agent: Add known keys to sshcontrol.

* agent/command-ssh.c (ssh_identity_register): Add a key to sshcontrol
even if it is already in the private key store.
* tests/openpgp/ssh.scm: Test this.

GnuPG-bug-id: 2316
Signed-off-by: Justus Winter <[email protected]>

2 files changed, 21 insertions, 7 deletions

diff --git a/agent/command-ssh.c b/agent/command-ssh.c
index e3cd4b9b8..48f1b3d45 100644
--- a/agent/command-ssh.c
+++ b/agent/command-ssh.c
@@ -3152,8 +3152,8 @@ reenter_compare_cb (struct pin_entry_info_s *pi)
 /* Store the ssh KEY into our local key storage and protect it after
    asking for a passphrase.  Cache that passphrase.  TTL is the
    maximum caching time for that key.  If the key already exists in
-   our key storage, don't do anything.  When entering a new key also
-   add an entry to the sshcontrol file.  */
+   our key storage, don't do anything.  When entering a key also add
+   an entry to the sshcontrol file.  */
 static gpg_error_t
 ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
                        gcry_sexp_t key, int ttl, int confirm)
@@ -3175,15 +3175,17 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
   if (err)
     goto out;
 
-  /* Check whether the key is already in our key storage.  Don't do
-     anything then.  */
-  if ( !agent_key_available (key_grip_raw) )
-    goto out; /* Yes, key is available.  */
+  bin2hex (key_grip_raw, 20, key_grip);
 
   err = ssh_get_fingerprint_string (key, &key_fpr);
   if (err)
     goto out;
 
+  /* Check whether the key is already in our key storage.  Don't do
+     anything then besides (re-)adding it to sshcontrol.  */
+  if ( !agent_key_available (key_grip_raw) )
+    goto key_exists; /* Yes, key is available.  */
+
   err = ssh_key_extract_comment (key, &comment);
   if (err)
     goto out;
@@ -3249,11 +3251,11 @@ ssh_identity_register (ctrl_t ctrl, ssh_key_type_spec_t *spec,
     goto out;
 
   /* Cache this passphrase. */
-  bin2hex (key_grip_raw, 20, key_grip);
   err = agent_put_cache (key_grip, CACHE_MODE_SSH, pi->pin, ttl);
   if (err)
     goto out;
 
+ key_exists:
   /* And add an entry to the sshcontrol file.  */
   err = add_control_entry (ctrl, spec, key_grip, key_fpr, ttl, confirm);
 
diff --git a/tests/openpgp/ssh.scm b/tests/openpgp/ssh.scm
index cc47772a0..fe0b1150c 100755
--- a/tests/openpgp/ssh.scm
+++ b/tests/openpgp/ssh.scm
@@ -50,3 +50,15 @@
      (unless (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "") hash)
 	     (error "key not added"))))
  car keys)
+
+(info "Checking for issue2316...")
+(unlink (string-append GNUPGHOME "/sshcontrol"))
+(pipe:do
+ (pipe:open (path-join (in-srcdir "samplekeys")
+		       (string-append "ssh-rsa.key"))
+	    (logior O_RDONLY O_BINARY))
+ (pipe:spawn `(,SSH-ADD -)))
+(unless
+ (string-contains? (call-popen `(,SSH-ADD -l "-E" md5) "")
+		   "MD5:c9:85:b5:55:00:84:a9:82:5a:df:d6:62:1b:5a:28:22")
+ (error "known private key not (re-)added to sshcontrol"))