1 files changed, 5 insertions, 15 deletions
diff --git a/krl.c b/krl.c
index a7f690955..03476dedd 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */
-/* $OpenBSD: krl.c,v 1.44 2019/09/06 04:53:27 djm Exp $ */
+/* $OpenBSD: krl.c,v 1.47 2020/01/25 23:02:13 djm Exp $ */
 #include "includes.h"
@@ -813,7 +813,7 @@ ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf,
                        goto out;
                if ((r = sshkey_sign(sign_keys[i], &sblob, &slen,
-                    sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0)
+                    sshbuf_ptr(buf), sshbuf_len(buf), NULL, NULL, 0)) != 0)
                        goto out;
                KRL_DBG(("%s: signature sig len %zu", __func__, slen));
                if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)
@@ -1079,7 +1079,7 @@ ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp,
                }
                /* Check signature over entire KRL up to this point */
                if ((r = sshkey_verify(key, blob, blen,
-                    sshbuf_ptr(buf), sig_off, NULL, 0)) != 0)
+                    sshbuf_ptr(buf), sig_off, NULL, 0, NULL)) != 0)
                        goto out;
                /* Check if this key has already signed this KRL */
                for (i = 0; i < nca_used; i++) {
@@ -1336,19 +1336,11 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
 {
        struct sshbuf *krlbuf = NULL;
        struct ssh_krl *krl = NULL;
-        int oerrno = 0, r, fd;
+        int oerrno = 0, r;
        if (path == NULL)
                return 0;
+        if ((r = sshbuf_load_file(path, &krlbuf)) != 0) {
-        if ((krlbuf = sshbuf_new()) == NULL)
-                return SSH_ERR_ALLOC_FAIL;
-        if ((fd = open(path, O_RDONLY)) == -1) {
-                r = SSH_ERR_SYSTEM_ERROR;
-                oerrno = errno;
-                goto out;
-        }
-        if ((r = sshkey_load_file(fd, krlbuf)) != 0) {
                oerrno = errno;
                goto out;
        }
@@ -1357,8 +1349,6 @@ ssh_krl_file_contains_key(const char *path, const struct sshkey *key)
        debug2("%s: checking KRL %s", __func__, path);
        r = ssh_krl_check_key(krl, key);
 out:
-        if (fd != -1)
-                close(fd);
        sshbuf_free(krlbuf);
        ssh_krl_free(krl);
        if (r != 0)

diff --git a/krl.c b/krl.c index a7f690955..03476dedd 100644 --- a/krl.c +++ b/krl.c
@@ -14,7 +14,7 @@
14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	14	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15	*/	15	*/
16		16
17	/* $OpenBSD: krl.c,v 1.44 2019/09/06 04:53:27 djm Exp $ */	17	/* $OpenBSD: krl.c,v 1.47 2020/01/25 23:02:13 djm Exp $ */
18		18
19	#include "includes.h"	19	#include "includes.h"
20		20
@@ -813,7 +813,7 @@ ssh_krl_to_blob(struct ssh_krl krl, struct sshbuf buf,
813	goto out;	813	goto out;
814		814
815	if ((r = sshkey_sign(sign_keys[i], &sblob, &slen,	815	if ((r = sshkey_sign(sign_keys[i], &sblob, &slen,
816	sshbuf_ptr(buf), sshbuf_len(buf), NULL, 0)) != 0)	816	sshbuf_ptr(buf), sshbuf_len(buf), NULL, NULL, 0)) != 0)
817	goto out;	817	goto out;
818	KRL_DBG(("%s: signature sig len %zu", __func__, slen));	818	KRL_DBG(("%s: signature sig len %zu", __func__, slen));
819	if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)	819	if ((r = sshbuf_put_string(buf, sblob, slen)) != 0)
@@ -1079,7 +1079,7 @@ ssh_krl_from_blob(struct sshbuf buf, struct ssh_krl *krlp,
1079	}	1079	}
1080	/* Check signature over entire KRL up to this point */	1080	/* Check signature over entire KRL up to this point */
1081	if ((r = sshkey_verify(key, blob, blen,	1081	if ((r = sshkey_verify(key, blob, blen,
1082	sshbuf_ptr(buf), sig_off, NULL, 0)) != 0)	1082	sshbuf_ptr(buf), sig_off, NULL, 0, NULL)) != 0)
1083	goto out;	1083	goto out;
1084	/* Check if this key has already signed this KRL */	1084	/* Check if this key has already signed this KRL */
1085	for (i = 0; i < nca_used; i++) {	1085	for (i = 0; i < nca_used; i++) {
@@ -1336,19 +1336,11 @@ ssh_krl_file_contains_key(const char path, const struct sshkey key)
1336	{	1336	{
1337	struct sshbuf *krlbuf = NULL;	1337	struct sshbuf *krlbuf = NULL;
1338	struct ssh_krl *krl = NULL;	1338	struct ssh_krl *krl = NULL;
1339	int oerrno = 0, r, fd;	1339	int oerrno = 0, r;
1340		1340
1341	if (path == NULL)	1341	if (path == NULL)
1342	return 0;	1342	return 0;
1343		1343	if ((r = sshbuf_load_file(path, &krlbuf)) != 0) {
1344	if ((krlbuf = sshbuf_new()) == NULL)
1345	return SSH_ERR_ALLOC_FAIL;
1346	if ((fd = open(path, O_RDONLY)) == -1) {
1347	r = SSH_ERR_SYSTEM_ERROR;
1348	oerrno = errno;
1349	goto out;
1350	}
1351	if ((r = sshkey_load_file(fd, krlbuf)) != 0) {
1352	oerrno = errno;	1344	oerrno = errno;
1353	goto out;	1345	goto out;
1354	}	1346	}
@@ -1357,8 +1349,6 @@ ssh_krl_file_contains_key(const char path, const struct sshkey key)
1357	debug2("%s: checking KRL %s", __func__, path);	1349	debug2("%s: checking KRL %s", __func__, path);
1358	r = ssh_krl_check_key(krl, key);	1350	r = ssh_krl_check_key(krl, key);
1359	out:	1351	out:
1360	if (fd != -1)
1361	close(fd);
1362	sshbuf_free(krlbuf);	1352	sshbuf_free(krlbuf);
1363	ssh_krl_free(krl);	1353	ssh_krl_free(krl);
1364	if (r != 0)	1354	if (r != 0)