diff options
author | djm@openbsd.org <djm@openbsd.org> | 2018-09-12 01:21:34 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2018-09-12 16:49:21 +1000 |
commit | 9405c6214f667be604a820c6823b27d0ea77937d (patch) | |
tree | 02a875b21e6a6f0d1432cc90ae515383b267b688 /krl.h | |
parent | 50e2687ee0941c0ea216d6ffea370ffd2c1f14b9 (diff) |
upstream: allow key revocation by SHA256 hash and allow ssh-keygen
to create KRLs using SHA256/base64 key fingerprints; ok markus@
OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
Diffstat (limited to 'krl.h')
-rw-r--r-- | krl.h | 6 |
1 files changed, 4 insertions, 2 deletions
@@ -14,7 +14,7 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $OpenBSD: krl.h,v 1.5 2015/12/30 23:46:14 djm Exp $ */ +/* $OpenBSD: krl.h,v 1.6 2018/09/12 01:21:34 djm Exp $ */ #ifndef _KRL_H #define _KRL_H @@ -29,6 +29,7 @@ #define KRL_SECTION_EXPLICIT_KEY 2 #define KRL_SECTION_FINGERPRINT_SHA1 3 #define KRL_SECTION_SIGNATURE 4 +#define KRL_SECTION_FINGERPRINT_SHA256 5 /* KRL_SECTION_CERTIFICATES subsection types */ #define KRL_SECTION_CERT_SERIAL_LIST 0x20 @@ -51,7 +52,8 @@ int ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, int ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const struct sshkey *ca_key, const char *key_id); int ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key); -int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const struct sshkey *key); +int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len); +int ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len); int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key); int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, const struct sshkey **sign_keys, u_int nsign_keys); |