Lines Matching refs:krl
134 struct ssh_krl *krl; in ssh_krl_init() local
136 if ((krl = calloc(1, sizeof(*krl))) == NULL) in ssh_krl_init()
138 RB_INIT(&krl->revoked_keys); in ssh_krl_init()
139 RB_INIT(&krl->revoked_sha1s); in ssh_krl_init()
140 TAILQ_INIT(&krl->revoked_certs); in ssh_krl_init()
141 return krl; in ssh_krl_init()
163 ssh_krl_free(struct ssh_krl *krl) in ssh_krl_free() argument
168 if (krl == NULL) in ssh_krl_free()
171 free(krl->comment); in ssh_krl_free()
172 RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_keys, trb) { in ssh_krl_free()
173 RB_REMOVE(revoked_blob_tree, &krl->revoked_keys, rb); in ssh_krl_free()
177 RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_sha1s, trb) { in ssh_krl_free()
178 RB_REMOVE(revoked_blob_tree, &krl->revoked_sha1s, rb); in ssh_krl_free()
182 TAILQ_FOREACH_SAFE(rc, &krl->revoked_certs, entry, trc) { in ssh_krl_free()
183 TAILQ_REMOVE(&krl->revoked_certs, rc, entry); in ssh_krl_free()
189 ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version) in ssh_krl_set_version() argument
191 krl->krl_version = version; in ssh_krl_set_version()
195 ssh_krl_set_comment(struct ssh_krl *krl, const char *comment) in ssh_krl_set_comment() argument
197 free(krl->comment); in ssh_krl_set_comment()
198 if ((krl->comment = strdup(comment)) == NULL) in ssh_krl_set_comment()
208 revoked_certs_for_ca_key(struct ssh_krl *krl, const struct sshkey *ca_key, in revoked_certs_for_ca_key() argument
215 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) { in revoked_certs_for_ca_key()
235 TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry); in revoked_certs_for_ca_key()
316 ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const struct sshkey *ca_key, in ssh_krl_revoke_cert_by_serial() argument
319 return ssh_krl_revoke_cert_by_serial_range(krl, ca_key, serial, serial); in ssh_krl_revoke_cert_by_serial()
323 ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, in ssh_krl_revoke_cert_by_serial_range() argument
331 if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0) in ssh_krl_revoke_cert_by_serial_range()
337 ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const struct sshkey *ca_key, in ssh_krl_revoke_cert_by_key_id() argument
344 if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0) in ssh_krl_revoke_cert_by_key_id()
400 ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key) in ssh_krl_revoke_key_explicit() argument
409 return revoke_blob(&krl->revoked_keys, blob, len); in ssh_krl_revoke_key_explicit()
413 ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const struct sshkey *key) in ssh_krl_revoke_key_sha1() argument
423 return revoke_blob(&krl->revoked_sha1s, blob, len); in ssh_krl_revoke_key_sha1()
427 ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key) in ssh_krl_revoke_key() argument
430 return ssh_krl_revoke_key_sha1(krl, key); in ssh_krl_revoke_key()
433 return ssh_krl_revoke_cert_by_key_id(krl, in ssh_krl_revoke_key()
437 return ssh_krl_revoke_cert_by_serial(krl, in ssh_krl_revoke_key()
706 ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, in ssh_krl_to_blob() argument
716 if (krl->generated_date == 0) in ssh_krl_to_blob()
717 krl->generated_date = time(NULL); in ssh_krl_to_blob()
725 (r = sshbuf_put_u64(buf, krl->krl_version)) != 0 || in ssh_krl_to_blob()
726 (r = sshbuf_put_u64(buf, krl->generated_date) != 0) || in ssh_krl_to_blob()
727 (r = sshbuf_put_u64(buf, krl->flags)) != 0 || in ssh_krl_to_blob()
729 (r = sshbuf_put_cstring(buf, krl->comment)) != 0) in ssh_krl_to_blob()
733 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) { in ssh_krl_to_blob()
744 RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) { in ssh_krl_to_blob()
755 RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) { in ssh_krl_to_blob()
806 parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) in parse_revoked_certs() argument
844 if ((r = ssh_krl_revoke_cert_by_serial(krl, in parse_revoked_certs()
853 if ((r = ssh_krl_revoke_cert_by_serial_range(krl, in parse_revoked_certs()
879 if ((r = ssh_krl_revoke_cert_by_serial(krl, in parse_revoked_certs()
891 if ((r = ssh_krl_revoke_cert_by_key_id(krl, in parse_revoked_certs()
927 struct ssh_krl *krl = NULL; in ssh_krl_from_blob() local
952 if ((krl = ssh_krl_init()) == NULL) { in ssh_krl_from_blob()
963 if ((r = sshbuf_get_u64(copy, &krl->krl_version)) != 0 || in ssh_krl_from_blob()
964 (r = sshbuf_get_u64(copy, &krl->generated_date)) != 0 || in ssh_krl_from_blob()
965 (r = sshbuf_get_u64(copy, &krl->flags)) != 0 || in ssh_krl_from_blob()
967 (r = sshbuf_get_cstring(copy, &krl->comment, NULL)) != 0) in ssh_krl_from_blob()
970 format_timestamp(krl->generated_date, timestamp, sizeof(timestamp)); in ssh_krl_from_blob()
972 (long long unsigned)krl->krl_version, timestamp, in ssh_krl_from_blob()
973 *krl->comment ? ": " : "", krl->comment); in ssh_krl_from_blob()
1073 if ((r = parse_revoked_certs(sect, krl)) != 0) in ssh_krl_from_blob()
1090 &krl->revoked_keys : &krl->revoked_sha1s, in ssh_krl_from_blob()
1118 if (ssh_krl_check_key(krl, ca_used[i]) == 0) in ssh_krl_from_blob()
1151 *krlp = krl; in ssh_krl_from_blob()
1155 ssh_krl_free(krl); in ssh_krl_from_blob()
1202 is_key_revoked(struct ssh_krl *krl, const struct sshkey *key) in is_key_revoked() argument
1213 erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb); in is_key_revoked()
1224 erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); in is_key_revoked()
1235 if ((r = revoked_certs_for_ca_key(krl, key->cert->signature_key, in is_key_revoked()
1243 if ((r = revoked_certs_for_ca_key(krl, NULL, &rc, 0)) != 0) in is_key_revoked()
1255 ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key) in ssh_krl_check_key() argument
1260 if ((r = is_key_revoked(krl, key)) != 0) in ssh_krl_check_key()
1264 if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0) in ssh_krl_check_key()
1275 struct ssh_krl *krl = NULL; in ssh_krl_file_contains_key() local
1292 if ((r = ssh_krl_from_blob(krlbuf, &krl, NULL, 0)) != 0) in ssh_krl_file_contains_key()
1295 r = ssh_krl_check_key(krl, key); in ssh_krl_file_contains_key()
1299 ssh_krl_free(krl); in ssh_krl_file_contains_key()