Lines Matching refs:krl
133 struct ssh_krl *krl; in ssh_krl_init() local
135 if ((krl = calloc(1, sizeof(*krl))) == NULL) in ssh_krl_init()
137 RB_INIT(&krl->revoked_keys); in ssh_krl_init()
138 RB_INIT(&krl->revoked_sha1s); in ssh_krl_init()
139 TAILQ_INIT(&krl->revoked_certs); in ssh_krl_init()
140 return krl; in ssh_krl_init()
162 ssh_krl_free(struct ssh_krl *krl) in ssh_krl_free() argument
167 if (krl == NULL) in ssh_krl_free()
170 free(krl->comment); in ssh_krl_free()
171 RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_keys, trb) { in ssh_krl_free()
172 RB_REMOVE(revoked_blob_tree, &krl->revoked_keys, rb); in ssh_krl_free()
176 RB_FOREACH_SAFE(rb, revoked_blob_tree, &krl->revoked_sha1s, trb) { in ssh_krl_free()
177 RB_REMOVE(revoked_blob_tree, &krl->revoked_sha1s, rb); in ssh_krl_free()
181 TAILQ_FOREACH_SAFE(rc, &krl->revoked_certs, entry, trc) { in ssh_krl_free()
182 TAILQ_REMOVE(&krl->revoked_certs, rc, entry); in ssh_krl_free()
188 ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version) in ssh_krl_set_version() argument
190 krl->krl_version = version; in ssh_krl_set_version()
194 ssh_krl_set_comment(struct ssh_krl *krl, const char *comment) in ssh_krl_set_comment() argument
196 free(krl->comment); in ssh_krl_set_comment()
197 if ((krl->comment = strdup(comment)) == NULL) in ssh_krl_set_comment()
207 revoked_certs_for_ca_key(struct ssh_krl *krl, const struct sshkey *ca_key, in revoked_certs_for_ca_key() argument
214 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) { in revoked_certs_for_ca_key()
234 TAILQ_INSERT_TAIL(&krl->revoked_certs, rc, entry); in revoked_certs_for_ca_key()
315 ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, const struct sshkey *ca_key, in ssh_krl_revoke_cert_by_serial() argument
318 return ssh_krl_revoke_cert_by_serial_range(krl, ca_key, serial, serial); in ssh_krl_revoke_cert_by_serial()
322 ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, in ssh_krl_revoke_cert_by_serial_range() argument
330 if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0) in ssh_krl_revoke_cert_by_serial_range()
336 ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, const struct sshkey *ca_key, in ssh_krl_revoke_cert_by_key_id() argument
343 if ((r = revoked_certs_for_ca_key(krl, ca_key, &rc, 1)) != 0) in ssh_krl_revoke_cert_by_key_id()
399 ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key) in ssh_krl_revoke_key_explicit() argument
408 return revoke_blob(&krl->revoked_keys, blob, len); in ssh_krl_revoke_key_explicit()
412 ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const struct sshkey *key) in ssh_krl_revoke_key_sha1() argument
422 return revoke_blob(&krl->revoked_sha1s, blob, len); in ssh_krl_revoke_key_sha1()
426 ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key) in ssh_krl_revoke_key() argument
429 return ssh_krl_revoke_key_sha1(krl, key); in ssh_krl_revoke_key()
432 return ssh_krl_revoke_cert_by_key_id(krl, in ssh_krl_revoke_key()
436 return ssh_krl_revoke_cert_by_serial(krl, in ssh_krl_revoke_key()
705 ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, in ssh_krl_to_blob() argument
715 if (krl->generated_date == 0) in ssh_krl_to_blob()
716 krl->generated_date = time(NULL); in ssh_krl_to_blob()
724 (r = sshbuf_put_u64(buf, krl->krl_version)) != 0 || in ssh_krl_to_blob()
725 (r = sshbuf_put_u64(buf, krl->generated_date)) != 0 || in ssh_krl_to_blob()
726 (r = sshbuf_put_u64(buf, krl->flags)) != 0 || in ssh_krl_to_blob()
728 (r = sshbuf_put_cstring(buf, krl->comment)) != 0) in ssh_krl_to_blob()
732 TAILQ_FOREACH(rc, &krl->revoked_certs, entry) { in ssh_krl_to_blob()
743 RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_keys) { in ssh_krl_to_blob()
754 RB_FOREACH(rb, revoked_blob_tree, &krl->revoked_sha1s) { in ssh_krl_to_blob()
805 parse_revoked_certs(struct sshbuf *buf, struct ssh_krl *krl) in parse_revoked_certs() argument
841 if ((r = ssh_krl_revoke_cert_by_serial(krl, in parse_revoked_certs()
850 if ((r = ssh_krl_revoke_cert_by_serial_range(krl, in parse_revoked_certs()
876 if ((r = ssh_krl_revoke_cert_by_serial(krl, in parse_revoked_certs()
888 if ((r = ssh_krl_revoke_cert_by_key_id(krl, in parse_revoked_certs()
924 struct ssh_krl *krl = NULL; in ssh_krl_from_blob() local
949 if ((krl = ssh_krl_init()) == NULL) { in ssh_krl_from_blob()
960 if ((r = sshbuf_get_u64(copy, &krl->krl_version)) != 0 || in ssh_krl_from_blob()
961 (r = sshbuf_get_u64(copy, &krl->generated_date)) != 0 || in ssh_krl_from_blob()
962 (r = sshbuf_get_u64(copy, &krl->flags)) != 0 || in ssh_krl_from_blob()
964 (r = sshbuf_get_cstring(copy, &krl->comment, NULL)) != 0) in ssh_krl_from_blob()
967 format_timestamp(krl->generated_date, timestamp, sizeof(timestamp)); in ssh_krl_from_blob()
969 (long long unsigned)krl->krl_version, timestamp, in ssh_krl_from_blob()
970 *krl->comment ? ": " : "", krl->comment); in ssh_krl_from_blob()
1067 if ((r = parse_revoked_certs(sect, krl)) != 0) in ssh_krl_from_blob()
1084 &krl->revoked_keys : &krl->revoked_sha1s, in ssh_krl_from_blob()
1112 if (ssh_krl_check_key(krl, ca_used[i]) == 0) in ssh_krl_from_blob()
1145 *krlp = krl; in ssh_krl_from_blob()
1149 ssh_krl_free(krl); in ssh_krl_from_blob()
1196 is_key_revoked(struct ssh_krl *krl, const struct sshkey *key) in is_key_revoked() argument
1207 erb = RB_FIND(revoked_blob_tree, &krl->revoked_sha1s, &rb); in is_key_revoked()
1218 erb = RB_FIND(revoked_blob_tree, &krl->revoked_keys, &rb); in is_key_revoked()
1229 if ((r = revoked_certs_for_ca_key(krl, key->cert->signature_key, in is_key_revoked()
1237 if ((r = revoked_certs_for_ca_key(krl, NULL, &rc, 0)) != 0) in is_key_revoked()
1249 ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key) in ssh_krl_check_key() argument
1254 if ((r = is_key_revoked(krl, key)) != 0) in ssh_krl_check_key()
1258 if ((r = is_key_revoked(krl, key->cert->signature_key)) != 0) in ssh_krl_check_key()
1269 struct ssh_krl *krl = NULL; in ssh_krl_file_contains_key() local
1286 if ((r = ssh_krl_from_blob(krlbuf, &krl, NULL, 0)) != 0) in ssh_krl_file_contains_key()
1289 r = ssh_krl_check_key(krl, key); in ssh_krl_file_contains_key()
1294 ssh_krl_free(krl); in ssh_krl_file_contains_key()