From 2741f52beb11490d7033a25e56ed0496f0c78006 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 29 Oct 2021 03:20:46 +0000
Subject: [PATCH] upstream: ssh-keygen: make verify-time argument parsing
 optional

From Fabian Stelzer

OpenBSD-Commit-ID: 1ff35e4c366a45a073663df90381be6a8ef4d370
---
 ssh-keygen.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ssh-keygen.c b/ssh-keygen.c
index 81988683f..248a0ae76 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.439 2021/10/28 02:54:18 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.440 2021/10/29 03:20:46 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2680,11 +2680,13 @@ sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep,
 	size_t i;
 	time_t now;
 
-	*verify_timep = 0;
+	if (verify_timep != NULL)
+		*verify_timep = 0;
 	if (print_pubkey != NULL)
 		*print_pubkey = 0;
 	for (i = 0; i < nopts; i++) {
-		if (strncasecmp(opts[i], "verify-time=", 12) == 0) {
+		if (verify_timep &&
+		    strncasecmp(opts[i], "verify-time=", 12) == 0) {
 			if (parse_absolute_time(opts[i] + 12,
 			    verify_timep) != 0 || *verify_timep == 0) {
 				error("Invalid \"verify-time\" option");
@@ -2698,7 +2700,7 @@ sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep,
 			return SSH_ERR_INVALID_ARGUMENT;
 		}
 	}
-	if (*verify_timep == 0) {
+	if (verify_timep && *verify_timep == 0) {
 		if ((now = time(NULL)) < 0) {
 			error("Time is before epoch");
 			return SSH_ERR_INVALID_ARGUMENT;