1 files changed, 28 insertions, 11 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index d3cdebba25..e80ba35661 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_addr.c,v 1.54 2022/01/04 20:23:05 tb Exp $ */
+/*      $OpenBSD: x509_addr.c,v 1.55 2022/01/04 20:30:30 tb Exp $ */
 /*
 * Contributed to the OpenSSL Project by the American Registry for
 * Internet Numbers ("ARIN").
@@ -1060,6 +1060,23 @@ X509v3_addr_add_range(IPAddrBlocks *addr, const unsigned afi,
        return 1;
 }
+static int
+extract_min_max_bitstr(IPAddressOrRange *aor, ASN1_BIT_STRING **out_min,
+    ASN1_BIT_STRING **out_max)
+{
+        switch (aor->type) {
+        case IPAddressOrRange_addressPrefix:
+                *out_min = *out_max = aor->u.addressPrefix;
+                return 1;
+        case IPAddressOrRange_addressRange:
+                *out_min = aor->u.addressRange->min;
+                *out_max = aor->u.addressRange->max;
+                return 1;
+        default:
+                return 0;
+        }
+}
 /*
 * Extract min and max values from an IPAddressOrRange.
 */
@@ -1067,18 +1084,18 @@ static int
 extract_min_max(IPAddressOrRange *aor, unsigned char *min, unsigned char *max,
    int length)
 {
+        ASN1_BIT_STRING *min_bitstr, *max_bitstr;
        if (aor == NULL || min == NULL || max == NULL)
                return 0;
-        switch (aor->type) {
-        case IPAddressOrRange_addressPrefix:
+        if (!extract_min_max_bitstr(aor, &min_bitstr, &max_bitstr))
-                return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
+                return 0;
-                    addr_expand(max, aor->u.addressPrefix, length, 0xff));
-        case IPAddressOrRange_addressRange:
+        if (!addr_expand(min, min_bitstr, length, 0))
-                return (addr_expand(min, aor->u.addressRange->min, length,
+                return 0;
-                    0x00) &&
-                    addr_expand(max, aor->u.addressRange->max, length, 0xff));
+        return addr_expand(max, max_bitstr, length, 1);
-        }
-        return 0;
 }
 /*

diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index d3cdebba25..e80ba35661 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_addr.c,v 1.54 2022/01/04 20:23:05 tb Exp $ */	1	/* $OpenBSD: x509_addr.c,v 1.55 2022/01/04 20:30:30 tb Exp $ */
2	/*	2	/*
3	* Contributed to the OpenSSL Project by the American Registry for	3	* Contributed to the OpenSSL Project by the American Registry for
4	* Internet Numbers ("ARIN").	4	* Internet Numbers ("ARIN").
@@ -1060,6 +1060,23 @@ X509v3_addr_add_range(IPAddrBlocks *addr, const unsigned afi,
1060	return 1;	1060	return 1;
1061	}	1061	}
1062		1062
		1063	static int
		1064	extract_min_max_bitstr(IPAddressOrRange aor, ASN1_BIT_STRING *out_min,
		1065	ASN1_BIT_STRING **out_max)
		1066	{
		1067	switch (aor->type) {
		1068	case IPAddressOrRange_addressPrefix:
		1069	out_min = out_max = aor->u.addressPrefix;
		1070	return 1;
		1071	case IPAddressOrRange_addressRange:
		1072	*out_min = aor->u.addressRange->min;
		1073	*out_max = aor->u.addressRange->max;
		1074	return 1;
		1075	default:
		1076	return 0;
		1077	}
		1078	}
		1079
1063	/*	1080	/*
1064	* Extract min and max values from an IPAddressOrRange.	1081	* Extract min and max values from an IPAddressOrRange.
1065	*/	1082	*/
@@ -1067,18 +1084,18 @@ static int
1067	extract_min_max(IPAddressOrRange aor, unsigned char min, unsigned char *max,	1084	extract_min_max(IPAddressOrRange aor, unsigned char min, unsigned char *max,
1068	int length)	1085	int length)
1069	{	1086	{
		1087	ASN1_BIT_STRING min_bitstr, max_bitstr;
		1088
1070	if (aor == NULL \|\| min == NULL \|\| max == NULL)	1089	if (aor == NULL \|\| min == NULL \|\| max == NULL)
1071	return 0;	1090	return 0;
1072	switch (aor->type) {	1091
1073	case IPAddressOrRange_addressPrefix:	1092	if (!extract_min_max_bitstr(aor, &min_bitstr, &max_bitstr))
1074	return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&	1093	return 0;
1075	addr_expand(max, aor->u.addressPrefix, length, 0xff));	1094
1076	case IPAddressOrRange_addressRange:	1095	if (!addr_expand(min, min_bitstr, length, 0))
1077	return (addr_expand(min, aor->u.addressRange->min, length,	1096	return 0;
1078	0x00) &&	1097
1079	addr_expand(max, aor->u.addressRange->max, length, 0xff));	1098	return addr_expand(max, max_bitstr, length, 1);
1080	}
1081	return 0;
1082	}	1099	}
1083		1100
1084	/*	1101	/*