,7 +560,7 @@ strongswan-4.2.14
 -----------------
 
 - The new server-side EAP RADIUS plugin (--enable-eap-radius)
-  relays EAP messages to and from a RADIUS server. Succesfully
+  relays EAP messages to and from a RADIUS server. Successfully
   tested with with a freeradius server using EAP-MD5 and EAP-SIM.
 
 - A vulnerability in the Dead Peer Detection (RFC 3706) code was found by
@@ -588,7 +588,7 @@ strongswan-4.2.13
 - Fixed a use-after-free bug in the DPD timeout section of the
   IKEv1 pluto daemon which sporadically caused a segfault.
 
-- Fixed a crash in the IKEv2 charon daemon occuring with
+- Fixed a crash in the IKEv2 charon daemon occurring with
   mixed RAM-based and SQL-based virtual IP address pools.
 
 - Fixed ASN.1 parsing of algorithmIdentifier objects where the
@@ -678,7 +678,7 @@ strongswan-4.2.9
   The installpolicy=no option allows peaceful cooperation with a dominant
   mip6d daemon and the new type=transport_proxy implements the special MIPv6
   IPsec transport proxy mode where the IKEv2 daemon uses the Care-of-Address
-  but the IPsec SA is set up for the Home Adress.
+  but the IPsec SA is set up for the Home Address.
 
 - Implemented migration of Mobile IPv6 connections using the KMADDRESS
   field contained in XFRM_MSG_MIGRATE messages sent by the mip6d daemon
@@ -841,7 +841,7 @@ strongswan-4.2.1
   connection setups over new ones, where the value "replace" replaces existing
   connections.
 
-- The crypto factory in libstrongswan additionaly supports random number
+- The crypto factory in libstrongswan additionally supports random number
   generators, plugins may provide other sources of randomness. The default
   plugin reads raw random data from /dev/(u)random.
 
@@ -1115,7 +1115,7 @@ strongswan-4.1.3
   is provided and more advanced backends (using e.g. a database) are trivial
   to implement.
 
- - Fixed a compilation failure in libfreeswan occuring with Linux kernel
+ - Fixed a compilation failure in libfreeswan occurring with Linux kernel
    headers > 2.6.17.
 
 
@@ -1426,7 +1426,7 @@ strongswan-2.7.0
   the successful setup and teardown of an IPsec SA, respectively.
   left|rightfirwall can be used with KLIPS under any Linux 2.4
   kernel or with NETKEY under a Linux kernel version >= 2.6.16
-  in conjuction with iptables >= 1.3.5. For NETKEY under a Linux
+  in conjunction with iptables >= 1.3.5. For NETKEY under a Linux
   kernel version < 2.6.16 which does not support IPsec policy
   matching yet, please continue to use a copy of the _updown_espmark
   template loaded via the left|rightupdown keyword.
@@ -1932,7 +1932,7 @@ strongswan-2.2.2
   and reduces the well-known four tunnel case on VPN gateways to
   a single tunnel definition (see README section 2.4).
 
-- Fixed a bug occuring with NAT-Traversal enabled when the responder
+- Fixed a bug occurring with NAT-Traversal enabled when the responder
   suddenly turns initiator and the initiator cannot find a matching
   connection because of the floated IKE port 4500.
 
@@ -1948,11 +1948,11 @@ strongswan-2.2.1
 - Introduced the ipsec auto --listalgs monitoring command which lists
   all currently registered IKE and ESP algorithms.
 
-- Fixed a bug in the ESP algorithm selection occuring when the strict flag
+- Fixed a bug in the ESP algorithm selection occurring when the strict flag
   is set and the first proposed transform does not match.
 
 - Fixed another deadlock in the use of the lock_certs_and_keys() mutex,
-  occuring when a smartcard is present.
+  occurring when a smartcard is present.
 
 - Prevented that a superseded Phase1 state can trigger a DPD_TIMEOUT event.
 
diff --git a/README b/README
index 1d186afd9..58f865d30 100644
--- a/README
+++ b/README
@@ -138,7 +138,7 @@ interoperability with the Check Point VPN-1 NG gateway.
    
 In the following examples we assume for reasons of clarity that left designates
 the local host and that right is the remote host. Certificates for users, hosts
-and gateways are issued by a ficticious strongSwan CA. How to generate private keys
+and gateways are issued by a fictitious strongSwan CA. How to generate private keys
 and certificates using OpenSSL will be explained in section 3. The CA certificate
 "strongswanCert.pem" must be present on all VPN end points in order to be able to
 authenticate the peers.
@@ -1959,7 +1959,7 @@ and the returned result might be a decrypted 128 bit AES key
    000 8836362e030e6707c32ffaa0bdad5540
 
 The leading three characters represent the return code of the whack channel
-with 000 signifying that no error has occured. Here is another example showing
+with 000 signifying that no error has occurred. Here is another example showing
 the use of the inbase and outbase attributes
 
    ipsec scdecrypt m/ewDnTs0k...woE= --inbase base64 --outbase text
@@ -2195,7 +2195,7 @@ The command
     ipsec listpubkeys [--utc]
 
 lists all public keys currently installed in the chained list of public
-keys. These keys were statically loaded from ipsec.conf or aquired either
+keys. These keys were statically loaded from ipsec.conf or acquired either
 from received certificates or retrieved from secure DNS servers using
 opportunistic mode.
 
diff --git a/doc/architecture.h b/doc/architecture.h
index 14b99274c..47d8202c2 100644
--- a/doc/architecture.h
+++ b/doc/architecture.h
@@ -8,7 +8,7 @@ new keying daemon, which is called #charon.
 Daemon control is done over unix sockets. Pluto uses whack, as it did for years.
 Charon uses another socket interface, called stroke. Stroke uses another
 format as whack and therefore is not compatible to whack. The starter utility,
-wich does fast configuration parsing, speaks both the protocols, whack and
+which does fast configuration parsing, speaks both the protocols, whack and
 stroke. It also handles daemon startup and termination. 
 Pluto uses starter for some commands, for other it uses the whack utility. To be
 as close to pluto as possible, charon has the same split up of commands to
@@ -47,7 +47,7 @@ Since IKEv2 uses the same port as IKEv1, both daemons must listen to UDP port
 500. Under Linux, there is no clean way to set up two sockets at the same port.
 To reslove this problem, charon uses a RAW socket, as they are used in network
 sniffers. An installed Linux Socket Filter (LSF) filters out all none-IKEv2
-traffic. Pluto receives any IKE message, independant of charons behavior.
+traffic. Pluto receives any IKE message, independent of charons behavior.
 Therefore plutos behavior is changed to discard any IKEv2 traffic silently.
 
 To gain some reusability of the code, generic crypto and utility functions are 
diff --git a/man/ipsec.conf.5.in b/man/ipsec.conf.5.in
index c80ad7fbf..f3eb86cee 100644
--- a/man/ipsec.conf.5.in
+++ b/man/ipsec.conf.5.in
@@ -298,7 +298,7 @@ and
 .B rightsubnet
 , a connection is established.
 .B start
-loads a connection and brings it up immediatly.
+loads a connection and brings it up immediately.
 .B ignore
 ignores the connection. This is equal to delete a connection from the config
 file.
@@ -1172,7 +1172,7 @@ so a new (automatically-keyed) connection using the same ID is
 almost invariably intended to replace an old one.
 The IKEv2 daemon also accepts the value
 .B replace
-wich is identical to
+which is identical to
 .B yes
 and the value
 .B keep
diff --git a/packages/maemo-applet/debian/rules b/packages/maemo-applet/debian/rules
index d05be0506..bd5046c8d 100755
--- a/packages/maemo-applet/debian/rules
+++ b/packages/maemo-applet/debian/rules
@@ -110,11 +110,11 @@ binary-common:
 	dh_gencontrol
 	dh_md5sums
 	dh_builddeb
-# Build architecture independant packages using the common target.
+# Build architecture independent packages using the common target.
 binary-indep: build-indep install
 	$(MAKE) -f debian/rules DH_OPTIONS=-i binary-common
 
-# Build architecture dependant packages using the common target.
+# Build architecture dependent packages using the common target.
 binary-arch: build-arch install
 	$(MAKE) -f debian/rules DH_OPTIONS=-s binary-common
 
diff --git a/packages/maemo-strongswan/debian/rules b/packages/maemo-strongswan/debian/rules
index 323b41340..adbb0cc6f 100755
--- a/packages/maemo-strongswan/debian/rules
+++ b/packages/maemo-strongswan/debian/rules
@@ -130,11 +130,11 @@ binary-common:
 	dh_md5sums
 	dh_builddeb
 
-# Build architecture independant packages using the common target.
+# Build architecture independent packages using the common target.
 binary-indep: build-indep install
 	$(MAKE) -f debian/rules DH_OPTIONS=-i binary-common
 
-# Build architecture dependant packages using the common target.
+# Build architecture dependent packages using the common target.
 binary-arch: build-arch install
 	$(MAKE) -f debian/rules DH_OPTIONS=-s binary-common
 
diff --git a/packages/network-manager-strongswan/debian/control b/packages/network-manager-strongswan/debian/control
index d3b35f431..f471d2b08 100644
--- a/packages/network-manager-strongswan/debian/control
+++ b/packages/network-manager-strongswan/debian/control
@@ -23,7 +23,7 @@ Depends: strongswan-nm, strongswan-eap-gtc, strongswan-eap-md5, strongswan-eap-m
 Description: network management framework (strongSwan plugin)
  NetworkManager attempts to keep an active network connection available at
  all times.  It is intended primarily for laptops where it allows easy
- switching betwen local wireless networks, it's also useful on desktops
+ switching between local wireless networks, it's also useful on desktops
  with a selection of different interfaces to use.  It is not intended for
  usage on servers.
  .
diff --git a/src/frontends/gnome/po/de.po b/src/frontends/gnome/po/de.po
index e6649e581..8665a774f 100644
--- a/src/frontends/gnome/po/de.po
+++ b/src/frontends/gnome/po/de.po
@@ -89,7 +89,7 @@ msgstr ""
 #: ../properties/nm-strongswan-dialog.glade.h:12
 msgid ""
 "IPComp compresses raw IP packets before they get encrypted. This saves some "
-"bandwith, but uses more processing power."
+"bandwidth, but uses more processing power."
 msgstr ""
 "IPComp komprimiert IP-Pakete, bevor sie verschlüsselt werden. Diese Option "
 "kann Bandbreite sparen, benötigt jedoch zusätzliche Rechenleistung."
diff --git a/src/frontends/gnome/properties/nm-strongswan-dialog.glade b/src/frontends/gnome/properties/nm-strongswan-dialog.glade
index 02c68888d..7bee6dc1b 100644
--- a/src/frontends/gnome/properties/nm-strongswan-dialog.glade
+++ b/src/frontends/gnome/properties/nm-strongswan-dialog.glade
@@ -319,7 +319,7 @@
                         <property name="can_focus">True</property>
                         <property name="receives_default">False</property>
                         <property name="has_tooltip">True</property>
-                        <property name="tooltip" translatable="yes">IPComp compresses raw IP packets before they get encrypted. This saves some bandwith, but uses more processing power.</property>
+                        <property name="tooltip" translatable="yes">IPComp compresses raw IP packets before they get encrypted. This saves some bandwidth, but uses more processing power.</property>
                         <property name="use_underline">True</property>
                         <property name="draw_indicator">True</property>
                       </widget>
diff --git a/src/include/linux/udp.h b/src/include/linux/udp.h
index c213d2a51..b68a166f2 100644
--- a/src/include/linux/udp.h
+++ b/src/include/linux/udp.h
@@ -47,7 +47,7 @@ struct udp_sock {
 	unsigned int	 corkflag;	/* Cork is required */
 	__u16		 encap_type;	/* Is this an Encapsulation socket? */
 	/*
-	 * Following member retains the infomation to create a UDP header
+	 * Following member retains the information to create a UDP header
 	 * when the socket is uncorked.
 	 */
 	__u16		 len;		/* total length of pending frames */
diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h
index 6a306afcc..dacbac85a 100644
--- a/src/libcharon/bus/bus.h
+++ b/src/libcharon/bus/bus.h
@@ -177,7 +177,7 @@ struct bus_t {
 	/**
 	 * Send a log message to the bus.
 	 *
-	 * The signal specifies the type of the event occured. The format string
+	 * The signal specifies the type of the event occurred. The format string
 	 * specifies an additional informational or error message with a
 	 * printf() like variable argument list.
 	 * Use the DBG() macros.
diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h
index e7873ee8c..21caed064 100644
--- a/src/libcharon/bus/listeners/listener.h
+++ b/src/libcharon/bus/listeners/listener.h
@@ -84,7 +84,7 @@ struct listener_t {
 	/**
 	 * Hook called for received/sent messages of an IKE_SA.
 	 *
-	 * @param ike_sa	IKE_SA sending/receving a message
+	 * @param ike_sa	IKE_SA sending/receiving a message
 	 * @param message	message object
 	 * @param incoming	TRUE for incoming messages, FALSE for outgoing
 	 * @return			TRUE to stay registered, FALSE to unregister
diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h
index 175ced76c..370ff9d58 100644
--- a/src/libcharon/config/child_cfg.h
+++ b/src/libcharon/config/child_cfg.h
@@ -73,7 +73,7 @@ struct child_cfg_t {
 	 * Add a proposal to the list.
 	 *
 	 * The proposals are stored by priority, first added
-	 * is the most prefered.
+	 * is the most preferred.
 	 * After add, proposal is owned by child_cfg.
 	 *
 	 * @param proposal		proposal to add
@@ -95,7 +95,7 @@ struct child_cfg_t {
 	 *
 	 * Returned propsal is newly created and must be destroyed after usage.
 	 *
-	 * @param proposals		list from from wich proposals are selected
+	 * @param proposals		list from which proposals are selected
 	 * @param strip_dh		TRUE strip out diffie hellman groups
 	 * @param private		accept algorithms from a private range
 	 * @return				selected proposal, or NULL if nothing matches
diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c
index 6f0c87279..f3843a0d4 100644
--- a/src/libcharon/config/peer_cfg.c
+++ b/src/libcharon/config/peer_cfg.c
@@ -110,7 +110,7 @@ struct private_peer_cfg_t {
 	u_int32_t reauth_time;
 
 	/**
-	 * Time, which specifies the range of a random value substracted from above.
+	 * Time, which specifies the range of a random value subtracted from above.
 	 */
 	u_int32_t jitter_time;
 
diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h
index 723435cbb..ff33907f0 100644
--- a/src/libcharon/config/peer_cfg.h
+++ b/src/libcharon/config/peer_cfg.h
@@ -110,7 +110,7 @@ extern enum_name_t *unique_policy_names;
  * peer. Each config is enforced using the multiple authentication extension
  * (RFC4739).
  * The remote authentication configs are handled as constraints. The peer has
- * to fullfill each of these rules (using multiple authentication, in any order)
+ * to fulfill each of these rules (using multiple authentication, in any order)
  * to gain access to the configuration.
  */
 struct peer_cfg_t {
@@ -328,14 +328,14 @@ struct peer_cfg_t {
  * (rekeylifetime - random(0, jitter)).
  *
  * @param name				name of the peer_cfg
- * @param ike_version		which IKE version we sould use for this peer
+ * @param ike_version		which IKE version we should use for this peer
  * @param ike_cfg			IKE config to use when acting as initiator
  * @param cert_policy		should we send a certificate payload?
  * @param unique			uniqueness of an IKE_SA
  * @param keyingtries		how many keying tries should be done before giving up
  * @param rekey_time		timeout before starting rekeying
  * @param reauth_time		timeout before starting reauthentication
- * @param jitter_time		timerange to randomly substract from rekey/reauth time
+ * @param jitter_time		timerange to randomly subtract from rekey/reauth time
  * @param over_time			maximum overtime before closing a rekeying/reauth SA
  * @param mobike			use MOBIKE (RFC4555) if peer supports it
  * @param dpd				DPD check interval, 0 to disable
diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h
index 9337518bf..8f54d7e6e 100644
--- a/src/libcharon/config/proposal.h
+++ b/src/libcharon/config/proposal.h
@@ -120,7 +120,7 @@ struct proposal_t {
 	 * compared. If they have at least one algorithm of each type
 	 * in common, a resulting proposal of this kind is created.
 	 *
-	 * @param other			proposal to compair agains
+	 * @param other			proposal to compare against
 	 * @param private		accepts algorithms allocated in a private range
 	 * @return				selected proposal, NULL if proposals don't match
 	 */
@@ -180,7 +180,7 @@ struct proposal_t {
  *
  * @param protocol			protocol, such as PROTO_ESP
  * @param number			proposal number, as encoded in SA payload
- * @return 					proposal_t object
+ * @return					proposal_t object
  */
 proposal_t *proposal_create(protocol_id_t protocol, u_int number);
 
@@ -188,7 +188,7 @@ proposal_t *proposal_create(protocol_id_t protocol, u_int number);
  * Create a default proposal if nothing further specified.
  *
  * @param protocol			protocol, such as PROTO_ESP
- * @return 					proposal_t object
+ * @return					proposal_t object
  */
 proposal_t *proposal_create_default(protocol_id_t protocol);
 
@@ -203,7 +203,7 @@ proposal_t *proposal_create_default(protocol_id_t protocol);
  *
  * @param protocol			protocol, such as PROTO_ESP
  * @param algs				algorithms as string
- * @return 					proposal_t object
+ * @return					proposal_t object
  */
 proposal_t *proposal_create_from_string(protocol_id_t protocol, const char *algs);
 
diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c
index 3893a617b..531797100 100644
--- a/src/libcharon/control/controller.c
+++ b/src/libcharon/control/controller.c
@@ -334,7 +334,7 @@ METHOD(controller_t, terminate_ike, status_t,
 	else
 	{
 		charon->bus->listen(charon->bus, &job.listener.public, &job.public);
-		/* checkin of the ike_sa happend in the thread that executed the job */
+		/* checkin of the ike_sa happened in the thread that executed the job */
 		charon->bus->set_sa(charon->bus, NULL);
 	}
 	return job.listener.status;
@@ -425,7 +425,7 @@ METHOD(controller_t, terminate_child, status_t,
 	else
 	{
 		charon->bus->listen(charon->bus, &job.listener.public, &job.public);
-		/* checkin of the ike_sa happend in the thread that executed the job */
+		/* checkin of the ike_sa happened in the thread that executed the job */
 		charon->bus->set_sa(charon->bus, NULL);
 	}
 	return job.listener.status;
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index f99cb8006..e0fecef10 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -63,13 +63,13 @@
 typedef struct {
 	/* Payload type */
 	 payload_type_t type;
-	/* Minimal occurence of this payload. */
+	/* Minimal occurrence of this payload. */
 	size_t min_occurence;
-	/* Max occurence of this payload. */
+	/* Max occurrence of this payload. */
 	size_t max_occurence;
 	/* TRUE if payload must be encrypted */
 	bool encrypted;
-	/* If payload occurs, the message rule is fullfilled */
+	/* If payload occurs, the message rule is fulfilled */
 	bool sufficient;
 } payload_rule_t;
 
@@ -1405,7 +1405,7 @@ static status_t verify(private_message_t *this)
 				if (found > rule->max_occurence)
 				{
 					DBG1(DBG_ENC, "payload of type %N more than %d times (%d) "
-						 "occured in current message", payload_type_names,
+						 "occurred in current message", payload_type_names,
 						 type, rule->max_occurence, found);
 					enumerator->destroy(enumerator);
 					return VERIFY_ERROR;
@@ -1416,7 +1416,7 @@ static status_t verify(private_message_t *this)
 
 		if (!complete && found < rule->min_occurence)
 		{
-			DBG1(DBG_ENC, "payload of type %N not occured %d times (%d)",
+			DBG1(DBG_ENC, "payload of type %N not occurred %d times (%d)",
 				 payload_type_names, rule->type, rule->min_occurence, found);
 			return VERIFY_ERROR;
 		}
diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h
index 51197308c..0e78ea436 100644
--- a/src/libcharon/encoding/message.h
+++ b/src/libcharon/encoding/message.h
@@ -321,7 +321,7 @@ struct message_t {
 	/**
 	 * Find a payload of a specific type.
 	 *
-	 * Returns the first occurance.
+	 * Returns the first occurrence.
 	 *
 	 * @param type		type of the payload to find
 	 * @return			payload, or NULL if no such payload found
diff --git a/src/libcharon/encoding/payloads/encryption_payload.c b/src/libcharon/encoding/payloads/encryption_payload.c
index 3b23ea9fb..e7b8063b7 100644
--- a/src/libcharon/encoding/payloads/encryption_payload.c
+++ b/src/libcharon/encoding/payloads/encryption_payload.c
@@ -142,7 +142,7 @@ METHOD(payload_t, set_next_type, void,
 }
 
 /**
- * Compute the lenght of the whole payload
+ * Compute the length of the whole payload
  */
 static void compute_length(private_encryption_payload_t *this)
 {
diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c
index f39c3b0e6..4753d574d 100644
--- a/src/libcharon/encoding/payloads/proposal_substructure.c
+++ b/src/libcharon/encoding/payloads/proposal_substructure.c
@@ -407,7 +407,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal(
 
 	this = (private_proposal_substructure_t*)proposal_substructure_create();
 
-	/* encryption algorithm is only availble in ESP */
+	/* encryption algorithm is only available in ESP */
 	enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM);
 	while (enumerator->enumerate(enumerator, &alg, &key_size))
 	{
diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c
index 0428da726..3f04b3539 100644
--- a/src/libcharon/encoding/payloads/transform_substructure.c
+++ b/src/libcharon/encoding/payloads/transform_substructure.c
@@ -84,7 +84,7 @@ encoding_rule_t transform_substructure_encodings[] = {
 	{ U_INT_8,				offsetof(private_transform_substructure_t, transform_type)	},
 	/* 1 Reserved Byte */
 	{ RESERVED_BYTE,		offsetof(private_transform_substructure_t, reserved[1])		},
-	/* tranform ID is a number of 8 bit */
+	/* transform ID is a number of 8 bit */
 	{ U_INT_16,				offsetof(private_transform_substructure_t, transform_id)	},
 	/* Attributes are stored in a transform attribute,
 	   offset points to a linked_list_t pointer */
diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h
index c961700a4..102dbb3d3 100644
--- a/src/libcharon/encoding/payloads/transform_substructure.h
+++ b/src/libcharon/encoding/payloads/transform_substructure.h
@@ -118,7 +118,7 @@ transform_substructure_t *transform_substructure_create(void);
  *
  * @param type			type of transform to create
  * @param id			transform id specifc for the transform type
- * @param key_length	key length for key lenght attribute, 0 to omit
+ * @param key_length	key length for key length attribute, 0 to omit
  * @return				transform_substructure_t object
  */
 transform_substructure_t *transform_substructure_create_type(
diff --git a/src/libcharon/network/receiver.h b/src/libcharon/network/receiver.h
index 690d8dbab..1d9d4871e 100644
--- a/src/libcharon/network/receiver.h
+++ b/src/libcharon/network/receiver.h
@@ -30,7 +30,7 @@ typedef struct receiver_t receiver_t;
 /**
  * Receives packets from the socket and adds them to the job queue.
  *
- * The receiver starts a thread, wich reads on the blocking socket. A received
+ * The receiver starts a thread, which reads on the blocking socket. A received
  * packet is preparsed and a process_message_job is queued in the job queue.
  *
  * To endure DoS attacks, cookies are enabled when to many IKE_SAs are half
@@ -38,7 +38,7 @@ typedef struct receiver_t receiver_t;
  * method in RFC4306. We do not include a nonce, because we think the advantage
  * we gain does not justify the overhead to parse the whole message.
  * Instead of VersionIdOfSecret, we include a timestamp. This allows us to
- * find out wich key was used for cookie creation. Further, we can set a
+ * find out which key was used for cookie creation. Further, we can set a
  * lifetime for the cookie, which allows us to reuse the secret for a longer
  * time.
  *		 COOKIE = time | sha1( IPi | SPIi | time | secret )
diff --git a/src/libcharon/plugins/android/android_logger.c b/src/libcharon/plugins/android/android_logger.c
index 43c56e656..fe4dbd227 100644
--- a/src/libcharon/plugins/android/android_logger.c
+++ b/src/libcharon/plugins/android/android_logger.c
@@ -52,7 +52,7 @@ METHOD(listener_t, log_, bool,
 		snprintf(sgroup, sizeof(sgroup), "%N", debug_names, group);
 		vsnprintf(buffer, sizeof(buffer), format, args);
 		while (current)
-		{	/* log each line seperately */
+		{	/* log each line separately */
 			next = strchr(current, '\n');
 			if (next)
 			{
diff --git a/src/libcharon/plugins/load_tester/load_tester_plugin.c b/src/libcharon/plugins/load_tester/load_tester_plugin.c
index 243e6e1ab..f27402260 100644
--- a/src/libcharon/plugins/load_tester/load_tester_plugin.c
+++ b/src/libcharon/plugins/load_tester/load_tester_plugin.c
@@ -68,7 +68,7 @@ struct private_load_tester_plugin_t {
 	int initiators;
 
 	/**
-	 * currenly running initiators
+	 * currently running initiators
 	 */
 	int running;
 
diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c
index b5672dba9..52bbd6dac 100644
--- a/src/libcharon/plugins/medcli/medcli_config.c
+++ b/src/libcharon/plugins/medcli/medcli_config.c
@@ -345,7 +345,7 @@ static job_requeue_t initiate_config(peer_cfg_t *peer_cfg)
 }
 
 /**
- * schedule initation of all "active" connections
+ * schedule initiation of all "active" connections
  */
 static void schedule_autoinit(private_medcli_config_t *this)
 {
diff --git a/src/libcharon/plugins/smp/schema.xml b/src/libcharon/plugins/smp/schema.xml
index 66a51117e..e83961406 100644
--- a/src/libcharon/plugins/smp/schema.xml
+++ b/src/libcharon/plugins/smp/schema.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<!-- strongSwan Managment Protocol (SMP) V1.0 -->
+<!-- strongSwan Management Protocol (SMP) V1.0 -->
 
 <!--
   Copyright (C) 2007 Martin Willi
diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c
index ba26369ca..da429c884 100644
--- a/src/libcharon/sa/ike_sa.c
+++ b/src/libcharon/sa/ike_sa.c
@@ -871,7 +871,7 @@ METHOD(ike_sa_t, update_hosts, void,
 
 		if (!other->equals(other, this->other_host))
 		{
-			/* update others adress if we are NOT NATed */
+			/* update others address if we are NOT NATed */
 			if (force || !has_condition(this, COND_NAT_HERE))
 			{
 				set_other_host(this, other->clone(other));
diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h
index 5e3c34a7b..703f38474 100644
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@@ -689,7 +689,7 @@ struct ike_sa_t {
 	 *
 	 * Message processing may fail. If a critical failure occurs,
 	 * process_message() return DESTROY_ME. Then the caller must
-	 * destroy the IKE_SA immediatly, as it is unusable.
+	 * destroy the IKE_SA immediately, as it is unusable.
 	 *
 	 * @param message		message to process
 	 * @return
diff --git a/src/libcharon/sa/ike_sa_id.h b/src/libcharon/sa/ike_sa_id.h
index a833aa9d6..065c2a897 100644
--- a/src/libcharon/sa/ike_sa_id.h
+++ b/src/libcharon/sa/ike_sa_id.h
@@ -30,7 +30,7 @@ typedef struct ike_sa_id_t ike_sa_id_t;
  * An object of type ike_sa_id_t is used to identify an IKE_SA.
  *
  * An IKE_SA is identified by its initiator and responder spi's.
- * Additionaly it contains the role of the actual running IKEv2-Daemon
+ * Additionally it contains the role of the actual running IKEv2-Daemon
  * for the specific IKE_SA (original initiator or responder).
  */
 struct ike_sa_id_t {
@@ -40,28 +40,28 @@ struct ike_sa_id_t {
 	 *
 	 * This function is called when a request or reply of a IKE_SA_INIT is received.
 	 *
-	 * @param responder_spi 	SPI of responder to set
+	 * @param responder_spi		SPI of responder to set
 	 */
 	void (*set_responder_spi) (ike_sa_id_t *this, u_int64_t responder_spi);
 
 	/**
 	 * Set the SPI of the initiator.
 	 *
-	 * @param initiator_spi 	SPI to set
+	 * @param initiator_spi		SPI to set
 	 */
 	void (*set_initiator_spi) (ike_sa_id_t *this, u_int64_t initiator_spi);
 
 	/**
 	 * Get the initiator SPI.
 	 *
-	 * @return 					SPI of the initiator
+	 * @return					SPI of the initiator
 	 */
 	u_int64_t (*get_initiator_spi) (ike_sa_id_t *this);
 
 	/**
 	 * Get the responder SPI.
 	 *
-	 * @return 					SPI of the responder
+	 * @return					SPI of the responder
 	 */
 	u_int64_t (*get_responder_spi) (ike_sa_id_t *this);
 
@@ -70,8 +70,8 @@ struct ike_sa_id_t {
 	 *
 	 * Two ike_sa_id_t objects are equal if both SPI values and the role matches.
 	 *
-	 * @param other 			ike_sa_id_t object to check if equal
-	 * @return 					TRUE if given ike_sa_id_t are equal, FALSE otherwise
+	 * @param other				ike_sa_id_t object to check if equal
+	 * @return					TRUE if given ike_sa_id_t are equal, FALSE otherwise
 	 */
 	bool (*equals) (ike_sa_id_t *this, ike_sa_id_t *other);
 
@@ -81,28 +81,28 @@ struct ike_sa_id_t {
 	 *
 	 * After calling this function, both objects are equal.
 	 *
-	 * @param other 			ike_sa_id_t object from which values will be taken
+	 * @param other			ike_sa_id_t object from which values will be taken
 	 */
 	void (*replace_values) (ike_sa_id_t *this, ike_sa_id_t *other);
 
 	/**
 	 * Get the initiator flag.
 	 *
-	 * @return 					TRUE if we are the original initator
+	 * @return					TRUE if we are the original initator
 	 */
 	bool (*is_initiator) (ike_sa_id_t *this);
 
 	/**
 	 * Switche the original initiator flag.
 	 *
-	 * @return 					TRUE if we are the original initator after switch, FALSE otherwise
+	 * @return					TRUE if we are the original initator after switch, FALSE otherwise
 	 */
 	bool (*switch_initiator) (ike_sa_id_t *this);
 
 	/**
 	 * Clones a given ike_sa_id_t object.
 	 *
-	 * @return 					cloned ike_sa_id_t object
+	 * @return					cloned ike_sa_id_t object
 	 */
 	ike_sa_id_t *(*clone) (ike_sa_id_t *this);
 
diff --git a/src/libcharon/sa/tasks/child_rekey.c b/src/libcharon/sa/tasks/child_rekey.c
index 05db057fb..3ca2b157a 100644
--- a/src/libcharon/sa/tasks/child_rekey.c
+++ b/src/libcharon/sa/tasks/child_rekey.c
@@ -317,7 +317,7 @@ static status_t process_i(private_child_rekey_t *this, message_t *message)
 	if (message->get_payload(message, SECURITY_ASSOCIATION) == NULL)
 	{
 		/* establishing new child failed, reuse old. but not when we
-		 * recieved a delete in the meantime */
+		 * received a delete in the meantime */
 		if (!(this->collision &&
 			  this->collision->get_type(this->collision) == CHILD_DELETE))
 		{
diff --git a/src/libcharon/sa/tasks/ike_natd.c b/src/libcharon/sa/tasks/ike_natd.c
index 7839b52eb..add2c480d 100644
--- a/src/libcharon/sa/tasks/ike_natd.c
+++ b/src/libcharon/sa/tasks/ike_natd.c
@@ -353,7 +353,7 @@ static status_t build_r(private_ike_natd_t *this, message_t *message)
 	notify_payload_t *notify;
 	host_t *me, *other;
 
-	/* only add notifies on successfull responses. */
+	/* only add notifies on successful responses. */
 	if (message->get_exchange_type(message) == IKE_SA_INIT &&
 		message->get_payload(message, SECURITY_ASSOCIATION) == NULL)
 	{
diff --git a/src/libcharon/sa/tasks/task.h b/src/libcharon/sa/tasks/task.h
index 4468f2ebe..d57085954 100644
--- a/src/libcharon/sa/tasks/task.h
+++ b/src/libcharon/sa/tasks/task.h
@@ -89,7 +89,7 @@ extern enum_name_t *task_type_names;
  * A responder does the opposite; it calls process() first to handle an incoming
  * request and secondly calls build() to build an appropriate response.
  * Both methods return either SUCCESS, NEED_MORE or FAILED. A SUCCESS indicates
- * that the task completed, even when the task completed unsuccesfully. The
+ * that the task completed, even when the task completed unsuccessfully. The
  * manager then removes the task from the list. A NEED_MORE is returned when
  * the task needs further build()/process() calls to complete, the manager
  * leaves the taks in the queue. A returned FAILED indicates a critical failure.
@@ -102,7 +102,7 @@ struct task_t {
 	 *
 	 * @param message		message to add payloads to
 	 * @return
-	 *						- FAILED if a critical error occured
+	 *						- FAILED if a critical error occurred
 	 *						- DESTROY_ME if IKE_SA has been properly deleted
 	 *						- NEED_MORE if another call to build/process needed
 	 *						- SUCCESS if task completed
@@ -114,7 +114,7 @@ struct task_t {
 	 *
 	 * @param message		message to read payloads from
 	 * @return
-	 * 						- FAILED if a critical error occured
+	 * 						- FAILED if a critical error occurred
 	 *						- DESTROY_ME if IKE_SA has been properly deleted
 	 *						- NEED_MORE if another call to build/process needed
 	 *						- SUCCESS if task completed
diff --git a/src/libhydra/kernel/kernel_listener.h b/src/libhydra/kernel/kernel_listener.h
index 6f2dbd23b..5db297b6f 100644
--- a/src/libhydra/kernel/kernel_listener.h
+++ b/src/libhydra/kernel/kernel_listener.h
@@ -84,7 +84,7 @@ struct kernel_listener_t {
 					policy_dir_t direction, host_t *local, host_t *remote);
 
 	/**
-	 * Hook called if changes in the networking layer occured (interfaces
+	 * Hook called if changes in the networking layer occurred (interfaces
 	 * up/down, routes added/deleted etc.).
 	 *
 	 * @param address		TRUE if address list, FALSE if routing changed
diff --git a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
index 380be1580..aca00ddb4 100644
--- a/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
+++ b/src/libhydra/plugins/kernel_klips/kernel_klips_ipsec.c
@@ -2507,7 +2507,7 @@ static void init_ipsec_devices(private_kernel_klips_ipsec_t *this)
 }
 
 /**
- * Register a socket for AQUIRE/EXPIRE messages
+ * Register a socket for ACQUIRE/EXPIRE messages
  */
 static status_t register_pfkey_socket(private_kernel_klips_ipsec_t *this, u_int8_t satype)
 {
diff --git a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
index 78726c2a6..efdf9c928 100644
--- a/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
+++ b/src/libhydra/plugins/kernel_pfkey/kernel_pfkey_ipsec.c
@@ -2327,7 +2327,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t,
 }
 
 /**
- * Register a socket for AQUIRE/EXPIRE messages
+ * Register a socket for ACQUIRE/EXPIRE messages
  */
 static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this,
 									  u_int8_t satype)
diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c
index 9a4152145..bb879002e 100644
--- a/src/libstrongswan/chunk.c
+++ b/src/libstrongswan/chunk.c
@@ -57,7 +57,7 @@ chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk)
 }
 
 /**
- * Decribed in header.
+ * Described in header.
  */
 size_t chunk_length(const char* mode, ...)
 {
@@ -87,7 +87,7 @@ size_t chunk_length(const char* mode, ...)
 }
 
 /**
- * Decribed in header.
+ * Described in header.
  */
 chunk_t chunk_create_cat(u_char *ptr, const char* mode, ...)
 {
@@ -133,7 +133,7 @@ chunk_t chunk_create_cat(u_char *ptr, const char* mode, ...)
 }
 
 /**
- * Decribed in header.
+ * Described in header.
  */
 void chunk_split(chunk_t chunk, const char *mode, ...)
 {
@@ -313,7 +313,7 @@ chunk_t chunk_from_hex(chunk_t hex, char *buf)
    /* subtract the number of optional ':' separation characters */
 	len = hex.len;
 	ptr = hex.ptr;
- 	for (i = 0; i < hex.len; i++)
+	for (i = 0; i < hex.len; i++)
 	{
 		if (*ptr++ == ':')
 		{
diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h
index 63644ac78..672664874 100644
--- a/src/libstrongswan/chunk.h
+++ b/src/libstrongswan/chunk.h
@@ -254,7 +254,7 @@ static inline bool chunk_equals(chunk_t a, chunk_t b)
  * Increment a chunk, as it would reprensent a network order integer.
  *
  * @param chunk			chunk to increment
- * @return				TRUE if an overflow occured
+ * @return				TRUE if an overflow occurred
  */
 bool chunk_increment(chunk_t chunk);
 
diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h
index 489ce1134..7e747c37d 100644
--- a/src/libstrongswan/credentials/auth_cfg.h
+++ b/src/libstrongswan/credentials/auth_cfg.h
@@ -31,7 +31,7 @@ typedef enum auth_class_t auth_class_t;
 /**
  * Class of authentication to use. This is different to auth_method_t in that
  * it does not specify a method, but a class of acceptable methods. The found
- * certificate finally dictates wich method is used.
+ * certificate finally dictates which method is used.
  */
 enum auth_class_t {
 	/** any class acceptable */
@@ -57,7 +57,7 @@ extern enum_name_t *auth_class_names;
  * - For configs specifying local authentication behavior, the rules define
  *   which authentication method in which way.
  * - For configs specifying remote peer authentication, the rules define
- *   constraints the peer has to fullfill.
+ *   constraints the peer has to fulfill.
  *
  * Additionally to the rules, there is a set of helper items. These are used
  * to transport credentials during the authentication process.
diff --git a/src/libstrongswan/credentials/certificates/certificate.h b/src/libstrongswan/credentials/certificates/certificate.h
index bad509111..4bc41e3c9 100644
--- a/src/libstrongswan/credentials/certificates/certificate.h
+++ b/src/libstrongswan/credentials/certificates/certificate.h
@@ -176,7 +176,7 @@ struct certificate_t {
 	/**
 	 * Check if two certificates are equal.
 	 *
-	 * @param other			certificate to compair against this
+	 * @param other			certificate to compare against this
 	 * @return				TRUE if certificates are equal
 	 */
 	bool (*equals)(certificate_t *this, certificate_t *other);
diff --git a/src/libstrongswan/crypto/aead.h b/src/libstrongswan/crypto/aead.h
index d560381d9..3f6abb4f9 100644
--- a/src/libstrongswan/crypto/aead.h
+++ b/src/libstrongswan/crypto/aead.h
@@ -111,7 +111,7 @@ struct aead_t {
  * Create a aead instance using traditional transforms.
  *
  * @param crypter		encryption transform for this aead
- * @param signer		integrity tranform for this aead
+ * @param signer		integrity transform for this aead
  * @return				aead transform
  */
 aead_t *aead_create(crypter_t *crypter, signer_t *signer);
diff --git a/src/libstrongswan/plugins/blowfish/COPYRIGHT b/src/libstrongswan/plugins/blowfish/COPYRIGHT
index 685722350..7e9ccda4b 100644
--- a/src/libstrongswan/plugins/blowfish/COPYRIGHT
+++ b/src/libstrongswan/plugins/blowfish/COPYRIGHT
@@ -37,7 +37,7 @@ SUCH DAMAGE.
 
 The license and distribution terms for any publically available version or
 derivative of this code cannot be changed.  i.e. this code cannot simply be
-copied and put under another distrubution license
+copied and put under another distribution license
 [including the GNU Public License.]
 
 The reason behind this being stated in this direct manner is past
diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.c b/src/libstrongswan/plugins/ccm/ccm_aead.c
index 7fee2b3c4..0d2a56a49 100644
--- a/src/libstrongswan/plugins/ccm/ccm_aead.c
+++ b/src/libstrongswan/plugins/ccm/ccm_aead.c
@@ -67,7 +67,7 @@ typedef struct __attribute__((packed)) {
 		u_char salt[SALT_SIZE];
 		u_char iv[IV_SIZE];
 	} nonce;
-	/* lenght of plain text, q */
+	/* length of plain text, q */
 	u_char q[Q_SIZE];
 } b0_t;
 
diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c
index 695e7e4c4..bc399ef8a 100644
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@@ -80,7 +80,7 @@ struct private_des_crypter_t {
 	des_crypter_t public;
 
 	/**
-	 * Key size, depends on algoritm...
+	 * Key size, depends on algorithm...
 	 */
 	size_t key_size;
 
@@ -127,7 +127,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif
 
 /* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
+ * Very much CPU dependent */
 #ifndef DES_UNROLL
 #define DES_UNROLL
 #endif
@@ -316,7 +316,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
  * bytes, probably an issue of accessing non-word aligned objects :-( */
 #ifdef DES_PTR
 
-/* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there
+/* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there
  * is no reason to not xor all the sub items together.  This potentially
  * saves a register since things can be xored directly into L */
 
diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
index feda05bca..eb38eea3b 100644
--- a/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
+++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rsa_private_key.c
@@ -68,7 +68,7 @@ chunk_t gcrypt_rsa_find_token(gcry_sexp_t sexp, char *name, gcry_sexp_t key)
 			if (key)
 			{
 				/* gcrypt might return more bytes than necessary. Truncate
-				 * to key lenght if key given, or prepend zeros if needed  */
+				 * to key length if key given, or prepend zeros if needed  */
 				len = gcry_pk_get_nbits(key);
 				len = len / 8 + (len % 8 ? 1 : 0);
 				if (len > data.len)
diff --git a/src/libstrongswan/plugins/hmac/hmac.h b/src/libstrongswan/plugins/hmac/hmac.h
index be1bce66d..4e53ddf1f 100644
--- a/src/libstrongswan/plugins/hmac/hmac.h
+++ b/src/libstrongswan/plugins/hmac/hmac.h
@@ -30,7 +30,7 @@ typedef struct hmac_t hmac_t;
  * Message authentication using hash functions.
  *
  * This class implements the message authenticaion algorithm
- * described in RFC2104. It uses a hash function, wich must
+ * described in RFC2104. It uses a hash function, which must
  * be implemented as a hasher_t class.
  */
 struct hmac_t {
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
index fa2f3c1ba..1f1628148 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c
@@ -495,7 +495,7 @@ typedef struct {
 	CK_SESSION_HANDLE session;
 	/* pkcs11 library */
 	pkcs11_library_t *lib;
-	/* attributes to retreive */
+	/* attributes to retrieve */
 	CK_ATTRIBUTE_PTR attr;
 	/* number of attributes */
 	CK_ULONG count;
diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
index b80d67324..60b13aeb5 100644
--- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
+++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.h
@@ -32,7 +32,7 @@ typedef struct pkcs11_manager_t pkcs11_manager_t;
  *
  * @param data		user supplied data, as passed to pkcs11_manager_create()
  * @param p11		loaded PKCS#11 library token belongs to
- * @param slot		slot number the event occured in
+ * @param slot		slot number the event occurred in
  * @param add		TRUE if token was added to the slot, FALSE if removed
  */
 typedef void (*pkcs11_manager_token_event_t)(void *data, pkcs11_library_t *p11,
diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h
index 5c92fd1d8..6bed43dee 100644
--- a/src/libstrongswan/plugins/plugin.h
+++ b/src/libstrongswan/plugins/plugin.h
@@ -52,7 +52,7 @@ struct plugin_t {
 
 
 /**
- * Plugin constructor function definiton.
+ * Plugin constructor function definition.
  *
  * Each plugin has a constructor function. This function is called on daemon
  * startup to initialize each plugin.
diff --git a/src/libstrongswan/processing/jobs/callback_job.c b/src/libstrongswan/processing/jobs/callback_job.c
index 26afea319..13f22e69c 100644
--- a/src/libstrongswan/processing/jobs/callback_job.c
+++ b/src/libstrongswan/processing/jobs/callback_job.c
@@ -62,7 +62,7 @@ struct private_callback_job_t {
 	mutex_t *mutex;
 
 	/**
-	 * list of asociated child jobs
+	 * list of associated child jobs
 	 */
 	linked_list_t *children;
 
diff --git a/src/libstrongswan/processing/scheduler.h b/src/libstrongswan/processing/scheduler.h
index f2c72550f..abbf74e2c 100644
--- a/src/libstrongswan/processing/scheduler.h
+++ b/src/libstrongswan/processing/scheduler.h
@@ -35,7 +35,7 @@ typedef struct scheduler_t scheduler_t;
  * based data structure that satisfies the following property: if B is a child
  * node of A, then key(A) >= (or <=) key(B). So either the element with the
  * greatest (max-heap) or the smallest (min-heap) key is the root of the heap.
- * We use a min-heap whith the key being the absolute unix time at which an
+ * We use a min-heap with the key being the absolute unix time at which an
  * event is scheduled. So the root is always the event that will fire next.
  *
  * An earlier implementation of the scheduler used a sorted linked list to store
diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h
index 9ccd02327..a864779f1 100644
--- a/src/libstrongswan/settings.h
+++ b/src/libstrongswan/settings.h
@@ -110,7 +110,7 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def);
  * already existing values are replaced.
  *
  * All settings included from files are added relative to the section the
- * include statment is in.
+ * include statement is in.
  *
  * The following files result in the same final config as above:
  *
diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h
index e9693a5b6..12b5712ae 100644
--- a/src/libstrongswan/utils/enumerator.h
+++ b/src/libstrongswan/utils/enumerator.h
@@ -36,7 +36,7 @@ struct enumerator_t {
 	 * The enumerate function takes a variable argument list containing
 	 * pointers where the enumerated values get written.
 	 *
-	 * @param ...	variable list of enumerated items, implementation dependant
+	 * @param ...	variable list of enumerated items, implementation dependent
 	 * @return		TRUE if pointers returned
 	 */
 	bool (*enumerate)(enumerator_t *this, ...);
diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c
index 615d85c95..2895d620c 100644
--- a/src/libstrongswan/utils/host.c
+++ b/src/libstrongswan/utils/host.c
@@ -40,7 +40,7 @@ struct private_host_t {
 	host_t public;
 
 	/**
-	 * low-lewel structure, wich stores the address
+	 * low-lewel structure, which stores the address
 	 */
 	union {
 		/** generic type */
diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h
index c463b0274..af0804f32 100644
--- a/src/libstrongswan/utils/identification.h
+++ b/src/libstrongswan/utils/identification.h
@@ -293,7 +293,7 @@ struct identification_t {
  *
  * In favour of pluto, domainnames are prepended with an @, since
  * pluto resolves domainnames without an @ to IPv4 addresses. Since
- * we use a seperate host_t class for addresses, this doesn't
+ * we use a separate host_t class for addresses, this doesn't
  * make sense for us.
  *
  * A distinguished name may contain one or more of the following RDNs:
diff --git a/src/libtls/tls_alert.h b/src/libtls/tls_alert.h
index 95ba4d91b..8ce50f83d 100644
--- a/src/libtls/tls_alert.h
+++ b/src/libtls/tls_alert.h
@@ -98,7 +98,7 @@ struct tls_alert_t {
 	/**
 	 * Did a fatal alert occur?.
 	 *
-	 * @return				TRUE if a fatal alert has occured
+	 * @return				TRUE if a fatal alert has occurred
 	 */
 	bool (*fatal)(tls_alert_t *this);
 
diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index b5fd6a3f1..b9a5d6627 100644
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -603,7 +603,7 @@ static suite_algs_t suite_algs[] = {
 };
 
 /**
- * Look up algoritms by a suite
+ * Look up algorithms by a suite
  */
 static suite_algs_t *find_suite(tls_cipher_suite_t suite)
 {
diff --git a/src/libtls/tls_fragmentation.c b/src/libtls/tls_fragmentation.c
index 72a7ce80a..c42c16fb8 100644
--- a/src/libtls/tls_fragmentation.c
+++ b/src/libtls/tls_fragmentation.c
@@ -242,7 +242,7 @@ METHOD(tls_fragmentation_t, process, status_t,
 	{
 		case ALERT_SENDING:
 		case ALERT_SENT:
-			/* don't accept more input, fatal error ocurred */
+			/* don't accept more input, fatal error occurred */
 			return NEED_MORE;
 		case ALERT_NONE:
 			break;
diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c
index d823bae04..e85ded016 100644
--- a/src/libtls/tls_protection.c
+++ b/src/libtls/tls_protection.c
@@ -112,7 +112,7 @@ METHOD(tls_protection_t, process, status_t,
 	private_tls_protection_t *this, tls_content_type_t type, chunk_t data)
 {
 	if (this->alert->fatal(this->alert))
-	{	/* don't accept more input, fatal error ocurred */
+	{	/* don't accept more input, fatal error occurred */
 		return NEED_MORE;
 	}
 
diff --git a/src/manager/templates/static/jquery.js b/src/manager/templates/static/jquery.js
index 0728760b5..7cb68d02f 100644
--- a/src/manager/templates/static/jquery.js
+++ b/src/manager/templates/static/jquery.js
@@ -2110,7 +2110,7 @@ var jsc = (new Date).getTime();
 
 jQuery.extend({
 	get: function( url, data, callback, type ) {
-		// shift arguments if data argument was ommited
+		// shift arguments if data argument was omitted
 		if ( jQuery.isFunction( data ) ) {
 			callback = data;
 			data = null;
diff --git a/src/medsrv/controller/user_controller.c b/src/medsrv/controller/user_controller.c
index 0f25799d8..6e1b7a249 100755
--- a/src/medsrv/controller/user_controller.c
+++ b/src/medsrv/controller/user_controller.c
@@ -44,7 +44,7 @@ struct private_user_controller_t {
 	user_t *user;
 
 	/**
-	 * minimum required password lenght
+	 * minimum required password length
 	 */
 	u_int password_length;
 };
diff --git a/src/pluto/constants.h b/src/pluto/constants.h
index 075579d6d..c931f1782 100644
--- a/src/pluto/constants.h
+++ b/src/pluto/constants.h
@@ -658,7 +658,7 @@ extern const char *prettypolicy(lset_t policy);
 #define POLICY_COMPRESS      LELEM(4)   /* must be third */
 #define POLICY_TUNNEL        LELEM(5)
 #define POLICY_PFS           LELEM(6)
-#define POLICY_DISABLEARRIVALCHECK  LELEM(7)    /* supress tunnel egress address checking */
+#define POLICY_DISABLEARRIVALCHECK  LELEM(7)    /* suppress tunnel egress address checking */
 
 #define POLICY_IPSEC_SHIFT      2       /* log2(POLICY_ENCRYPT) */
 #define POLICY_IPSEC_MASK       LRANGES(POLICY_ENCRYPT, POLICY_DISABLEARRIVALCHECK)
diff --git a/src/pluto/demux.c b/src/pluto/demux.c
index 294601295..612e0813c 100644
--- a/src/pluto/demux.c
+++ b/src/pluto/demux.c
@@ -544,7 +544,7 @@ init_demux(void)
  * - ip(7) describes IP_RECVERR
  * - recvmsg(2) describes MSG_ERRQUEUE
  * - readv(2) describes iovec
- * - cmsg(3) describes how to process auxilliary messages
+ * - cmsg(3) describes how to process auxiliary messages
  *
  * ??? we should link this message with one we've sent
  * so that the diagnostic can refer to that negotiation.
@@ -1580,7 +1580,7 @@ process_packet(struct msg_digest **mdp)
 
 			/*
 			 * okay, now we have to figure out if we are receiving a bogus
-			 * new message in an oustanding XAUTH server conversation
+			 * new message in an outstanding XAUTH server conversation
 			 * (i.e. a reply to our challenge)
 			 * (this occurs with some broken other implementations).
 			 *
diff --git a/src/pluto/kernel_alg.c b/src/pluto/kernel_alg.c
index eab2a8f06..b4b18fd80 100644
--- a/src/pluto/kernel_alg.c
+++ b/src/pluto/kernel_alg.c
@@ -205,7 +205,7 @@ bool kernel_alg_esp_ok_final(u_int ealg, u_int key_len, u_int aalg,
 
 	/*
 	 * key_len passed comes from esp_attrs read from peer
-	 * For many older algoritms (eg 3DES) this key_len is fixed
+	 * For many older algorithms (eg 3DES) this key_len is fixed
 	 * and get passed as 0.
 	 * ... then get default key_len
 	 */
diff --git a/src/pluto/lex.h b/src/pluto/lex.h
index f16769144..aa0be7829 100644
--- a/src/pluto/lex.h
+++ b/src/pluto/lex.h
@@ -22,7 +22,7 @@ struct file_lex_position
 	int lino;   /* line number in file */
 	char buffer[MAX_TOK_LEN + 1];    /* note: one extra char for our use (jamming '"') */
 	char *cur;  /* cursor */
-	char under; /* except in shift(): character orignally at *cur */
+	char under; /* except in shift(): character originally at *cur */
 	struct file_lex_position *previous;
 };
 
diff --git a/src/pluto/nat_traversal.c b/src/pluto/nat_traversal.c
index 5e9353b72..28be76825 100644
--- a/src/pluto/nat_traversal.c
+++ b/src/pluto/nat_traversal.c
@@ -232,7 +232,7 @@ void nat_traversal_natd_lookup(struct msg_digest *md)
 	if (i < 2)
 	{
 		loglog(RC_LOG_SERIOUS,
-			"NAT-Traversal: Only %d NAT-D - Aborting NAT-Traversal negociation", i);
+			"NAT-Traversal: Only %d NAT-D - Aborting NAT-Traversal negotiation", i);
 		st->nat_traversal = 0;
 		return;
 	}
diff --git a/src/pluto/pluto.8 b/src/pluto/pluto.8
index 9ac537bd9..ed6f78050 100644
--- a/src/pluto/pluto.8
+++ b/src/pluto/pluto.8
@@ -1437,7 +1437,7 @@ Phase 1.
 \fBPluto\fP responds to \fBSIGHUP\fP by issuing a suggestion that ``\fBwhack\fP
 \-\-listen'' might have been intended.
 .LP
-\fBPluto\fP exits when it recieves \fBSIGTERM\fP.
+\fBPluto\fP exits when it receives \fBSIGTERM\fP.
 .SH EXIT STATUS
 .LP
 \fBpluto\fP normally forks a daemon process, so the exit status is
@@ -1558,7 +1558,7 @@ There is no good way for a connection to be automatically terminated.
 This is a problem for Road Warrior and Opportunistic connections.
 The \fB\-\-dontrekey\fP option does prevent the SAs from
 being rekeyed on expiry.
-Additonally, if a Road Warrior connection has a client subnet with a fixed IP
+Additionally, if a Road Warrior connection has a client subnet with a fixed IP
 address, a negotiation with that subnet will cause any other
 connection instantiations with that same subnet to be unoriented
 (deleted, in effect).
diff --git a/src/pluto/rcv_whack.c b/src/pluto/rcv_whack.c
index c140095f0..8db8a965e 100644
--- a/src/pluto/rcv_whack.c
+++ b/src/pluto/rcv_whack.c
@@ -282,7 +282,7 @@ void whack_handle(int whackctlfd)
 		{
 			if (msg.magic == WHACK_BASIC_MAGIC)
 			{
-				/* Only shutdown command.  Simpler inter-version compatability. */
+				/* Only shutdown command.  Simpler inter-version compatibility. */
 				if (msg.whack_shutdown)
 				{
 					plog("shutting down");
diff --git a/src/pluto/spdb.c b/src/pluto/spdb.c
index 48585432b..06fe7d7c8 100644
--- a/src/pluto/spdb.c
+++ b/src/pluto/spdb.c
@@ -1300,7 +1300,7 @@ notification_t parse_isakmp_sa_body(u_int32_t ipsecdoisit,
  * proposal is emitted into it.
  *
  * If "selection" is true, the SA is supposed to represent the
- * single tranform that the peer has accepted.
+ * single transform that the peer has accepted.
  * ??? We only check that it is acceptable, not that it is one that we offered!
  *
  * Only IPsec DOI is accepted (what is the ISAKMP DOI?).
diff --git a/src/pluto/spdb.h b/src/pluto/spdb.h
index 221cc00bb..8a0bffbbd 100644
--- a/src/pluto/spdb.h
+++ b/src/pluto/spdb.h
@@ -100,7 +100,7 @@ extern notification_t parse_ipsec_sa_body(
 	pb_stream *sa_pbs,          /* body of input SA Payload */
 	const struct isakmp_sa *sa, /* header of input SA Payload */
 	pb_stream *r_sa_pbs,        /* if non-NULL, where to emit winning SA */
-	bool selection,             /* if this SA is a selection, only one tranform can appear */
+	bool selection,             /* if this SA is a selection, only one transform can appear */
 	struct state *st);          /* current state object */
 
 extern void backup_pbs(pb_stream *pbs);
diff --git a/src/pluto/state.c b/src/pluto/state.c
index e4234bc87..f5185888e 100644
--- a/src/pluto/state.c
+++ b/src/pluto/state.c
@@ -216,7 +216,7 @@ struct state *state_with_serialno(so_serial_t sn)
 }
 
 /* Insert a state object in the hash table. The object is inserted
- * at the begining of list.
+ * at the beginning of list.
  * Needs cookies, connection, and msgid.
  */
 void insert_state(struct state *st)
diff --git a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf
index 8b5511e9d..c73872d15 100644
--- a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf
@@ -36,9 +36,9 @@ crlnumber       = $dir/crlnumber          # The current CRL serial number
 private_key     = $dir/duckKey.pem        # The private key
 RANDFILE        = $dir/.rand              # private random number file
 
-x509_extensions = host_ext		  # The extentions to add to the cert
+x509_extensions = host_ext		  # The extensions to add to the cert
 
-crl_extensions	= crl_ext  		  # The extentions to add to the CRL
+crl_extensions	= crl_ext  		  # The extensions to add to the CRL
 
 default_days    = 1825                    # how long to certify for
 default_crl_days= 30			  # how long before next CRL
@@ -78,7 +78,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions		= ca_ext	# The extentions to add to the self signed cert
+x509_extensions		= ca_ext	# The extensions to add to the self signed cert
 # req_extensions 	= v3_req 	# The extensions to add to a certificate request
 
 
diff --git a/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf b/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf
index 7f1a4d70b..0e29dcf79 100644
--- a/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf
@@ -36,9 +36,9 @@ crlnumber	= $dir/crlnumber	     # The current CRL serial number
 private_key     = $dir/strongswan_ecKey.pem  # The private key
 RANDFILE        = $dir/.rand                 # private random number file
 
-x509_extensions = host_ext		     # The extentions to add to the cert
+x509_extensions = host_ext		     # The extensions to add to the cert
 
-crl_extensions	= crl_ext  		     # The extentions to add to the CRL
+crl_extensions	= crl_ext  		     # The extensions to add to the CRL
 
 default_days    = 1825                       # how long to certify for
 default_crl_days= 30			     # how long before next CRL
@@ -79,7 +79,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions		= ca_ext	# The extentions to add to the self signed cert
+x509_extensions		= ca_ext	# The extensions to add to the self signed cert
 # req_extensions 	= v3_req 	# The extensions to add to a certificate request
 
 
diff --git a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
index 12cc5d078..77474c129 100644
--- a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
@@ -36,9 +36,9 @@ crlnumber	= $dir/crlnumber	  # The current CRL serial number
 private_key     = $dir/strongswanKey-monster.pem  # The private key
 RANDFILE        = $dir/.rand              # private random number file
 
-x509_extensions = host_ext		  # The extentions to add to the cert
+x509_extensions = host_ext		  # The extensions to add to the cert
 
-crl_extensions	= crl_ext  		  # The extentions to add to the CRL
+crl_extensions	= crl_ext  		  # The extensions to add to the CRL
 
 default_days    = 10950                   # how long to certify for
 default_crl_days= 30			  # how long before next CRL
@@ -79,7 +79,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions		= ca_ext	# The extentions to add to the self signed cert
+x509_extensions		= ca_ext	# The extensions to add to the self signed cert
 # req_extensions 	= v3_req 	# The extensions to add to a certificate request
 
 
diff --git a/testing/hosts/winnetou/etc/openssl/openssl.cnf b/testing/hosts/winnetou/etc/openssl/openssl.cnf
index 6433c7a24..a614ff640 100644
--- a/testing/hosts/winnetou/etc/openssl/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/openssl.cnf
@@ -36,9 +36,9 @@ crlnumber	= $dir/crlnumber	  # The current CRL serial number
 private_key     = $dir/strongswanKey.pem  # The private key
 RANDFILE        = $dir/.rand              # private random number file
 
-x509_extensions = host_ext		  # The extentions to add to the cert
+x509_extensions = host_ext		  # The extensions to add to the cert
 
-crl_extensions	= crl_ext  		  # The extentions to add to the CRL
+crl_extensions	= crl_ext  		  # The extensions to add to the CRL
 
 default_days    = 1825                    # how long to certify for
 default_crl_days= 30			  # how long before next CRL
@@ -79,7 +79,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions		= ca_ext	# The extentions to add to the self signed cert
+x509_extensions		= ca_ext	# The extensions to add to the self signed cert
 # req_extensions 	= v3_req 	# The extensions to add to a certificate request
 
 
diff --git a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
index 23f120b29..6ccf3c2f8 100644
--- a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
@@ -36,9 +36,9 @@ crlnumber       = $dir/crlnumber          # The current CRL serial number
 private_key     = $dir/researchKey.pem    # The private key
 RANDFILE        = $dir/.rand              # private random number file
 
-x509_extensions = host_ext		  # The extentions to add to the cert
+x509_extensions = host_ext		  # The extensions to add to the cert
 
-crl_extensions	= crl_ext  		  # The extentions to add to the CRL
+crl_extensions	= crl_ext  		  # The extensions to add to the CRL
 
 default_days    = 1825                    # how long to certify for
 default_crl_days= 30			  # how long before next CRL
@@ -78,7 +78,7 @@ default_bits		= 2048
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions		= ca_ext	# The extentions to add to the self signed cert
+x509_extensions		= ca_ext	# The extensions to add to the self signed cert
 # req_extensions 	= v3_req 	# The extensions to add to a certificate request
 
 
diff --git a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf
index 133b2ea71..9ec4b01a8 100644
--- a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf
@@ -36,9 +36,9 @@ crlnumber	= $dir/crlnumber	  # The current CRL serial number
 private_key     = $dir/strongswanKey.pem  # The private key
 RANDFILE        = $dir/.rand              # private random number file
 
-x509_extensions = host_ext		  # The extentions to add to the cert
+x509_extensions = host_ext		  # The extensions to add to the cert
 
-crl_extensions	= crl_ext  		  # The extentions to add to the CRL
+crl_extensions	= crl_ext  		  # The extensions to add to the CRL
 
 default_days    = 1825                    # how long to certify for
 default_crl_days= 30			  # how long before next CRL
@@ -79,7 +79,7 @@ default_bits		= 1024
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions		= ca_ext	# The extentions to add to the self signed cert
+x509_extensions		= ca_ext	# The extensions to add to the self signed cert
 # req_extensions 	= v3_req 	# The extensions to add to a certificate request
 
 
diff --git a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
index 547b2edbc..0e3a45292 100644
--- a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
@@ -36,9 +36,9 @@ crlnumber       = $dir/crlnumber          # The current CRL serial number
 private_key     = $dir/salesKey.pem       # The private key
 RANDFILE        = $dir/.rand              # private random number file
 
-x509_extensions = host_ext		  # The extentions to add to the cert
+x509_extensions = host_ext		  # The extensions to add to the cert
 
-crl_extensions	= crl_ext  		  # The extentions to add to the CRL
+crl_extensions	= crl_ext  		  # The extensions to add to the CRL
 
 default_days    = 1825                    # how long to certify for
 default_crl_days= 30			  # how long before next CRL
@@ -78,7 +78,7 @@ default_bits		= 2048
 default_keyfile 	= privkey.pem
 distinguished_name	= req_distinguished_name
 attributes		= req_attributes
-x509_extensions		= ca_ext	# The extentions to add to the self signed cert
+x509_extensions		= ca_ext	# The extensions to add to the self signed cert
 # req_extensions 	= v3_req 	# The extensions to add to a certificate request
 
 
diff --git a/testing/tests/ikev2/rw-eap-aka-rsa/description.txt b/testing/tests/ikev2/rw-eap-aka-rsa/description.txt
index b4f766d6f..1277081b9 100644
--- a/testing/tests/ikev2/rw-eap-aka-rsa/description.txt
+++ b/testing/tests/ikev2/rw-eap-aka-rsa/description.txt
@@ -3,5 +3,5 @@ The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
 in association with the <i>Authentication and Key Agreement</i> protocol
 (<b>EAP-AKA</b>) to authenticate against the gateway. This protocol is used
 in UMTS, but here a secret from <b>ipsec.secrets</b> is used instead of a USIM/(R)UIM.
-Gateway <b>moon</b> additionaly uses an <b>RSA signature</b> to authenticate itself
+Gateway <b>moon</b> additionally uses an <b>RSA signature</b> to authenticate itself
 against <b>carol</b>.
diff --git a/testing/tests/ikev2/rw-eap-md5-rsa/description.txt b/testing/tests/ikev2/rw-eap-md5-rsa/description.txt
index a2ac00d80..d376ee5a8 100644
--- a/testing/tests/ikev2/rw-eap-md5-rsa/description.txt
+++ b/testing/tests/ikev2/rw-eap-md5-rsa/description.txt
@@ -3,5 +3,5 @@ The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
 in association with an  <i>MD5</i> challenge and response protocol
 (<b>EAP-MD5</b>) to authenticate against the gateway. The user password
 is kept in <b>ipsec.secrets</b> on both gateway and client 
-Gateway <b>moon</b> additionaly uses an <b>RSA signature</b> to authenticate itself
+Gateway <b>moon</b> additionally uses an <b>RSA signature</b> to authenticate itself
 against <b>carol</b>.
diff --git a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt
index df7041a97..4feadff4c 100644
--- a/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt
+++ b/testing/tests/ikev2/rw-eap-mschapv2-id-rsa/description.txt
@@ -4,5 +4,5 @@ in association with the <i>Microsoft CHAP version 2</i> protocol
 (<b>EAP-MSCHAPV2</b>) to authenticate against the gateway. This protocol is used
 e.g. by the Windows 7 Agile VPN client.
 In addition to her IKEv2 identity <b>PH_IP_CAROL</b>, roadwarrior <b>carol</b>
-uses the EAP identy <b>carol</b>. Gateway <b>moon</b> additionaly uses an <b>RSA signature</b>
+uses the EAP identy <b>carol</b>. Gateway <b>moon</b> additionally uses an <b>RSA signature</b>
 to authenticate itself against <b>carol</b>.
diff --git a/testing/tests/ikev2/rw-eap-sim-rsa/description.txt b/testing/tests/ikev2/rw-eap-sim-rsa/description.txt
index 5fc75e1b1..686241809 100644
--- a/testing/tests/ikev2/rw-eap-sim-rsa/description.txt
+++ b/testing/tests/ikev2/rw-eap-sim-rsa/description.txt
@@ -3,5 +3,5 @@ The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
 in association with a GSM <i>Subscriber Identity Module</i> (<b>EAP-SIM</b>)
 to authenticate against the gateway. In this scenario triplets from the file
 <b>/etc/ipsec.d/triplets.dat</b> are used instead of a physical SIM card.
-Gateway <b>moon</b> additionaly uses an <b>RSA signature</b> to authenticate
+Gateway <b>moon</b> additionally uses an <b>RSA signature</b> to authenticate
 itself against <b>carol</b>.
diff --git a/testing/tests/sql/rw-eap-aka-rsa/description.txt b/testing/tests/sql/rw-eap-aka-rsa/description.txt
index b4f766d6f..1277081b9 100644
--- a/testing/tests/sql/rw-eap-aka-rsa/description.txt
+++ b/testing/tests/sql/rw-eap-aka-rsa/description.txt
@@ -3,5 +3,5 @@ The roadwarrior <b>carol</b> sets up a connection to gateway <b>moon</b>.
 in association with the <i>Authentication and Key Agreement</i> protocol
 (<b>EAP-AKA</b>) to authenticate against the gateway. This protocol is used
 in UMTS, but here a secret from <b>ipsec.secrets</b> is used instead of a USIM/(R)UIM.
-Gateway <b>moon</b> additionaly uses an <b>RSA signature</b> to authenticate itself
+Gateway <b>moon</b> additionally uses an <b>RSA signature</b> to authenticate itself
 against <b>carol</b>.