fuzzing techniques: 1) Sending a malformed IKE_SA_INIT request leaved an
incomplete state which caused a null pointer dereference if a subsequent
CREATE_CHILD_SA request was sent. 2) Sending an IKE_AUTH request with either
- a missing TSi or TSr payload caused a null pointer derefence because the
+ a missing TSi or TSr payload caused a null pointer dereference because the
checks for TSi and TSr were interchanged. The IKEv2 fuzzer used was
developed by the Orange Labs vulnerability research team. The tool was
initially written by Gabriel Campana and is now maintained by Laurent Butti.
if (!enum_from_name(hash_algorithm_short_names, argv[1], &alg))
{
- fprintf(stderr, "unknown hash algorthm: %s\n", argv[1]);
+ fprintf(stderr, "unknown hash algorithm: %s\n", argv[1]);
return 1;
}
hasher = lib->crypto->create_hasher(lib->crypto, alg);
if (!hasher)
{
- fprintf(stderr, "hash algorthm not supported: %N\n",
+ fprintf(stderr, "hash algorithm not supported: %N\n",
hash_algorithm_names, alg);
return 1;
}
{ FLAG, offsetof(private_ike_header_t, flags.encryption)},
/* 4 Byte message id, stored in the field message_id */
{ U_INT_32, offsetof(private_ike_header_t, message_id) },
- /* 4 Byte length fied, stored in the field length */
+ /* 4 Byte length field, stored in the field length */
{ HEADER_LENGTH, offsetof(private_ike_header_t, length) }
};
backend_t backend;
/**
- * Destry the backend.
+ * Destroy the backend.
*/
void (*destroy)(sql_config_t *this);
};
credential_set_t set;
/**
- * Destry the backend.
+ * Destroy the backend.
*/
void (*destroy)(sql_cred_t *this);
};
logger_t logger;
/**
- * Destry the backend.
+ * Destroy the backend.
*/
void (*destroy)(sql_logger_t *this);
};
*
* @param version requested IKE version
* @param initiator TRUE if we are initiator
- * @return keymat_t implmenetation
+ * @return keymat_t implementation
*/
keymat_t *keymat_create(ike_version_t version, bool initiator);
uint32_t action_flags;
/**
- * IMV database session associatied with TNCCS connection
+ * IMV database session associated with TNCCS connection
*/
imv_session_t *session;
* @param revocation_time receives time of revocation, if revoked
* @param revocation_reason receives reason of revocation, if revoked
* @param this_update creation time of revocation list
- * @param next_update exptected time of next revocation list
+ * @param next_update expected time of next revocation list
* @return certificate revocation status
*/
cert_validation_t (*get_status)(ocsp_response_t *this,
*
* A credential set enumerator may not block the credential set, i.e. multiple
* threads must be able to hold multiple enumerators, as the credential manager
- * is higly parallelized. The best way to achieve this is by using shared
+ * is highly parallelized. The best way to achieve this is by using shared
* read locks for the enumerators only. Otherwise deadlocks will occur.
* The writing cache_cert() routine is called by the manager only if no
* enumerator is alive, so it is save to use a write lock there.
return FALSE;
}
- /* "i" gets incremeneted after enumerate(), hence read from previous */
+ /* "i" gets incremented after enumerate(), hence read from previous */
si = sk_CMS_SignerInfo_value(e->signers, e->i - 1);
for (i = 0; i < CMS_signed_get_attr_count(si); i++)
{
typedef enum tty_escape_t tty_escape_t;
/**
- * Excape codes for tty colors
+ * Escape codes for tty colors
*/
enum tty_escape_t {
/** text properties */
# Convert strongSwan Root CA certificate into DER format
openssl x509 -in ${CA_CERT} -outform der -out ${CA_CERT_DER}
-# Gernerate a stale CRL
+# Generate a stale CRL
pki --signcrl --cakey ${CA_KEY} --cacert ${CA_CERT} \
--this-update "${START}" --lifetime 1 > ${CA_LAST_CRL}
--in ${CA_DIR}/certs/01.pem --group sales \
--not-before "${SH_END}" --not-after "${EE_END}" --outform pem > ${ACERT_CS}
-# Put a copy into the ikev2/acert-inline scenarion
+# Put a copy into the ikev2/acert-inline scenario
TEST="${TEST_DIR}/ikev2/acert-inline"
mkdir -p ${TEST}/hosts/moon/${IPSEC_DIR}/private
mkdir -p ${TEST}/hosts/moon/${IPSEC_DIR}/aacerts
--outform pem > ${TEST_CERT}
cp ${TEST_CERT} ${CA_DIR}/certs/${SERIAL}.pem
-# Genrate dave's attribute certificate for sales from expired AA
+# Generate dave's attribute certificate for sales from expired AA
ACERT=${TEST}/hosts/dave/${IPSEC_DIR}/acerts/dave-expired-aa.pem
mkdir -p ${TEST}/hosts/dave/${IPSEC_DIR}/acerts
pki --acert --issuerkey ${TEST_KEY} --issuercert ${TEST_CERT} \