summaryrefslogtreecommitdiff
path: root/lib/libcrypto/x509
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2022-01-05 07:37:02 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2022-01-05 07:37:02 +0000
commit2785282f38ce0fac6579fbaa0401d728c856dd0d (patch)
tree637175da43f1e2ddcfd6fe9c79186e79d80f7cc0 /lib/libcrypto/x509
parent5b8ba8707857bd6c69b6f09887f7f914e281bb1b (diff)
Polish X509v3_addr_subset() a bit
Use child and parent instead of a and b. Split unrelated checks. Use accessors and assign to local variables to avoid ugly line wrapping. Declare vriables up front instead of mixing declarations with assignments from function returns. ok inoguchi jsing
Diffstat (limited to 'lib/libcrypto/x509')
-rw-r--r--lib/libcrypto/x509/x509_addr.c43
1 files changed, 28 insertions, 15 deletions
diff --git a/lib/libcrypto/x509/x509_addr.c b/lib/libcrypto/x509/x509_addr.c
index 80260dca108..705fc7df326 100644
--- a/lib/libcrypto/x509/x509_addr.c
+++ b/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_addr.c,v 1.60 2022/01/05 07:29:47 tb Exp $ */
+/* $OpenBSD: x509_addr.c,v 1.61 2022/01/05 07:37:01 tb Exp $ */
/*
* Contributed to the OpenSSL Project by the American Registry for
* Internet Numbers ("ARIN").
@@ -1678,24 +1678,37 @@ addr_contains(IPAddressOrRanges *parent, IPAddressOrRanges *child, int length)
* Test whether a is a subset of b.
*/
int
-X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+X509v3_addr_subset(IPAddrBlocks *child, IPAddrBlocks *parent)
{
- int i;
- if (a == NULL || a == b)
+ IPAddressFamily *fc, *fp;
+ IPAddressOrRanges *aorc, *aorp;
+ int i, j, length;
+
+ if (child == NULL || child == parent)
return 1;
- if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b))
+ if (parent == NULL)
+ return 0;
+
+ if (X509v3_addr_inherits(child) || X509v3_addr_inherits(parent))
return 0;
- (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
- for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
- IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
- int j = sk_IPAddressFamily_find(b, fa);
- IPAddressFamily *fb;
- fb = sk_IPAddressFamily_value(b, j);
- if (fb == NULL)
+
+ sk_IPAddressFamily_set_cmp_func(parent, IPAddressFamily_cmp);
+
+ for (i = 0; i < sk_IPAddressFamily_num(child); i++) {
+ fc = sk_IPAddressFamily_value(child, i);
+
+ j = sk_IPAddressFamily_find(parent, fc);
+ fp = sk_IPAddressFamily_value(parent, j);
+ if (fp == NULL)
return 0;
- if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
- fa->ipAddressChoice->u.addressesOrRanges,
- length_from_afi(X509v3_addr_get_afi(fb))))
+
+ if (!IPAddressFamily_afi_length(fp, &length))
+ return 0;
+
+ aorc = IPAddressFamily_addressesOrRanges(fc);
+ aorp = IPAddressFamily_addressesOrRanges(fp);
+
+ if (!addr_contains(aorp, aorc, length))
return 0;
}
return 1;