diff options
author | djm@openbsd.org <djm@openbsd.org> | 2023-07-17 04:01:10 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2023-07-17 14:52:35 +1000 |
commit | beec17bb311365b75a0a5941418d4b96df7d7888 (patch) | |
tree | 8c138b33c159493ce37765ebb79a964da73c0749 /krl.h | |
parent | 449566f64c21b4578d5c0c431badd0328adc53ed (diff) |
upstream: remove vestigal support for KRL signatures
When the KRL format was originally defined, it included support for
signing of KRL objects. However, the code to sign KRLs and verify KRL
signatues was never completed in OpenSSH.
Now, some years later, we have SSHSIG support in ssh-keygen that is
more general, well tested and actually works. So this removes the
semi-finished KRL signing/verification support from OpenSSH and
refactors the remaining code to realise the benefit - primarily, we
no longer need to perform multiple parsing passes over KRL objects.
ok markus@
OpenBSD-Commit-ID: 517437bab3d8180f695c775410c052340e038804
Diffstat (limited to 'krl.h')
-rw-r--r-- | krl.h | 8 |
1 files changed, 3 insertions, 5 deletions
@@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.h,v 1.9 2023/07/17 03:57:21 djm Exp $ */ +/* $OpenBSD: krl.h,v 1.10 2023/07/17 04:01:10 djm Exp $ */ #ifndef _KRL_H #define _KRL_H @@ -57,10 +57,8 @@ int ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key); int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len); int ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len); int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key); -int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, - struct sshkey **sign_keys, u_int nsign_keys); -int ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, - const struct sshkey **sign_ca_keys, size_t nsign_ca_keys); +int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf); +int ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp); int ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key); int ssh_krl_file_contains_key(const char *path, const struct sshkey *key); int krl_dump(struct ssh_krl *krl, FILE *f); |