From 390aecca0b7f705c4b05ef7235cd638a7f37e8cb Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Thu, 1 Aug 2019 18:15:04 -0700
Subject: [PATCH] Check for error creating signers.

---
 authority/ssh.go | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/authority/ssh.go b/authority/ssh.go
index e3201683..d6f9dc4c 100644
--- a/authority/ssh.go
+++ b/authority/ssh.go
@@ -87,7 +87,12 @@ func (a *Authority) SignSSH(key ssh.PublicKey, opts provisioner.SSHOptions, sign
 				code: http.StatusNotImplemented,
 			}
 		}
-		signer, err = ssh.NewSignerFromSigner(a.sshCAUserCertSignKey)
+		if signer, err = ssh.NewSignerFromSigner(a.sshCAUserCertSignKey); err != nil {
+			return nil, &apiError{
+				err:  errors.Wrap(err, "signSSH: error creating signer"),
+				code: http.StatusInternalServerError,
+			}
+		}
 	case ssh.HostCert:
 		if a.sshCAHostCertSignKey == nil {
 			return nil, &apiError{
@@ -95,7 +100,12 @@ func (a *Authority) SignSSH(key ssh.PublicKey, opts provisioner.SSHOptions, sign
 				code: http.StatusNotImplemented,
 			}
 		}
-		signer, err = ssh.NewSignerFromSigner(a.sshCAHostCertSignKey)
+		if signer, err = ssh.NewSignerFromSigner(a.sshCAHostCertSignKey); err != nil {
+			return nil, &apiError{
+				err:  errors.Wrap(err, "signSSH: error creating signer"),
+				code: http.StatusInternalServerError,
+			}
+		}
 	default:
 		return nil, &apiError{
 			err:  errors.Errorf("unexpected ssh certificate type: %d", cert.CertType),