Use child_aor and parent_aor instead of aorc and aorp

suggested by jsing
author: tb <> 2022-01-05 17:52:28 +0000
committer: tb <> 2022-01-05 17:52:28 +0000
commit: a74f168e4069884b563dffaca44558e6c6115329 (patch)
tree: 16b6c6ac445a9bd71ccdf0d502ffa04aa18b806e
parent: 04c6452c4fca64f1bcef9a81d278196c7ec5d26c (diff)
download: openbsd-a74f168e4069884b563dffaca44558e6c6115329.tar.gz
openbsd-a74f168e4069884b563dffaca44558e6c6115329.tar.bz2
openbsd-a74f168e4069884b563dffaca44558e6c6115329.zip
1 files changed, 15 insertions, 15 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index ad92e49e45..65d2b2deb6 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_addr.c,v 1.71 2022/01/05 17:51:30 tb Exp $ */
+/*      $OpenBSD: x509_addr.c,v 1.72 2022/01/05 17:52:28 tb Exp $ */
 /*
 * Contributed to the OpenSSL Project by the American Registry for
 * Internet Numbers ("ARIN").
@@ -1656,7 +1656,7 @@ X509v3_addr_inherits(IPAddrBlocks *addr)
 static int
 addr_contains(IPAddressOrRanges *parent, IPAddressOrRanges *child, int length)
 {
-        IPAddressOrRange *aorc, *aorp;
+        IPAddressOrRange *child_aor, *parent_aor;
        unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
        unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
        int p, c;
@@ -1668,18 +1668,18 @@ addr_contains(IPAddressOrRanges *parent, IPAddressOrRanges *child, int length)
        p = 0;
        for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
-                aorc = sk_IPAddressOrRange_value(child, c);
+                child_aor = sk_IPAddressOrRange_value(child, c);
-                if (!extract_min_max(aorc, c_min, c_max, length))
+                if (!extract_min_max(child_aor, c_min, c_max, length))
                        return 0;
                for (;; p++) {
                        if (p >= sk_IPAddressOrRange_num(parent))
                                return 0;
-                        aorp = sk_IPAddressOrRange_value(parent, p);
+                        parent_aor = sk_IPAddressOrRange_value(parent, p);
-                        if (!extract_min_max(aorp, p_min, p_max, length))
+                        if (!extract_min_max(parent_aor, p_min, p_max, length))
                                return 0;
                        if (memcmp(p_max, c_max, length) < 0)
@@ -1700,7 +1700,7 @@ int
 X509v3_addr_subset(IPAddrBlocks *child, IPAddrBlocks *parent)
 {
        IPAddressFamily *child_af, *parent_af;
-        IPAddressOrRanges *aorc, *aorp;
+        IPAddressOrRanges *child_aor, *parent_aor;
        int i, length;
        if (child == NULL || child == parent)
@@ -1722,10 +1722,10 @@ X509v3_addr_subset(IPAddrBlocks *child, IPAddrBlocks *parent)
                if (!IPAddressFamily_afi_length(parent_af, &length))
                        return 0;
-                aorc = IPAddressFamily_addressesOrRanges(child_af);
+                child_aor = IPAddressFamily_addressesOrRanges(child_af);
-                aorp = IPAddressFamily_addressesOrRanges(parent_af);
+                parent_aor = IPAddressFamily_addressesOrRanges(parent_af);
-                if (!addr_contains(aorp, aorc, length))
+                if (!addr_contains(parent_aor, child_aor, length))
                        return 0;
        }
        return 1;
@@ -1758,7 +1758,7 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
 {
        IPAddrBlocks *child = NULL, *parent = NULL;
        IPAddressFamily *child_af, *parent_af;
-        IPAddressOrRanges *aorc, *aorp;
+        IPAddressOrRanges *child_aor, *parent_aor;
        X509 *cert = NULL;
        int depth = -1;
        int i;
@@ -1868,22 +1868,22 @@ addr_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509) *chain,
                                continue;
                        }
-                        aorc = IPAddressFamily_addressesOrRanges(child_af);
+                        child_aor = IPAddressFamily_addressesOrRanges(child_af);
-                        aorp = IPAddressFamily_addressesOrRanges(parent_af);
+                        parent_aor = IPAddressFamily_addressesOrRanges(parent_af);
                        /*
                         * Child and parent are canonical and neither inherits.
                         * If either addressesOrRanges is NULL, something's
                         * very wrong.
                         */
-                        if (aorc == NULL || aorp == NULL)
+                        if (child_aor == NULL || parent_aor == NULL)
                                goto err;
                        if (!IPAddressFamily_afi_length(child_af, &length))
                                goto err;
                        /* Now check containment and replace or error. */
-                        if (addr_contains(aorp, aorc, length)) {
+                        if (addr_contains(parent_aor, child_aor, length)) {
                                sk_IPAddressFamily_set(child, i, parent_af);
                                continue;
                        }
author	tb <>	2022-01-05 17:52:28 +0000
committer	tb <>	2022-01-05 17:52:28 +0000
commit	a74f168e4069884b563dffaca44558e6c6115329 (patch)
tree	16b6c6ac445a9bd71ccdf0d502ffa04aa18b806e
parent	04c6452c4fca64f1bcef9a81d278196c7ec5d26c (diff)
download	openbsd-a74f168e4069884b563dffaca44558e6c6115329.tar.gz openbsd-a74f168e4069884b563dffaca44558e6c6115329.tar.bz2 openbsd-a74f168e4069884b563dffaca44558e6c6115329.zip

diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index ad92e49e45..65d2b2deb6 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_addr.c,v 1.71 2022/01/05 17:51:30 tb Exp $ */	1	/* $OpenBSD: x509_addr.c,v 1.72 2022/01/05 17:52:28 tb Exp $ */
2	/*	2	/*
3	* Contributed to the OpenSSL Project by the American Registry for	3	* Contributed to the OpenSSL Project by the American Registry for
4	* Internet Numbers ("ARIN").	4	* Internet Numbers ("ARIN").
@@ -1656,7 +1656,7 @@ X509v3_addr_inherits(IPAddrBlocks *addr)
1656	static int	1656	static int
1657	addr_contains(IPAddressOrRanges parent, IPAddressOrRanges child, int length)	1657	addr_contains(IPAddressOrRanges parent, IPAddressOrRanges child, int length)
1658	{	1658	{
1659	IPAddressOrRange aorc, aorp;	1659	IPAddressOrRange child_aor, parent_aor;
1660	unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];	1660	unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
1661	unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];	1661	unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
1662	int p, c;	1662	int p, c;
@@ -1668,18 +1668,18 @@ addr_contains(IPAddressOrRanges parent, IPAddressOrRanges child, int length)
1668		1668
1669	p = 0;	1669	p = 0;
1670	for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {	1670	for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
1671	aorc = sk_IPAddressOrRange_value(child, c);	1671	child_aor = sk_IPAddressOrRange_value(child, c);
1672		1672
1673	if (!extract_min_max(aorc, c_min, c_max, length))	1673	if (!extract_min_max(child_aor, c_min, c_max, length))
1674	return 0;	1674	return 0;
1675		1675
1676	for (;; p++) {	1676	for (;; p++) {
1677	if (p >= sk_IPAddressOrRange_num(parent))	1677	if (p >= sk_IPAddressOrRange_num(parent))
1678	return 0;	1678	return 0;
1679		1679
1680	aorp = sk_IPAddressOrRange_value(parent, p);	1680	parent_aor = sk_IPAddressOrRange_value(parent, p);
1681		1681
1682	if (!extract_min_max(aorp, p_min, p_max, length))	1682	if (!extract_min_max(parent_aor, p_min, p_max, length))
1683	return 0;	1683	return 0;
1684		1684
1685	if (memcmp(p_max, c_max, length) < 0)	1685	if (memcmp(p_max, c_max, length) < 0)
@@ -1700,7 +1700,7 @@ int
1700	X509v3_addr_subset(IPAddrBlocks child, IPAddrBlocks parent)	1700	X509v3_addr_subset(IPAddrBlocks child, IPAddrBlocks parent)
1701	{	1701	{
1702	IPAddressFamily child_af, parent_af;	1702	IPAddressFamily child_af, parent_af;
1703	IPAddressOrRanges aorc, aorp;	1703	IPAddressOrRanges child_aor, parent_aor;
1704	int i, length;	1704	int i, length;
1705		1705
1706	if (child == NULL \|\| child == parent)	1706	if (child == NULL \|\| child == parent)
@@ -1722,10 +1722,10 @@ X509v3_addr_subset(IPAddrBlocks child, IPAddrBlocks parent)
1722	if (!IPAddressFamily_afi_length(parent_af, &length))	1722	if (!IPAddressFamily_afi_length(parent_af, &length))
1723	return 0;	1723	return 0;
1724		1724
1725	aorc = IPAddressFamily_addressesOrRanges(child_af);	1725	child_aor = IPAddressFamily_addressesOrRanges(child_af);
1726	aorp = IPAddressFamily_addressesOrRanges(parent_af);	1726	parent_aor = IPAddressFamily_addressesOrRanges(parent_af);
1727		1727
1728	if (!addr_contains(aorp, aorc, length))	1728	if (!addr_contains(parent_aor, child_aor, length))
1729	return 0;	1729	return 0;
1730	}	1730	}
1731	return 1;	1731	return 1;
@@ -1758,7 +1758,7 @@ addr_validate_path_internal(X509_STORE_CTX ctx, STACK_OF(X509) chain,
1758	{	1758	{
1759	IPAddrBlocks child = NULL, parent = NULL;	1759	IPAddrBlocks child = NULL, parent = NULL;
1760	IPAddressFamily child_af, parent_af;	1760	IPAddressFamily child_af, parent_af;
1761	IPAddressOrRanges aorc, aorp;	1761	IPAddressOrRanges child_aor, parent_aor;
1762	X509 *cert = NULL;	1762	X509 *cert = NULL;
1763	int depth = -1;	1763	int depth = -1;
1764	int i;	1764	int i;
@@ -1868,22 +1868,22 @@ addr_validate_path_internal(X509_STORE_CTX ctx, STACK_OF(X509) chain,
1868	continue;	1868	continue;
1869	}	1869	}
1870		1870
1871	aorc = IPAddressFamily_addressesOrRanges(child_af);	1871	child_aor = IPAddressFamily_addressesOrRanges(child_af);
1872	aorp = IPAddressFamily_addressesOrRanges(parent_af);	1872	parent_aor = IPAddressFamily_addressesOrRanges(parent_af);
1873		1873
1874	/*	1874	/*
1875	* Child and parent are canonical and neither inherits.	1875	* Child and parent are canonical and neither inherits.
1876	* If either addressesOrRanges is NULL, something's	1876	* If either addressesOrRanges is NULL, something's
1877	* very wrong.	1877	* very wrong.
1878	*/	1878	*/
1879	if (aorc == NULL \|\| aorp == NULL)	1879	if (child_aor == NULL \|\| parent_aor == NULL)
1880	goto err;	1880	goto err;
1881		1881
1882	if (!IPAddressFamily_afi_length(child_af, &length))	1882	if (!IPAddressFamily_afi_length(child_af, &length))
1883	goto err;	1883	goto err;
1884		1884
1885	/* Now check containment and replace or error. */	1885	/* Now check containment and replace or error. */
1886	if (addr_contains(aorp, aorc, length)) {	1886	if (addr_contains(parent_aor, child_aor, length)) {
1887	sk_IPAddressFamily_set(child, i, parent_af);	1887	sk_IPAddressFamily_set(child, i, parent_af);
1888	continue;	1888	continue;
1889	}	1889	}