===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.110
retrieving revision 1.111
diff -c -r1.110 -r1.111
*** src/usr.bin/signify/signify.c	2016/09/02 15:08:48	1.110
--- src/usr.bin/signify/signify.c	2016/09/02 16:10:56	1.111
***************
*** 1,4 ****
! /* $OpenBSD: signify.c,v 1.110 2016/09/02 15:08:48 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
--- 1,4 ----
! /* $OpenBSD: signify.c,v 1.111 2016/09/02 16:10:56 espie Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
***************
*** 34,39 ****
--- 34,40 ----
  #include <sha2.h>
  
  #include "crypto_api.h"
+ #include "signify.h"
  
  #define SIGBYTES crypto_sign_ed25519_BYTES
  #define SECRETBYTES crypto_sign_ed25519_SECRETKEYBYTES
***************
*** 79,92 ****
  #ifndef VERIFYONLY
  	    "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
  	    "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
! 	    "\t%1$s -S [-e] [-x sigfile] -s seckey -m message\n"
  #endif
! 	    "\t%1$s -V [-eq] [-x sigfile] -p pubkey -m message\n",
  	    getprogname());
  	exit(1);
  }
  
! static int
  xopen(const char *fname, int oflags, mode_t mode)
  {
  	struct stat sb;
--- 80,93 ----
  #ifndef VERIFYONLY
  	    "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
  	    "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
! 	    "\t%1$s -S [-ez] [-x sigfile] -s seckey -m message\n"
  #endif
! 	    "\t%1$s -V [-ezq] [-x sigfile] -p pubkey -m message\n",
  	    getprogname());
  	exit(1);
  }
  
! int
  xopen(const char *fname, int oflags, mode_t mode)
  {
  	struct stat sb;
***************
*** 110,116 ****
  	return fd;
  }
  
! static void *
  xmalloc(size_t len)
  {
  	void *p;
--- 111,117 ----
  	return fd;
  }
  
! void *
  xmalloc(size_t len)
  {
  	void *p;
***************
*** 205,211 ****
  	return msg;
  }
  
! static void
  writeall(int fd, const void *buf, size_t buflen, const char *filename)
  {
  	ssize_t x;
--- 206,212 ----
  	return msg;
  }
  
! void
  writeall(int fd, const void *buf, size_t buflen, const char *filename)
  {
  	ssize_t x;
***************
*** 342,348 ****
  	    sizeof(pubkey), O_EXCL, 0666);
  }
  
! static uint8_t *
  createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg,
      unsigned long long msglen)
  {
--- 343,349 ----
  	    sizeof(pubkey), O_EXCL, 0666);
  }
  
! uint8_t *
  createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg,
      unsigned long long msglen)
  {
***************
*** 688,693 ****
--- 689,714 ----
  
  	free(msg);
  }
+ 
+ void *
+ verifyzdata(uint8_t *zdata, unsigned long long zdatalen, 
+     const char *filename, const char *pubkeyfile, const char *keytype)
+ {
+ 	struct sig sig;
+ 	char sigcomment[COMMENTMAXLEN];
+ 	unsigned long long siglen;
+ 	struct pubkey pubkey;
+ 
+ 	if (zdatalen < sizeof(sig))
+ 		errx(1, "signature too short in %s", filename);
+ 	siglen = parseb64file(filename, zdata, &sig, sizeof(sig), 
+ 	    sigcomment);
+ 	readpubkey(pubkeyfile, &pubkey, sigcomment, keytype);
+ 	zdata += siglen;
+ 	zdatalen -= siglen;
+ 	verifymsg(&pubkey, zdata, zdatalen, &sig, 1);
+ 	return zdata;
+ }
  #endif
  
  int
***************
*** 701,706 ****
--- 722,728 ----
  	int ch, rounds;
  	int embedded = 0;
  	int quiet = 0;
+ 	int gzip = 0;
  	enum {
  		NONE,
  		CHECK,
***************
*** 714,720 ****
  
  	rounds = 42;
  
! 	while ((ch = getopt(argc, argv, "CGSVc:em:np:qs:t:x:")) != -1) {
  		switch (ch) {
  #ifndef VERIFYONLY
  		case 'C':
--- 736,742 ----
  
  	rounds = 42;
  
! 	while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) {
  		switch (ch) {
  #ifndef VERIFYONLY
  		case 'C':
***************
*** 732,737 ****
--- 754,762 ----
  				usage(NULL);
  			verb = SIGN;
  			break;
+ 		case 'z':
+ 			gzip = 1;
+ 			break;
  #endif
  		case 'V':
  			if (verb)
***************
*** 786,792 ****
  			err(1, "pledge");
  		break;
  	case VERIFY:
! 		if (embedded && (!msgfile || strcmp(msgfile, "-") != 0)) {
  			if (pledge("stdio rpath wpath cpath", NULL) == -1)
  				err(1, "pledge");
  		} else {
--- 811,818 ----
  			err(1, "pledge");
  		break;
  	case VERIFY:
! 		if ((embedded || gzip)
! 		    && (!msgfile || strcmp(msgfile, "-") != 0)) {
  			if (pledge("stdio rpath wpath cpath", NULL) == -1)
  				err(1, "pledge");
  		} else {
***************
*** 830,844 ****
  		generate(pubkeyfile, seckeyfile, rounds, comment);
  		break;
  	case SIGN:
! 		if (!msgfile || !seckeyfile)
! 			usage("must specify message and seckey");
! 		sign(seckeyfile, msgfile, sigfile, embedded);
  		break;
  #endif
  	case VERIFY:
! 		if (!msgfile)
! 			usage("must specify message");
! 		verify(pubkeyfile, msgfile, sigfile, embedded, quiet, keytype);
  		break;
  	default:
  		usage(NULL);
--- 856,879 ----
  		generate(pubkeyfile, seckeyfile, rounds, comment);
  		break;
  	case SIGN:
! 		if (gzip)
! 			zsign(seckeyfile, msgfile, sigfile);
! 		else {
! 			if (!msgfile || !seckeyfile)
! 				usage("must specify message and seckey");
! 			sign(seckeyfile, msgfile, sigfile, embedded);
! 		}
  		break;
  #endif
  	case VERIFY:
! 		if (gzip)
! 			zverify(pubkeyfile, msgfile, sigfile, keytype);
! 		else {
! 			if (!msgfile)
! 				usage("must specify message");
! 			verify(pubkeyfile, msgfile, sigfile, embedded, 
! 			    quiet, keytype);
! 		}
  		break;
  	default:
  		usage(NULL);