Fixed some typos, courtesy of codespell

2025-12-05 00:01:49 -05:00 · 2018-02-13 12:04:12 +01:00 · 2018-02-13 12:04:12 +01:00 · 2db6d5b8b3
commit 2db6d5b8b3
parent 60c750181f
75 changed files with 95 additions and 95 deletions
--- a/10
+++ b/10
@ -1382,7 +1382,7 @@ strongswan-4.4.1
 - The openssl plugin now supports X.509 certificate and CRL functions.

 - OCSP/CRL checking in IKEv2 has been moved to the revocation plugin, enabled
-  by default. Plase update manual load directives in strongswan.conf.
+  by default. Please update manual load directives in strongswan.conf.

 - RFC3779 ipAddrBlock constraint checking has been moved to the addrblock
  plugin, disabled by default. Enable it and update manual load directives
@ -1844,7 +1844,7 @@ strongswan-4.2.8

 - Several MOBIKE improvements: Detect changes in NAT mappings in DPD exchanges,
  handle events if kernel detects NAT mapping changes in UDP-encapsulated
-  ESP packets (requires kernel patch), reuse old addesses in MOBIKE updates as
+  ESP packets (requires kernel patch), reuse old addresses in MOBIKE updates as
  long as possible and other fixes.

 - Fixed a bug in addr_in_subnet() which caused insertion of wrong source
@ -2123,7 +2123,7 @@ strongswan-4.1.7

 - In NAT traversal situations and multiple queued Quick Modes,
  those pending connections inserted by auto=start after the
-  port floating from 500 to 4500 were erronously deleted.
+  port floating from 500 to 4500 were erroneously deleted.

 - Added a "forceencaps" connection parameter to enforce UDP encapsulation
  to surmount restrictive firewalls. NAT detection payloads are faked to
@ -2717,7 +2717,7 @@ strongswan-2.6.0
 strongswan-2.5.7
 ----------------

- CA certicates are now automatically loaded from a smartcard
+- CA certificates are now automatically loaded from a smartcard
  or USB crypto token and appear in the ipsec auto --listcacerts
  listing.

@ -2830,7 +2830,7 @@ strongswan-2.5.1
 - Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
  installed either by setting auto=route in ipsec.conf or by
  a connection put into hold, generates an XFRM_AQUIRE event
-  for each packet that wants to use the not-yet exisiting
+  for each packet that wants to use the not-yet existing
  tunnel. Up to now each XFRM_AQUIRE event led to an entry in
  the Quick Mode queue, causing multiple IPsec SA to be
  established in rapid succession. Starting with strongswan-2.5.1
--- a/conf/options/charon.opt
+++ b/conf/options/charon.opt
@ -31,7 +31,7 @@ charon.cert_cache = yes
 	memory.

 charon.cache_crls = no
-	Whether Certicate Revocation Lists (CRLs) fetched via HTTP or LDAP should
+	Whether Certificate Revocation Lists (CRLs) fetched via HTTP or LDAP should
 	be saved under a unique file name derived from the public key of the
 	Certification Authority (CA) to **/etc/ipsec.d/crls** (stroke) or
 	**/etc/swanctl/x509crl** (vici), respectively.
--- a/conf/plugins/kernel-netlink.opt
+++ b/conf/plugins/kernel-netlink.opt
@ -7,7 +7,7 @@ charon.plugins.kernel-netlink.force_receive_buffer_size = no
 	If the maximum Netlink socket receive buffer in bytes set by
 	_receive_buffer_size_ exceeds the system-wide maximum from
 	/proc/sys/net/core/rmem_max, this option can be used to override the limit.
-	Enabling this option requires special priviliges (CAP_NET_ADMIN).
+	Enabling this option requires special privileges (CAP_NET_ADMIN).

 charon.plugins.kernel-netlink.fwmark =
 	Firewall mark to set on the routing rule that directs traffic to our routing
--- a/src/charon-cmd/cmd/cmd_options.h
+++ b/src/charon-cmd/cmd/cmd_options.h
@ -63,7 +63,7 @@ struct cmd_option_t {
 	const char *name;
 	/** takes argument */
 	int has_arg;
-	/** decription of argument */
+	/** description of argument */
 	const char *arg;
 	/** short description to option */
 	const char *desc;
--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
+++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c
@ -1,5 +1,5 @@
 /*
- * Copyrigth (C) 2012 Reto Buerki
+ * Copyright (C) 2012 Reto Buerki
 * Copyright (C) 2012 Adrian-Ken Rueegsegger
 * Hochschule fuer Technik Rapperswil
 *
--- a/src/charon-tkm/src/tkm/tkm_keymat.c
+++ b/src/charon-tkm/src/tkm/tkm_keymat.c
@ -1,6 +1,6 @@
 /*
 * Copyright (C) 2015 Tobias Brunner
- * Copyrigth (C) 2012 Reto Buerki
+ * Copyright (C) 2012 Reto Buerki
 * Copyright (C) 2012 Adrian-Ken Rueegsegger
 * Hochschule fuer Technik Rapperswil
 *
--- a/src/charon-tkm/src/tkm/tkm_listener.c
+++ b/src/charon-tkm/src/tkm/tkm_listener.c
@ -1,5 +1,5 @@
 /*
- * Copyrigth (C) 2012 Reto Buerki
+ * Copyright (C) 2012 Reto Buerki
 * Copyright (C) 2012 Adrian-Ken Rueegsegger
 * Hochschule fuer Technik Rapperswil
 *
--- a/src/charon-tkm/src/tkm/tkm_nonceg.c
+++ b/src/charon-tkm/src/tkm/tkm_nonceg.c
@ -1,5 +1,5 @@
 /*
- * Copyrigth (C) 2012 Reto Buerki
+ * Copyright (C) 2012 Reto Buerki
 * Copyright (C) 2012 Adrian-Ken Rueegsegger
 * Hochschule fuer Technik Rapperswil
 *
--- a/src/dumm/guest.h
+++ b/src/dumm/guest.h
@ -47,7 +47,7 @@ enum guest_state_t {
 extern enum_name_t *guest_state_names;

 /**
- * Invoke function which lauches the UML guest.
+ * Invoke function which launches the UML guest.
 *
 * Consoles are all set to NULL, you may change them by adding additional UML
 * options to args before invocation.
--- a/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
+++ b/src/frontends/android/app/src/main/jni/libandroidbridge/backend/android_service.c
@ -53,7 +53,7 @@ struct private_android_service_t {
 	ike_sa_t *ike_sa;

 	/**
-	 * configuration setttings
+	 * configuration settings
 	 */
 	settings_t *settings;

--- a/src/frontends/osx/strongSwan/Helper.h
+++ b/src/frontends/osx/strongSwan/Helper.h
@ -25,14 +25,14 @@
@interface Helper : NSObject

 /**
- * Get the XPC connection singleton, installing helper if requried
+ * Get the XPC connection singleton, installing helper if required
 *
 * @return		XPC service connection, as a singleton
 */
 - (xpc_connection_t)getConnection;

 /**
- * Return an errror string if if getConnection fails
+ * Return an error string if if getConnection fails
 *
 * @return		error string, unretained
 */
--- a/src/libcharon/config/ike_cfg.h
+++ b/src/libcharon/config/ike_cfg.h
@ -61,7 +61,7 @@ enum fragmentation_t {
 };

 /**
- * enum strings fro ike_version_t
+ * enum strings for ike_version_t
 */
 extern enum_name_t *ike_version_names;

--- a/src/libcharon/encoding/generator.h
+++ b/src/libcharon/encoding/generator.h
@ -35,8 +35,8 @@ typedef struct generator_t generator_t;
 * method. The generated bytes are appended. After all payloads are added,
 * the write_to_chunk method writes out all generated data since
 * the creation of the generator.
- * The generater uses a set of encoding rules, which it can get from
- * the supplied payload. With this rules, the generater can generate
+ * The generator uses a set of encoding rules, which it can get from
+ * the supplied payload. With this rules, the generator can generate
 * the payload and all substructures automatically.
 */
 struct generator_t {
--- a/src/libcharon/kernel/kernel_interface.c
+++ b/src/libcharon/kernel/kernel_interface.c
@ -351,7 +351,7 @@ METHOD(kernel_interface_t, alloc_reqid, status_t,
 	if (entry)
 	{
 		/* we don't require a traffic selector match for explicit reqids,
-		 * as we wan't to reuse a reqid for trap-triggered policies that
+		 * as we want to reuse a reqid for trap-triggered policies that
 		 * got narrowed during negotiation. */
 		reqid_entry_destroy(tmpl);
 	}
--- a/src/libcharon/plugins/certexpire/certexpire_cron.h
+++ b/src/libcharon/plugins/certexpire/certexpire_cron.h
@ -38,7 +38,7 @@ struct certexpire_cron_t {
 	/**
 	 * Destroy a certexpire_cron_t.
 	 *
-	 * It currently is not possible to savely cancel a cron job. Make sure
+	 * It currently is not possible to safely cancel a cron job. Make sure
 	 * any scheduled jobs have been canceled before cleaning up.
 	 */
 	void (*destroy)(certexpire_cron_t *this);
--- a/src/libcharon/plugins/eap_radius/eap_radius_provider.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.c
@ -92,7 +92,7 @@ static void destroy_attr(attr_t *this)
 * Hashtable entry with leases and attributes
 */
 typedef struct {
-	/** IKE_SA uniqe id we assign the IP lease */
+	/** IKE_SA unique id we assign the IP lease */
 	uintptr_t id;
 	/** list of IP leases received from AAA, as host_t */
 	linked_list_t *addrs;
--- a/src/libcharon/plugins/eap_radius/eap_radius_xauth.c
+++ b/src/libcharon/plugins/eap_radius/eap_radius_xauth.c
@ -72,7 +72,7 @@ struct private_eap_radius_xauth_t {
 	xauth_round_t round;

 	/**
-	 * Concatentated password of all rounds
+	 * Concatenated password of all rounds
 	 */
 	chunk_t pass;
 };
--- a/src/libcharon/plugins/ha/ha_ike.c
+++ b/src/libcharon/plugins/ha/ha_ike.c
@ -335,7 +335,7 @@ METHOD(listener_t, message_hook, bool,
 		chunk_t iv;

 		/* we need the last block (or expected next IV) of Phase 1, which gets
-		 * upated after successful en-/decryption depending on direction */
+		 * updated after successful en-/decryption depending on direction */
 		if (incoming == plain)
 		{
 			if (message->get_message_id(message) == 0)
--- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
+++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c
@ -1982,7 +1982,7 @@ METHOD(kernel_ipsec_t, get_spi, status_t,
 	private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst,
 	uint8_t protocol, uint32_t *spi)
 {
-	/* To avoid sequencial SPIs, we use a one-to-one permuation function on
+	/* To avoid sequential SPIs, we use a one-to-one permutation function on
 	 * an incrementing counter, that is a full period PRNG for the range we
 	 * allocate SPIs in. We add some randomness using a fixed XOR and start
 	 * the counter at random position. This is not cryptographically safe,
--- a/src/libcharon/plugins/lookip/lookip_plugin.c
+++ b/src/libcharon/plugins/lookip/lookip_plugin.c
@ -33,7 +33,7 @@ struct private_lookip_plugin_t {
 	lookip_plugin_t public;

 	/**
-	 * Listener collecting virtual IP assignements
+	 * Listener collecting virtual IP assignments
 	 */
 	lookip_listener_t *listener;

--- a/src/libcharon/plugins/osx_attr/osx_attr_handler.c
+++ b/src/libcharon/plugins/osx_attr/osx_attr_handler.c
@ -150,7 +150,7 @@ static bool manage_dns(private_osx_attr_handler_t *this,
 		if (add)
 		{
 			if (!this->append && !this->original)
-			{	/* backup orignal config, start with empty set */
+			{	/* backup original config, start with empty set */
 				this->original = arr;
 				arr = CFArrayCreateMutable(NULL, 0, &kCFTypeArrayCallBacks);
 			}
--- a/src/libcharon/plugins/stroke/stroke_config.c
+++ b/src/libcharon/plugins/stroke/stroke_config.c
@ -519,7 +519,7 @@ static auth_cfg_t *build_auth_cfg(private_stroke_config_t *this,
 		enumerator->destroy(enumerator);
 	}

-	/* authentication metod (class, actually) */
+	/* authentication method (class, actually) */
 	if (strpfx(auth, "ike:") ||
 		strpfx(auth, "pubkey") ||
 		strpfx(auth, "rsa") ||
--- a/src/libcharon/plugins/stroke/stroke_list.c
+++ b/src/libcharon/plugins/stroke/stroke_list.c
@ -693,7 +693,7 @@ METHOD(stroke_list_t, status, void,

 /**
 * create a unique certificate list without duplicates
- * certicates having the same issuer are grouped together.
+ * certificates having the same issuer are grouped together.
 */
 static linked_list_t* create_unique_cert_list(certificate_type_t type)
 {
--- a/src/libcharon/plugins/uci/uci_parser.c
+++ b/src/libcharon/plugins/uci/uci_parser.c
@ -112,7 +112,7 @@ METHOD(uci_parser_t, create_section_enumerator, enumerator_t*,
 	va_list args;
 	int i;

-	/* allocate enumerator large enought to hold keyword pointers */
+	/* allocate enumerator large enough to hold keyword pointers */
 	i = 1;
 	va_start(args, this);
 	while (va_arg(args, char*))
--- a/src/libcharon/plugins/vici/libvici.h
+++ b/src/libcharon/plugins/vici/libvici.h
@ -43,7 +43,7 @@
 * thread pool.
 *
 * Connecting requires an uri, which is currently either a UNIX socket path
- * prefixed with unix://, or a hostname:port touple prefixed with tcp://.
+ * prefixed with unix://, or a hostname:port tuple prefixed with tcp://.
 * Passing NULL takes the system default socket path.
 *
 * After the connection has been established, request messages can be sent.
--- a/src/libcharon/sa/child_sa.h
+++ b/src/libcharon/sa/child_sa.h
@ -145,7 +145,7 @@ extern enum_name_t *child_sa_outbound_state_names;
 * - B allocates an SPI for the selected protocol
 * - B calls child_sa_t.install for both, the allocated and received SPI
 * - B sends the proposal with the allocated SPI to A
- * - A calls child_sa_t.install for both, the allocated and recevied SPI
+ * - A calls child_sa_t.install for both, the allocated and received SPI
 *
 * Once SAs are set up, policies can be added using add_policies.
 */
@ -254,7 +254,7 @@ struct child_sa_t {
 	/**
 	 * Set the negotiated IPsec mode to use.
 	 *
-	 * @param mode		TUNNEL | TRANPORT | BEET
+	 * @param mode		TUNNEL | TRANSPORT | BEET
 	 */
 	void (*set_mode)(child_sa_t *this, ipsec_mode_t mode);

--- a/src/libcharon/sa/eap/eap_manager.h
+++ b/src/libcharon/sa/eap/eap_manager.h
@ -30,7 +30,7 @@ typedef struct eap_manager_t eap_manager_t;
 * The EAP manager manages all EAP implementations and creates instances.
 *
 * A plugin registers it's implemented EAP method at the manager by
- * providing type and a contructor function. The manager then instanciates
+ * providing type and a constructor function. The manager then instantiates
 * eap_method_t instances through the provided constructor to handle
 * EAP authentication.
 */
--- a/src/libcharon/sa/eap/eap_method.h
+++ b/src/libcharon/sa/eap/eap_method.h
@ -64,7 +64,7 @@ struct eap_method_t {
 	/**
 	 * Initiate the EAP exchange.
 	 *
-	 * initiate() is only useable for server implementations, as clients only
+	 * initiate() is only usable for server implementations, as clients only
 	 * reply to server requests.
 	 * A eap_payload is created in "out" if result is NEED_MORE.
 	 *
--- a/src/libcharon/sa/ike_sa.h
+++ b/src/libcharon/sa/ike_sa.h
@ -855,7 +855,7 @@ struct ike_sa_t {
 	 * @param message_id	ID of the request to retransmit
 	 * @return
 	 *						- SUCCESS
-	 *						- NOT_FOUND if request doesn't have to be retransmited
+	 *						- NOT_FOUND if request doesn't have to be retransmitted
 	 */
 	status_t (*retransmit) (ike_sa_t *this, uint32_t message_id);

@ -1155,7 +1155,7 @@ struct ike_sa_t {
 	void (*inherit_post) (ike_sa_t *this, ike_sa_t *other);

 	/**
-	 * Reset the IKE_SA, useable when initiating fails.
+	 * Reset the IKE_SA, usable when initiating fails.
 	 *
 	 * @param new_spi		TRUE to allocate a new initiator SPI
 	 */
--- a/src/libcharon/sa/ikev1/tasks/mode_config.c
+++ b/src/libcharon/sa/ikev1/tasks/mode_config.c
@ -547,7 +547,7 @@ static status_t build_reply(private_mode_config_t *this, message_t *message)
 												 type, value));
 	}
 	enumerator->destroy(enumerator);
-	/* if a client did not re-request all adresses, release them */
+	/* if a client did not re-request all addresses, release them */
 	enumerator = migrated->create_enumerator(migrated);
 	while (enumerator->enumerate(enumerator, &found))
 	{
--- a/src/libcharon/sa/ikev1/tasks/quick_mode.c
+++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c
@ -1330,7 +1330,7 @@ METHOD(task_t, process_i, status_t,
 														&this->cpi_r);
 				if (!list->get_count(list))
 				{
-					DBG1(DBG_IKE, "peer did not acccept our IPComp proposal, "
+					DBG1(DBG_IKE, "peer did not accept our IPComp proposal, "
 						 "IPComp disabled");
 					this->cpi_i = 0;
 				}
--- a/src/libcharon/sa/ikev2/task_manager_v2.c
+++ b/src/libcharon/sa/ikev2/task_manager_v2.c
@ -737,7 +737,7 @@ static status_t process_response(private_task_manager_t *this,
 		charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet);
 	}

-	/* catch if we get resetted while processing */
+	/* catch if we get reset while processing */
 	this->reset = FALSE;
 	enumerator = array_create_enumerator(this->active_tasks);
 	while (enumerator->enumerate(enumerator, &task))
--- a/src/libcharon/sa/ikev2/tasks/child_create.c
+++ b/src/libcharon/sa/ikev2/tasks/child_create.c
@ -414,7 +414,7 @@ static linked_list_t *get_dynamic_hosts(ike_sa_t *ike_sa, bool local)
 }

 /**
- * Substitude any host address with NATed address in traffic selector
+ * Substitute any host address with NATed address in traffic selector
 */
 static linked_list_t* get_transport_nat_ts(private_child_create_t *this,
 										   bool local, linked_list_t *in)
--- a/src/libcharon/sa/task_manager.h
+++ b/src/libcharon/sa/task_manager.h
@ -86,7 +86,7 @@ enum task_queue_t {
 * completed.
 * For the initial IKE_SA setup, several tasks are queued: One for the
 * unauthenticated IKE_SA setup, one for authentication, one for CHILD_SA setup
- * and maybe one for virtual IP assignement.
+ * and maybe one for virtual IP assignment.
 * The task manager is also responsible for retransmission. It uses a backoff
 * algorithm. The timeout is calculated using
 * RETRANSMIT_TIMEOUT * (RETRANSMIT_BASE ** try).
--- a/src/libcharon/sa/xauth/xauth_manager.h
+++ b/src/libcharon/sa/xauth/xauth_manager.h
@ -29,7 +29,7 @@ typedef struct xauth_manager_t xauth_manager_t;
 * The XAuth manager manages all XAuth implementations and creates instances.
 *
 * A plugin registers it's implemented XAuth method at the manager by
- * providing type and a contructor function. The manager then instanciates
+ * providing type and a constructor function. The manager then instantiates
 * xauth_method_t instances through the provided constructor to handle
 * XAuth authentication.
 */
--- a/src/libcharon/sa/xauth/xauth_method.h
+++ b/src/libcharon/sa/xauth/xauth_method.h
@ -54,7 +54,7 @@ struct xauth_method_t {
 	/**
 	 * Initiate the XAuth exchange.
 	 *
-	 * initiate() is only useable for server implementations, as clients only
+	 * initiate() is only usable for server implementations, as clients only
 	 * reply to server requests.
 	 * A cp_payload is created in "out" if result is NEED_MORE.
 	 *
--- a/src/libimcv/pts/pts_database.h
+++ b/src/libimcv/pts/pts_database.h
@ -74,7 +74,7 @@ struct pts_database_t {
 	* @param measurement	File measurement hash
 	* @param filename		Optional name of the file to be checked
 	* @param is_dir			TRUE if part of directory measurement
-	* @param id				Primary key into direcories/files table
+	* @param id				Primary key into directories/files table
 	* @return				TRUE if successful
 	*/
 	bool (*add_file_measurement)(pts_database_t *this, int vid,
--- a/src/libimcv/pts/pts_pcr.h
+++ b/src/libimcv/pts/pts_pcr.h
@ -92,7 +92,7 @@ struct pts_pcr_t {
 	 * Extend the content of a PCR
 	 *
 	 * @param pcr			index of PCR
-	 * @param measurement	measurment value to be extended into PCR
+	 * @param measurement	measurement value to be extended into PCR
 	 * @return				new content of PCR
 	 */
 	chunk_t (*extend)(pts_pcr_t *this, uint32_t pcr, chunk_t measurement);
--- a/src/libpttls/pt_tls.h
+++ b/src/libpttls/pt_tls.h
@ -102,7 +102,7 @@ enum pt_tls_auth_t {
 * @param tls			TLS socket to read from
 * @param vendor		receives Message Type Vendor ID from header
 * @param type			receives Message Type from header
- * @param identifier	receives Message Identifer
+ * @param identifier	receives Message Identifier
 * @return				reader over message value, NULL on error
 */
 bio_reader_t* pt_tls_read(tls_socket_t *tls, uint32_t *vendor,
--- a/src/libpttls/pt_tls_server.c
+++ b/src/libpttls/pt_tls_server.c
@ -390,7 +390,7 @@ static bool authenticate(private_pt_tls_server_t *this)
 {
 	if (do_sasl(this))
 	{
-		/* complete SASL with emtpy mechanism list */
+		/* complete SASL with empty mechanism list */
 		return pt_tls_write(this->tls, PT_TLS_SASL_MECHS, this->identifier++,
 							chunk_empty);
 	}
--- a/src/libradius/radius_client.h
+++ b/src/libradius/radius_client.h
@ -30,7 +30,7 @@ typedef struct radius_client_t radius_client_t;
 * RADIUS client functionality.
 *
 * To communicate with a RADIUS server, create a client and send messages over
- * it. The client allocates a socket from the best RADIUS server abailable.
+ * it. The client allocates a socket from the best RADIUS server available.
 */
 struct radius_client_t {

--- a/src/libradius/radius_message.h
+++ b/src/libradius/radius_message.h
@ -320,7 +320,7 @@ struct radius_message_t {
 radius_message_t *radius_message_create(radius_message_code_t code);

 /**
- * Parse and verify a recevied RADIUS message.
+ * Parse and verify a received RADIUS message.
 *
 * @param data			received message data
 * @return				radius_message_t object, NULL if length invalid
--- a/src/libsimaka/simaka_manager.h
+++ b/src/libsimaka/simaka_manager.h
@ -98,7 +98,7 @@ struct simaka_manager_t {
 	 * @param id		permanent identity to request quintuplet for
 	 * @param rand		random value rand
 	 * @param auts		resynchronization parameter auts
-	 * @return			TRUE if calculated, FALSE if no matcing card found
+	 * @return			TRUE if calculated, FALSE if no matching card found
 	 */
 	bool (*card_resync)(simaka_manager_t *this, identification_t *id,
 						char rand[AKA_RAND_LEN], char auts[AKA_AUTS_LEN]);
--- a/src/libsimaka/simaka_message.c
+++ b/src/libsimaka/simaka_message.c
@ -49,7 +49,7 @@ struct hdr_t {
 struct attr_hdr_t {
 	/** attribute type */
 	uint8_t type;
-	/** attibute length */
+	/** attribute length */
 	uint8_t length;
 } __attribute__((__packed__));

--- a/src/libstrongswan/collections/linked_list.h
+++ b/src/libstrongswan/collections/linked_list.h
@ -195,7 +195,7 @@ struct linked_list_t {
 	 * If a linked list contains objects with function pointers,
 	 * invoke() can call a method on each of the objects. The
 	 * method is specified by an offset of the function pointer,
-	 * which can be evalutated at compile time using the offsetof
+	 * which can be evaluated at compile time using the offsetof
 	 * macro, e.g.: list->invoke(list, offsetof(object_t, method));
 	 *
 	 * @param offset	offset of the method to invoke on objects
--- a/src/libstrongswan/credentials/auth_cfg.c
+++ b/src/libstrongswan/credentials/auth_cfg.c
@ -737,8 +737,8 @@ METHOD(auth_cfg_t, add_pubkey_constraints, void,
 	}
 	enumerator->destroy(enumerator);

-	/* if no explicit IKE signature contraints were added we add them for all
-	 * configured signature contraints */
+	/* if no explicit IKE signature constraints were added we add them for all
+	 * configured signature constraints */
 	if (ike && !ike_added &&
 		lib->settings->get_bool(lib->settings,
 							"%s.signature_authentication_constraints", TRUE,
--- a/src/libstrongswan/credentials/cred_encoding.c
+++ b/src/libstrongswan/credentials/cred_encoding.c
@ -39,7 +39,7 @@ struct private_cred_encoding_t {
 	hashtable_t *cache[CRED_ENCODING_MAX];

 	/**
-	 * Registered encoding fuctions, cred_encoder_t
+	 * Registered encoding functions, cred_encoder_t
 	 */
 	linked_list_t *encoders;

--- a/src/libstrongswan/credentials/sets/cert_cache.c
+++ b/src/libstrongswan/credentials/sets/cert_cache.c
@ -239,7 +239,7 @@ METHOD(cert_cache_t, issued_by, bool,
 }

 /**
- * certificate enumerator implemenation
+ * certificate enumerator implementation
 */
 typedef struct {
 	/** implements enumerator_t interface */
--- a/src/libstrongswan/crypto/proposal/proposal.c
+++ b/src/libstrongswan/crypto/proposal/proposal.c
@ -697,7 +697,7 @@ int proposal_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec,
 	{
 		enumerator = list->create_enumerator(list);
 		while (enumerator->enumerate(enumerator, &this))
-		{	/* call recursivly */
+		{	/* call recursively */
 			if (first)
 			{
 				written += print_in_hook(data, "%P", this);
--- a/src/libstrongswan/plugins/blowfish/COPYRIGHT
+++ b/src/libstrongswan/plugins/blowfish/COPYRIGHT
@ -5,7 +5,7 @@ This package is an Blowfish implementation written
 by Eric Young (eay@cryptsoft.com).

 This library is free for commercial and non-commercial use as long as
-the following conditions are aheared to.  The following conditions
+the following conditions are adhered to.  The following conditions
 apply to all code found in this distribution.

 Copyright remains Eric Young's, and as such any Copyright notices in
--- a/src/libstrongswan/plugins/blowfish/bf_enc.c
+++ b/src/libstrongswan/plugins/blowfish/bf_enc.c
@ -7,7 +7,7 @@
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
@ -32,7 +32,7 @@
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
--- a/src/libstrongswan/plugins/blowfish/bf_locl.h
+++ b/src/libstrongswan/plugins/blowfish/bf_locl.h
@ -7,7 +7,7 @@
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
@ -32,7 +32,7 @@
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
--- a/src/libstrongswan/plugins/blowfish/bf_pi.h
+++ b/src/libstrongswan/plugins/blowfish/bf_pi.h
@ -7,7 +7,7 @@
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
@ -32,7 +32,7 @@
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
--- a/src/libstrongswan/plugins/blowfish/bf_skey.c
+++ b/src/libstrongswan/plugins/blowfish/bf_skey.c
@ -7,7 +7,7 @@
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
@ -32,7 +32,7 @@
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
--- a/src/libstrongswan/plugins/blowfish/blowfish.h
+++ b/src/libstrongswan/plugins/blowfish/blowfish.h
@ -7,7 +7,7 @@
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
@ -32,7 +32,7 @@
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
--- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
+++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c
@ -6,7 +6,7 @@
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
+ * the following conditions are adhered to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
@ -31,7 +31,7 @@
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
--- a/src/libstrongswan/plugins/des/des_crypter.c
+++ b/src/libstrongswan/plugins/des/des_crypter.c
@ -13,7 +13,7 @@
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.
+ * the following conditions are adhered to.
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
@ -34,7 +34,7 @@
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
+ *    The word 'cryptographic' can be left out if the routines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
@ -309,7 +309,7 @@ YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif

 /* The changes to this macro may help or hinder, depending on the
- * compiler and the achitecture.  gcc2 always seems to do well :-).
+ * compiler and the architecture.  gcc2 always seems to do well :-).
 * Inspired by Dana How <how@isl.stanford.edu>
 * DO NOT use the alternative version on machines with 8 byte longs.
 * It does not seem to work on the Alpha, even when DES_LONG is 4
--- a/src/libstrongswan/plugins/newhope/newhope_ke.c
+++ b/src/libstrongswan/plugins/newhope/newhope_ke.c
@ -246,7 +246,7 @@ static uint32_t* multiply_ntt_inv_poly(private_newhope_ke_t *this, uint32_t *b)
 }

 /**
- * Pack four 2-bit coefficents into one byte
+ * Pack four 2-bit coefficients into one byte
 */
 static void pack_rec(private_newhope_ke_t *this, uint8_t *x, uint8_t *r)
 {
--- a/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c
+++ b/src/libstrongswan/plugins/pkcs7/pkcs7_attributes.c
@ -202,7 +202,7 @@ pkcs7_attributes_t *pkcs7_attributes_create(void)
 }

 /**
- * ASN.1 definition of the X.501 atttribute type
+ * ASN.1 definition of the X.501 attribute type
 */
 static const asn1Object_t attributesObjects[] = {
 	{ 0, "attributes",		ASN1_SET,		ASN1_LOOP }, /* 0 */
--- a/src/libstrongswan/plugins/plugin_loader.h
+++ b/src/libstrongswan/plugins/plugin_loader.h
@ -76,7 +76,7 @@ struct plugin_loader_t {
 	 * If \<ns>.load_modular is enabled (where \<ns> is lib->ns) the plugins to
 	 * load are determined via a load option in their respective plugin config
 	 * section e.g. \<ns>.plugins.\<plugin>.load = <priority|bool>.
-	 * The oder is determined by the configured priority.  If two plugins have
+	 * The order is determined by the configured priority.  If two plugins have
 	 * the same priority the order as seen in list is preserved.  Plugins not
 	 * found in list are loaded first, in alphabetical order.
 	 *
--- a/src/libstrongswan/processing/scheduler.h
+++ b/src/libstrongswan/processing/scheduler.h
@ -45,7 +45,7 @@ typedef struct scheduler_t scheduler_t;
 * in-between got slower, as the number of events grew larger (O(n)).
 * For each connection there could be several events: IKE-rekey, NAT-keepalive,
 * retransmissions, expire (half-open), and others. So a gateway that probably
- * has to handle thousands of concurrent connnections has to be able to queue a
+ * has to handle thousands of concurrent connections has to be able to queue a
 * large number of events as fast as possible. Locking makes this even worse, to
 * provide thread-safety, no events can be processed, while an event is queued,
 * so making the insertion fast is even more important.
@ -97,13 +97,13 @@ struct scheduler_t {
 	void (*schedule_job_ms) (scheduler_t *this, job_t *job, uint32_t ms);

 	/**
-	 * Adds a event to the queue, using an absolut time.
+	 * Adds a event to the queue, using an absolute time.
 	 *
 	 * The passed timeval should be calculated based on the time_monotonic()
 	 * function.
 	 *
 	 * @param job			job to schedule
-	 * @param time			absolut time to schedule job
+	 * @param time			absolute time to schedule job
 	 */
 	void (*schedule_job_tv) (scheduler_t *this, job_t *job, timeval_t tv);

--- a/src/libstrongswan/threading/semaphore.h
+++ b/src/libstrongswan/threading/semaphore.h
@ -29,7 +29,7 @@ typedef struct semaphore_t semaphore_t;
 * A semaphore is basically an integer whose value is never allowed to be
 * lower than 0.  Two operations can be performed on it: increment the
 * value by one, and decrement the value by one.  If the value is currently
- * zero, then the decrement operation will blcok until the value becomes
+ * zero, then the decrement operation will block until the value becomes
 * greater than zero.
 */
 struct semaphore_t {
--- a/src/libstrongswan/utils/chunk.c
+++ b/src/libstrongswan/utils/chunk.c
@ -478,7 +478,7 @@ chunk_t chunk_to_hex(chunk_t chunk, char *buf, bool uppercase)
 }

 /**
- * convert a signle hex character to its binary value
+ * convert a single hex character to its binary value
 */
 static char hex2bin(char hex)
 {
@ -859,7 +859,7 @@ static inline uint64_t siplast(size_t len, u_char *pos)
 }

 /**
- * Caculate SipHash-2-4 with an optional first block given as argument.
+ * Calculate SipHash-2-4 with an optional first block given as argument.
 */
 static uint64_t chunk_mac_inc(chunk_t chunk, u_char *key, uint64_t m)
 {
--- a/src/libtls/tls_alert.c
+++ b/src/libtls/tls_alert.c
@ -106,7 +106,7 @@ struct private_tls_alert_t {
 	bool consumed;

 	/**
-	 * Fatal alert discription
+	 * Fatal alert description
 	 */
 	tls_alert_desc_t desc;
 };
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@ -376,7 +376,7 @@ struct private_tls_crypto_t {
 	tls_cache_t *cache;

 	/**
-	 * All handshake data concatentated
+	 * All handshake data concatenated
 	 */
 	chunk_t handshake;

--- a/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.h
+++ b/src/libtnccs/plugins/tnccs_11/messages/imc_imv_msg.h
@ -28,7 +28,7 @@ typedef struct imc_imv_msg_t imc_imv_msg_t;
 #include <tncif.h>

 /**
- * Classs representing the PB-PA message type.
+ * Class representing the PB-PA message type.
 */
 struct imc_imv_msg_t {

--- a/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/duck/openssl.cnf
@ -3,7 +3,7 @@
 #	

 # This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
 CAHOME			= /etc/openssl/duck
 RANDFILE		= $CAHOME/.rand

--- a/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/ecdsa/openssl.cnf
@ -3,7 +3,7 @@
 #	

 # This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
 CAHOME			= /etc/openssl/ecdsa 
 RANDFILE		= $CAHOME/.rand

--- a/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/monster/openssl.cnf
@ -3,7 +3,7 @@
 #	

 # This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
 CAHOME			= /etc/openssl/monster
 RANDFILE		= $CAHOME/.rand

--- a/testing/hosts/winnetou/etc/openssl/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/openssl.cnf
@ -3,7 +3,7 @@
 #	

 # This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
 CAHOME			= /etc/openssl 
 RANDFILE		= $CAHOME/.rand

--- a/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/research/openssl.cnf
@ -3,7 +3,7 @@
 #	

 # This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
 CAHOME			= /etc/openssl/research
 RANDFILE		= $CAHOME/.rand

--- a/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/rfc3779/openssl.cnf
@ -3,7 +3,7 @@
 #	

 # This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
 CAHOME			= /etc/openssl/rfc3779 
 RANDFILE		= $CAHOME/.rand

--- a/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
+++ b/testing/hosts/winnetou/etc/openssl/sales/openssl.cnf
@ -3,7 +3,7 @@
 #	

 # This definitions were set by the ca_init script DO NOT change
-# them manualy.
+# them manually.
 CAHOME			= /etc/openssl/sales 
 RANDFILE		= $CAHOME/.rand

--- a/testing/scripts/recipes/patches/freeradius-tnc-fhh
+++ b/testing/scripts/recipes/patches/freeradius-tnc-fhh
@ -5363,7 +5363,7 @@ diff -u -r -N freeradius-server-2.2.0.orig/src/modules/rlm_eap/types/rlm_eap_tnc
 -#define VLAN_ACCESS 2
 -/*
 - ****
- * EAP - MD5 doesnot specify code, id & length but chap specifies them,
+- * EAP - MD5 does not specify code, id & length but chap specifies them,
 - *	for generalization purpose, complete header should be sent
 - *	and not just value_size, value and name.
 - *	future implementation.
--- a/testing/tests/ikev2/rw-eap-md5-class-radius/description.txt
+++ b/testing/tests/ikev2/rw-eap-md5-class-radius/description.txt
@ -6,4 +6,4 @@ against the gateway <b>moon</b>. The user credentials of <b>carol</b>
 and <b>dave</b> are kept both on the local clients and the RADIUS server <b>alice</b>.
 <b>carol</b> possesses the RADIUS class attribute <b>Research</b> and therefore obtains
 access to the <b>research</b> subnet behind gateway <b>moon</b> whereas <b>dave</b>
-belongs to the class <b>Accounting</b> and has access to the <b>acccess</b> subnet.
+belongs to the class <b>Accounting</b> and has access to the <b>access</b> subnet.