diff options
| author | tb <> | 2022-01-05 17:38:14 +0000 |
|---|---|---|
| committer | tb <> | 2022-01-05 17:38:14 +0000 |
| commit | 183e619866f2e807250eb61e036b064f730adb2f (patch) | |
| tree | ad5da26e832689f62f5c51c7f7a6021fbe0ef169 | |
| parent | 75b59f2a54d9fb2d74bb1ef9d3d48594ef09f873 (diff) | |
| download | openbsd-183e619866f2e807250eb61e036b064f730adb2f.tar.gz openbsd-183e619866f2e807250eb61e036b064f730adb2f.tar.bz2 openbsd-183e619866f2e807250eb61e036b064f730adb2f.zip | |
In addr_validate_path_internal() rename i to depth because that's
what it is.
| -rw-r--r-- | src/lib/libcrypto/x509/x509_addr.c | 32 |
1 files changed, 15 insertions, 17 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index dac9d8e055..056fa866b5 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: x509_addr.c,v 1.64 2022/01/05 17:36:32 tb Exp $ */ | 1 | /* $OpenBSD: x509_addr.c,v 1.65 2022/01/05 17:38:14 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Contributed to the OpenSSL Project by the American Registry for | 3 | * Contributed to the OpenSSL Project by the American Registry for |
| 4 | * Internet Numbers ("ARIN"). | 4 | * Internet Numbers ("ARIN"). |
| @@ -1747,8 +1747,9 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, | |||
| 1747 | IPAddrBlocks *child = NULL, *parent = NULL; | 1747 | IPAddrBlocks *child = NULL, *parent = NULL; |
| 1748 | IPAddressFamily *fc, *fp; | 1748 | IPAddressFamily *fc, *fp; |
| 1749 | IPAddressOrRanges *aorc, *aorp; | 1749 | IPAddressOrRanges *aorc, *aorp; |
| 1750 | X509 *x; | 1750 | X509 *x = NULL; |
| 1751 | int i, j, k; | 1751 | int depth = -1; |
| 1752 | int j, k; | ||
| 1752 | unsigned int length; | 1753 | unsigned int length; |
| 1753 | int ret = 1; | 1754 | int ret = 1; |
| 1754 | 1755 | ||
| @@ -1767,19 +1768,16 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, | |||
| 1767 | * we're done. Otherwise, check canonical form and set up for walking | 1768 | * we're done. Otherwise, check canonical form and set up for walking |
| 1768 | * up the chain. | 1769 | * up the chain. |
| 1769 | */ | 1770 | */ |
| 1770 | if (ext != NULL) { | 1771 | if (ext == NULL) { |
| 1771 | i = -1; | 1772 | depth = 0; |
| 1772 | x = NULL; | 1773 | x = sk_X509_value(chain, depth); |
| 1773 | } else { | ||
| 1774 | i = 0; | ||
| 1775 | x = sk_X509_value(chain, i); | ||
| 1776 | if ((ext = x->rfc3779_addr) == NULL) | 1774 | if ((ext = x->rfc3779_addr) == NULL) |
| 1777 | goto done; | 1775 | goto done; |
| 1778 | } | 1776 | } |
| 1779 | 1777 | ||
| 1780 | if (!X509v3_addr_is_canonical(ext)) { | 1778 | if (!X509v3_addr_is_canonical(ext)) { |
| 1781 | if ((ret = verify_error(ctx, x, | 1779 | if ((ret = verify_error(ctx, x, |
| 1782 | X509_V_ERR_INVALID_EXTENSION, i)) == 0) | 1780 | X509_V_ERR_INVALID_EXTENSION, depth)) == 0) |
| 1783 | goto done; | 1781 | goto done; |
| 1784 | } | 1782 | } |
| 1785 | 1783 | ||
| @@ -1796,8 +1794,8 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, | |||
| 1796 | * Now walk up the chain. No cert may list resources that its parent | 1794 | * Now walk up the chain. No cert may list resources that its parent |
| 1797 | * doesn't list. | 1795 | * doesn't list. |
| 1798 | */ | 1796 | */ |
| 1799 | for (i++; i < sk_X509_num(chain); i++) { | 1797 | for (depth++; depth < sk_X509_num(chain); depth++) { |
| 1800 | x = sk_X509_value(chain, i); | 1798 | x = sk_X509_value(chain, depth); |
| 1801 | 1799 | ||
| 1802 | if ((parent = x->rfc3779_addr) == NULL) { | 1800 | if ((parent = x->rfc3779_addr) == NULL) { |
| 1803 | for (j = 0; j < sk_IPAddressFamily_num(child); j++) { | 1801 | for (j = 0; j < sk_IPAddressFamily_num(child); j++) { |
| @@ -1807,7 +1805,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, | |||
| 1807 | continue; | 1805 | continue; |
| 1808 | 1806 | ||
| 1809 | if ((ret = verify_error(ctx, x, | 1807 | if ((ret = verify_error(ctx, x, |
| 1810 | X509_V_ERR_UNNESTED_RESOURCE, i)) == 0) | 1808 | X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) |
| 1811 | goto done; | 1809 | goto done; |
| 1812 | break; | 1810 | break; |
| 1813 | } | 1811 | } |
| @@ -1816,7 +1814,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, | |||
| 1816 | 1814 | ||
| 1817 | if (!X509v3_addr_is_canonical(parent)) { | 1815 | if (!X509v3_addr_is_canonical(parent)) { |
| 1818 | if ((ret = verify_error(ctx, x, | 1816 | if ((ret = verify_error(ctx, x, |
| 1819 | X509_V_ERR_INVALID_EXTENSION, i)) == 0) | 1817 | X509_V_ERR_INVALID_EXTENSION, depth)) == 0) |
| 1820 | goto done; | 1818 | goto done; |
| 1821 | } | 1819 | } |
| 1822 | 1820 | ||
| @@ -1844,7 +1842,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, | |||
| 1844 | 1842 | ||
| 1845 | /* Otherwise the child isn't covered. */ | 1843 | /* Otherwise the child isn't covered. */ |
| 1846 | if ((ret = verify_error(ctx, x, | 1844 | if ((ret = verify_error(ctx, x, |
| 1847 | X509_V_ERR_UNNESTED_RESOURCE, i)) == 0) | 1845 | X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) |
| 1848 | goto done; | 1846 | goto done; |
| 1849 | break; | 1847 | break; |
| 1850 | } | 1848 | } |
| @@ -1880,7 +1878,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, | |||
| 1880 | } | 1878 | } |
| 1881 | 1879 | ||
| 1882 | if ((ret = verify_error(ctx, x, | 1880 | if ((ret = verify_error(ctx, x, |
| 1883 | X509_V_ERR_UNNESTED_RESOURCE, i)) == 0) | 1881 | X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) |
| 1884 | goto done; | 1882 | goto done; |
| 1885 | } | 1883 | } |
| 1886 | } | 1884 | } |
| @@ -1899,7 +1897,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain, | |||
| 1899 | continue; | 1897 | continue; |
| 1900 | 1898 | ||
| 1901 | if ((ret = verify_error(ctx, x, | 1899 | if ((ret = verify_error(ctx, x, |
| 1902 | X509_V_ERR_UNNESTED_RESOURCE, i)) == 0) | 1900 | X509_V_ERR_UNNESTED_RESOURCE, depth)) == 0) |
| 1903 | goto done; | 1901 | goto done; |
| 1904 | } | 1902 | } |
| 1905 | } | 1903 | } |