===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/signify/signify.c,v
retrieving revision 1.50
retrieving revision 1.51
diff -c -r1.50 -r1.51
*** src/usr.bin/signify/signify.c	2014/03/07 19:53:33	1.50
--- src/usr.bin/signify/signify.c	2014/03/16 17:58:28	1.51
***************
*** 1,4 ****
! /* $OpenBSD: signify.c,v 1.50 2014/03/07 19:53:33 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
--- 1,4 ----
! /* $OpenBSD: signify.c,v 1.51 2014/03/16 17:58:28 tedu Exp $ */
  /*
   * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
   *
***************
*** 43,48 ****
--- 43,49 ----
  #define COMMENTHDR "untrusted comment: "
  #define COMMENTHDRLEN 19
  #define COMMENTMAXLEN 1024
+ #define VERIFYWITH "verify with "
  
  struct enckey {
  	uint8_t pkalg[2];
***************
*** 346,352 ****
  	struct enckey enckey;
  	uint8_t xorkey[sizeof(enckey.seckey)];
  	uint8_t *msg;
! 	char comment[COMMENTMAXLEN], sigcomment[1024];
  	unsigned long long msglen;
  	int i, rounds;
  	SHA2_CTX ctx;
--- 347,354 ----
  	struct enckey enckey;
  	uint8_t xorkey[sizeof(enckey.seckey)];
  	uint8_t *msg;
! 	char comment[COMMENTMAXLEN], sigcomment[COMMENTMAXLEN];
! 	char *secname;
  	unsigned long long msglen;
  	int i, rounds;
  	SHA2_CTX ctx;
***************
*** 375,383 ****
  	explicit_bzero(&enckey, sizeof(enckey));
  
  	memcpy(sig.pkalg, PKALG, 2);
! 	if (snprintf(sigcomment, sizeof(sigcomment), "signature from %s",
! 	    comment) >= sizeof(sigcomment))
! 		err(1, "comment too long");
  	writeb64file(sigfile, sigcomment, &sig, sizeof(sig), O_TRUNC, 0666);
  	if (embedded)
  		appendall(sigfile, msg, msglen);
--- 377,390 ----
  	explicit_bzero(&enckey, sizeof(enckey));
  
  	memcpy(sig.pkalg, PKALG, 2);
! 	if ((secname = strstr(seckeyfile, ".sec")) && strlen(secname) == 4) {
! 		if (snprintf(sigcomment, sizeof(sigcomment), VERIFYWITH "%.*s.pub",
! 		    (int)strlen(seckeyfile) - 4, seckeyfile) >= sizeof(sigcomment));
! 	} else {
! 		if (snprintf(sigcomment, sizeof(sigcomment), "signature from %s",
! 		    comment) >= sizeof(sigcomment))
! 			err(1, "comment too long");
! 	}
  	writeb64file(sigfile, sigcomment, &sig, sizeof(sig), O_TRUNC, 0666);
  	if (embedded)
  		appendall(sigfile, msg, msglen);
***************
*** 437,442 ****
--- 444,450 ----
  verify(const char *pubkeyfile, const char *msgfile, const char *sigfile,
      int embedded, int quiet)
  {
+ 	char comment[COMMENTMAXLEN];
  	struct sig sig;
  	struct pubkey pubkey;
  	unsigned long long msglen, siglen = 0;
***************
*** 445,458 ****
  
  	msg = readmsg(embedded ? sigfile : msgfile, &msglen);
  
- 	readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
  	if (embedded) {
! 		siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), NULL);
  		msg += siglen;
  		msglen -= siglen;
  	} else {
! 		readb64file(sigfile, &sig, sizeof(sig), NULL);
  	}
  
  	if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) {
  #ifndef VERIFYONLY
--- 453,472 ----
  
  	msg = readmsg(embedded ? sigfile : msgfile, &msglen);
  
  	if (embedded) {
! 		siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), comment);
  		msg += siglen;
  		msglen -= siglen;
  	} else {
! 		readb64file(sigfile, &sig, sizeof(sig), comment);
  	}
+ 	if (!pubkeyfile) {
+ 		if ((pubkeyfile = strstr(comment, VERIFYWITH)))
+ 			pubkeyfile += strlen(VERIFYWITH);
+ 		else
+ 			usage("need pubkey");
+ 	}
+ 	readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
  
  	if (memcmp(pubkey.fingerprint, sig.fingerprint, FPLEN)) {
  #ifndef VERIFYONLY
***************
*** 567,572 ****
--- 581,587 ----
  check(const char *pubkeyfile, const char *sigfile, int quiet, int argc,
      char **argv)
  {
+ 	char comment[COMMENTMAXLEN];
  	struct sig sig;
  	struct pubkey pubkey;
  	unsigned long long msglen, siglen;
***************
*** 574,581 ****
  
  	msg = readmsg(sigfile, &msglen);
  
- 	readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
  	siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), NULL);
  	msg += siglen;
  	msglen -= siglen;
  
--- 589,602 ----
  
  	msg = readmsg(sigfile, &msglen);
  
  	siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), NULL);
+ 	if (!pubkeyfile) {
+ 		if ((pubkeyfile = strstr(comment, VERIFYWITH)))
+ 			pubkeyfile += strlen(VERIFYWITH);
+ 		else
+ 			usage("need pubkey");
+ 	}
+ 	readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL);
  	msg += siglen;
  	msglen -= siglen;
  
***************
*** 716,723 ****
  		break;
  #endif
  	case VERIFY:
! 		if (!msgfile || !pubkeyfile)
! 			usage("need message and pubkey");
  		verify(pubkeyfile, msgfile, sigfile, embedded, quiet);
  		break;
  	default:
--- 737,744 ----
  		break;
  #endif
  	case VERIFY:
! 		if (!msgfile)
! 			usage("need message");
  		verify(pubkeyfile, msgfile, sigfile, embedded, quiet);
  		break;
  	default: