spelling fixes; from paul tagliamonte

i removed the arithmetics -> arithmetic changes, as i felt they were not clearly correct ok tb
author: jmc <> 2022-12-26 07:18:53 +0000
committer: jmc <> 2022-12-26 07:18:53 +0000
commit: 2eb7e5ff6bb69760f9dd4a43e7e3520ebb930120 (patch)
tree: 26f3d93398833b7449b8a97e9fe4af9904382dbf /src/lib/libcrypto/x509
parent: df59a12113ba6ec4c6faecd033d46176453f697e (diff)
download: openbsd-2eb7e5ff6bb69760f9dd4a43e7e3520ebb930120.tar.gz
openbsd-2eb7e5ff6bb69760f9dd4a43e7e3520ebb930120.tar.bz2
openbsd-2eb7e5ff6bb69760f9dd4a43e7e3520ebb930120.zip
9 files changed, 24 insertions, 24 deletions
diff --git a/src/lib/libcrypto/x509/pcy_tree.c b/src/lib/libcrypto/x509/pcy_tree.c
index be563d2677..050503bdf3 100644
--- a/src/lib/libcrypto/x509/pcy_tree.c
+++ b/src/lib/libcrypto/x509/pcy_tree.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pcy_tree.c,v 1.4 2022/11/26 16:08:54 tb Exp $ */
+/* $OpenBSD: pcy_tree.c,v 1.5 2022/12/26 07:18:53 jmc Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2004.
 */
@@ -131,7 +131,7 @@ tree_print(char *str, X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
 #endif
 /* Initialize policy tree. Return values:
- *  0 Some internal error occured.
+ *  0 Some internal error occurred.
 * -1 Inconsistent or invalid extensions in certificates.
 *  1 Tree initialized OK.
 *  2 Policy tree is empty.
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 7795181efc..0ff66587b9 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.h,v 1.90 2022/07/12 14:42:50 kn Exp $ */
+/* $OpenBSD: x509.h,v 1.91 2022/12/26 07:18:53 jmc Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -893,7 +893,7 @@ int 		X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
 int             X509_NAME_get_text_by_OBJ(X509_NAME *name,
                        const ASN1_OBJECT *obj, char *buf,int len);
-/* NOTE: you should be passsing -1, not 0 as lastpos.  The functions that use
+/* NOTE: you should be passing -1, not 0 as lastpos.  The functions that use
 * lastpos, search after that position on. */
 int             X509_NAME_get_index_by_NID(const X509_NAME *name, int nid,
                        int lastpos);
diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c
index 1b79383de0..346cab0a40 100644
--- a/src/lib/libcrypto/x509/x509_constraints.c
+++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_constraints.c,v 1.30 2022/11/28 07:22:15 tb Exp $ */
+/* $OpenBSD: x509_constraints.c,v 1.31 2022/12/26 07:18:53 jmc Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -192,7 +192,7 @@ x509_constraints_names_dup(struct x509_constraints_names *names)
 * 5890 compliant A-labels (see RFC 6066 section 3). This is more
 * permissive to allow for a leading '.'  for a subdomain based
 * constraint, as well as allowing for '_' which is commonly accepted
- * by nonconformant DNS implementaitons.
+ * by nonconformant DNS implementations.
 *
 * if "wildcards" is set it allows '*' to occur in the string at the end of a
 * component.
@@ -587,7 +587,7 @@ x509_constraints_sandns(char *sandns, size_t dlen, char *constraint, size_t len)
 * returns 1 if the domain and constraint match.
 * returns 0 otherwise.
 *
- * an empty constraint matches everyting.
+ * an empty constraint matches everything.
 * constraint will be matched against the domain as a suffix if it
 * starts with a '.'.
 * domain will be matched against the constraint as a suffix if it
@@ -651,10 +651,10 @@ x509_constraints_uri(uint8_t *uri, size_t ulen, uint8_t *constraint,
 }
 /*
- * Verify a validated address of size alen with a validated contraint
+ * Verify a validated address of size alen with a validated constraint
 * of size constraint_len. returns 1 if matching, 0 if not.
 * Addresses are assumed to be pre-validated for a length of 4 and 8
- * respectively for ipv4 addreses and constraints, and a length of
+ * respectively for ipv4 addresses and constraints, and a length of
 * 16 and 32 respectively for ipv6 address constraints by the caller.
 */
 int
@@ -909,7 +909,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
                        vname = NULL;
                }
                /*
-                 * Include the CN as a hostname to be checked againt
+                 * Include the CN as a hostname to be checked against
                 * name constraints if it looks like a hostname.
                 */
                while (include_cn &&
@@ -1210,7 +1210,7 @@ x509_constraints_check(struct x509_constraints_names *names,
 /*
 * Walk a validated chain of X509 certs, starting at the leaf, and
 * validate the name constraints in the chain. Intended for use with
- * the legacy X509 validtion code in x509_vfy.c
+ * the legacy X509 validation code in x509_vfy.c
 *
 * returns 1 if the constraints are ok, 0 otherwise, setting error and
 * depth
diff --git a/src/lib/libcrypto/x509/x509_issuer_cache.c b/src/lib/libcrypto/x509/x509_issuer_cache.c
index 4f78e1e69b..f7fbd54ca7 100644
--- a/src/lib/libcrypto/x509/x509_issuer_cache.c
+++ b/src/lib/libcrypto/x509/x509_issuer_cache.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_issuer_cache.c,v 1.3 2022/06/27 14:23:40 beck Exp $ */
+/* $OpenBSD: x509_issuer_cache.c,v 1.4 2022/12/26 07:18:53 jmc Exp $ */
 /*
 * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
 *
@@ -75,7 +75,7 @@ x509_issuer_cache_set_max(size_t max)
 /*
 * Free the oldest entry in the issuer cache. Returns 1
- * if an entry was successfuly freed, 0 otherwise. Must
+ * if an entry was successfully freed, 0 otherwise. Must
 * be called with x509_issuer_tree_mutex held.
 */
 void
diff --git a/src/lib/libcrypto/x509/x509_ncons.c b/src/lib/libcrypto/x509/x509_ncons.c
index cc7f59cd0a..c7e4e6ed9f 100644
--- a/src/lib/libcrypto/x509/x509_ncons.c
+++ b/src/lib/libcrypto/x509/x509_ncons.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_ncons.c,v 1.7 2022/11/26 16:08:55 tb Exp $ */
+/* $OpenBSD: x509_ncons.c,v 1.8 2022/12/26 07:18:53 jmc Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -482,7 +482,7 @@ nc_email(ASN1_IA5STRING *eml, ASN1_IA5STRING *base)
        if (!emlat)
                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-        /* Special case: inital '.' is RHS match */
+        /* Special case: initial '.' is RHS match */
        if (!baseat && (*baseptr == '.')) {
                if (eml->length > base->length) {
                        emlptr += eml->length - base->length;
@@ -543,7 +543,7 @@ nc_uri(ASN1_IA5STRING *uri, ASN1_IA5STRING *base)
        if (hostlen == 0)
                return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
-        /* Special case: inital '.' is RHS match */
+        /* Special case: initial '.' is RHS match */
        if (*baseptr == '.') {
                if (hostlen > base->length) {
                        p = hostptr + hostlen - base->length;
diff --git a/src/lib/libcrypto/x509/x509_utl.c b/src/lib/libcrypto/x509/x509_utl.c
index 525939d4ca..aa18efe2c5 100644
--- a/src/lib/libcrypto/x509/x509_utl.c
+++ b/src/lib/libcrypto/x509/x509_utl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_utl.c,v 1.4 2022/11/14 17:48:50 beck Exp $ */
+/* $OpenBSD: x509_utl.c,v 1.5 2022/12/26 07:18:53 jmc Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
@@ -723,7 +723,7 @@ skip_prefix(const unsigned char **p, size_t *plen, const unsigned char *subject,
 * "equal_nocase" function is a hand-rolled strncasecmp that does not
 * allow \0 in the pattern. Since an embedded \0 is likely a sign of
 * problems, we simply don't allow it in either case, and then we use
- * standard libc funcitons.
+ * standard libc functions.
 */
 /* Compare using strncasecmp */
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c
index 9392b1f41e..f6c7c21f5f 100644
--- a/src/lib/libcrypto/x509/x509_vfy.c
+++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.c,v 1.109 2022/12/01 05:20:30 tb Exp $ */
+/* $OpenBSD: x509_vfy.c,v 1.110 2022/12/26 07:18:53 jmc Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -312,7 +312,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX *ctx, int *bad, int *out_ok)
                if (ctx->untrusted != NULL) {
                        /*
                         * If we do not find a non-expired untrusted cert, peek
-                         * ahead and see if we can satisify this from the trusted
+                         * ahead and see if we can satisfy this from the trusted
                         * store. If not, see if we have an expired untrusted cert.
                         */
                        xtmp = find_issuer(ctx, sktmp, x, 0);
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h
index 9a9d6c0a1c..27ed484291 100644
--- a/src/lib/libcrypto/x509/x509_vfy.h
+++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_vfy.h,v 1.56 2022/12/01 05:27:04 tb Exp $ */
+/* $OpenBSD: x509_vfy.h,v 1.57 2022/12/26 07:18:53 jmc Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -255,7 +255,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
 /* Do not check certificate or CRL validity against current time. */
 #define X509_V_FLAG_NO_CHECK_TIME               0x200000
-/* Force the use of the legacy certificate verifcation */
+/* Force the use of the legacy certificate verification */
 #define X509_V_FLAG_LEGACY_VERIFY               0x400000
 #define X509_VP_FLAG_DEFAULT                    0x1
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c
index 14e2deb84f..19a253da4d 100644
--- a/src/lib/libcrypto/x509/x509name.c
+++ b/src/lib/libcrypto/x509/x509name.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509name.c,v 1.29 2022/11/26 16:08:55 tb Exp $ */
+/* $OpenBSD: x509name.c,v 1.30 2022/12/26 07:18:53 jmc Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -123,7 +123,7 @@ X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos)
 }
 LCRYPTO_ALIAS(X509_NAME_get_index_by_NID)
-/* NOTE: you should be passsing -1, not 0 as lastpos */
+/* NOTE: you should be passing -1, not 0 as lastpos */
 int
 X509_NAME_get_index_by_OBJ(const X509_NAME *name, const ASN1_OBJECT *obj,
    int lastpos)
author	jmc <>	2022-12-26 07:18:53 +0000
committer	jmc <>	2022-12-26 07:18:53 +0000
commit	2eb7e5ff6bb69760f9dd4a43e7e3520ebb930120 (patch)
tree	26f3d93398833b7449b8a97e9fe4af9904382dbf /src/lib/libcrypto/x509
parent	df59a12113ba6ec4c6faecd033d46176453f697e (diff)
download	openbsd-2eb7e5ff6bb69760f9dd4a43e7e3520ebb930120.tar.gz openbsd-2eb7e5ff6bb69760f9dd4a43e7e3520ebb930120.tar.bz2 openbsd-2eb7e5ff6bb69760f9dd4a43e7e3520ebb930120.zip

diff --git a/src/lib/libcrypto/x509/pcy_tree.c b/src/lib/libcrypto/x509/pcy_tree.c index be563d2677..050503bdf3 100644 --- a/src/lib/libcrypto/x509/pcy_tree.c +++ b/src/lib/libcrypto/x509/pcy_tree.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: pcy_tree.c,v 1.4 2022/11/26 16:08:54 tb Exp $ */	1	/* $OpenBSD: pcy_tree.c,v 1.5 2022/12/26 07:18:53 jmc Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2004.	3	* project 2004.
4	*/	4	*/
@@ -131,7 +131,7 @@ tree_print(char str, X509_POLICY_TREE tree, X509_POLICY_LEVEL *curr)
131	#endif	131	#endif
132		132
133	/* Initialize policy tree. Return values:	133	/* Initialize policy tree. Return values:
134	* 0 Some internal error occured.	134	* 0 Some internal error occurred.
135	* -1 Inconsistent or invalid extensions in certificates.	135	* -1 Inconsistent or invalid extensions in certificates.
136	* 1 Tree initialized OK.	136	* 1 Tree initialized OK.
137	* 2 Policy tree is empty.	137	* 2 Policy tree is empty.


diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index 7795181efc..0ff66587b9 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509.h,v 1.90 2022/07/12 14:42:50 kn Exp $ */	1	/* $OpenBSD: x509.h,v 1.91 2022/12/26 07:18:53 jmc Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -893,7 +893,7 @@ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid,
893	int X509_NAME_get_text_by_OBJ(X509_NAME *name,	893	int X509_NAME_get_text_by_OBJ(X509_NAME *name,
894	const ASN1_OBJECT obj, char buf,int len);	894	const ASN1_OBJECT obj, char buf,int len);
895		895
896	/* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use	896	/* NOTE: you should be passing -1, not 0 as lastpos. The functions that use
897	* lastpos, search after that position on. */	897	* lastpos, search after that position on. */
898	int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid,	898	int X509_NAME_get_index_by_NID(const X509_NAME *name, int nid,
899	int lastpos);	899	int lastpos);


diff --git a/src/lib/libcrypto/x509/x509_constraints.c b/src/lib/libcrypto/x509/x509_constraints.c index 1b79383de0..346cab0a40 100644 --- a/src/lib/libcrypto/x509/x509_constraints.c +++ b/src/lib/libcrypto/x509/x509_constraints.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_constraints.c,v 1.30 2022/11/28 07:22:15 tb Exp $ */	1	/* $OpenBSD: x509_constraints.c,v 1.31 2022/12/26 07:18:53 jmc Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -192,7 +192,7 @@ x509_constraints_names_dup(struct x509_constraints_names *names)
192	* 5890 compliant A-labels (see RFC 6066 section 3). This is more	192	* 5890 compliant A-labels (see RFC 6066 section 3). This is more
193	* permissive to allow for a leading '.' for a subdomain based	193	* permissive to allow for a leading '.' for a subdomain based
194	* constraint, as well as allowing for '_' which is commonly accepted	194	* constraint, as well as allowing for '_' which is commonly accepted
195	* by nonconformant DNS implementaitons.	195	* by nonconformant DNS implementations.
196	*	196	*
197	* if "wildcards" is set it allows '*' to occur in the string at the end of a	197	* if "wildcards" is set it allows '*' to occur in the string at the end of a
198	* component.	198	* component.
@@ -587,7 +587,7 @@ x509_constraints_sandns(char sandns, size_t dlen, char constraint, size_t len)
587	* returns 1 if the domain and constraint match.	587	* returns 1 if the domain and constraint match.
588	* returns 0 otherwise.	588	* returns 0 otherwise.
589	*	589	*
590	* an empty constraint matches everyting.	590	* an empty constraint matches everything.
591	* constraint will be matched against the domain as a suffix if it	591	* constraint will be matched against the domain as a suffix if it
592	* starts with a '.'.	592	* starts with a '.'.
593	* domain will be matched against the constraint as a suffix if it	593	* domain will be matched against the constraint as a suffix if it
@@ -651,10 +651,10 @@ x509_constraints_uri(uint8_t uri, size_t ulen, uint8_t constraint,
651	}	651	}
652		652
653	/*	653	/*
654	* Verify a validated address of size alen with a validated contraint	654	* Verify a validated address of size alen with a validated constraint
655	* of size constraint_len. returns 1 if matching, 0 if not.	655	* of size constraint_len. returns 1 if matching, 0 if not.
656	* Addresses are assumed to be pre-validated for a length of 4 and 8	656	* Addresses are assumed to be pre-validated for a length of 4 and 8
657	* respectively for ipv4 addreses and constraints, and a length of	657	* respectively for ipv4 addresses and constraints, and a length of
658	* 16 and 32 respectively for ipv6 address constraints by the caller.	658	* 16 and 32 respectively for ipv6 address constraints by the caller.
659	*/	659	*/
660	int	660	int
@@ -909,7 +909,7 @@ x509_constraints_extract_names(struct x509_constraints_names *names,
909	vname = NULL;	909	vname = NULL;
910	}	910	}
911	/*	911	/*
912	* Include the CN as a hostname to be checked againt	912	* Include the CN as a hostname to be checked against
913	* name constraints if it looks like a hostname.	913	* name constraints if it looks like a hostname.
914	*/	914	*/
915	while (include_cn &&	915	while (include_cn &&
@@ -1210,7 +1210,7 @@ x509_constraints_check(struct x509_constraints_names *names,
1210	/*	1210	/*
1211	* Walk a validated chain of X509 certs, starting at the leaf, and	1211	* Walk a validated chain of X509 certs, starting at the leaf, and
1212	* validate the name constraints in the chain. Intended for use with	1212	* validate the name constraints in the chain. Intended for use with
1213	* the legacy X509 validtion code in x509_vfy.c	1213	* the legacy X509 validation code in x509_vfy.c
1214	*	1214	*
1215	* returns 1 if the constraints are ok, 0 otherwise, setting error and	1215	* returns 1 if the constraints are ok, 0 otherwise, setting error and
1216	* depth	1216	* depth


diff --git a/src/lib/libcrypto/x509/x509_issuer_cache.c b/src/lib/libcrypto/x509/x509_issuer_cache.c index 4f78e1e69b..f7fbd54ca7 100644 --- a/src/lib/libcrypto/x509/x509_issuer_cache.c +++ b/src/lib/libcrypto/x509/x509_issuer_cache.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_issuer_cache.c,v 1.3 2022/06/27 14:23:40 beck Exp $ */	1	/* $OpenBSD: x509_issuer_cache.c,v 1.4 2022/12/26 07:18:53 jmc Exp $ */
2	/*	2	/*
3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
4	*	4	*
@@ -75,7 +75,7 @@ x509_issuer_cache_set_max(size_t max)
75		75
76	/*	76	/*
77	* Free the oldest entry in the issuer cache. Returns 1	77	* Free the oldest entry in the issuer cache. Returns 1
78	* if an entry was successfuly freed, 0 otherwise. Must	78	* if an entry was successfully freed, 0 otherwise. Must
79	* be called with x509_issuer_tree_mutex held.	79	* be called with x509_issuer_tree_mutex held.
80	*/	80	*/
81	void	81	void


diff --git a/src/lib/libcrypto/x509/x509_ncons.c b/src/lib/libcrypto/x509/x509_ncons.c index cc7f59cd0a..c7e4e6ed9f 100644 --- a/src/lib/libcrypto/x509/x509_ncons.c +++ b/src/lib/libcrypto/x509/x509_ncons.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_ncons.c,v 1.7 2022/11/26 16:08:55 tb Exp $ */	1	/* $OpenBSD: x509_ncons.c,v 1.8 2022/12/26 07:18:53 jmc Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project.	3	* project.
4	*/	4	*/
@@ -482,7 +482,7 @@ nc_email(ASN1_IA5STRING eml, ASN1_IA5STRING base)
482		482
483	if (!emlat)	483	if (!emlat)
484	return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;	484	return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
485	/* Special case: inital '.' is RHS match */	485	/* Special case: initial '.' is RHS match */
486	if (!baseat && (*baseptr == '.')) {	486	if (!baseat && (*baseptr == '.')) {
487	if (eml->length > base->length) {	487	if (eml->length > base->length) {
488	emlptr += eml->length - base->length;	488	emlptr += eml->length - base->length;
@@ -543,7 +543,7 @@ nc_uri(ASN1_IA5STRING uri, ASN1_IA5STRING base)
543	if (hostlen == 0)	543	if (hostlen == 0)
544	return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;	544	return X509_V_ERR_UNSUPPORTED_NAME_SYNTAX;
545		545
546	/* Special case: inital '.' is RHS match */	546	/* Special case: initial '.' is RHS match */
547	if (*baseptr == '.') {	547	if (*baseptr == '.') {
548	if (hostlen > base->length) {	548	if (hostlen > base->length) {
549	p = hostptr + hostlen - base->length;	549	p = hostptr + hostlen - base->length;


diff --git a/src/lib/libcrypto/x509/x509_utl.c b/src/lib/libcrypto/x509/x509_utl.c index 525939d4ca..aa18efe2c5 100644 --- a/src/lib/libcrypto/x509/x509_utl.c +++ b/src/lib/libcrypto/x509/x509_utl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_utl.c,v 1.4 2022/11/14 17:48:50 beck Exp $ */	1	/* $OpenBSD: x509_utl.c,v 1.5 2022/12/26 07:18:53 jmc Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project.	3	* project.
4	*/	4	*/
@@ -723,7 +723,7 @@ skip_prefix(const unsigned char *p, size_t plen, const unsigned char *subject,
723	* "equal_nocase" function is a hand-rolled strncasecmp that does not	723	* "equal_nocase" function is a hand-rolled strncasecmp that does not
724	* allow \0 in the pattern. Since an embedded \0 is likely a sign of	724	* allow \0 in the pattern. Since an embedded \0 is likely a sign of
725	* problems, we simply don't allow it in either case, and then we use	725	* problems, we simply don't allow it in either case, and then we use
726	* standard libc funcitons.	726	* standard libc functions.
727	*/	727	*/
728		728
729	/* Compare using strncasecmp */	729	/* Compare using strncasecmp */


diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index 9392b1f41e..f6c7c21f5f 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.c,v 1.109 2022/12/01 05:20:30 tb Exp $ */	1	/* $OpenBSD: x509_vfy.c,v 1.110 2022/12/26 07:18:53 jmc Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -312,7 +312,7 @@ X509_verify_cert_legacy_build_chain(X509_STORE_CTX ctx, int bad, int *out_ok)
312	if (ctx->untrusted != NULL) {	312	if (ctx->untrusted != NULL) {
313	/*	313	/*
314	* If we do not find a non-expired untrusted cert, peek	314	* If we do not find a non-expired untrusted cert, peek
315	* ahead and see if we can satisify this from the trusted	315	* ahead and see if we can satisfy this from the trusted
316	* store. If not, see if we have an expired untrusted cert.	316	* store. If not, see if we have an expired untrusted cert.
317	*/	317	*/
318	xtmp = find_issuer(ctx, sktmp, x, 0);	318	xtmp = find_issuer(ctx, sktmp, x, 0);


diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index 9a9d6c0a1c..27ed484291 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_vfy.h,v 1.56 2022/12/01 05:27:04 tb Exp $ */	1	/* $OpenBSD: x509_vfy.h,v 1.57 2022/12/26 07:18:53 jmc Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -255,7 +255,7 @@ void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth);
255	/* Do not check certificate or CRL validity against current time. */	255	/* Do not check certificate or CRL validity against current time. */
256	#define X509_V_FLAG_NO_CHECK_TIME 0x200000	256	#define X509_V_FLAG_NO_CHECK_TIME 0x200000
257		257
258	/* Force the use of the legacy certificate verifcation */	258	/* Force the use of the legacy certificate verification */
259	#define X509_V_FLAG_LEGACY_VERIFY 0x400000	259	#define X509_V_FLAG_LEGACY_VERIFY 0x400000
260		260
261	#define X509_VP_FLAG_DEFAULT 0x1	261	#define X509_VP_FLAG_DEFAULT 0x1


diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c index 14e2deb84f..19a253da4d 100644 --- a/src/lib/libcrypto/x509/x509name.c +++ b/src/lib/libcrypto/x509/x509name.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509name.c,v 1.29 2022/11/26 16:08:55 tb Exp $ */	1	/* $OpenBSD: x509name.c,v 1.30 2022/12/26 07:18:53 jmc Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -123,7 +123,7 @@ X509_NAME_get_index_by_NID(const X509_NAME *name, int nid, int lastpos)
123	}	123	}
124	LCRYPTO_ALIAS(X509_NAME_get_index_by_NID)	124	LCRYPTO_ALIAS(X509_NAME_get_index_by_NID)
125		125
126	/* NOTE: you should be passsing -1, not 0 as lastpos */	126	/* NOTE: you should be passing -1, not 0 as lastpos */
127	int	127	int
128	X509_NAME_get_index_by_OBJ(const X509_NAME name, const ASN1_OBJECT obj,	128	X509_NAME_get_index_by_OBJ(const X509_NAME name, const ASN1_OBJECT obj,
129	int lastpos)	129	int lastpos)