[SCM] Samba Shared Repository - branch master updated

Andrew Bartlett abartlet at samba.org
Thu Nov 30 21:26:02 UTC 2023


The branch, master has been updated
       via  b12a33e2251 third_party/heimdal: import lorikeet-heimdal-202311290849 (commit 84fb4579594a5fd8f8462450777eb24d5832be07)
       via  f65a17e7abb lib:crypto: Use bytearray macros
      from  83edfcff5cc vfs_ceph: call 'ceph_fgetxattr' only if valid fd

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit b12a33e225197ec71285586ec44140b421f2e5c6
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed Nov 29 22:46:28 2023 +1300

    third_party/heimdal: import lorikeet-heimdal-202311290849 (commit 84fb4579594a5fd8f8462450777eb24d5832be07)
    
    Some of our pending PRs for Heimdal were recently accepted,
    so this brings in a new update (mostly improved spelling).
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Thu Nov 30 21:25:56 UTC 2023 on atb-devel-224

commit f65a17e7abb83b2d352fd7f75d3a32b7a729b76c
Author: Andreas Schneider <asn at samba.org>
Date:   Thu Nov 30 08:32:45 2023 +0100

    lib:crypto: Use bytearray macros
    
    Do not use old macros which are not descriptive by the name.
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Joseph Sutton <josephsutton at catalyst.net.nz>

-----------------------------------------------------------------------

Summary of changes:
 lib/crypto/gnutls_sp800_108.c                      |  4 +-
 third_party/heimdal/kdc/kerberos5.c                | 17 +++---
 third_party/heimdal/kdc/krb5tgs.c                  |  2 +-
 third_party/heimdal/kdc/pkinit.c                   | 10 ++--
 third_party/heimdal/kuser/kinit.c                  |  2 +-
 third_party/heimdal/lib/base/json.c                |  2 +-
 third_party/heimdal/lib/hdb/ext.c                  |  8 +--
 third_party/heimdal/lib/hx509/cert.c               | 26 ++++-----
 third_party/heimdal/lib/hx509/cms.c                | 64 +++++++++++-----------
 third_party/heimdal/lib/hx509/crypto-ec.c          |  2 +-
 third_party/heimdal/lib/hx509/crypto.c             |  4 +-
 third_party/heimdal/lib/hx509/hx509_err.et         |  2 +-
 third_party/heimdal/lib/hx509/req.c                |  2 +-
 third_party/heimdal/lib/hx509/revoke.c             | 32 +++++------
 third_party/heimdal/lib/hx509/test_cms.in          |  2 +-
 third_party/heimdal/lib/kadm5/bump_pw_expire.c     |  7 ++-
 third_party/heimdal/lib/krb5/cache.c               |  4 +-
 third_party/heimdal/lib/krb5/crypto.c              | 10 ++--
 third_party/heimdal/lib/krb5/digest.c              |  2 +-
 third_party/heimdal/lib/krb5/init_creds_pw.c       | 34 ++++++------
 third_party/heimdal/lib/krb5/krb5.conf.5           |  3 +-
 third_party/heimdal/lib/krb5/krb5_err.et           |  2 +-
 third_party/heimdal/lib/krb5/pac.c                 |  4 +-
 third_party/heimdal/lib/krb5/pkinit.c              | 16 +++---
 third_party/heimdal/lib/krb5/store.c               | 34 ++++++------
 third_party/heimdal/lib/roken/parse_time-test.c    |  1 +
 third_party/heimdal/lib/wind/utf8.c                |  8 +--
 third_party/heimdal/po/heimdal_krb5/de.po          |  2 +-
 .../heimdal/po/heimdal_krb5/heimdal_krb5.pot       |  2 +-
 third_party/heimdal/po/heimdal_krb5/sv_SE.po       |  2 +-
 30 files changed, 159 insertions(+), 151 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/crypto/gnutls_sp800_108.c b/lib/crypto/gnutls_sp800_108.c
index dc04354d3d2..65710657bae 100644
--- a/lib/crypto/gnutls_sp800_108.c
+++ b/lib/crypto/gnutls_sp800_108.c
@@ -41,7 +41,7 @@ static NTSTATUS samba_gnutls_sp800_108_derive_key_part(
 	static const uint8_t zero = 0;
 	int rc;
 
-	RSIVAL(buf, 0, i);
+	PUSH_BE_U32(buf, 0, i);
 	rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
 	if (rc < 0) {
 		return gnutls_error_to_ntstatus(rc,
@@ -69,7 +69,7 @@ static NTSTATUS samba_gnutls_sp800_108_derive_key_part(
 			return gnutls_error_to_ntstatus(
 				rc, NT_STATUS_HMAC_NOT_SUPPORTED);
 		}
-		RSIVAL(buf, 0, L);
+		PUSH_BE_U32(buf, 0, L);
 		rc = gnutls_hmac(hmac_hnd, buf, sizeof(buf));
 		if (rc < 0) {
 			return gnutls_error_to_ntstatus(
diff --git a/third_party/heimdal/kdc/kerberos5.c b/third_party/heimdal/kdc/kerberos5.c
index 76cecd3e12f..5991711a289 100644
--- a/third_party/heimdal/kdc/kerberos5.c
+++ b/third_party/heimdal/kdc/kerberos5.c
@@ -1125,7 +1125,7 @@ pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa)
     ret = pa_enc_ts_decrypt_kvno(r, kvno, &enc_data, &ts_data, &pa_key);
     if (ret == KRB5KDC_ERR_ETYPE_NOSUPP) {
 	char *estr;
-	_kdc_set_e_text(r, "No key matching entype");
+	_kdc_set_e_text(r, "No key matching enctype");
 	if(krb5_enctype_to_string(r->context, enc_data.etype, &estr))
 	    estr = NULL;
 	if(estr == NULL)
@@ -1143,6 +1143,7 @@ pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa)
 			       kvno);
 	goto out;
     }
+
     if (ret == KRB5KDC_ERR_PREAUTH_FAILED) {
 	krb5_error_code ret2;
 	const char *msg = krb5_get_error_message(r->context, ret);
@@ -1211,7 +1212,7 @@ pa_enc_ts_validate(astgs_request_t r, const PA_DATA *pa)
     krb5_data_free(&ts_data);
     if(ret){
 	ret = KRB5KDC_ERR_PREAUTH_FAILED;
-	_kdc_r_log(r, 4, "Failed to decode PA-ENC-TS_ENC -- %s",
+	_kdc_r_log(r, 4, "Failed to decode PA-ENC-TS-ENC -- %s",
 		   r->cname);
 	goto out;
     }
@@ -1846,7 +1847,7 @@ get_pa_etype_info2(krb5_context context,
 }
 
 /*
- * Return 0 if the client have only older enctypes, this is for
+ * Return 0 if the client has only older enctypes, this is for
  * determining if the server should send ETYPE_INFO2 or not.
  */
 
@@ -2895,7 +2896,7 @@ _kdc_as_rep(astgs_request_t r)
     if(r->client->flags.postdate && r->server->flags.postdate)
 	r->et.flags.may_postdate = f.allow_postdate;
     else if (f.allow_postdate){
-	_kdc_set_e_text(r, "Ticket may not be postdate");
+	_kdc_set_e_text(r, "Ticket may not be postdateable");
 	ret = KRB5KDC_ERR_POLICY;
 	goto out;
     }
@@ -2936,7 +2937,7 @@ _kdc_as_rep(astgs_request_t r)
 	_kdc_fix_time(&b->till);
 	t = *b->till;
 
-	/* be careful not overflowing */
+	/* be careful not to overflow */
 
         /*
          * Pre-auth can override r->client->max_life if configured.
@@ -3075,7 +3076,7 @@ _kdc_as_rep(astgs_request_t r)
     }
 
     /*
-     * Check and session and reply keys
+     * Check session and reply keys
      */
 
     if (r->session_key.keytype == ETYPE_NULL) {
@@ -3085,7 +3086,7 @@ _kdc_as_rep(astgs_request_t r)
     }
 
     if (r->reply_key.keytype == ETYPE_NULL) {
-	_kdc_set_e_text(r, "Client have no reply key");
+	_kdc_set_e_text(r, "Client has no reply key");
 	ret = KRB5KDC_ERR_CLIENT_NOTYET;
 	goto out;
     }
@@ -3169,7 +3170,7 @@ _kdc_as_rep(astgs_request_t r)
 	goto out;
 
     /*
-     * Check if message too large
+     * Check if message is too large
      */
     if (r->datagram_reply && r->reply->length > config->max_datagram_reply_length) {
 	krb5_data_free(r->reply);
diff --git a/third_party/heimdal/kdc/krb5tgs.c b/third_party/heimdal/kdc/krb5tgs.c
index af80450c4b0..d744f5610f3 100644
--- a/third_party/heimdal/kdc/krb5tgs.c
+++ b/third_party/heimdal/kdc/krb5tgs.c
@@ -1789,7 +1789,7 @@ server_lookup:
 		    break;
 	    if(i == b->etype.len) {
 		kdc_log(context, config, 4,
-			"Addition ticket have not matching etypes");
+			"Addition ticket has no matching etypes");
 		krb5_clear_error_message(context);
 		ret = KRB5KDC_ERR_ETYPE_NOSUPP;
                 kdc_audit_addreason((kdc_request_t)priv,
diff --git a/third_party/heimdal/kdc/pkinit.c b/third_party/heimdal/kdc/pkinit.c
index 255441ce071..c853359bbc2 100644
--- a/third_party/heimdal/kdc/pkinit.c
+++ b/third_party/heimdal/kdc/pkinit.c
@@ -534,8 +534,8 @@ _kdc_pk_rd_padata(astgs_request_t priv,
 
 	    }
 	    /*
-	     * If the client sent more then 10 EDI, don't bother
-	     * looking more then 10 of performance reasons.
+	     * If the client sent more than 10 EDIs, don't bother
+	     * looking at more than 10 for performance reasons.
 	     */
 	    maxedi = edi->len;
 	    if (maxedi > 10)
@@ -873,7 +873,7 @@ pk_mk_pa_reply_enckey(krb5_context context,
     *kdc_cert = NULL;
 
     /*
-     * If the message client is a win2k-type but it send pa data
+     * If the message client is a win2k-type but it sends pa data
      * 09-binding it expects a IETF (checksum) reply so there can be
      * no replay attacks.
      */
@@ -1533,7 +1533,7 @@ _kdc_pk_mk_pa_reply(astgs_request_t r, pk_client_params *cp)
 		krb5_data_free(&ocsp.data);
 		ocsp.expire = 0;
 	    } else if (ocsp.expire > 180) {
-		ocsp.expire -= 180; /* refetch the ocsp before it expire */
+		ocsp.expire -= 180; /* refetch the ocsp before it expires */
 		ocsp.next_update = ocsp.expire;
 	    } else {
 		ocsp.next_update = kdc_time;
@@ -1808,7 +1808,7 @@ _kdc_pk_check_client(astgs_request_t r,
 	    if (strcmp(*subject_name, acl->val[0].subject) != 0)
 		continue;
 
-	    /* Don't support isser and anchor checking right now */
+	    /* Don't support issuer and anchor checking right now */
 	    if (acl->val[0].issuer)
 		continue;
 	    if (acl->val[0].anchor)
diff --git a/third_party/heimdal/kuser/kinit.c b/third_party/heimdal/kuser/kinit.c
index 8df1c1b796f..9a2fac642ad 100644
--- a/third_party/heimdal/kuser/kinit.c
+++ b/third_party/heimdal/kuser/kinit.c
@@ -221,7 +221,7 @@ static struct getargs args[] = {
       NP_("use this credential cache as FAST armor cache", ""), "cache" },
 
     { "use-referrals",	0,  arg_flag, &use_referrals_flag,
-      NP_("only use referrals, no dns canalisation", ""), NULL },
+      NP_("only use referrals, no dns canonicalisation", ""), NULL },
 
     { "windows",	0,  arg_flag, &windows_flag,
       NP_("get windows behavior", ""), NULL },
diff --git a/third_party/heimdal/lib/base/json.c b/third_party/heimdal/lib/base/json.c
index 4fa0f2d5aff..ed4ea683308 100644
--- a/third_party/heimdal/lib/base/json.c
+++ b/third_party/heimdal/lib/base/json.c
@@ -976,7 +976,7 @@ parse_string(struct parse_ctx *ctx)
     /* NUL-terminate for rk_base64_decode() and plain paranoia */
     if (p0 != NULL && p == pend) {
         /*
-	 * Work out how far p is into p0 to re-esablish p after
+	 * Work out how far p is into p0 to re-establish p after
 	 * the realloc()
 	 */
         size_t p0_to_pend_len = (pend - p0);
diff --git a/third_party/heimdal/lib/hdb/ext.c b/third_party/heimdal/lib/hdb/ext.c
index 48683ef1607..465a235f744 100644
--- a/third_party/heimdal/lib/hdb/ext.c
+++ b/third_party/heimdal/lib/hdb/ext.c
@@ -43,7 +43,7 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
 	return 0;
 
     /*
-     * check for unknown extensions and if they where tagged mandatory
+     * check for unknown extensions and if they were tagged mandatory
      */
 
     for (i = 0; i < ent->extensions->len; i++) {
@@ -52,7 +52,7 @@ hdb_entry_check_mandatory(krb5_context context, const hdb_entry *ent)
 	    continue;
 	if (ent->extensions->val[i].mandatory) {
 	    krb5_set_error_message(context, HDB_ERR_MANDATORY_OPTION,
-				   "Principal have unknown "
+				   "Principal has unknown "
 				   "mandatory extension");
 	    return HDB_ERR_MANDATORY_OPTION;
 	}
@@ -592,7 +592,7 @@ hdb_validate_key_rotation(krb5_context context,
     if (new_kr->base_kvno <= last_kvno) {
         krb5_set_error_message(context, EINVAL,
                                "New key rotation base kvno must be larger "
-                               "the last kvno for the current key "
+                               "than the last kvno for the current key "
                                "rotation (%u)", last_kvno);
         return EINVAL;
     }
@@ -751,7 +751,7 @@ hdb_entry_add_key_rotation(krb5_context context,
                  ((kr->epoch - prev_kr->epoch) / prev_kr->period))) {
             krb5_set_error_message(context, EINVAL,
                                    "New key rotation base kvno must be larger "
-                                   "the last kvno for the current key "
+                                   "than the last kvno for the current key "
                                    "rotation (%u)", last_kvno);
             return EINVAL;
         }
diff --git a/third_party/heimdal/lib/hx509/cert.c b/third_party/heimdal/lib/hx509/cert.c
index e7e2423c54d..4fcb4ba8da9 100644
--- a/third_party/heimdal/lib/hx509/cert.c
+++ b/third_party/heimdal/lib/hx509/cert.c
@@ -237,13 +237,13 @@ hx509_set_warn_dest(hx509_context context, heim_log_facility *fac)
 
 /**
  * Selects if the hx509_revoke_verify() function is going to require
- * the existans of a revokation method (OCSP, CRL) or not. Note that
- * hx509_verify_path(), hx509_cms_verify_signed(), and other function
+ * the existence of a revocation method (OCSP, CRL) or not. Note that
+ * hx509_verify_path(), hx509_cms_verify_signed(), and other functions
  * call hx509_revoke_verify().
  *
  * @param context hx509 context to change the flag for.
- * @param flag zero, revokation method required, non zero missing
- * revokation method ok
+ * @param flag zero, revocation method required, non zero missing
+ * revocation method ok
  *
  * @ingroup hx509_verify
  */
@@ -555,7 +555,7 @@ hx509_cert_ref(hx509_cert cert)
 }
 
 /**
- * Allocate an verification context that is used fo control the
+ * Allocate an verification context that is used to control the
  * verification process.
  *
  * @param context A hx509 context.
@@ -952,7 +952,7 @@ hx509_cert_find_subjectAltName_otherName(hx509_context context,
 		ret = add_to_list(list, &sa.val[j].u.otherName.value);
 		if (ret) {
 		    hx509_set_error_string(context, 0, ret,
-					   "Error adding an exra SAN to "
+					   "Error adding an extra SAN to "
 					   "return list");
 		    hx509_free_octet_string_list(list);
 		    free_GeneralNames(&sa);
@@ -2436,7 +2436,7 @@ hx509_verify_path(hx509_context context,
 
 		/*
 		 * The subject name of the proxy certificate should be
-		 * CN=XXX,<proxy issuer>, prune of CN and check if its
+		 * CN=XXX,<proxy issuer>. Prune off CN and check if it's
 		 * the same over the whole chain of proxy certs and
 		 * then check with the EE cert when we get to it.
 		 */
@@ -2496,7 +2496,7 @@ hx509_verify_path(hx509_context context,
 	    } else {
 		/*
 		 * Now we are done with the proxy certificates, this
-		 * cert was an EE cert and we we will fall though to
+		 * cert was an EE cert and we will fall though to
 		 * EE checking below.
 		 */
 		type = EE_CERT;
@@ -2505,9 +2505,9 @@ hx509_verify_path(hx509_context context,
         HEIM_FALLTHROUGH;
 	case EE_CERT:
 	    /*
-	     * If there where any proxy certificates in the chain
+	     * If there were any proxy certificates in the chain
 	     * (proxy_cert_depth > 0), check that the proxy issuer
-	     * matched proxy certificates "base" subject.
+	     * matched the proxy certificate's "base" subject.
 	     */
 	    if (proxy_cert_depth) {
 
@@ -2598,7 +2598,7 @@ hx509_verify_path(hx509_context context,
     }
 
     /*
-     * Verify that no certificates has been revoked.
+     * Verify that no certificates have been revoked.
      */
 
     if (ctx->revoke_ctx) {
@@ -2681,7 +2681,7 @@ hx509_verify_path(hx509_context context,
 	    goto out;
 	}
 	/*
-	 * Verify that the sigature algorithm is not weak. Ignore
+	 * Verify that the signature algorithm is not weak. Ignore
 	 * trust anchors since they are provisioned by the user.
 	 */
 
@@ -2708,7 +2708,7 @@ out:
  * @param signer the certificate that made the signature.
  * @param alg algorthm that was used to sign the data.
  * @param data the data that was signed.
- * @param sig the sigature to verify.
+ * @param sig the signature to verify.
  *
  * @return An hx509 error code, see hx509_get_error_string().
  *
diff --git a/third_party/heimdal/lib/hx509/cms.c b/third_party/heimdal/lib/hx509/cms.c
index 8615f03ee81..1723f3a6424 100644
--- a/third_party/heimdal/lib/hx509/cms.c
+++ b/third_party/heimdal/lib/hx509/cms.c
@@ -117,8 +117,8 @@ hx509_cms_wrap_ContentInfo(const heim_oid *oid,
  * @param in the encoded buffer.
  * @param oid type of the content.
  * @param out data to be wrapped.
- * @param have_data since the data is optional, this flags show dthe
- * diffrence between no data and the zero length data.
+ * @param have_data since the data is optional, this flag shows the
+ * difference between no data and the zero length data.
  *
  * @return Returns an hx509 error code.
  *
@@ -250,7 +250,7 @@ unparse_CMSIdentifier(hx509_context context,
 	break;
     }
     default:
-	ret = asprintf(str, "certificate have unknown CMSidentifier type");
+	ret = asprintf(str, "certificate has unknown CMSidentifier type");
 	break;
     }
     /*
@@ -331,7 +331,7 @@ find_CMSIdentifier(hx509_context context,
 /**
  * Decode and unencrypt EnvelopedData.
  *
- * Extract data and parameteres from from the EnvelopedData. Also
+ * Extract data and parameters from the EnvelopedData. Also
  * supports using detached EnvelopedData.
  *
  * @param context A hx509 context.
@@ -342,7 +342,7 @@ find_CMSIdentifier(hx509_context context,
  * EnvelopedData stucture.
  * @param length length of the data that data point to.
  * @param encryptedContent in case of detached signature, this
- * contains the actual encrypted data, othersize its should be NULL.
+ * contains the actual encrypted data, otherwise it should be NULL.
  * @param time_now set the current time, if zero the library uses now as the date.
  * @param contentType output type oid, should be freed with der_free_oid().
  * @param content the data, free with der_free_octet_string().
@@ -437,7 +437,7 @@ hx509_cms_unenvelope(hx509_context context,
 
 	hx509_cert_free(cert);
 	if (ret == 0)
-	    break; /* succuessfully decrypted cert */
+	    break; /* successfully decrypted cert */
 	cert = NULL;
 	ret2 = unparse_CMSIdentifier(context, &ri->rid, &str);
 	if (ret2 == 0) {
@@ -531,17 +531,17 @@ out:
 }
 
 /**
- * Encrypt end encode EnvelopedData.
+ * Encrypt and encode EnvelopedData.
  *
  * Encrypt and encode EnvelopedData. The data is encrypted with a
  * random key and the the random key is encrypted with the
- * certificates private key. This limits what private key type can be
+ * certificate's private key. This limits what private key type can be
  * used to RSA.
  *
  * @param context A hx509 context.
  * @param flags flags to control the behavior.
  *    - HX509_CMS_EV_NO_KU_CHECK - Don't check KU on certificate
- *    - HX509_CMS_EV_ALLOW_WEAK - Allow weak crytpo
+ *    - HX509_CMS_EV_ALLOW_WEAK - Allow weak crypto
  *    - HX509_CMS_EV_ID_NAME - prefer issuer name and serial number
  * @param cert Certificate to encrypt the EnvelopedData encryption key
  * with.
@@ -773,12 +773,12 @@ find_attribute(const CMSAttributes *attr, const heim_oid *oid)
  *
  * @param context A hx509 context.
  * @param ctx a hx509 verify context.
- * @param flags to control the behaivor of the function.
+ * @param flags to control the behavior of the function.
  *    - HX509_CMS_VS_NO_KU_CHECK - Don't check KeyUsage
  *    - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
  *    - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
  * @param data pointer to CMS SignedData encoded data.
- * @param length length of the data that data point to.
+ * @param length length of the data that data points to.
  * @param signedContent external data used for signature.
  * @param pool certificate pool to build certificates paths.
  * @param contentType free with der_free_oid().
@@ -829,7 +829,7 @@ hx509_cms_verify_signed(hx509_context context,
  *    - HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH - allow oid mismatch
  *    - HX509_CMS_VS_ALLOW_ZERO_SIGNER - no signer, see below.
  * @param data pointer to CMS SignedData encoded data.
- * @param length length of the data that data point to.
+ * @param length length of the data that data points to.
  * @param signedContent external data used for signature.
  * @param pool certificate pool to build certificates paths.
  * @param contentType free with der_free_oid().
@@ -939,7 +939,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
 	    ret = HX509_CMS_MISSING_SIGNER_DATA;
 	    hx509_set_error_string(context, 0, ret,
 				   "SignerInfo %zu in SignedData "
-				   "missing sigature", i);
+				   "missing signature", i);
 	    continue;
 	}
 
@@ -972,22 +972,22 @@ hx509_cms_verify_signed_ext(hx509_context context,
 	    sa.val = signer_info->signedAttrs->val;
 	    sa.len = signer_info->signedAttrs->len;
 
-	    /* verify that sigature exists */
+	    /* verify that signature exists */
 	    attr = find_attribute(&sa, &asn1_oid_id_pkcs9_messageDigest);
 	    if (attr == NULL) {
 		ret = HX509_CRYPTO_SIGNATURE_MISSING;
 		hx509_set_error_string(context, 0, ret,
-				       "SignerInfo have signed attributes "
+				       "SignerInfo has signed attributes "
 				       "but messageDigest (signature) "
 				       "is missing");
-		goto next_sigature;
+		goto next_signature;
 	    }
 	    if (attr->value.len != 1) {
 		ret = HX509_CRYPTO_SIGNATURE_MISSING;
 		hx509_set_error_string(context, 0, ret,
-				       "SignerInfo have more then one "
+				       "SignerInfo has more than one "
 				       "messageDigest (signature)");
-		goto next_sigature;
+		goto next_signature;
 	    }
 
 	    ret = decode_MessageDigest(attr->value.val[0].data,
@@ -998,7 +998,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
 		hx509_set_error_string(context, 0, ret,
 				       "Failed to decode "
 				       "messageDigest (signature)");
-		goto next_sigature;
+		goto next_signature;
 	    }
 
 	    ret = _hx509_verify_signature(context,
@@ -1010,7 +1010,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
 	    if (ret) {
 		hx509_set_error_string(context, HX509_ERROR_APPEND, ret,
 				       "Failed to verify messageDigest");
-		goto next_sigature;
+		goto next_signature;
 	    }
 
 	    /*
@@ -1024,8 +1024,8 @@ hx509_cms_verify_signed_ext(hx509_context context,
 		if (attr->value.len != 1) {
 		    ret = HX509_CMS_DATA_OID_MISMATCH;
 		    hx509_set_error_string(context, 0, ret,
-					   "More then one oid in signedAttrs");
-		    goto next_sigature;
+					   "More than one oid in signedAttrs");
+		    goto next_signature;
 
 		}
 		ret = decode_ContentType(attr->value.val[0].data,
@@ -1036,7 +1036,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
 		    hx509_set_error_string(context, 0, ret,
 					   "Failed to decode "
 					   "oid in signedAttrs");
-		    goto next_sigature;
+		    goto next_signature;
 		}
 		match_oid = &decode_oid;
 	    }
@@ -1050,7 +1050,7 @@ hx509_cms_verify_signed_ext(hx509_context context,
 		if (match_oid == &decode_oid)
 		    der_free_oid(&decode_oid);
 		hx509_clear_error_string(context);
-		goto next_sigature;


-- 
Samba Shared Repository



More information about the samba-cvs mailing list