From d58b15ee11068500b115d35d4c18950be43fcecc Mon Sep 17 00:00:00 2001
From: djm <djm@openbsd.org>
Date: Wed, 20 Jul 2022 03:13:04 +0000
Subject: [PATCH] pull passphrase reading and confirmation into a separate
 function so it can be used for FIDO2 PINs; no functional change

---
 usr.bin/ssh/ssh-keygen.c | 65 +++++++++++++++++++++++-----------------
 1 file changed, 37 insertions(+), 28 deletions(-)

diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index be05181a7fe..02ef18a5853 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.454 2022/06/03 03:17:42 dtucker Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.455 2022/07/20 03:13:04 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -574,10 +574,13 @@ do_convert_private_ssh2(struct sshbuf *b)
 		error_f("remaining bytes in key blob %d", rlen);
 
 	/* try the key */
-	if (sshkey_sign(key, &sig, &slen, data, sizeof(data),
-	    NULL, NULL, NULL, 0) != 0 ||
-	    sshkey_verify(key, sig, slen, data, sizeof(data),
-	    NULL, 0, NULL) != 0) {
+	if ((r = sshkey_sign(key, &sig, &slen, data, sizeof(data),
+	    NULL, NULL, NULL, 0)) != 0)
+		error_fr(r, "signing with converted key failed");
+	else if ((r = sshkey_verify(key, sig, slen, data, sizeof(data),
+	    NULL, 0, NULL)) != 0)
+		error_fr(r, "verification with converted key failed");
+	if (r != 0) {
 		sshkey_free(key);
 		free(sig);
 		return NULL;
@@ -3003,37 +3006,43 @@ do_moduli_screen(const char *out_file, char **opts, size_t nopts)
 #endif /* WITH_OPENSSL */
 }
 
+/* Read and confirm a passphrase */
 static char *
-private_key_passphrase(void)
+read_check_passphrase(const char *prompt1, const char *prompt2,
+    const char *retry_prompt)
 {
 	char *passphrase1, *passphrase2;
 
-	/* Ask for a passphrase (twice). */
-	if (identity_passphrase)
-		passphrase1 = xstrdup(identity_passphrase);
-	else if (identity_new_passphrase)
-		passphrase1 = xstrdup(identity_new_passphrase);
-	else {
-passphrase_again:
-		passphrase1 =
-			read_passphrase("Enter passphrase (empty for no "
-			    "passphrase): ", RP_ALLOW_STDIN);
-		passphrase2 = read_passphrase("Enter same passphrase again: ",
-		    RP_ALLOW_STDIN);
-		if (strcmp(passphrase1, passphrase2) != 0) {
-			/*
-			 * The passphrases do not match.  Clear them and
-			 * retry.
-			 */
-			freezero(passphrase1, strlen(passphrase1));
+	for (;;) {
+		passphrase1 = read_passphrase(prompt1, RP_ALLOW_STDIN);
+		passphrase2 = read_passphrase(prompt2, RP_ALLOW_STDIN);
+		if (strcmp(passphrase1, passphrase2) == 0) {
 			freezero(passphrase2, strlen(passphrase2));
-			printf("Passphrases do not match.  Try again.\n");
-			goto passphrase_again;
+			return passphrase1;
 		}
-		/* Clear the other copy of the passphrase. */
+		/* The passphrases do not match. Clear them and retry. */
+		freezero(passphrase1, strlen(passphrase1));
 		freezero(passphrase2, strlen(passphrase2));
+		fputs(retry_prompt, stdout);
+		fputc('\n', stdout);
+		fflush(stdout);
 	}
-	return passphrase1;
+	/* NOTREACHED */
+	return NULL;
+}
+
+static char *
+private_key_passphrase(void)
+{
+	if (identity_passphrase)
+		return xstrdup(identity_passphrase);
+	if (identity_new_passphrase)
+		return xstrdup(identity_new_passphrase);
+
+	return read_check_passphrase(
+	    "Enter passphrase (empty for no passphrase): ",
+	    "Enter same passphrase again: ",
+	    "Passphrases do not match.  Try again.");
 }
 
 static char *
-- 
2.20.1