1 files changed, 17 insertions, 12 deletions

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index d922eea26..d8f0aa3e2 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.45 2015/01/13 07:39:19 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.46 2015/01/28 22:36:00 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -228,18 +228,20 @@ pubkey_auth_info(Authctxt *authctxt, const Key *key, const char *fmt, ...)
         }
 
         if (key_is_cert(key)) {
-                fp = key_fingerprint(key->cert->signature_key,
+                fp = sshkey_fingerprint(key->cert->signature_key,
                     options.fingerprint_hash, SSH_FP_DEFAULT);
                 auth_info(authctxt, "%s ID %s (serial %llu) CA %s %s%s%s", 
                     key_type(key), key->cert->key_id,
                     (unsigned long long)key->cert->serial,
-                    key_type(key->cert->signature_key), fp,
+                    key_type(key->cert->signature_key),
+                    fp == NULL ? "(null)" : "",
                     extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
                 free(fp);
         } else {
-                fp = key_fingerprint(key, options.fingerprint_hash,
+                fp = sshkey_fingerprint(key, options.fingerprint_hash,
                     SSH_FP_DEFAULT);
-                auth_info(authctxt, "%s %s%s%s", key_type(key), fp,
+                auth_info(authctxt, "%s %s%s%s", key_type(key),
+                    fp == NULL ? "(null)" : "",
                     extra == NULL ? "" : ", ", extra == NULL ? "" : extra);
                 free(fp);
         }
@@ -382,8 +384,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
                                 continue;
                         if (!key_is_cert_authority)
                                 continue;
-                        fp = key_fingerprint(found, options.fingerprint_hash,
-                            SSH_FP_DEFAULT);
+                        if ((fp = sshkey_fingerprint(found,
+                            options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+                                continue;
                         debug("matching CA found: file %s, line %lu, %s %s",
                             file, linenum, key_type(found), fp);
                         /*
@@ -422,12 +425,13 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
                                 continue;
                         if (key_is_cert_authority)
                                 continue;
-                        found_key = 1;
-                        fp = key_fingerprint(found, options.fingerprint_hash,
-                            SSH_FP_DEFAULT);
+                        if ((fp = sshkey_fingerprint(found,
+                            options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+                                continue;
                         debug("matching key found: file %s, line %lu %s %s",
                             file, linenum, key_type(found), fp);
                         free(fp);
+                        found_key = 1;
                         break;
                 }
         }
@@ -449,8 +453,9 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
         if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
                 return 0;
 
-        ca_fp = key_fingerprint(key->cert->signature_key,
-            options.fingerprint_hash, SSH_FP_DEFAULT);
+        if ((ca_fp = sshkey_fingerprint(key->cert->signature_key,
+            options.fingerprint_hash, SSH_FP_DEFAULT)) == NULL)
+                return 0;
 
         if (sshkey_in_file(key->cert->signature_key,
             options.trusted_user_ca_keys, 1, 0) != 0) {