purpose/trust: Improve comments about COUNT/MAX confusion

2 files changed, 10 insertions, 4 deletions

diff --git a/src/lib/libcrypto/x509/x509_purp.c b/src/lib/libcrypto/x509/x509_purp.c
index dbae7bcb7c..35f20e2bc3 100644
--- a/src/lib/libcrypto/x509/x509_purp.c
+++ b/src/lib/libcrypto/x509/x509_purp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_purp.c,v 1.34 2024/01/06 17:17:08 tb Exp $ */
+/* $OpenBSD: x509_purp.c,v 1.35 2024/01/07 16:22:46 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2001.
  */
@@ -232,7 +232,10 @@ LCRYPTO_ALIAS(X509_PURPOSE_get_by_sname);
 int
 X509_PURPOSE_get_by_id(int purpose)
 {
-        /* X509_PURPOSE_MIN == 1, so the bounds are correct. */
+        /*
+         * Ensure the purpose identifier is between MIN and MAX inclusive.
+         * If so, translate it to an index into the xstandard[] table.
+         */
         if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX)
                 return -1;
 
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c
index e3a20e22b0..6e98eb2785 100644
--- a/src/lib/libcrypto/x509/x509_trs.c
+++ b/src/lib/libcrypto/x509/x509_trs.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.33 2024/01/07 14:50:45 tb Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.34 2024/01/07 16:22:46 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -191,7 +191,10 @@ LCRYPTO_ALIAS(X509_TRUST_get0);
 int
 X509_TRUST_get_by_id(int id)
 {
-        /* X509_TRUST_MIN == 1, so the bounds are correct. */
+        /*
+         * Ensure the trust identifier is between MIN and MAX inclusive.
+         * If so, translate it into an index into the trstandard[] table.
+         */
         if (id < X509_TRUST_MIN && id > X509_TRUST_MAX)
                 return -1;