diff options
Diffstat (limited to 'src/usr.bin/signify/signify.c')
| -rw-r--r-- | src/usr.bin/signify/signify.c | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/src/usr.bin/signify/signify.c b/src/usr.bin/signify/signify.c index 3607e2f..89a7848 100644 --- a/src/usr.bin/signify/signify.c +++ b/src/usr.bin/signify/signify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.128 2017/07/11 23:27:13 tedu Exp $ */ +/* $OpenBSD: signify.c,v 1.131 2019/03/23 07:10:06 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org> * @@ -82,7 +82,7 @@ usage(const char *error) #ifndef VERIFYONLY "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n" "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n" - "\t%1$s -S [-ez] [-x sigfile] -s seckey -m message\n" + "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n" #endif "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n", __progname); @@ -144,7 +144,7 @@ parseb64file(const char *filename, char *b64, void *buf, size_t buflen, errx(1, "missing new line after base64 in %s", filename); *b64end = '\0'; if (b64_pton(commentend + 1, buf, buflen) != buflen) - errx(1, "invalid base64 encoding in %s", filename); + errx(1, "unable to parse %s", filename); if (memcmp(buf, PKALG, 2) != 0) errx(1, "unsupported file %s", filename); return b64end - b64 + 1; @@ -256,6 +256,7 @@ kdf(uint8_t *salt, size_t saltlen, int rounds, int allowstdin, int confirm, { char pass[1024]; int rppflags = RPP_ECHO_OFF; + const char *errstr = NULL; if (rounds == 0) { memset(key, 0, keylen); @@ -272,15 +273,17 @@ kdf(uint8_t *salt, size_t saltlen, int rounds, int allowstdin, int confirm, char pass2[1024]; if (!readpassphrase("confirm passphrase: ", pass2, sizeof(pass2), rppflags)) - errx(1, "unable to read passphrase"); - if (strcmp(pass, pass2) != 0) - errx(1, "passwords don't match"); + errstr = "unable to read passphrase"; + if (!errstr && strcmp(pass, pass2) != 0) + errstr = "passwords don't match"; explicit_bzero(pass2, sizeof(pass2)); } - if (bcrypt_pbkdf(pass, strlen(pass), salt, saltlen, key, + if (!errstr && bcrypt_pbkdf(pass, strlen(pass), salt, saltlen, key, keylen, rounds) == -1) - errx(1, "bcrypt pbkdf"); + errstr = "bcrypt pbkdf"; explicit_bzero(pass, sizeof(pass)); + if (errstr) + errx(1, "%s", errstr); } static void @@ -764,7 +767,8 @@ main(int argc, char **argv) char sigfilebuf[PATH_MAX]; const char *comment = "signify"; char *keytype = NULL; - int ch, rounds; + int ch; + int none = 0; int embedded = 0; int quiet = 0; int gzip = 0; @@ -779,8 +783,6 @@ main(int argc, char **argv) if (pledge("stdio rpath wpath cpath tty", NULL) == -1) err(1, "pledge"); - rounds = 42; - while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) { switch (ch) { #ifndef VERIFYONLY @@ -818,7 +820,7 @@ main(int argc, char **argv) msgfile = optarg; break; case 'n': - rounds = 0; + none = 1; break; case 'p': pubkeyfile = optarg; @@ -881,14 +883,14 @@ main(int argc, char **argv) if (!pubkeyfile || !seckeyfile) usage("must specify pubkey and seckey"); check_keyname_compliance(pubkeyfile, seckeyfile); - generate(pubkeyfile, seckeyfile, rounds, comment); + generate(pubkeyfile, seckeyfile, none ? 0 : 42, comment); break; case SIGN: /* no pledge */ if (gzip) { if (!msgfile || !seckeyfile || !sigfile) usage("must specify message sigfile seckey"); - zsign(seckeyfile, msgfile, sigfile); + zsign(seckeyfile, msgfile, sigfile, none); } else { if (!msgfile || !seckeyfile) usage("must specify message and seckey"); |