Lines Matching refs:krl
17 /* $OpenBSD: krl.c,v 1.13 2013/07/20 22:20:42 djm Exp $ */
40 #include "krl.h"
132 struct ssh_krl *krl;
134 if ((krl = calloc(1, sizeof(*krl))) == NULL)
136 RB_INIT(&krl->revoked_keys);
137 RB_INIT(&krl->revoked_sha1s);
138 TAILQ_INIT(&krl->revoked_certs);
139 return krl;
162 ssh_krl_free(struct ssh_krl *krl)
167 if (krl == NULL)
170 free(krl->comment);
171 RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_keys, trb) {
172 RB_REMOVE(revoked_blob_tree, &krl->revoked_keys, rb);
176 RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_sha1s, trb) {
177 RB_REMOVE(revoked_blob_tree, &krl->revoked_sha1s, rb);
181 TAILQ_FOREACH_SAFE(rc, &krl->revoked_certs, entry, trc) {
182 TAILQ_REMOVE(&krl->revoked_certs, rc, entry);
188 ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version)
190 krl->krl_version = version;
194 ssh_krl_set_comment(struct ssh_krl *krl, const char *comment)
196 free(krl->comment);
197 if ((krl->comment = strdup(comment)) == NULL)
206 revoked_certs_for_ca_key(struct ssh_krl *krl, const Key *ca_key,
212 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {
229 TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry);
308 ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const Key *ca_key,
311 return ssh_krl_revoke_cert_by_serial_range(krl, ca_key, serial, serial);
315 ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, const Key *ca_key,
322 if (revoked_certs_for_ca_key(krl, ca_key, &rc, 1) != 0)
328 ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const Key *ca_key,
334 if (revoked_certs_for_ca_key(krl, ca_key, &rc, 1) != 0)
391 ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const Key *key)
399 return revoke_blob(&krl->revoked_keys, blob, len);
403 ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const Key *key)
411 return revoke_blob(&krl->revoked_sha1s, blob, len);
415 ssh_krl_revoke_key(struct ssh_krl *krl, const Key *key)
418 return ssh_krl_revoke_key_sha1(krl, key);
421 return ssh_krl_revoke_cert_by_key_id(krl,
425 return ssh_krl_revoke_cert_by_serial(krl,
662 ssh_krl_to_blob(struct ssh_krl *krl, Buffer *buf, const Key **sign_keys,
672 if (krl->generated_date == 0)
673 krl->generated_date = time(NULL);
680 buffer_put_int64(buf, krl->krl_version);
681 buffer_put_int64(buf, krl->generated_date);
682 buffer_put_int64(buf, krl->flags);
684 buffer_put_cstring(buf, krl->comment ? krl->comment : "");
687 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) {
697 RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) {
707 RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) {
753 parse_revoked_certs(Buffer *buf, struct ssh_krl *krl)
793 if (ssh_krl_revoke_cert_by_serial(krl, ca_key,
806 if (ssh_krl_revoke_cert_by_serial_range(krl, ca_key,
833 if (ssh_krl_revoke_cert_by_serial(krl, ca_key,
849 if (ssh_krl_revoke_cert_by_key_id(krl, ca_key,
886 struct ssh_krl *krl;
912 if ((krl = ssh_krl_init()) == NULL) {
926 if (buffer_get_int64_ret(&krl->krl_version, ©) != 0 ||
927 buffer_get_int64_ret(&krl->generated_date, ©) != 0 ||
928 buffer_get_int64_ret(&krl->flags, ©) != 0 ||
930 (krl->comment = buffer_get_cstring_ret(©, NULL)) == NULL) {
935 format_timestamp(krl->generated_date, timestamp, sizeof(timestamp));
937 (long long unsigned)krl->krl_version, timestamp,
938 *krl->comment ? ": " : "", krl->comment);
1013 if ((r = parse_revoked_certs(§, krl)) != 0)
1031 &krl->revoked_keys : &krl->revoked_sha1s,
1059 if (ssh_krl_check_key(krl, ca_used[i]) == 0)
1090 *krlp = krl;
1094 ssh_krl_free(krl);
1110 is_key_revoked(struct ssh_krl *krl, const Key *key)
1121 erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb);
1132 erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb);
1143 if (revoked_certs_for_ca_key(krl, key->cert->signature_key,
1180 ssh_krl_check_key(struct ssh_krl *krl, const Key *key)
1185 if ((r = is_key_revoked(krl, key)) != 0)
1189 if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0)
1201 struct ssh_krl *krl;
1222 if (ssh_krl_from_blob(&krlbuf, &krl, NULL, 0) != 0) {
1229 if (krl == NULL) {
1234 revoked = ssh_krl_check_key(krl, key) != 0;
1235 ssh_krl_free(krl);