upstream commit

fix "ssh-keygen -l" of private key, broken in support for
 multiple plain keys on stdin

Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5c02d7817c594db0e2b6c8522beaf074b349330f..f9091951e09e068ae5171e5e226f85a7de6a73f8 100644 (file)
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.279 2015/11/16 22:53:07 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.280 2015/11/18 08:37:28 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -861,8 +861,15 @@ fingerprint_private(const char *path)
 
        if (stat(identity_file, &st) < 0)
                fatal("%s: %s", path, strerror(errno));
-       if ((r = sshkey_load_public(path, &public, &comment)) != 0)
-               fatal("Error loading public key \"%s\": %s", path, ssh_err(r));
+       if ((r = sshkey_load_public(path, &public, &comment)) != 0) {
+               debug("load public \"%s\": %s", path, ssh_err(r));
+               if ((r = sshkey_load_private(path, NULL,
+                   &public, &comment)) != 0) {
+                       debug("load private \"%s\": %s", path, ssh_err(r));
+                       fatal("%s is not a key file.", path);
+               }
+       }
+
        fingerprint_one_key(public, comment);
        sshkey_free(public);
        free(comment);
@@ -907,7 +914,7 @@ do_fingerprint(struct passwd *pw)
                 * not reading from stdin (XXX support private keys on stdin).
                 */
                if (lnum == 1 && strcmp(identity_file, "-") != 0 &&
-                   strstr(cp, "SSH PRIVATE KEY") != NULL) {
+                   strstr(cp, "PRIVATE KEY") != NULL) {
                        fclose(f);
                        fingerprint_private(path);
                        exit(0);