===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -c -r1.17 -r1.18
*** src/usr.bin/signify/signify.c	2014/01/09 17:13:36	1.17
--- src/usr.bin/signify/signify.c	2014/01/09 18:59:35	1.18
***************
*** 1,4 ****
! /* $OpenBSD: signify.c,v 1.17 2014/01/09 17:13:36 deraadt Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
--- 1,4 ----
! /* $OpenBSD: signify.c,v 1.18 2014/01/09 18:59:35 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
***************
*** 39,46 ****
  #define KDFALG "BK"
  #define FPLEN 8
  
! #define COMMENTHDR "untrusted comment:"
! #define COMMENTHDRLEN 18
  
  struct enckey {
  	uint8_t pkalg[2];
--- 39,47 ----
  #define KDFALG "BK"
  #define FPLEN 8
  
! #define COMMENTHDR "untrusted comment: "
! #define COMMENTHDRLEN 19
! #define COMMENTMAXLEN 1024
  
  struct enckey {
  	uint8_t pkalg[2];
***************
*** 118,124 ****
  }
  
  static size_t
! parseb64file(const char *filename, char *b64, void *buf, size_t len)
  {
  	int rv;
  	char *commentend, *b64end;
--- 119,126 ----
  }
  
  static size_t
! parseb64file(const char *filename, char *b64, void *buf, size_t len,
!     char *comment)
  {
  	int rv;
  	char *commentend, *b64end;
***************
*** 128,133 ****
--- 130,138 ----
  	    memcmp(b64, COMMENTHDR, COMMENTHDRLEN))
  		errx(1, "invalid comment in %s; must start with '%s'",
  		    filename, COMMENTHDR);
+ 	*commentend = 0;
+ 	if (comment)
+ 		strlcpy(comment, b64 + COMMENTHDRLEN, COMMENTMAXLEN);
  	b64end = strchr(commentend + 1, '\n');
  	if (!b64end)
  		errx(1, "missing new line after b64 in %s", filename);
***************
*** 141,147 ****
  }
  
  static void
! readb64file(const char *filename, void *buf, size_t len)
  {
  	char b64[2048];
  	int rv, fd;
--- 146,152 ----
  }
  
  static void
! readb64file(const char *filename, void *buf, size_t len, char *comment)
  {
  	char b64[2048];
  	int rv, fd;
***************
*** 151,157 ****
  	rv = read(fd, b64, sizeof(b64) - 1);
  	if (rv == -1)
  		err(1, "read from %s", filename);
! 	parseb64file(filename, b64, buf, len);
  	memset(b64, 0, sizeof(b64));
  	close(fd);
  }
--- 156,162 ----
  	rv = read(fd, b64, sizeof(b64) - 1);
  	if (rv == -1)
  		err(1, "read from %s", filename);
! 	parseb64file(filename, b64, buf, len, comment);
  	memset(b64, 0, sizeof(b64));
  	close(fd);
  }
***************
*** 210,216 ****
  	int fd, rv;
  
  	fd = xopen(filename, O_CREAT|O_EXCL|O_NOFOLLOW|O_RDWR, mode);
! 	snprintf(header, sizeof(header), "%s signify %s\n", COMMENTHDR,
  	    comment);
  	writeall(fd, header, strlen(header), filename);
  	if ((rv = b64_ntop(buf, len, b64, sizeof(b64)-1)) == -1)
--- 215,221 ----
  	int fd, rv;
  
  	fd = xopen(filename, O_CREAT|O_EXCL|O_NOFOLLOW|O_RDWR, mode);
! 	snprintf(header, sizeof(header), "%ssignify %s\n", COMMENTHDR,
  	    comment);
  	writeall(fd, header, strlen(header), filename);
  	if ((rv = b64_ntop(buf, len, b64, sizeof(b64)-1)) == -1)
***************
*** 301,311 ****
  	struct enckey enckey;
  	uint8_t xorkey[sizeof(enckey.seckey)];
  	uint8_t *msg;
  	unsigned long long msglen;
  	int i, rounds;
  	SHA2_CTX ctx;
  
! 	readb64file(seckeyfile, &enckey, sizeof(enckey));
  
  	if (memcmp(enckey.kdfalg, KDFALG, 2))
  		errx(1, "unsupported KDF");
--- 306,317 ----
  	struct enckey enckey;
  	uint8_t xorkey[sizeof(enckey.seckey)];
  	uint8_t *msg;
+ 	char comment[COMMENTMAXLEN], sigcomment[1024];
  	unsigned long long msglen;
  	int i, rounds;
  	SHA2_CTX ctx;
  
! 	readb64file(seckeyfile, &enckey, sizeof(enckey), comment);
  
  	if (memcmp(enckey.kdfalg, KDFALG, 2))
  		errx(1, "unsupported KDF");
***************
*** 328,334 ****
  	memset(&enckey, 0, sizeof(enckey));
  
  	memcpy(sig.pkalg, PKALG, 2);
! 	writeb64file(sigfile, "signature", &sig, sizeof(sig), 0666);
  	if (embedded)
  		appendall(sigfile, msg, msglen);
  
--- 334,341 ----
  	memset(&enckey, 0, sizeof(enckey));
  
  	memcpy(sig.pkalg, PKALG, 2);
! 	snprintf(sigcomment, sizeof(sigcomment), "signature from %s", comment);
! 	writeb64file(sigfile, sigcomment, &sig, sizeof(sig), 0666);
  	if (embedded)
  		appendall(sigfile, msg, msglen);
  
***************
*** 368,380 ****
  
  	msg = readmsg(embedded ? sigfile : msgfile, &msglen);
  
! 	readb64file(pubkeyfile, &pubkey, sizeof(pubkey));
  	if (embedded) {
! 		siglen = parseb64file(sigfile, msg, &sig, sizeof(sig));
  		msg += siglen;
  		msglen -= siglen;
  	} else {
! 		readb64file(sigfile, &sig, sizeof(sig));
  	}
  
  	if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN))
--- 375,387 ----
  
  	msg = readmsg(embedded ? sigfile : msgfile, &msglen);
  
! 	readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
  	if (embedded) {
! 		siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), NULL);
  		msg += siglen;
  		msglen -= siglen;
  	} else {
! 		readb64file(sigfile, &sig, sizeof(sig), NULL);
  	}
  
  	if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN))