On Wed, May 11, 2022 at 06:54:32PM +0200, Claudio Jeker wrote:
> I took the liberty and refactored the sbgp_assysnum() code a bit more.
>
> Main goal is to replace the reallocarray() in append_as() with an upfront
> calloc() call since now the size is known. Also I decided to collaps
> sbgp_asnum() into sbgp_assysnum().
>
Cool. As you can imagine, this quite close to some diffs I have in my
tree :)
I haven't thought about getting rid of the reallocarray() yet. I like
this approach a lot.
ok tb
> One could also inline the now very simple append_as() but I guess the
> compiler already does that for us.
I also considered removing the overlap and other checks. At this point
we know that the extension is in canonical form thanks to the early
caching (OpenSSL would need an extra X509v3_asid_is_canonical() call).
If the RFC 3779 ideas in the RSC draft materialize, everything after
the successful X509V3_EXT_d2i() call until the end should end up in a
function of the form
int
sbgp_parse_asidentifiers(const char *fn, struct cert_as **as, size_t *asz,
const ASIdentifiers *asidentifiers)
(maybe no const so that it can free asidentifiers itself).
This way we can call it from the cert and the RSC side and get rid of
all the XXX. Assuming we do the same IPAddrBlocks, of course.
