diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2022-01-05 07:37:02 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2022-01-05 07:37:02 +0000 |
commit | 2785282f38ce0fac6579fbaa0401d728c856dd0d (patch) | |
tree | 637175da43f1e2ddcfd6fe9c79186e79d80f7cc0 /lib/libcrypto/x509 | |
parent | 5b8ba8707857bd6c69b6f09887f7f914e281bb1b (diff) |
Polish X509v3_addr_subset() a bit
Use child and parent instead of a and b. Split unrelated checks. Use
accessors and assign to local variables to avoid ugly line wrapping.
Declare vriables up front instead of mixing declarations with
assignments from function returns.
ok inoguchi jsing
Diffstat (limited to 'lib/libcrypto/x509')
-rw-r--r-- | lib/libcrypto/x509/x509_addr.c | 43 |
1 files changed, 28 insertions, 15 deletions
diff --git a/lib/libcrypto/x509/x509_addr.c b/lib/libcrypto/x509/x509_addr.c index 80260dca108..705fc7df326 100644 --- a/lib/libcrypto/x509/x509_addr.c +++ b/lib/libcrypto/x509/x509_addr.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_addr.c,v 1.60 2022/01/05 07:29:47 tb Exp $ */ +/* $OpenBSD: x509_addr.c,v 1.61 2022/01/05 07:37:01 tb Exp $ */ /* * Contributed to the OpenSSL Project by the American Registry for * Internet Numbers ("ARIN"). @@ -1678,24 +1678,37 @@ addr_contains(IPAddressOrRanges *parent, IPAddressOrRanges *child, int length) * Test whether a is a subset of b. */ int -X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b) +X509v3_addr_subset(IPAddrBlocks *child, IPAddrBlocks *parent) { - int i; - if (a == NULL || a == b) + IPAddressFamily *fc, *fp; + IPAddressOrRanges *aorc, *aorp; + int i, j, length; + + if (child == NULL || child == parent) return 1; - if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b)) + if (parent == NULL) + return 0; + + if (X509v3_addr_inherits(child) || X509v3_addr_inherits(parent)) return 0; - (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp); - for (i = 0; i < sk_IPAddressFamily_num(a); i++) { - IPAddressFamily *fa = sk_IPAddressFamily_value(a, i); - int j = sk_IPAddressFamily_find(b, fa); - IPAddressFamily *fb; - fb = sk_IPAddressFamily_value(b, j); - if (fb == NULL) + + sk_IPAddressFamily_set_cmp_func(parent, IPAddressFamily_cmp); + + for (i = 0; i < sk_IPAddressFamily_num(child); i++) { + fc = sk_IPAddressFamily_value(child, i); + + j = sk_IPAddressFamily_find(parent, fc); + fp = sk_IPAddressFamily_value(parent, j); + if (fp == NULL) return 0; - if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, - fa->ipAddressChoice->u.addressesOrRanges, - length_from_afi(X509v3_addr_get_afi(fb)))) + + if (!IPAddressFamily_afi_length(fp, &length)) + return 0; + + aorc = IPAddressFamily_addressesOrRanges(fc); + aorp = IPAddressFamily_addressesOrRanges(fp); + + if (!addr_contains(aorp, aorc, length)) return 0; } return 1; |