summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/man/ASN1_generate_nconf.3
diff options
context:
space:
mode:
authortb <>2022-01-05 07:47:15 +0000
committertb <>2022-01-05 07:47:15 +0000
commite09c2f833e7cd779e795baf3770f75d68d328fae (patch)
tree584bfee87260953fa4a57fcfebc354746211259d /src/lib/libcrypto/man/ASN1_generate_nconf.3
parented81383705f6ba9817b4534b0f97bca33acd4c06 (diff)
downloadopenbsd-e09c2f833e7cd779e795baf3770f75d68d328fae.tar.gz
openbsd-e09c2f833e7cd779e795baf3770f75d68d328fae.tar.bz2
openbsd-e09c2f833e7cd779e795baf3770f75d68d328fae.zip
Remove a bogus memcmp in range_should_be_prefix()
range_should_be_prefix() currently always fails. The reason for this is that OpenSSL commit 42d7d7dd incorrectly moved a memcmp() out of an assertion. As a consequence, the library emits and accepts incorrectly encoded ipAddrBlock extensions since it will never detect ranges that MUST be encoded as a prefix according to RFC 3779, 2.2.3.7. The return -1 from this memcmp() indicates to the callers that the range should be expressed as a range, so callers must check beforehand that min <= max to be able to fail. Thus, remove this memcmp() and add a check to make_addressRange(), the only caller that didn't already ensure that min <= max. This fixes the noisy output in regress/lib/libcrypto/x509/rfc3779. ok inoguchi jsing
Diffstat (limited to 'src/lib/libcrypto/man/ASN1_generate_nconf.3')
0 files changed, 0 insertions, 0 deletions