[openssh-commits] [openssh] 01/02: upstream: improve error message when 'ssh-keygen -Y sign' is unable to

git+noreply at mindrot.org git+noreply at mindrot.org
Mon May 9 13:11:09 AEST 2022


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit cb010744cc98f651b1029bb09efa986eb54e4ccf
Author: djm at openbsd.org <djm at openbsd.org>
Date:   Sun May 8 22:58:35 2022 +0000

    upstream: improve error message when 'ssh-keygen -Y sign' is unable to
    
    load a private key; bz3429, reported by Adam Szkoda ok dtucker@
    
    OpenBSD-Commit-ID: bb57b285e67bea536ef81b1055467be2fc380e74
---
 ssh-keygen.c | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/ssh-keygen.c b/ssh-keygen.c
index d62fab3e..dd61be8a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.450 2022/03/18 02:32:22 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.451 2022/05/08 22:58:35 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -2462,7 +2462,8 @@ load_sign_key(const char *keypath, const struct sshkey *pubkey)
 	char *privpath = xstrdup(keypath);
 	static const char * const suffixes[] = { "-cert.pub", ".pub", NULL };
 	struct sshkey *ret = NULL, *privkey = NULL;
-	int r;
+	int r, waspub = 0;
+	struct stat st;
 
 	/*
 	 * If passed a public key filename, then try to locate the corresponding
@@ -2477,11 +2478,17 @@ load_sign_key(const char *keypath, const struct sshkey *pubkey)
 		privpath[plen - slen] = '\0';
 		debug_f("%s looks like a public key, using private key "
 		    "path %s instead", keypath, privpath);
+		waspub = 1;
 	}
-	if ((privkey = load_identity(privpath, NULL)) == NULL) {
-		error("Couldn't load identity %s", keypath);
-		goto done;
-	}
+	if (waspub && stat(privpath, &st) != 0 && errno == ENOENT)
+		fatal("No private key found for public key \"%s\"", keypath);
+	if ((r = sshkey_load_private(privpath, "", &privkey, NULL)) != 0 &&
+	    (r != SSH_ERR_KEY_WRONG_PASSPHRASE)) {
+		debug_fr(r, "load private key \"%s\"", privpath);
+		fatal("No private key found for \"%s\"", privpath);
+	} else if (privkey == NULL)
+		privkey = load_identity(privpath, NULL);
+
 	if (!sshkey_equal_public(pubkey, privkey)) {
 		error("Public key %s doesn't match private %s",
 		    keypath, privpath);

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list