version 1.13, 2013/07/20 22:20:42 |
version 1.14, 2014/01/31 16:39:19 |
|
|
struct revoked_serial rs, *ers, *crs, *irs; |
struct revoked_serial rs, *ers, *crs, *irs; |
|
|
KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi)); |
KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi)); |
bzero(&rs, sizeof(rs)); |
memset(&rs, 0, sizeof(rs)); |
rs.lo = lo; |
rs.lo = lo; |
rs.hi = hi; |
rs.hi = hi; |
ers = RB_NFIND(revoked_serial_tree, rt, &rs); |
ers = RB_NFIND(revoked_serial_tree, rt, &rs); |
|
|
struct revoked_certs *rc; |
struct revoked_certs *rc; |
|
|
/* Check explicitly revoked hashes first */ |
/* Check explicitly revoked hashes first */ |
bzero(&rb, sizeof(rb)); |
memset(&rb, 0, sizeof(rb)); |
if ((rb.blob = key_fingerprint_raw(key, SSH_FP_SHA1, &rb.len)) == NULL) |
if ((rb.blob = key_fingerprint_raw(key, SSH_FP_SHA1, &rb.len)) == NULL) |
return -1; |
return -1; |
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb); |
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb); |
|
|
} |
} |
|
|
/* Next, explicit keys */ |
/* Next, explicit keys */ |
bzero(&rb, sizeof(rb)); |
memset(&rb, 0, sizeof(rb)); |
if (plain_key_blob(key, &rb.blob, &rb.len) != 0) |
if (plain_key_blob(key, &rb.blob, &rb.len) != 0) |
return -1; |
return -1; |
erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); |
erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); |
|
|
return 0; /* No entry for this CA */ |
return 0; /* No entry for this CA */ |
|
|
/* Check revocation by cert key ID */ |
/* Check revocation by cert key ID */ |
bzero(&rki, sizeof(rki)); |
memset(&rki, 0, sizeof(rki)); |
rki.key_id = key->cert->key_id; |
rki.key_id = key->cert->key_id; |
erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki); |
erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki); |
if (erki != NULL) { |
if (erki != NULL) { |
|
|
if (key_cert_is_legacy(key) || key->cert->serial == 0) |
if (key_cert_is_legacy(key) || key->cert->serial == 0) |
return 0; |
return 0; |
|
|
bzero(&rs, sizeof(rs)); |
memset(&rs, 0, sizeof(rs)); |
rs.lo = rs.hi = key->cert->serial; |
rs.lo = rs.hi = key->cert->serial; |
ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs); |
ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs); |
if (ers != NULL) { |
if (ers != NULL) { |