diff options
Diffstat (limited to 'crypto/openssh/krl.c')
-rw-r--r-- | crypto/openssh/krl.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/crypto/openssh/krl.c b/crypto/openssh/krl.c index 3b4cded..eb31df9 100644 --- a/crypto/openssh/krl.c +++ b/crypto/openssh/krl.c @@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.c,v 1.14 2014/01/31 16:39:19 tedu Exp $ */ +/* $OpenBSD: krl.c,v 1.17 2014/06/24 01:13:21 djm Exp $ */ #include "includes.h" @@ -366,7 +366,7 @@ plain_key_blob(const Key *key, u_char **blob, u_int *blen) } r = key_to_blob(kcopy, blob, blen); free(kcopy); - return r == 0 ? -1 : 0; + return r; } /* Revoke a key blob. Ownership of blob is transferred to the tree */ @@ -394,7 +394,7 @@ ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const Key *key) u_int len; debug3("%s: revoke type %s", __func__, key_type(key)); - if (plain_key_blob(key, &blob, &len) != 0) + if (plain_key_blob(key, &blob, &len) < 0) return -1; return revoke_blob(&krl->revoked_keys, blob, len); } @@ -575,6 +575,7 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf) buffer_put_char(buf, state); buffer_put_string(buf, buffer_ptr(§), buffer_len(§)); + buffer_clear(§); } /* If we are starting a new section then prepare it now */ @@ -753,7 +754,8 @@ static int parse_revoked_certs(Buffer *buf, struct ssh_krl *krl) { int ret = -1, nbits; - u_char type, *blob; + u_char type; + const u_char *blob; u_int blen; Buffer subsect; u_int64_t serial, serial_lo, serial_hi; @@ -887,7 +889,8 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp, char timestamp[64]; int ret = -1, r, sig_seen; Key *key = NULL, **ca_used = NULL; - u_char type, *blob, *rdata = NULL; + u_char type, *rdata = NULL; + const u_char *blob; u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used; nca_used = 0; @@ -1127,7 +1130,7 @@ is_key_revoked(struct ssh_krl *krl, const Key *key) /* Next, explicit keys */ memset(&rb, 0, sizeof(rb)); - if (plain_key_blob(key, &rb.blob, &rb.len) != 0) + if (plain_key_blob(key, &rb.blob, &rb.len) < 0) return -1; erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); free(rb.blob); |