147 revoked_certs_free(struct revoked_certs *rc)  in revoked_certs_free()  argument
152 	RB_FOREACH_SAFE(rs, revoked_serial_tree, &rc->revoked_serials, trs) {  in revoked_certs_free()
153 		RB_REMOVE(revoked_serial_tree, &rc->revoked_serials, rs);  in revoked_certs_free()
156 	RB_FOREACH_SAFE(rki, revoked_key_id_tree, &rc->revoked_key_ids, trki) {  in revoked_certs_free()
157 		RB_REMOVE(revoked_key_id_tree, &rc->revoked_key_ids, rki);  in revoked_certs_free()
161 	sshkey_free(rc->ca_key);  in revoked_certs_free()
168 	struct revoked_certs *rc, *trc;  in ssh_krl_free()  local
189 	TAILQ_FOREACH_SAFE(rc, &krl->revoked_certs, entry, trc) {  in ssh_krl_free()
190 		TAILQ_REMOVE(&krl->revoked_certs, rc, entry);  in ssh_krl_free()
191 		revoked_certs_free(rc);  in ssh_krl_free()
219 	struct revoked_certs *rc;  in revoked_certs_for_ca_key()  local
223 	TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {  in revoked_certs_for_ca_key()
224 		if ((ca_key == NULL && rc->ca_key == NULL) ||  in revoked_certs_for_ca_key()
225 		    sshkey_equal(rc->ca_key, ca_key)) {  in revoked_certs_for_ca_key()
226 			*rcp = rc;  in revoked_certs_for_ca_key()
233 	if ((rc = calloc(1, sizeof(*rc))) == NULL)  in revoked_certs_for_ca_key()
236 		rc->ca_key = NULL;  in revoked_certs_for_ca_key()
237 	else if ((r = sshkey_from_private(ca_key, &rc->ca_key)) != 0) {  in revoked_certs_for_ca_key()
238 		free(rc);  in revoked_certs_for_ca_key()
241 	RB_INIT(&rc->revoked_serials);  in revoked_certs_for_ca_key()
242 	RB_INIT(&rc->revoked_key_ids);  in revoked_certs_for_ca_key()
243 	TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry);  in revoked_certs_for_ca_key()
245 	*rcp = rc;  in revoked_certs_for_ca_key()
330 	struct revoked_certs *rc;  in ssh_krl_revoke_cert_by_serial_range()  local
335 	if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0)  in ssh_krl_revoke_cert_by_serial_range()
337 	return insert_serial_range(&rc->revoked_serials, lo, hi);  in ssh_krl_revoke_cert_by_serial_range()
345 	struct revoked_certs *rc;  in ssh_krl_revoke_cert_by_key_id()  local
348 	if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0)  in ssh_krl_revoke_cert_by_key_id()
357 	erki = RB_INSERT(revoked_key_id_tree, &rc->revoked_key_ids, rki);  in ssh_krl_revoke_cert_by_key_id()
573 revoked_certs_generate(struct revoked_certs *rc, struct sshbuf *buf)  in revoked_certs_generate()  argument
587 	if (rc->ca_key == NULL) {  in revoked_certs_generate()
591 		if ((r = sshkey_puts(rc->ca_key, buf)) != 0)  in revoked_certs_generate()
598 	for (rs = RB_MIN(revoked_serial_tree, &rc->revoked_serials);  in revoked_certs_generate()
600 	     rs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs)) {  in revoked_certs_generate()
606 		nrs = RB_NEXT(revoked_serial_tree, &rc->revoked_serials, rs);  in revoked_certs_generate()
713 	RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) {  in revoked_certs_generate()
734 	struct revoked_certs *rc;  in ssh_krl_to_blob()  local
756 	TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {  in ssh_krl_to_blob()
758 		if ((r = revoked_certs_generate(rc, sect)) != 0)  in ssh_krl_to_blob()
1156 is_cert_revoked(const struct sshkey *key, struct revoked_certs *rc)  in is_cert_revoked()  argument
1164 	erki = RB_FIND(revoked_key_id_tree, &rc->revoked_key_ids, &rki);  in is_cert_revoked()
1179 	ers = RB_FIND(revoked_serial_tree, &rc->revoked_serials, &rs);  in is_cert_revoked()
1193 	struct revoked_certs *rc;  in is_key_revoked()  local
1234 	    &rc, 0)) != 0)  in is_key_revoked()
1236 	if (rc != NULL) {  in is_key_revoked()
1237 		if ((r = is_cert_revoked(key, rc)) != 0)  in is_key_revoked()
1241 	if ((r = revoked_certs_for_ca_key(krl, NULL, &rc, 0)) != 0)  in is_key_revoked()
1243 	if (rc != NULL) {  in is_key_revoked()
1244 		if ((r = is_cert_revoked(key, rc)) != 0)  in is_key_revoked()
1299 	struct revoked_certs *rc;  in krl_dump()  local
1349 	TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {  in krl_dump()
1351 		if (rc->ca_key == NULL)  in krl_dump()
1354 			if ((fp = sshkey_fingerprint(rc->ca_key,  in krl_dump()
1361 			    sshkey_ssh_name(rc->ca_key), fp);  in krl_dump()
1364 		RB_FOREACH(rs, revoked_serial_tree, &rc->revoked_serials) {  in krl_dump()
1374 		RB_FOREACH(rki, revoked_key_id_tree, &rc->revoked_key_ids) {  in krl_dump()