diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-09-12 01:21:34 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-09-12 16:49:21 +1000 |
commit | 9405c6214f667be604a820c6823b27d0ea77937d (patch) | |
tree | 02a875b21e6a6f0d1432cc90ae515383b267b688 /krl.h | |
parent | 50e2687ee0941c0ea216d6ffea370ffd2c1f14b9 (diff) |
upstream: allow key revocation by SHA256 hash and allow ssh-keygen
to create KRLs using SHA256/base64 key fingerprints; ok markus@
OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
Diffstat (limited to 'krl.h')
-rw-r--r-- | krl.h | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -14,7 +14,7 @@ | |||
14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
15 | */ | 15 | */ |
16 | 16 | ||
17 | /* $OpenBSD: krl.h,v 1.5 2015/12/30 23:46:14 djm Exp $ */ | 17 | /* $OpenBSD: krl.h,v 1.6 2018/09/12 01:21:34 djm Exp $ */ |
18 | 18 | ||
19 | #ifndef _KRL_H | 19 | #ifndef _KRL_H |
20 | #define _KRL_H | 20 | #define _KRL_H |
@@ -29,6 +29,7 @@ | |||
29 | #define KRL_SECTION_EXPLICIT_KEY 2 | 29 | #define KRL_SECTION_EXPLICIT_KEY 2 |
30 | #define KRL_SECTION_FINGERPRINT_SHA1 3 | 30 | #define KRL_SECTION_FINGERPRINT_SHA1 3 |
31 | #define KRL_SECTION_SIGNATURE 4 | 31 | #define KRL_SECTION_SIGNATURE 4 |
32 | #define KRL_SECTION_FINGERPRINT_SHA256 5 | ||
32 | 33 | ||
33 | /* KRL_SECTION_CERTIFICATES subsection types */ | 34 | /* KRL_SECTION_CERTIFICATES subsection types */ |
34 | #define KRL_SECTION_CERT_SERIAL_LIST 0x20 | 35 | #define KRL_SECTION_CERT_SERIAL_LIST 0x20 |
@@ -51,7 +52,8 @@ int ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, | |||
51 | int ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, | 52 | int ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, |
52 | const struct sshkey *ca_key, const char *key_id); | 53 | const struct sshkey *ca_key, const char *key_id); |
53 | int ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key); | 54 | int ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key); |
54 | int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const struct sshkey *key); | 55 | int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len); |
56 | int ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len); | ||
55 | int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key); | 57 | int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key); |
56 | int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, | 58 | int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, |
57 | const struct sshkey **sign_keys, u_int nsign_keys); | 59 | const struct sshkey **sign_keys, u_int nsign_keys); |