This moves two helper functions down so that the file starts with the code parsing ASIdentifiers, then the code dealing with IPAddrBlocks.
Index: cert.c =================================================================== RCS file: /cvs/src/usr.sbin/rpki-client/cert.c,v retrieving revision 1.74 diff -u -p -r1.74 cert.c --- cert.c 10 May 2022 16:43:53 -0000 1.74 +++ cert.c 10 May 2022 16:44:44 -0000 @@ -54,34 +54,6 @@ extern ASN1_OBJECT *manifest_oid; /* 1.3 extern ASN1_OBJECT *notify_oid; /* 1.3.6.1.5.5.7.48.13 (rpkiNotify) */ /* - * Append an IP address structure to our list of results. - * This will also constrain us to having at most one inheritance - * statement per AFI and also not have overlapping ranges (as prohibited - * in section 2.2.3.6). - * It does not make sure that ranges can't coalesce, that is, that any - * two ranges abut each other. - * This is warned against in section 2.2.3.6, but doesn't change the - * semantics of the system. - * Returns zero on failure (IP overlap) non-zero on success. - */ -static int -append_ip(struct parse *p, const struct cert_ip *ip) -{ - struct cert *res = p->res; - - if (!ip_addr_check_overlap(ip, p->fn, p->res->ips, p->res->ipsz)) - return 0; - if (res->ipsz >= MAX_IP_SIZE) - return 0; - res->ips = reallocarray(res->ips, res->ipsz + 1, - sizeof(struct cert_ip)); - if (res->ips == NULL) - err(1, NULL); - res->ips[res->ipsz++] = *ip; - return 1; -} - -/* * Append an AS identifier structure to our list of results. * Makes sure that the identifiers do not overlap or improperly inherit * as defined by RFC 3779 section 3.3. @@ -102,28 +74,6 @@ append_as(struct parse *p, const struct } /* - * Construct a RFC 3779 2.2.3.8 range from its bit string. - * Returns zero on failure, non-zero on success. - */ -static int -sbgp_addr(struct parse *p, struct cert_ip *ip, const ASN1_BIT_STRING *bs) -{ - if (!ip_addr_parse(bs, ip->afi, p->fn, &ip->ip)) { - warnx("%s: RFC 3779 section 2.2.3.8: IPAddress: " - "invalid IP address", p->fn); - return 0; - } - - if (!ip_cert_compose_ranges(ip)) { - warnx("%s: RFC 3779 section 2.2.3.8: IPAddress: " - "IP address range reversed", p->fn); - return 0; - } - - return append_ip(p, ip); -} - -/* * Parse a range of addresses as in 3.2.3.8. * Returns zero on failure, non-zero on success. */ @@ -414,6 +364,56 @@ out: sk_ASN1_TYPE_pop_free(sseq, ASN1_TYPE_free); free(sv); return rc; +} + +/* + * Append an IP address structure to our list of results. + * This will also constrain us to having at most one inheritance + * statement per AFI and also not have overlapping ranges (as prohibited + * in section 2.2.3.6). + * It does not make sure that ranges can't coalesce, that is, that any + * two ranges abut each other. + * This is warned against in section 2.2.3.6, but doesn't change the + * semantics of the system. + * Returns zero on failure (IP overlap) non-zero on success. + */ +static int +append_ip(struct parse *p, const struct cert_ip *ip) +{ + struct cert *res = p->res; + + if (!ip_addr_check_overlap(ip, p->fn, p->res->ips, p->res->ipsz)) + return 0; + if (res->ipsz >= MAX_IP_SIZE) + return 0; + res->ips = reallocarray(res->ips, res->ipsz + 1, + sizeof(struct cert_ip)); + if (res->ips == NULL) + err(1, NULL); + res->ips[res->ipsz++] = *ip; + return 1; +} + +/* + * Construct a RFC 3779 2.2.3.8 range from its bit string. + * Returns zero on failure, non-zero on success. + */ +static int +sbgp_addr(struct parse *p, struct cert_ip *ip, const ASN1_BIT_STRING *bs) +{ + if (!ip_addr_parse(bs, ip->afi, p->fn, &ip->ip)) { + warnx("%s: RFC 3779 section 2.2.3.8: IPAddress: " + "invalid IP address", p->fn); + return 0; + } + + if (!ip_cert_compose_ranges(ip)) { + warnx("%s: RFC 3779 section 2.2.3.8: IPAddress: " + "IP address range reversed", p->fn); + return 0; + } + + return append_ip(p, ip); } /*