===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.441
retrieving revision 1.453
diff -u -r1.441 -r1.453
--- src/usr.bin/ssh/ssh-keygen.c	2021/11/27 07:14:46	1.441
+++ src/usr.bin/ssh/ssh-keygen.c	2022/05/31 14:05:12	1.453
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.441 2021/11/27 07:14:46 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.453 2022/05/31 14:05:12 naddy Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -121,6 +121,7 @@
 #define CERTOPT_PTY				(1<<3)
 #define CERTOPT_USER_RC				(1<<4)
 #define CERTOPT_NO_REQUIRE_USER_PRESENCE	(1<<5)
+#define CERTOPT_REQUIRE_VERIFY			(1<<6)
 #define CERTOPT_DEFAULT	(CERTOPT_X_FWD|CERTOPT_AGENT_FWD| \
 			 CERTOPT_PORT_FWD|CERTOPT_PTY|CERTOPT_USER_RC)
 static u_int32_t certflags_flags = CERTOPT_DEFAULT;
@@ -1649,6 +1650,8 @@
 		cert_ext_add("force-command", certflags_command, 1);
 	if (certflags_src_addr != NULL)
 		cert_ext_add("source-address", certflags_src_addr, 1);
+	if ((certflags_flags & CERTOPT_REQUIRE_VERIFY) != 0)
+		cert_ext_add("verify-required", NULL, 1);
 	/* extensions */
 	if ((certflags_flags & CERTOPT_X_FWD) != 0)
 		cert_ext_add("permit-X11-forwarding", NULL, 0);
@@ -1970,6 +1973,10 @@
 		certflags_flags &= ~CERTOPT_NO_REQUIRE_USER_PRESENCE;
 	else if (strcasecmp(opt, "no-touch-required") == 0)
 		certflags_flags |= CERTOPT_NO_REQUIRE_USER_PRESENCE;
+	else if (strcasecmp(opt, "no-verify-required") == 0)
+		certflags_flags &= ~CERTOPT_REQUIRE_VERIFY;
+	else if (strcasecmp(opt, "verify-required") == 0)
+		certflags_flags |= CERTOPT_REQUIRE_VERIFY;
 	else if (strncasecmp(opt, "force-command=", 14) == 0) {
 		val = opt + 14;
 		if (*val == '\0')
@@ -2028,6 +2035,9 @@
 				fatal_fr(r, "parse critical");
 			printf(" %s\n", arg);
 			free(arg);
+		} else if (in_critical &&
+		    strcmp(name, "verify-required") == 0) {
+			printf("\n");
 		} else if (sshbuf_len(option) > 0) {
 			hex = sshbuf_dtob16(option);
 			printf(" UNKNOWN OPTION: %s (len %zu)\n",
@@ -2437,9 +2447,10 @@
 {
 	size_t i, slen, plen = strlen(keypath);
 	char *privpath = xstrdup(keypath);
-	const char *suffixes[] = { "-cert.pub", ".pub", NULL };
+	static const char * const suffixes[] = { "-cert.pub", ".pub", NULL };
 	struct sshkey *ret = NULL, *privkey = NULL;
-	int r;
+	int r, waspub = 0;
+	struct stat st;
 
 	/*
 	 * If passed a public key filename, then try to locate the corresponding
@@ -2454,11 +2465,17 @@
 		privpath[plen - slen] = '\0';
 		debug_f("%s looks like a public key, using private key "
 		    "path %s instead", keypath, privpath);
+		waspub = 1;
 	}
-	if ((privkey = load_identity(privpath, NULL)) == NULL) {
-		error("Couldn't load identity %s", keypath);
-		goto done;
-	}
+	if (waspub && stat(privpath, &st) != 0 && errno == ENOENT)
+		fatal("No private key found for public key \"%s\"", keypath);
+	if ((r = sshkey_load_private(privpath, "", &privkey, NULL)) != 0 &&
+	    (r != SSH_ERR_KEY_WRONG_PASSPHRASE)) {
+		debug_fr(r, "load private key \"%s\"", privpath);
+		fatal("No private key found for \"%s\"", privpath);
+	} else if (privkey == NULL)
+		privkey = load_identity(privpath, NULL);
+
 	if (!sshkey_equal_public(pubkey, privkey)) {
 		error("Public key %s doesn't match private %s",
 		    keypath, privpath);
@@ -2489,7 +2506,8 @@
 
 static int
 sign_one(struct sshkey *signkey, const char *filename, int fd,
-    const char *sig_namespace, sshsig_signer *signer, void *signer_ctx)
+    const char *sig_namespace, const char *hashalg, sshsig_signer *signer,
+    void *signer_ctx)
 {
 	struct sshbuf *sigbuf = NULL, *abuf = NULL;
 	int r = SSH_ERR_INTERNAL_ERROR, wfd = -1, oerrno;
@@ -2519,7 +2537,7 @@
 			free(fp);
 		}
 	}
-	if ((r = sshsig_sign_fd(signkey, NULL, sk_provider, pin,
+	if ((r = sshsig_sign_fd(signkey, hashalg, sk_provider, pin,
 	    fd, sig_namespace, &sigbuf, signer, signer_ctx)) != 0) {
 		error_r(r, "Signing %s failed", filename);
 		goto out;
@@ -2580,12 +2598,57 @@
 }
 
 static int
-sig_sign(const char *keypath, const char *sig_namespace, int argc, char **argv)
+sig_process_opts(char * const *opts, size_t nopts, char **hashalgp,
+    uint64_t *verify_timep, int *print_pubkey)
 {
+	size_t i;
+	time_t now;
+
+	if (verify_timep != NULL)
+		*verify_timep = 0;
+	if (print_pubkey != NULL)
+		*print_pubkey = 0;
+	if (hashalgp != NULL)
+		*hashalgp = NULL;
+	for (i = 0; i < nopts; i++) {
+		if (hashalgp != NULL &&
+		    strncasecmp(opts[i], "hashalg=", 8) == 0) {
+			*hashalgp = xstrdup(opts[i] + 8);
+		} else if (verify_timep &&
+		    strncasecmp(opts[i], "verify-time=", 12) == 0) {
+			if (parse_absolute_time(opts[i] + 12,
+			    verify_timep) != 0 || *verify_timep == 0) {
+				error("Invalid \"verify-time\" option");
+				return SSH_ERR_INVALID_ARGUMENT;
+			}
+		} else if (print_pubkey &&
+		    strcasecmp(opts[i], "print-pubkey") == 0) {
+			*print_pubkey = 1;
+		} else {
+			error("Invalid option \"%s\"", opts[i]);
+			return SSH_ERR_INVALID_ARGUMENT;
+		}
+	}
+	if (verify_timep && *verify_timep == 0) {
+		if ((now = time(NULL)) < 0) {
+			error("Time is before epoch");
+			return SSH_ERR_INVALID_ARGUMENT;
+		}
+		*verify_timep = (uint64_t)now;
+	}
+	return 0;
+}
+
+
+static int
+sig_sign(const char *keypath, const char *sig_namespace, int require_agent,
+    int argc, char **argv, char * const *opts, size_t nopts)
+{
 	int i, fd = -1, r, ret = -1;
 	int agent_fd = -1;
 	struct sshkey *pubkey = NULL, *privkey = NULL, *signkey = NULL;
 	sshsig_signer *signer = NULL;
+	char *hashalg = NULL;
 
 	/* Check file arguments. */
 	for (i = 0; i < argc; i++) {
@@ -2595,18 +2658,26 @@
 			fatal("Cannot sign mix of paths and standard input");
 	}
 
+	if (sig_process_opts(opts, nopts, &hashalg, NULL, NULL) != 0)
+		goto done; /* error already logged */
+
 	if ((r = sshkey_load_public(keypath, &pubkey, NULL)) != 0) {
 		error_r(r, "Couldn't load public key %s", keypath);
 		goto done;
 	}
 
-	if ((r = ssh_get_authentication_socket(&agent_fd)) != 0)
+	if ((r = ssh_get_authentication_socket(&agent_fd)) != 0) {
+		if (require_agent)
+			fatal("Couldn't get agent socket");
 		debug_r(r, "Couldn't get agent socket");
-	else {
+	} else {
 		if ((r = ssh_agent_has_key(agent_fd, pubkey)) == 0)
 			signer = agent_signer;
-		else
+		else {
+			if (require_agent)
+				fatal("Couldn't find key in agent");
 			debug_r(r, "Couldn't find key in agent");
+		}
 	}
 
 	if (signer == NULL) {
@@ -2621,7 +2692,7 @@
 
 	if (argc == 0) {
 		if ((r = sign_one(signkey, "(stdin)", STDIN_FILENO,
-		    sig_namespace, signer, &agent_fd)) != 0)
+		    sig_namespace, hashalg, signer, &agent_fd)) != 0)
 			goto done;
 	} else {
 		for (i = 0; i < argc; i++) {
@@ -2633,7 +2704,7 @@
 				goto done;
 			}
 			if ((r = sign_one(signkey, argv[i], fd, sig_namespace,
-			    signer, &agent_fd)) != 0)
+			    hashalg, signer, &agent_fd)) != 0)
 				goto done;
 			if (fd != STDIN_FILENO)
 				close(fd);
@@ -2647,47 +2718,11 @@
 		close(fd);
 	sshkey_free(pubkey);
 	sshkey_free(privkey);
+	free(hashalg);
 	return ret;
 }
 
 static int
-sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep,
-    int *print_pubkey)
-{
-	size_t i;
-	time_t now;
-
-	if (verify_timep != NULL)
-		*verify_timep = 0;
-	if (print_pubkey != NULL)
-		*print_pubkey = 0;
-	for (i = 0; i < nopts; i++) {
-		if (verify_timep &&
-		    strncasecmp(opts[i], "verify-time=", 12) == 0) {
-			if (parse_absolute_time(opts[i] + 12,
-			    verify_timep) != 0 || *verify_timep == 0) {
-				error("Invalid \"verify-time\" option");
-				return SSH_ERR_INVALID_ARGUMENT;
-			}
-		} else if (print_pubkey &&
-		    strcasecmp(opts[i], "print-pubkey") == 0) {
-			*print_pubkey = 1;
-		} else {
-			error("Invalid option \"%s\"", opts[i]);
-			return SSH_ERR_INVALID_ARGUMENT;
-		}
-	}
-	if (verify_timep && *verify_timep == 0) {
-		if ((now = time(NULL)) < 0) {
-			error("Time is before epoch");
-			return SSH_ERR_INVALID_ARGUMENT;
-		}
-		*verify_timep = (uint64_t)now;
-	}
-	return 0;
-}
-
-static int
 sig_verify(const char *signature, const char *sig_namespace,
     const char *principal, const char *allowed_keys, const char *revoked_keys,
     char * const *opts, size_t nopts)
@@ -2700,7 +2735,8 @@
 	struct sshkey_sig_details *sig_details = NULL;
 	uint64_t verify_time = 0;
 
-	if (sig_process_opts(opts, nopts, &verify_time, &print_pubkey) != 0)
+	if (sig_process_opts(opts, nopts, NULL, &verify_time,
+	    &print_pubkey) != 0)
 		goto done; /* error already logged */
 
 	memset(&sig_details, 0, sizeof(sig_details));
@@ -2788,7 +2824,7 @@
 	char *principals = NULL, *cp, *tmp;
 	uint64_t verify_time = 0;
 
-	if (sig_process_opts(opts, nopts, &verify_time, NULL) != 0)
+	if (sig_process_opts(opts, nopts, NULL, &verify_time, NULL) != 0)
 		goto done; /* error already logged */
 
 	if ((r = sshbuf_load_file(signature, &abuf)) != 0) {
@@ -2834,7 +2870,7 @@
 	char **principals = NULL;
 	size_t i, nprincipals = 0;
 
-	if ((r = sig_process_opts(opts, nopts, NULL, NULL)) != 0)
+	if ((r = sig_process_opts(opts, nopts, NULL, NULL, NULL)) != 0)
 		return r; /* error already logged */
 
 	if ((r = sshsig_match_principals(allowed_keys, principal,
@@ -3190,11 +3226,11 @@
 	    "                  file ...\n"
 	    "       ssh-keygen -Q [-l] -f krl_file [file ...]\n"
 	    "       ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file\n"
-		"       ssh-keygen -Y match-principals -I signer_identity -f allowed_signers_file\n"
+	    "       ssh-keygen -Y match-principals -I signer_identity -f allowed_signers_file\n"
 	    "       ssh-keygen -Y check-novalidate -n namespace -s signature_file\n"
-	    "       ssh-keygen -Y sign -f key_file -n namespace file ...\n"
+	    "       ssh-keygen -Y sign -f key_file -n namespace file [-O option] ...\n"
 	    "       ssh-keygen -Y verify -f allowed_signers_file -I signer_identity\n"
-	    "                  -n namespace -s signature_file [-r revocation_file]\n");
+	    "                  -n namespace -s signature_file [-r krl_file] [-O option]\n");
 	exit(1);
 }
 
@@ -3483,6 +3519,7 @@
 			return sig_match_principals(identity_file, cert_key_id,
 			    opts, nopts);
 		} else if (strncmp(sign_op, "sign", 4) == 0) {
+			/* NB. cert_principals is actually namespace, via -n */
 			if (cert_principals == NULL ||
 			    *cert_principals == '\0') {
 				error("Too few arguments for sign: "
@@ -3495,8 +3532,15 @@
 				exit(1);
 			}
 			return sig_sign(identity_file, cert_principals,
-			    argc, argv);
+			    prefer_agent, argc, argv, opts, nopts);
 		} else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
+			/* NB. cert_principals is actually namespace, via -n */
+			if (cert_principals == NULL ||
+			    *cert_principals == '\0') {
+				error("Too few arguments for check-novalidate: "
+				    "missing namespace");
+				exit(1);
+			}
 			if (ca_key_path == NULL) {
 				error("Too few arguments for check-novalidate: "
 				    "missing signature file");
@@ -3505,6 +3549,7 @@
 			return sig_verify(ca_key_path, cert_principals,
 			    NULL, NULL, NULL, opts, nopts);
 		} else if (strncmp(sign_op, "verify", 6) == 0) {
+			/* NB. cert_principals is actually namespace, via -n */
 			if (cert_principals == NULL ||
 			    *cert_principals == '\0') {
 				error("Too few arguments for verify: "
@@ -3523,7 +3568,7 @@
 			}
 			if (cert_key_id == NULL) {
 				error("Too few arguments for verify: "
-				    "missing principal ID");
+				    "missing principal identity");
 				exit(1);
 			}
 			return sig_verify(ca_key_path, cert_principals,