[openssh-commits] [openssh] 01/02: upstream: improve error message when 'ssh-keygen -Y sign' is unable to
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon May 9 13:11:09 AEST 2022
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit cb010744cc98f651b1029bb09efa986eb54e4ccf
Author: djm at openbsd.org <djm at openbsd.org>
Date: Sun May 8 22:58:35 2022 +0000
upstream: improve error message when 'ssh-keygen -Y sign' is unable to
load a private key; bz3429, reported by Adam Szkoda ok dtucker@
OpenBSD-Commit-ID: bb57b285e67bea536ef81b1055467be2fc380e74
---
ssh-keygen.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/ssh-keygen.c b/ssh-keygen.c
index d62fab3e..dd61be8a 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.450 2022/03/18 02:32:22 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.451 2022/05/08 22:58:35 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -2462,7 +2462,8 @@ load_sign_key(const char *keypath, const struct sshkey *pubkey)
char *privpath = xstrdup(keypath);
static const char * const suffixes[] = { "-cert.pub", ".pub", NULL };
struct sshkey *ret = NULL, *privkey = NULL;
- int r;
+ int r, waspub = 0;
+ struct stat st;
/*
* If passed a public key filename, then try to locate the corresponding
@@ -2477,11 +2478,17 @@ load_sign_key(const char *keypath, const struct sshkey *pubkey)
privpath[plen - slen] = '\0';
debug_f("%s looks like a public key, using private key "
"path %s instead", keypath, privpath);
+ waspub = 1;
}
- if ((privkey = load_identity(privpath, NULL)) == NULL) {
- error("Couldn't load identity %s", keypath);
- goto done;
- }
+ if (waspub && stat(privpath, &st) != 0 && errno == ENOENT)
+ fatal("No private key found for public key \"%s\"", keypath);
+ if ((r = sshkey_load_private(privpath, "", &privkey, NULL)) != 0 &&
+ (r != SSH_ERR_KEY_WRONG_PASSPHRASE)) {
+ debug_fr(r, "load private key \"%s\"", privpath);
+ fatal("No private key found for \"%s\"", privpath);
+ } else if (privkey == NULL)
+ privkey = load_identity(privpath, NULL);
+
if (!sshkey_equal_public(pubkey, privkey)) {
error("Public key %s doesn't match private %s",
keypath, privpath);
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list