summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authortb <>2022-01-05 17:51:30 +0000
committertb <>2022-01-05 17:51:30 +0000
commit04c6452c4fca64f1bcef9a81d278196c7ec5d26c (patch)
treef8556cf41ba4c49c7e00f625ad844326779d7279
parentb3b250fb6f2d0a8ce608fadb8cde71b0be692e09 (diff)
downloadopenbsd-04c6452c4fca64f1bcef9a81d278196c7ec5d26c.tar.gz
openbsd-04c6452c4fca64f1bcef9a81d278196c7ec5d26c.tar.bz2
openbsd-04c6452c4fca64f1bcef9a81d278196c7ec5d26c.zip
Rename fp and fc into parent_af and child_af for readability.
suggested by jsing
Diffstat
-rw-r--r--src/lib/libcrypto/x509/x509_addr.c53
1 files changed, 29 insertions, 24 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index 90288445ab..ad92e49e45 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_addr.c,v 1.70 2022/01/05 17:49:39 tb Exp $ */ 1/* $OpenBSD: x509_addr.c,v 1.71 2022/01/05 17:51:30 tb Exp $ */
2/* 2/*
3 * Contributed to the OpenSSL Project by the American Registry for 3 * Contributed to the OpenSSL Project by the American Registry for
4 * Internet Numbers ("ARIN"). 4 * Internet Numbers ("ARIN").
@@ -1699,7 +1699,7 @@ addr_contains(IPAddressOrRanges *parent, IPAddressOrRanges *child, int length)
1699int 1699int
1700X509v3_addr_subset(IPAddrBlocks *child, IPAddrBlocks *parent) 1700X509v3_addr_subset(IPAddrBlocks *child, IPAddrBlocks *parent)
1701{ 1701{
1702 IPAddressFamily *fc, *fp; 1702 IPAddressFamily *child_af, *parent_af;
1703 IPAddressOrRanges *aorc, *aorp; 1703 IPAddressOrRanges *aorc, *aorp;
1704 int i, length; 1704 int i, length;
1705 1705
@@ -1712,16 +1712,18 @@ X509v3_addr_subset(IPAddrBlocks *child, IPAddrBlocks *parent)
1712 return 0; 1712 return 0;
1713 1713
1714 for (i = 0; i < sk_IPAddressFamily_num(child); i++) { 1714 for (i = 0; i < sk_IPAddressFamily_num(child); i++) {
1715 fc = sk_IPAddressFamily_value(child, i); 1715 child_af = sk_IPAddressFamily_value(child, i);
1716 1716
1717 if ((fp = IPAddressFamily_find_in_parent(parent, fc)) == NULL) 1717
1718 parent_af = IPAddressFamily_find_in_parent(parent, child_af);
1719 if (parent_af == NULL)
1718 return 0; 1720 return 0;
1719 1721
1720 if (!IPAddressFamily_afi_length(fp, &length)) 1722 if (!IPAddressFamily_afi_length(parent_af, &length))
1721 return 0; 1723 return 0;
1722 1724
1723 aorc = IPAddressFamily_addressesOrRanges(fc); 1725 aorc = IPAddressFamily_addressesOrRanges(child_af);
1724 aorp = IPAddressFamily_addressesOrRanges(fp); 1726 aorp = IPAddressFamily_addressesOrRanges(parent_af);
1725 1727
1726 if (!addr_contains(aorp, aorc, length)) 1728 if (!addr_contains(aorp, aorc, length))
1727 return 0; 1729 return 0;
@@ -1755,7 +1757,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1755 IPAddrBlocks *ext) 1757 IPAddrBlocks *ext)
1756{ 1758{
1757 IPAddrBlocks *child = NULL, *parent = NULL; 1759 IPAddrBlocks *child = NULL, *parent = NULL;
1758 IPAddressFamily *fc, *fp; 1760 IPAddressFamily *child_af, *parent_af;
1759 IPAddressOrRanges *aorc, *aorp; 1761 IPAddressOrRanges *aorc, *aorp;
1760 X509 *cert = NULL; 1762 X509 *cert = NULL;
1761 int depth = -1; 1763 int depth = -1;
@@ -1809,9 +1811,10 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1809 1811
1810 if ((parent = cert->rfc3779_addr) == NULL) { 1812 if ((parent = cert->rfc3779_addr) == NULL) {
1811 for (i = 0; i < sk_IPAddressFamily_num(child); i++) { 1813 for (i = 0; i < sk_IPAddressFamily_num(child); i++) {
1812 fc = sk_IPAddressFamily_value(child, i); 1814 child_af = sk_IPAddressFamily_value(child, i);
1813 1815
1814 if (IPAddressFamily_inheritance(fc) != NULL) 1816 if (IPAddressFamily_inheritance(child_af) !=
1817 NULL)
1815 continue; 1818 continue;
1816 1819
1817 if ((ret = verify_error(ctx, cert, 1820 if ((ret = verify_error(ctx, cert,
@@ -1835,15 +1838,17 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1835 * parent's resources are covered by the grandparent. 1838 * parent's resources are covered by the grandparent.
1836 */ 1839 */
1837 for (i = 0; i < sk_IPAddressFamily_num(child); i++) { 1840 for (i = 0; i < sk_IPAddressFamily_num(child); i++) {
1838 fc = sk_IPAddressFamily_value(child, i); 1841 child_af = sk_IPAddressFamily_value(child, i);
1839 1842
1840 fp = IPAddressFamily_find_in_parent(parent, fc); 1843 parent_af = IPAddressFamily_find_in_parent(parent,
1841 if (fp == NULL) { 1844 child_af);
1845 if (parent_af == NULL) {
1842 /* 1846 /*
1843 * If we have no match in the parent and the 1847 * If we have no match in the parent and the
1844 * child inherits, that's fine. 1848 * child inherits, that's fine.
1845 */ 1849 */
1846 if (IPAddressFamily_inheritance(fc) != NULL) 1850 if (IPAddressFamily_inheritance(child_af) !=
1851 NULL)
1847 continue; 1852 continue;
1848 1853
1849 /* Otherwise the child isn't covered. */ 1854 /* Otherwise the child isn't covered. */
@@ -1854,17 +1859,17 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1854 } 1859 }
1855 1860
1856 /* Parent inherits, nothing to do. */ 1861 /* Parent inherits, nothing to do. */
1857 if (IPAddressFamily_inheritance(fp) != NULL) 1862 if (IPAddressFamily_inheritance(parent_af) != NULL)
1858 continue; 1863 continue;
1859 1864
1860 /* Child inherits. Use parent's address family. */ 1865 /* Child inherits. Use parent's address family. */
1861 if (IPAddressFamily_inheritance(fc) != NULL) { 1866 if (IPAddressFamily_inheritance(child_af) != NULL) {
1862 sk_IPAddressFamily_set(child, i, fp); 1867 sk_IPAddressFamily_set(child, i, parent_af);
1863 continue; 1868 continue;
1864 } 1869 }
1865 1870
1866 aorc = IPAddressFamily_addressesOrRanges(fc); 1871 aorc = IPAddressFamily_addressesOrRanges(child_af);
1867 aorp = IPAddressFamily_addressesOrRanges(fp); 1872 aorp = IPAddressFamily_addressesOrRanges(parent_af);
1868 1873
1869 /* 1874 /*
1870 * Child and parent are canonical and neither inherits. 1875 * Child and parent are canonical and neither inherits.
@@ -1874,12 +1879,12 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1874 if (aorc == NULL || aorp == NULL) 1879 if (aorc == NULL || aorp == NULL)
1875 goto err; 1880 goto err;
1876 1881
1877 if (!IPAddressFamily_afi_length(fc, &length)) 1882 if (!IPAddressFamily_afi_length(child_af, &length))
1878 goto err; 1883 goto err;
1879 1884
1880 /* Now check containment and replace or error. */ 1885 /* Now check containment and replace or error. */
1881 if (addr_contains(aorp, aorc, length)) { 1886 if (addr_contains(aorp, aorc, length)) {
1882 sk_IPAddressFamily_set(child, i, fp); 1887 sk_IPAddressFamily_set(child, i, parent_af);
1883 continue; 1888 continue;
1884 } 1889 }
1885 1890
@@ -1894,12 +1899,12 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
1894 */ 1899 */
1895 if ((parent = cert->rfc3779_addr) != NULL) { 1900 if ((parent = cert->rfc3779_addr) != NULL) {
1896 for (i = 0; i < sk_IPAddressFamily_num(parent); i++) { 1901 for (i = 0; i < sk_IPAddressFamily_num(parent); i++) {
1897 fp = sk_IPAddressFamily_value(parent, i); 1902 parent_af = sk_IPAddressFamily_value(parent, i);
1898 1903
1899 if (IPAddressFamily_inheritance(fp) == NULL) 1904 if (IPAddressFamily_inheritance(parent_af) == NULL)
1900 continue; 1905 continue;
1901 1906
1902 if (sk_IPAddressFamily_find(child, fp) < 0) 1907 if (sk_IPAddressFamily_find(child, parent_af) < 0)
1903 continue; 1908 continue;
1904 1909
1905 if ((ret = verify_error(ctx, cert, 1910 if ((ret = verify_error(ctx, cert,
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-01 20:18:12 +0000