| 14 |
|
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| 15 |
|
*/ |
| 16 |
|
|
| 17 |
< |
/* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */ |
| 17 |
> |
/* $OpenBSD: krl.c,v 1.14 2014/01/31 16:39:19 tedu Exp $ */ |
| 18 |
|
|
| 19 |
|
#include "includes.h" |
| 20 |
|
|
| 238 |
|
struct revoked_serial rs, *ers, *crs, *irs; |
| 239 |
|
|
| 240 |
|
KRL_DBG(("%s: insert %llu:%llu", __func__, lo, hi)); |
| 241 |
< |
bzero(&rs, sizeof(rs)); |
| 241 |
> |
memset(&rs, 0, sizeof(rs)); |
| 242 |
|
rs.lo = lo; |
| 243 |
|
rs.hi = hi; |
| 244 |
|
ers = RB_NFIND(revoked_serial_tree, rt, &rs); |
| 1115 |
|
struct revoked_certs *rc; |
| 1116 |
|
|
| 1117 |
|
/* Check explicitly revoked hashes first */ |
| 1118 |
< |
bzero(&rb, sizeof(rb)); |
| 1118 |
> |
memset(&rb, 0, sizeof(rb)); |
| 1119 |
|
if ((rb.blob = key_fingerprint_raw(key, SSH_FP_SHA1, &rb.len)) == NULL) |
| 1120 |
|
return -1; |
| 1121 |
|
erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb); |
| 1126 |
|
} |
| 1127 |
|
|
| 1128 |
|
/* Next, explicit keys */ |
| 1129 |
< |
bzero(&rb, sizeof(rb)); |
| 1129 |
> |
memset(&rb, 0, sizeof(rb)); |
| 1130 |
|
if (plain_key_blob(key, &rb.blob, &rb.len) != 0) |
| 1131 |
|
return -1; |
| 1132 |
|
erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); |
| 1147 |
|
return 0; /* No entry for this CA */ |
| 1148 |
|
|
| 1149 |
|
/* Check revocation by cert key ID */ |
| 1150 |
< |
bzero(&rki, sizeof(rki)); |
| 1150 |
> |
memset(&rki, 0, sizeof(rki)); |
| 1151 |
|
rki.key_id = key->cert->key_id; |
| 1152 |
|
erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki); |
| 1153 |
|
if (erki != NULL) { |
| 1162 |
|
if (key_cert_is_legacy(key) || key->cert->serial == 0) |
| 1163 |
|
return 0; |
| 1164 |
|
|
| 1165 |
< |
bzero(&rs, sizeof(rs)); |
| 1165 |
> |
memset(&rs, 0, sizeof(rs)); |
| 1166 |
|
rs.lo = rs.hi = key->cert->serial; |
| 1167 |
|
ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs); |
| 1168 |
|
if (ers != NULL) { |
