summaryrefslogtreecommitdiff
path: root/krl.c
diff options
context:
space:
mode:
Diffstat (limited to 'krl.c')
-rw-r--r--krl.c36
1 files changed, 22 insertions, 14 deletions
diff --git a/krl.c b/krl.c
index 0d9bb5411..b2d0354f2 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17/* $OpenBSD: krl.c,v 1.10 2013/02/19 02:12:47 dtucker Exp $ */ 17/* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */
18 18
19#include "includes.h" 19#include "includes.h"
20 20
@@ -502,8 +502,11 @@ choose_next_state(int current_state, u_int64_t contig, int final,
502 } 502 }
503 debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:" 503 debug3("%s: contig %llu last_gap %llu next_gap %llu final %d, costs:"
504 "list %llu range %llu bitmap %llu new bitmap %llu, " 504 "list %llu range %llu bitmap %llu new bitmap %llu, "
505 "selected 0x%02x%s", __func__, contig, last_gap, next_gap, final, 505 "selected 0x%02x%s", __func__, (long long unsigned)contig,
506 cost_list, cost_range, cost_bitmap, cost_bitmap_restart, new_state, 506 (long long unsigned)last_gap, (long long unsigned)next_gap, final,
507 (long long unsigned)cost_list, (long long unsigned)cost_range,
508 (long long unsigned)cost_bitmap,
509 (long long unsigned)cost_bitmap_restart, new_state,
507 *force_new_section ? " restart" : ""); 510 *force_new_section ? " restart" : "");
508 return new_state; 511 return new_state;
509} 512}
@@ -539,7 +542,8 @@ revoked_certs_generate(struct revoked_certs *rc, Buffer *buf)
539 rs != NULL; 542 rs != NULL;
540 rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) { 543 rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) {
541 debug3("%s: serial %llu:%llu state 0x%02x", __func__, 544 debug3("%s: serial %llu:%llu state 0x%02x", __func__,
542 rs->lo, rs->hi, state); 545 (long long unsigned)rs->lo, (long long unsigned)rs->hi,
546 state);
543 547
544 /* Check contiguous length and gap to next section (if any) */ 548 /* Check contiguous length and gap to next section (if any) */
545 nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs); 549 nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs);
@@ -883,9 +887,10 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
883 char timestamp[64]; 887 char timestamp[64];
884 int ret = -1, r, sig_seen; 888 int ret = -1, r, sig_seen;
885 Key *key = NULL, **ca_used = NULL; 889 Key *key = NULL, **ca_used = NULL;
886 u_char type, *blob; 890 u_char type, *blob, *rdata = NULL;
887 u_int i, j, sig_off, sects_off, blen, format_version, nca_used = 0; 891 u_int i, j, sig_off, sects_off, rlen, blen, format_version, nca_used;
888 892
893 nca_used = 0;
889 *krlp = NULL; 894 *krlp = NULL;
890 if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 || 895 if (buffer_len(buf) < sizeof(KRL_MAGIC) - 1 ||
891 memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) { 896 memcmp(buffer_ptr(buf), KRL_MAGIC, sizeof(KRL_MAGIC) - 1) != 0) {
@@ -928,8 +933,9 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
928 } 933 }
929 934
930 format_timestamp(krl->generated_date, timestamp, sizeof(timestamp)); 935 format_timestamp(krl->generated_date, timestamp, sizeof(timestamp));
931 debug("KRL version %llu generated at %s%s%s", krl->krl_version, 936 debug("KRL version %llu generated at %s%s%s",
932 timestamp, *krl->comment ? ": " : "", krl->comment); 937 (long long unsigned)krl->krl_version, timestamp,
938 *krl->comment ? ": " : "", krl->comment);
933 939
934 /* 940 /*
935 * 1st pass: verify signatures, if any. This is done to avoid 941 * 1st pass: verify signatures, if any. This is done to avoid
@@ -967,7 +973,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
967 } 973 }
968 /* Check signature over entire KRL up to this point */ 974 /* Check signature over entire KRL up to this point */
969 if (key_verify(key, blob, blen, 975 if (key_verify(key, blob, blen,
970 buffer_ptr(buf), buffer_len(buf) - sig_off) == -1) { 976 buffer_ptr(buf), buffer_len(buf) - sig_off) != 1) {
971 error("bad signaure on KRL"); 977 error("bad signaure on KRL");
972 goto out; 978 goto out;
973 } 979 }
@@ -1010,21 +1016,22 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
1010 case KRL_SECTION_EXPLICIT_KEY: 1016 case KRL_SECTION_EXPLICIT_KEY:
1011 case KRL_SECTION_FINGERPRINT_SHA1: 1017 case KRL_SECTION_FINGERPRINT_SHA1:
1012 while (buffer_len(&sect) > 0) { 1018 while (buffer_len(&sect) > 0) {
1013 if ((blob = buffer_get_string_ret(&sect, 1019 if ((rdata = buffer_get_string_ret(&sect,
1014 &blen)) == NULL) { 1020 &rlen)) == NULL) {
1015 error("%s: buffer error", __func__); 1021 error("%s: buffer error", __func__);
1016 goto out; 1022 goto out;
1017 } 1023 }
1018 if (type == KRL_SECTION_FINGERPRINT_SHA1 && 1024 if (type == KRL_SECTION_FINGERPRINT_SHA1 &&
1019 blen != 20) { 1025 rlen != 20) {
1020 error("%s: bad SHA1 length", __func__); 1026 error("%s: bad SHA1 length", __func__);
1021 goto out; 1027 goto out;
1022 } 1028 }
1023 if (revoke_blob( 1029 if (revoke_blob(
1024 type == KRL_SECTION_EXPLICIT_KEY ? 1030 type == KRL_SECTION_EXPLICIT_KEY ?
1025 &krl->revoked_keys : &krl->revoked_sha1s, 1031 &krl->revoked_keys : &krl->revoked_sha1s,
1026 blob, blen) != 0) 1032 rdata, rlen) != 0)
1027 goto out; /* revoke_blob frees blob */ 1033 goto out;
1034 rdata = NULL; /* revoke_blob frees blob */
1028 } 1035 }
1029 break; 1036 break;
1030 case KRL_SECTION_SIGNATURE: 1037 case KRL_SECTION_SIGNATURE:
@@ -1090,6 +1097,7 @@ ssh_krl_from_blob(Buffer *buf, struct ssh_krl **krlp,
1090 key_free(ca_used[i]); 1097 key_free(ca_used[i]);
1091 } 1098 }
1092 free(ca_used); 1099 free(ca_used);
1100 free(rdata);
1093 if (key != NULL) 1101 if (key != NULL)
1094 key_free(key); 1102 key_free(key);
1095 buffer_free(&copy); 1103 buffer_free(&copy);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-13 12:04:22 +0000