From 77e48307e8ee8bc9ef7f30437e02eef189545570 Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 7 Jan 2024 16:22:46 +0000 Subject: [PATCH] purpose/trust: Improve comments about COUNT/MAX confusion --- lib/libcrypto/x509/x509_purp.c | 7 +++++-- lib/libcrypto/x509/x509_trs.c | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/libcrypto/x509/x509_purp.c b/lib/libcrypto/x509/x509_purp.c index dbae7bcb7c0..35f20e2bc38 100644 --- a/lib/libcrypto/x509/x509_purp.c +++ b/lib/libcrypto/x509/x509_purp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_purp.c,v 1.34 2024/01/06 17:17:08 tb Exp $ */ +/* $OpenBSD: x509_purp.c,v 1.35 2024/01/07 16:22:46 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2001. */ @@ -232,7 +232,10 @@ LCRYPTO_ALIAS(X509_PURPOSE_get_by_sname); int X509_PURPOSE_get_by_id(int purpose) { - /* X509_PURPOSE_MIN == 1, so the bounds are correct. */ + /* + * Ensure the purpose identifier is between MIN and MAX inclusive. + * If so, translate it to an index into the xstandard[] table. + */ if (purpose < X509_PURPOSE_MIN || purpose > X509_PURPOSE_MAX) return -1; diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index e3a20e22b0d..6e98eb27852 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_trs.c,v 1.33 2024/01/07 14:50:45 tb Exp $ */ +/* $OpenBSD: x509_trs.c,v 1.34 2024/01/07 16:22:46 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -191,7 +191,10 @@ LCRYPTO_ALIAS(X509_TRUST_get0); int X509_TRUST_get_by_id(int id) { - /* X509_TRUST_MIN == 1, so the bounds are correct. */ + /* + * Ensure the trust identifier is between MIN and MAX inclusive. + * If so, translate it into an index into the trstandard[] table. + */ if (id < X509_TRUST_MIN && id > X509_TRUST_MAX) return -1; -- 2.20.1