===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.128
retrieving revision 1.129
diff -c -r1.128 -r1.129
*** src/usr.bin/signify/signify.c	2017/07/11 23:27:13	1.128
--- src/usr.bin/signify/signify.c	2019/01/17 05:31:28	1.129
***************
*** 1,4 ****
! /* $OpenBSD: signify.c,v 1.128 2017/07/11 23:27:13 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
--- 1,4 ----
! /* $OpenBSD: signify.c,v 1.129 2019/01/17 05:31:28 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
***************
*** 254,259 ****
--- 254,260 ----
  {
  	char pass[1024];
  	int rppflags = RPP_ECHO_OFF;
+ 	const char *errstr = NULL;
  
  	if (rounds == 0) {
  		memset(key, 0, keylen);
***************
*** 270,284 ****
  		char pass2[1024];
  		if (!readpassphrase("confirm passphrase: ", pass2,
  		    sizeof(pass2), rppflags))
! 			errx(1, "unable to read passphrase");
! 		if (strcmp(pass, pass2) != 0)
! 			errx(1, "passwords don't match");
  		explicit_bzero(pass2, sizeof(pass2));
  	}
! 	if (bcrypt_pbkdf(pass, strlen(pass), salt, saltlen, key,
  	    keylen, rounds) == -1)
! 		errx(1, "bcrypt pbkdf");
  	explicit_bzero(pass, sizeof(pass));
  }
  
  static void
--- 271,287 ----
  		char pass2[1024];
  		if (!readpassphrase("confirm passphrase: ", pass2,
  		    sizeof(pass2), rppflags))
! 			errstr = "unable to read passphrase";
! 		if (!errstr && strcmp(pass, pass2) != 0)
! 			errstr = "passwords don't match";
  		explicit_bzero(pass2, sizeof(pass2));
  	}
! 	if (!errstr && bcrypt_pbkdf(pass, strlen(pass), salt, saltlen, key,
  	    keylen, rounds) == -1)
! 		errstr = "bcrypt pbkdf";
  	explicit_bzero(pass, sizeof(pass));
+ 	if (errstr)
+ 		errx(1, "%s", errstr);
  }
  
  static void