===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.49
retrieving revision 1.50
diff -c -r1.49 -r1.50
*** src/usr.bin/signify/signify.c	2014/03/07 19:49:44	1.49
--- src/usr.bin/signify/signify.c	2014/03/07 19:53:33	1.50
***************
*** 1,4 ****
! /* $OpenBSD: signify.c,v 1.49 2014/03/07 19:49:44 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
--- 1,4 ----
! /* $OpenBSD: signify.c,v 1.50 2014/03/07 19:53:33 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
***************
*** 253,259 ****
  }
  
  static void
! kdf(uint8_t *salt, size_t saltlen, int rounds, uint8_t *key, size_t keylen)
  {
  	char pass[1024];
  	int rppflags = RPP_ECHO_OFF;
--- 253,260 ----
  }
  
  static void
! kdf(uint8_t *salt, size_t saltlen, int rounds, int allowstdin,
!     uint8_t *key, size_t keylen)
  {
  	char pass[1024];
  	int rppflags = RPP_ECHO_OFF;
***************
*** 263,269 ****
  		return;
  	}
  
! 	if (!isatty(STDIN_FILENO))
  		rppflags |= RPP_STDIN;
  	if (!readpassphrase("passphrase: ", pass, sizeof(pass), rppflags))
  		errx(1, "unable to read passphrase");
--- 264,270 ----
  		return;
  	}
  
! 	if (allowstdin && !isatty(STDIN_FILENO))
  		rppflags |= RPP_STDIN;
  	if (!readpassphrase("passphrase: ", pass, sizeof(pass), rppflags))
  		errx(1, "unable to read passphrase");
***************
*** 313,319 ****
  	enckey.kdfrounds = htonl(rounds);
  	memcpy(enckey.fingerprint, fingerprint, FPLEN);
  	arc4random_buf(enckey.salt, sizeof(enckey.salt));
! 	kdf(enckey.salt, sizeof(enckey.salt), rounds, xorkey, sizeof(xorkey));
  	memcpy(enckey.checksum, digest, sizeof(enckey.checksum));
  	for (i = 0; i < sizeof(enckey.seckey); i++)
  		enckey.seckey[i] ^= xorkey[i];
--- 314,320 ----
  	enckey.kdfrounds = htonl(rounds);
  	memcpy(enckey.fingerprint, fingerprint, FPLEN);
  	arc4random_buf(enckey.salt, sizeof(enckey.salt));
! 	kdf(enckey.salt, sizeof(enckey.salt), rounds, 1, xorkey, sizeof(xorkey));
  	memcpy(enckey.checksum, digest, sizeof(enckey.checksum));
  	for (i = 0; i < sizeof(enckey.seckey); i++)
  		enckey.seckey[i] ^= xorkey[i];
***************
*** 355,361 ****
  	if (memcmp(enckey.kdfalg, KDFALG, 2))
  		errx(1, "unsupported KDF");
  	rounds = ntohl(enckey.kdfrounds);
! 	kdf(enckey.salt, sizeof(enckey.salt), rounds, xorkey, sizeof(xorkey));
  	for (i = 0; i < sizeof(enckey.seckey); i++)
  		enckey.seckey[i] ^= xorkey[i];
  	explicit_bzero(xorkey, sizeof(xorkey));
--- 356,363 ----
  	if (memcmp(enckey.kdfalg, KDFALG, 2))
  		errx(1, "unsupported KDF");
  	rounds = ntohl(enckey.kdfrounds);
! 	kdf(enckey.salt, sizeof(enckey.salt), rounds, strcmp(msgfile, "-") != 0,
! 	    xorkey, sizeof(xorkey));
  	for (i = 0; i < sizeof(enckey.seckey); i++)
  		enckey.seckey[i] ^= xorkey[i];
  	explicit_bzero(xorkey, sizeof(xorkey));