From 144a80bd9a603b8b7a1ec866ff4acdd73efc308c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <des@FreeBSD.org>
Date: Mon, 8 Aug 2016 10:46:18 +0000
Subject: [PATCH] Try to check whether each key file exists before adding it,
 and bail out if we didn't find any of them.  This reduces log spam about key
 files for deprecated algorithms, which we look for but don't generate.

PR:		208254
MFC after:	3 days
---
 crypto/openssh/servconf.c | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/crypto/openssh/servconf.c b/crypto/openssh/servconf.c
index da558de2c19e..6fb8be5bfd5a 100644
--- a/crypto/openssh/servconf.c
+++ b/crypto/openssh/servconf.c
@@ -22,6 +22,7 @@ __RCSID("$FreeBSD$");
 #include <netinet/ip.h>
 
 #include <ctype.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <stdio.h>
@@ -206,24 +207,28 @@ fill_default_server_options(ServerOptions *options)
 	/* Standard Options */
 	if (options->protocol == SSH_PROTO_UNKNOWN)
 		options->protocol = SSH_PROTO_2;
+#define add_host_key_file(path)						\
+	do {								\
+		if (access((path), O_RDONLY) == 0)			\
+			options->host_key_files				\
+			    [options->num_host_key_files++] = (path);	\
+	} while (0)
 	if (options->num_host_key_files == 0) {
 		/* fill default hostkeys for protocols */
 		if (options->protocol & SSH_PROTO_1)
-			options->host_key_files[options->num_host_key_files++] =
-			    _PATH_HOST_KEY_FILE;
+			add_host_key_file(_PATH_HOST_KEY_FILE);
 		if (options->protocol & SSH_PROTO_2) {
-			options->host_key_files[options->num_host_key_files++] =
-			    _PATH_HOST_RSA_KEY_FILE;
-			options->host_key_files[options->num_host_key_files++] =
-			    _PATH_HOST_DSA_KEY_FILE;
+			add_host_key_file(_PATH_HOST_RSA_KEY_FILE);
+			add_host_key_file(_PATH_HOST_DSA_KEY_FILE);
 #ifdef OPENSSL_HAS_ECC
-			options->host_key_files[options->num_host_key_files++] =
-			    _PATH_HOST_ECDSA_KEY_FILE;
+			add_host_key_file(_PATH_HOST_ECDSA_KEY_FILE);
 #endif
-			options->host_key_files[options->num_host_key_files++] =
-			    _PATH_HOST_ED25519_KEY_FILE;
+			add_host_key_file(_PATH_HOST_ED25519_KEY_FILE);
 		}
 	}
+#undef add_host_key_file
+	if (options->num_host_key_files == 0)
+		fatal("No host key files found");
 	/* No certificates by default */
 	if (options->num_ports == 0)
 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;