upstream commit

fix "ssh-keygen -l" of private key, broken in support for
 multiple plain keys on stdin

Upstream-ID: 6b3132d2c62d03d0bad6f2bcd7e2d8b7dab5cd9d

1 files changed, 11 insertions, 4 deletions

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 5c02d7817..f9091951e 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.279 2015/11/16 22:53:07 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.280 2015/11/18 08:37:28 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -861,8 +861,15 @@ fingerprint_private(const char *path)
 
         if (stat(identity_file, &st) < 0)
                 fatal("%s: %s", path, strerror(errno));
-        if ((r = sshkey_load_public(path, &public, &comment)) != 0)
-                fatal("Error loading public key \"%s\": %s", path, ssh_err(r));
+        if ((r = sshkey_load_public(path, &public, &comment)) != 0) {
+                debug("load public \"%s\": %s", path, ssh_err(r));
+                if ((r = sshkey_load_private(path, NULL,
+                    &public, &comment)) != 0) {
+                        debug("load private \"%s\": %s", path, ssh_err(r));
+                        fatal("%s is not a key file.", path);
+                }
+        }
+
         fingerprint_one_key(public, comment);
         sshkey_free(public);
         free(comment);
@@ -907,7 +914,7 @@ do_fingerprint(struct passwd *pw)
                  * not reading from stdin (XXX support private keys on stdin).
                  */
                 if (lnum == 1 && strcmp(identity_file, "-") != 0 &&
-                    strstr(cp, "SSH PRIVATE KEY") != NULL) {
+                    strstr(cp, "PRIVATE KEY") != NULL) {
                         fclose(f);
                         fingerprint_private(path);
                         exit(0);