Polish X509v3_addr_subset() a bit

Use child and parent instead of a and b. Split unrelated checks. Use accessors and assign to local variables to avoid ugly line wrapping. Declare vriables up front instead of mixing declarations with assignments from function returns. ok inoguchi jsing
author: tb <> 2022-01-05 07:37:01 +0000
committer: tb <> 2022-01-05 07:37:01 +0000
commit: 1e2931f5b7e846111974b4afe7f6d0d5b2a761f3 (patch)
tree: e3846205d50c87d70d3173e00d42962a3abf4c19 /src/lib
parent: 89929e22962d742646fea54f6a21915e111903c8 (diff)
download: openbsd-1e2931f5b7e846111974b4afe7f6d0d5b2a761f3.tar.gz
openbsd-1e2931f5b7e846111974b4afe7f6d0d5b2a761f3.tar.bz2
openbsd-1e2931f5b7e846111974b4afe7f6d0d5b2a761f3.zip
1 files changed, 28 insertions, 15 deletions
diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c
index 80260dca10..705fc7df32 100644
--- a/src/lib/libcrypto/x509/x509_addr.c
+++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_addr.c,v 1.60 2022/01/05 07:29:47 tb Exp $ */
+/*      $OpenBSD: x509_addr.c,v 1.61 2022/01/05 07:37:01 tb Exp $ */
 /*
 * Contributed to the OpenSSL Project by the American Registry for
 * Internet Numbers ("ARIN").
@@ -1678,24 +1678,37 @@ addr_contains(IPAddressOrRanges *parent, IPAddressOrRanges *child, int length)
 * Test whether a is a subset of b.
 */
 int
-X509v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
+X509v3_addr_subset(IPAddrBlocks *child, IPAddrBlocks *parent)
 {
-        int i;
+        IPAddressFamily *fc, *fp;
-        if (a == NULL || a == b)
+        IPAddressOrRanges *aorc, *aorp;
+        int i, j, length;
+        if (child == NULL || child == parent)
                return 1;
-        if (b == NULL || X509v3_addr_inherits(a) || X509v3_addr_inherits(b))
+        if (parent == NULL)
+                return 0;
+        if (X509v3_addr_inherits(child) || X509v3_addr_inherits(parent))
                return 0;
-        (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
-        for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
+        sk_IPAddressFamily_set_cmp_func(parent, IPAddressFamily_cmp);
-                IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
-                int j = sk_IPAddressFamily_find(b, fa);
+        for (i = 0; i < sk_IPAddressFamily_num(child); i++) {
-                IPAddressFamily *fb;
+                fc = sk_IPAddressFamily_value(child, i);
-                fb = sk_IPAddressFamily_value(b, j);
-                if (fb == NULL)
+                j = sk_IPAddressFamily_find(parent, fc);
+                fp = sk_IPAddressFamily_value(parent, j);
+                if (fp == NULL)
                        return 0;
-                if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
-                    fa->ipAddressChoice->u.addressesOrRanges,
+                if (!IPAddressFamily_afi_length(fp, &length))
-                    length_from_afi(X509v3_addr_get_afi(fb))))
+                        return 0;
+                aorc = IPAddressFamily_addressesOrRanges(fc);
+                aorp = IPAddressFamily_addressesOrRanges(fp);
+                if (!addr_contains(aorp, aorc, length))
                        return 0;
        }
        return 1;
author	tb <>	2022-01-05 07:37:01 +0000
committer	tb <>	2022-01-05 07:37:01 +0000
commit	1e2931f5b7e846111974b4afe7f6d0d5b2a761f3 (patch)
tree	e3846205d50c87d70d3173e00d42962a3abf4c19 /src/lib
parent	89929e22962d742646fea54f6a21915e111903c8 (diff)
download	openbsd-1e2931f5b7e846111974b4afe7f6d0d5b2a761f3.tar.gz openbsd-1e2931f5b7e846111974b4afe7f6d0d5b2a761f3.tar.bz2 openbsd-1e2931f5b7e846111974b4afe7f6d0d5b2a761f3.zip

diff --git a/src/lib/libcrypto/x509/x509_addr.c b/src/lib/libcrypto/x509/x509_addr.c index 80260dca10..705fc7df32 100644 --- a/src/lib/libcrypto/x509/x509_addr.c +++ b/src/lib/libcrypto/x509/x509_addr.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_addr.c,v 1.60 2022/01/05 07:29:47 tb Exp $ */	1	/* $OpenBSD: x509_addr.c,v 1.61 2022/01/05 07:37:01 tb Exp $ */
2	/*	2	/*
3	* Contributed to the OpenSSL Project by the American Registry for	3	* Contributed to the OpenSSL Project by the American Registry for
4	* Internet Numbers ("ARIN").	4	* Internet Numbers ("ARIN").
@@ -1678,24 +1678,37 @@ addr_contains(IPAddressOrRanges parent, IPAddressOrRanges child, int length)
1678	* Test whether a is a subset of b.	1678	* Test whether a is a subset of b.
1679	*/	1679	*/
1680	int	1680	int
1681	X509v3_addr_subset(IPAddrBlocks a, IPAddrBlocks b)	1681	X509v3_addr_subset(IPAddrBlocks child, IPAddrBlocks parent)
1682	{	1682	{
1683	int i;	1683	IPAddressFamily fc, fp;
1684	if (a == NULL \|\| a == b)	1684	IPAddressOrRanges aorc, aorp;
		1685	int i, j, length;
		1686
		1687	if (child == NULL \|\| child == parent)
1685	return 1;	1688	return 1;
1686	if (b == NULL \|\| X509v3_addr_inherits(a) \|\| X509v3_addr_inherits(b))	1689	if (parent == NULL)
		1690	return 0;
		1691
		1692	if (X509v3_addr_inherits(child) \|\| X509v3_addr_inherits(parent))
1687	return 0;	1693	return 0;
1688	(void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);	1694
1689	for (i = 0; i < sk_IPAddressFamily_num(a); i++) {	1695	sk_IPAddressFamily_set_cmp_func(parent, IPAddressFamily_cmp);
1690	IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);	1696
1691	int j = sk_IPAddressFamily_find(b, fa);	1697	for (i = 0; i < sk_IPAddressFamily_num(child); i++) {
1692	IPAddressFamily *fb;	1698	fc = sk_IPAddressFamily_value(child, i);
1693	fb = sk_IPAddressFamily_value(b, j);	1699
1694	if (fb == NULL)	1700	j = sk_IPAddressFamily_find(parent, fc);
		1701	fp = sk_IPAddressFamily_value(parent, j);
		1702	if (fp == NULL)
1695	return 0;	1703	return 0;
1696	if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,	1704
1697	fa->ipAddressChoice->u.addressesOrRanges,	1705	if (!IPAddressFamily_afi_length(fp, &length))
1698	length_from_afi(X509v3_addr_get_afi(fb))))	1706	return 0;
		1707
		1708	aorc = IPAddressFamily_addressesOrRanges(fc);
		1709	aorp = IPAddressFamily_addressesOrRanges(fp);
		1710
		1711	if (!addr_contains(aorp, aorc, length))
1699	return 0;	1712	return 0;
1700	}	1713	}
1701	return 1;	1714	return 1;