From 83e109d2e32057d1dbda056ddeedd702001ecfd0 Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Mon, 17 Jul 2023 05:20:15 +0000
Subject: [PATCH] return SSH_ERR_KRL_BAD_MAGIC when a KRL doesn't contain a
 valid magic number and not SSH_ERR_MESSAGE_INCOMPLETE; the former is needed
 to fall back to text revocation lists in some cases; fixes t-cert-hostkey.

---
 usr.bin/ssh/krl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/usr.bin/ssh/krl.c b/usr.bin/ssh/krl.c
index 9e02cf63eeb..030be70c7d5 100644
--- a/usr.bin/ssh/krl.c
+++ b/usr.bin/ssh/krl.c
@@ -14,7 +14,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $OpenBSD: krl.c,v 1.57 2023/07/17 04:01:10 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.58 2023/07/17 05:20:15 djm Exp $ */
 
 #include <sys/types.h>
 #include <sys/tree.h>
@@ -1054,7 +1054,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp)
 	/* KRL must begin with magic string */
 	if ((r = sshbuf_cmp(buf, 0, KRL_MAGIC, sizeof(KRL_MAGIC) - 1)) != 0) {
 		debug2_f("bad KRL magic header");
-		return r;
+		return SSH_ERR_KRL_BAD_MAGIC;
 	}
 
 	if ((krl = ssh_krl_init()) == NULL) {
-- 
2.20.1