summaryrefslogtreecommitdiff
path: root/krl.h
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2018-09-12 01:21:34 +0000
committerDamien Miller <djm@mindrot.org>2018-09-12 16:49:21 +1000
commit9405c6214f667be604a820c6823b27d0ea77937d (patch)
tree02a875b21e6a6f0d1432cc90ae515383b267b688 /krl.h
parent50e2687ee0941c0ea216d6ffea370ffd2c1f14b9 (diff)
upstream: allow key revocation by SHA256 hash and allow ssh-keygen
to create KRLs using SHA256/base64 key fingerprints; ok markus@ OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
Diffstat (limited to 'krl.h')
-rw-r--r--krl.h6
1 files changed, 4 insertions, 2 deletions
diff --git a/krl.h b/krl.h
index 675496cc4..815a1df4e 100644
--- a/krl.h
+++ b/krl.h
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17/* $OpenBSD: krl.h,v 1.5 2015/12/30 23:46:14 djm Exp $ */ 17/* $OpenBSD: krl.h,v 1.6 2018/09/12 01:21:34 djm Exp $ */
18 18
19#ifndef _KRL_H 19#ifndef _KRL_H
20#define _KRL_H 20#define _KRL_H
@@ -29,6 +29,7 @@
29#define KRL_SECTION_EXPLICIT_KEY 2 29#define KRL_SECTION_EXPLICIT_KEY 2
30#define KRL_SECTION_FINGERPRINT_SHA1 3 30#define KRL_SECTION_FINGERPRINT_SHA1 3
31#define KRL_SECTION_SIGNATURE 4 31#define KRL_SECTION_SIGNATURE 4
32#define KRL_SECTION_FINGERPRINT_SHA256 5
32 33
33/* KRL_SECTION_CERTIFICATES subsection types */ 34/* KRL_SECTION_CERTIFICATES subsection types */
34#define KRL_SECTION_CERT_SERIAL_LIST 0x20 35#define KRL_SECTION_CERT_SERIAL_LIST 0x20
@@ -51,7 +52,8 @@ int ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl,
51int ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, 52int ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl,
52 const struct sshkey *ca_key, const char *key_id); 53 const struct sshkey *ca_key, const char *key_id);
53int ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key); 54int ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key);
54int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const struct sshkey *key); 55int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len);
56int ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len);
55int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key); 57int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key);
56int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, 58int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
57 const struct sshkey **sign_keys, u_int nsign_keys); 59 const struct sshkey **sign_keys, u_int nsign_keys);