Spelling

NEWS

@@ -188,7 +188,7 @@ strongswan-5.7.0
   for low-exponent keys (i.e. with e=3).  CVE-2018-16151 has been assigned to
   the problem of accepting random bytes after the OID of the hash function in
   such signatures, and CVE-2018-16152 has been assigned to the issue of not
-  verifying that the parameters in the ASN.1 algorithmIdentitifer structure is
+  verifying that the parameters in the ASN.1 algorithmIdentifier structure is
   empty.  Other flaws that don't lead to a vulnerability directly (e.g. not
   checking for at least 8 bytes of padding) have no separate CVE assigned.
 
@@ -694,7 +694,7 @@ strongswan-5.3.3
 
 - In the bliss plugin the c_indices derivation using a SHA-512 based random
   oracle has been fixed, generalized and standardized by employing the MGF1 mask
-  generation function with SHA-512. As a consequence BLISS signatures unsing the
+  generation function with SHA-512. As a consequence BLISS signatures using the
   improved oracle are not compatible with the earlier implementation.
 
 - Support for auto=route with right=%any for transport mode connections has
@@ -1269,7 +1269,7 @@ strongswan-5.0.1
 - The PA-TNC and PB-TNC protocols can now process huge data payloads
   >64 kB by distributing PA-TNC attributes over multiple PA-TNC messages
   and these messages over several PB-TNC batches. As long as no
-  consolidated recommandation from all IMVs can be obtained, the TNC
+  consolidated recommendation from all IMVs can be obtained, the TNC
   server requests more client data by sending an empty SDATA batch.
 
 - The rightgroups2 ipsec.conf option can require group membership during
@@ -1991,7 +1991,7 @@ strongswan-4.3.1
 
 - The nm plugin also accepts CA certificates for gateway authentication. If
   a CA certificate is configured, strongSwan uses the entered gateway address
-  as its idenitity, requiring the gateways certificate to contain the same as
+  as its identity, requiring the gateways certificate to contain the same as
   subjectAltName. This allows a gateway administrator to deploy the same
   certificates to Windows 7 and NetworkManager clients.
 
@@ -2038,7 +2038,7 @@ strongswan-4.3.0
   Initiators and responders can use several authentication rounds (e.g. RSA
   followed by EAP) to authenticate. The new ipsec.conf leftauth/rightauth and
   leftauth2/rightauth2 parameters define own authentication rounds or setup
-  constraints for the remote peer. See the ipsec.conf man page for more detials.
+  constraints for the remote peer. See the ipsec.conf man page for more details.
 
 - If glibc printf hooks (register_printf_function) are not available,
   strongSwan can use the vstr string library to run on non-glibc systems.
@@ -2784,7 +2784,7 @@ strongswan-4.0.4
 
 - Added support for preshared keys in IKEv2. PSK keys configured in
   ipsec.secrets are loaded. The authby parameter specifies the authentication
-  method to authentificate ourself, the other peer may use PSK or RSA.
+  method to authenticate ourself, the other peer may use PSK or RSA.
 
 - Changed retransmission policy to respect the keyingtries parameter.
 
@@ -2922,7 +2922,7 @@ strongswan-2.7.0
   left|rightfirewall keyword causes the automatic insertion
   and deletion of ACCEPT rules for tunneled traffic upon
   the successful setup and teardown of an IPsec SA, respectively.
-  left|rightfirwall can be used with KLIPS under any Linux 2.4
+  left|rightfirewall can be used with KLIPS under any Linux 2.4
   kernel or with NETKEY under a Linux kernel version >= 2.6.16
   in conjunction with iptables >= 1.3.5. For NETKEY under a Linux
   kernel version < 2.6.16 which does not support IPsec policy
@@ -3043,7 +3043,7 @@ strongswan-2.6.0
   to replace the various shell and awk starter scripts (setup, _plutoload,
   _plutostart, _realsetup, _startklips, _confread, and auto). Since
   ipsec.conf is now parsed only once, the starting of multiple tunnels is
-  accelerated tremedously.
+  accelerated tremendously.
 
 - Added support of %defaultroute to the ipsec starter. If the IP address
   changes, a HUP signal to the ipsec starter will automatically
@@ -3177,9 +3177,9 @@ strongswan-2.5.1
 
 - Under the native IPsec of the Linux 2.6 kernel, a %trap eroute
   installed either by setting auto=route in ipsec.conf or by
-  a connection put into hold, generates an XFRM_AQUIRE event
+  a connection put into hold, generates an XFRM_ACQUIRE event
   for each packet that wants to use the not-yet existing
-  tunnel. Up to now each XFRM_AQUIRE event led to an entry in
+  tunnel. Up to now each XFRM_ACQUIRE event led to an entry in
   the Quick Mode queue, causing multiple IPsec SA to be
   established in rapid succession. Starting with strongswan-2.5.1
   only a single IPsec SA is established per host-pair connection.

README_LEGACY.md

@@ -639,7 +639,7 @@ following entries are required in `/etc/ipsec.conf`:
 
     conn rw1
         right=%any
-        righsubnet=10.4.0.5/32
+        rightsubnet=10.4.0.5/32
 
     conn rw2
         right=%any

conf/plugins/load-tester.opt

@@ -25,7 +25,7 @@ charon.plugins.load-tester.crl
 	certificates.
 
 charon.plugins.load-tester.delay = 0
-	Delay between initiatons for each thread.
+	Delay between initiations for each thread.
 
 charon.plugins.load-tester.delete_after_established = no
 	Delete an IKE_SA as soon as it has been established.
@@ -66,7 +66,7 @@ charon.plugins.load-tester.initiators = 0
 	Number of concurrent initiator threads to use in load test.
 
 charon.plugins.load-tester.initiator_auth = pubkey
-	Authentication method(s) the intiator uses.
+	Authentication method(s) the initiator uses.
 
 charon.plugins.load-tester.initiator_id =
 	Initiator ID used in load test.

conf/strongswan.conf.5.tail.in

@@ -74,7 +74,7 @@ libtls library messages
 libipsec library messages
 .TP
 .B lib
-libstrongwan library messages
+libstrongswan library messages
 .TP
 .B tnc
 Trusted Network Connect

configure.ac

@@ -55,7 +55,7 @@ ARG_WITH_SUBST([piddir],             [/var/run], [set path for PID and UNIX sock
 ARG_WITH_SUBST([ipsecdir],           [${libexecdir%/}/ipsec], [set installation path for ipsec tools])
 ARG_WITH_SUBST([ipseclibdir],        [${libdir%/}/ipsec], [set installation path for ipsec libraries])
 ARG_WITH_SUBST([plugindir],          [${ipseclibdir%/}/plugins], [set the installation path of plugins])
-ARG_WITH_SUBST([imcvdir],            [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic librariers])
+ARG_WITH_SUBST([imcvdir],            [${ipseclibdir%/}/imcvs], [set the installation path of IMC and IMV dynamic libraries])
 ARG_WITH_SUBST([nm-ca-dir],          [/usr/share/ca-certificates], [directory the NM backend uses to look up trusted root certificates])
 ARG_WITH_SUBST([swanctldir],         [${sysconfdir}/swanctl], [base directory for swanctl configuration files and credentials])
 ARG_WITH_SUBST([linux-headers],      [\${top_srcdir}/src/include], [set directory of linux header files to use])
@@ -1035,7 +1035,7 @@ if test x$tss_tss2 = xtrue; then
 		AC_SUBST(tss2_LIBS, "$tss2_sys_LIBS")
 	else
 		PKG_CHECK_MODULES(tss2_tabrmd, [tcti-tabrmd],
-			[tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Mamager])],
+			[tss2_tabrmd=true; AC_DEFINE([TSS2_TCTI_TABRMD], [], [use TCTI Access Broker and Resource Manager])],
 			[tss2_tabrmd=false])
 		PKG_CHECK_MODULES(tss2_socket, [tcti-socket],
 			[tss2_socket=true; AC_DEFINE([TSS2_TCTI_SOCKET], [], [use TCTI Sockets])],

src/charon-nm/nm/nm_backend.c

@@ -44,7 +44,7 @@ struct nm_backend_t {
 	nm_creds_t *creds;
 
 	/**
-	 * attribute handler regeisterd at the daemon
+	 * attribute handler registered at the daemon
 	 */
 	nm_handler_t *handler;
 };

src/charon-nm/nm/nm_service.c

@@ -561,7 +561,7 @@ static gboolean connect_(NMVpnServicePlugin *plugin, NMConnection *connection,
 				return FALSE;
 			}
 		}
-		/* ... or certificate/private key authenitcation */
+		/* ... or certificate/private key authentication */
 		else if ((str = nm_setting_vpn_get_data_item(vpn, "usercert")))
 		{
 			public_key_t *public;

src/charon-tkm/src/tkm/tkm_listener.c

@@ -45,7 +45,7 @@ struct private_tkm_listener_t {
 /**
  * Return id of remote identity.
  *
- * TODO: Replace this with the lookup for the remote identitiy id.
+ * TODO: Replace this with the lookup for the remote identity id.
  *
  * Currently the reqid of the first child SA in peer config of IKE SA is
  * returned. Might choose wrong reqid if IKE SA has multiple child configs

src/conftest/README

@@ -108,7 +108,7 @@ The following CHILD_SA specific configuration options are supported:
   lts:         Local side traffic selectors, comma separated CIDR subnets
   rts:         Remote side traffic selectors, comma separated CIDR subnets
   transport:   Propose IPsec transport mode instead of tunnel mode
-  tfc_padding: Inject Traffic Flow Confidentialty bytes to align packets to the
+  tfc_padding: Inject Traffic Flow Confidentiality bytes to align packets to the
                given length
   proposal:    CHILD_SA proposal list, same syntax as IKE_SA proposal list
 
@@ -271,7 +271,7 @@ Currently, the following hooks are defined with the following options:
     request:          yes to set in request, no in response
     id:               IKEv2 message identifier of message to mangle
     from:             proposal number to mangle
-    to:               new porposal number to set instead of from
+    to:               new proposal number to set instead of from
   set_reserved:       set arbitrary reserved bits/bytes in payloads
     request:          yes to set in request, no in response
     id:               IKEv2 message identifier of message to mangle

src/conftest/conftest.c

@@ -129,7 +129,7 @@ static bool load_cert(settings_t *settings, bool trusted)
 }
 
 /**
- * Load certificates from the confiuguration file
+ * Load certificates from the configuration file
  */
 static bool load_certs(settings_t *settings, char *dir)
 {
@@ -163,7 +163,7 @@ static bool load_certs(settings_t *settings, char *dir)
 }
 
 /**
- * Load private keys from the confiuguration file
+ * Load private keys from the configuration file
  */
 static bool load_keys(settings_t *settings, char *dir)
 {

src/frontends/android/app/src/main/jni/libandroidbridge/kernel/android_ipsec.c

@@ -38,7 +38,7 @@ struct private_kernel_android_ipsec_t {
 };
 
 /**
- * Callback registrered with libipsec.
+ * Callback registered with libipsec.
  */
 static void expire(uint8_t protocol, uint32_t spi, host_t *dst, bool hard)
 {

src/frontends/gnome/configure.ac

@@ -68,7 +68,7 @@ AC_ARG_ENABLE(
 )
 AC_ARG_WITH(
 	[libnm-glib],
-	AS_HELP_STRING([--without-libnm-glib], [build NetworkManager-strongswan without libnm-glib comatibility]),
+	AS_HELP_STRING([--without-libnm-glib], [build NetworkManager-strongswan without libnm-glib compatibility]),
 	[with_libnm_glib=no],
 	[with_libnm_glib=yes]
 )

src/frontends/gnome/properties/nm-strongswan-dialog.ui

@@ -27,7 +27,7 @@
           </packing>
         </child>
         <child>
-          <object class="GtkAlignment" id="gateway-alignement">
+          <object class="GtkAlignment" id="gateway-alignment">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
             <property name="left_padding">12</property>
@@ -135,7 +135,7 @@
           </packing>
         </child>
         <child>
-          <object class="GtkAlignment" id="client-aligement">
+          <object class="GtkAlignment" id="client-alignment">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
             <property name="left_padding">12</property>
@@ -351,7 +351,7 @@
           </packing>
         </child>
         <child>
-          <object class="GtkAlignment" id="options-alignement">
+          <object class="GtkAlignment" id="options-alignment">
             <property name="visible">True</property>
             <property name="can_focus">False</property>
             <property name="left_padding">12</property>

src/include/linux/xfrm.h

@@ -219,7 +219,7 @@ enum {
 #define XFRM_NR_MSGTYPES (XFRM_MSG_MAX + 1 - XFRM_MSG_BASE)
 
 /*
- * Generic LSM security context for comunicating to user space
+ * Generic LSM security context for communicating to user space
  * NOTE: Same format as sadb_x_sec_ctx
  */
 struct xfrm_user_sec_ctx {

src/libcharon/attributes/attribute_handler.h

@@ -37,7 +37,7 @@ struct attribute_handler_t {
 	/**
 	 * Handle a configuration attribute.
 	 *
-	 * After receiving a configuration attriubte, it is passed to each
+	 * After receiving a configuration attribute, it is passed to each
 	 * attribute handler until it is handled.
 	 *
 	 * @param ike_sa	IKE_SA under which attribute is received

src/libcharon/attributes/attribute_manager.c

@@ -233,7 +233,7 @@ typedef struct {
 	enumerator_t *inner;
 	/** IKE_SA to request attributes for */
 	ike_sa_t *ike_sa;
-	/** virtual IPs we are requesting along with attriubutes */
+	/** virtual IPs we are requesting along with attributes */
 	linked_list_t *vips;
 } initiator_enumerator_t;
 

src/libcharon/attributes/mem_pool.c

@@ -85,7 +85,7 @@ typedef struct {
  * Lease entry.
  */
 typedef struct {
-	/* identitiy reference */
+	/* identity reference */
 	identification_t *id;
 	/* array of online leases, as unique_lease_t */
 	array_t *online;

src/libcharon/bus/bus.h

@@ -461,7 +461,7 @@ struct bus_t {
 	 * CHILD_SA migration hook.
 	 *
 	 * @param new		ID of new SA when called for the old, NULL otherwise
-	 * @param uniue		unique ID of new SA when called for the old, 0 otherwise
+	 * @param unique	unique ID of new SA when called for the old, 0 otherwise
 	 */
 	void (*children_migrate)(bus_t *this, ike_sa_id_t *new, uint32_t unique);
 

src/libcharon/config/child_cfg.c

@@ -114,12 +114,12 @@ struct private_child_cfg_t {
 	uint32_t reqid;
 
 	/**
-	 * Optionl interface ID to use for inbound CHILD_SA
+	 * Optional interface ID to use for inbound CHILD_SA
 	 */
 	uint32_t if_id_in;
 
 	/**
-	 * Optionl interface ID to use for outbound CHILD_SA
+	 * Optional interface ID to use for outbound CHILD_SA
 	 */
 	uint32_t if_id_out;
 

src/libcharon/config/child_cfg.h

@@ -96,7 +96,7 @@ struct child_cfg_t {
 	/**
 	 * Select a proposal from a supplied list.
 	 *
-	 * Returned propsal is newly created and must be destroyed after usage.
+	 * Returned proposal is newly created and must be destroyed after usage.
 	 *
 	 * @param proposals		list from which proposals are selected
 	 * @param flags			flags to consider during proposal selection
@@ -124,7 +124,7 @@ struct child_cfg_t {
 	 * side, one for the remote side.
 	 * If a list with traffic selectors is supplied, these are used to narrow
 	 * down the traffic selector list to the greatest common divisor.
-	 * Some traffic selector may be "dymamic", meaning they are narrowed down
+	 * Some traffic selector may be "dynamic", meaning they are narrowed down
 	 * to a specific address (host-to-host or virtual-IP setups). Use
 	 * the "host" parameter to narrow such traffic selectors to that address.
 	 * Resulted list and its traffic selectors must be destroyed after use.

src/libcharon/config/peer_cfg.c

@@ -156,12 +156,12 @@ struct private_peer_cfg_t {
 	linked_list_t *remote_auth;
 
 	/**
-	 * Optionl interface ID to use for inbound CHILD_SA
+	 * Optional interface ID to use for inbound CHILD_SA
 	 */
 	uint32_t if_id_in;
 
 	/**
-	 * Optionl interface ID to use for outbound CHILD_SA
+	 * Optional interface ID to use for outbound CHILD_SA
 	 */
 	uint32_t if_id_out;
 

src/libcharon/config/peer_cfg.h

@@ -134,7 +134,7 @@ struct peer_cfg_t {
 	ike_version_t (*get_ike_version)(peer_cfg_t *this);
 
 	/**
-	 * Get the IKE config to use for initiaton.
+	 * Get the IKE config to use for initiation.
 	 *
 	 * @return				the IKE config to use
 	 */

src/libcharon/daemon.h

@@ -150,7 +150,7 @@
  * synchronization:
  * Each IKE_SA must be checked out strictly and checked in again after use. The
  * manager guarantees that only one thread may check out a single IKE_SA. This
- * allows us to write the (complex) IKE_SAs routines non-threadsave.
+ * allows us to write the (complex) IKE_SAs routines non-threadsafe.
  * The IKE_SA contain the state and the logic of each IKE_SA and handle the
  * messages.
  *