1 files changed, 30 insertions, 12 deletions
diff --git a/src/lib/libcrypto/x509/x509_asid.c b/src/lib/libcrypto/x509/x509_asid.c
index 514b88bc0e..5967e26d4d 100644
--- a/src/lib/libcrypto/x509/x509_asid.c
+++ b/src/lib/libcrypto/x509/x509_asid.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: x509_asid.c,v 1.32 2022/04/21 05:06:07 tb Exp $ */
+/*      $OpenBSD: x509_asid.c,v 1.33 2022/05/12 19:56:43 tb Exp $ */
 /*
 * Contributed to the OpenSSL Project by the American Registry for
 * Internet Numbers ("ARIN").
@@ -944,20 +944,38 @@ asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
 }
 /*
- * Test whether a is a subset of b.
+ * Test whether child is a subset of parent.
 */
 int
-X509v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
+X509v3_asid_subset(ASIdentifiers *child, ASIdentifiers *parent)
 {
-        return (a == NULL ||
+        if (child == NULL || child == parent)
-            a == b ||
+                return 1;
-            (b != NULL &&
+        if (parent == NULL)
-             !X509v3_asid_inherits(a) &&
+                return 0;
-             !X509v3_asid_inherits(b) &&
-             asid_contains(b->asnum->u.asIdsOrRanges,
+        if (X509v3_asid_inherits(child) || X509v3_asid_inherits(parent))
-             a->asnum->u.asIdsOrRanges) &&
+                return 0;
-             asid_contains(b->rdi->u.asIdsOrRanges,
-             a->rdi->u.asIdsOrRanges)));
+        if (child->asnum != NULL) {
+                if (parent->asnum == NULL)
+                        return 0;
+                if (!asid_contains(parent->asnum->u.asIdsOrRanges,
+                    child->asnum->u.asIdsOrRanges))
+                        return 0;
+        }
+        if (child->rdi != NULL) {
+                if (parent->rdi == NULL)
+                        return 0;
+                if (!asid_contains(parent->rdi->u.asIdsOrRanges,
+                    child->rdi->u.asIdsOrRanges))
+                        return 0;
+        }
+        return 1;
 }
 /*

diff --git a/src/lib/libcrypto/x509/x509_asid.c b/src/lib/libcrypto/x509/x509_asid.c index 514b88bc0e..5967e26d4d 100644 --- a/src/lib/libcrypto/x509/x509_asid.c +++ b/src/lib/libcrypto/x509/x509_asid.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: x509_asid.c,v 1.32 2022/04/21 05:06:07 tb Exp $ */	1	/* $OpenBSD: x509_asid.c,v 1.33 2022/05/12 19:56:43 tb Exp $ */
2	/*	2	/*
3	* Contributed to the OpenSSL Project by the American Registry for	3	* Contributed to the OpenSSL Project by the American Registry for
4	* Internet Numbers ("ARIN").	4	* Internet Numbers ("ARIN").
@@ -944,20 +944,38 @@ asid_contains(ASIdOrRanges parent, ASIdOrRanges child)
944	}	944	}
945		945
946	/*	946	/*
947	* Test whether a is a subset of b.	947	* Test whether child is a subset of parent.
948	*/	948	*/
949	int	949	int
950	X509v3_asid_subset(ASIdentifiers a, ASIdentifiers b)	950	X509v3_asid_subset(ASIdentifiers child, ASIdentifiers parent)
951	{	951	{
952	return (a == NULL \|\|	952	if (child == NULL \|\| child == parent)
953	a == b \|\|	953	return 1;
954	(b != NULL &&	954	if (parent == NULL)
955	!X509v3_asid_inherits(a) &&	955	return 0;
956	!X509v3_asid_inherits(b) &&	956
957	asid_contains(b->asnum->u.asIdsOrRanges,	957	if (X509v3_asid_inherits(child) \|\| X509v3_asid_inherits(parent))
958	a->asnum->u.asIdsOrRanges) &&	958	return 0;
959	asid_contains(b->rdi->u.asIdsOrRanges,	959
960	a->rdi->u.asIdsOrRanges)));	960	if (child->asnum != NULL) {
		961	if (parent->asnum == NULL)
		962	return 0;
		963
		964	if (!asid_contains(parent->asnum->u.asIdsOrRanges,
		965	child->asnum->u.asIdsOrRanges))
		966	return 0;
		967	}
		968
		969	if (child->rdi != NULL) {
		970	if (parent->rdi == NULL)
		971	return 0;
		972
		973	if (!asid_contains(parent->rdi->u.asIdsOrRanges,
		974	child->rdi->u.asIdsOrRanges))
		975	return 0;
		976	}
		977
		978	return 1;
961	}	979	}
962		980
963	/*	981	/*