=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/signify/signify.c,v retrieving revision 1.63 retrieving revision 1.64 diff -c -r1.63 -r1.64 *** src/usr.bin/signify/signify.c 2014/03/17 02:54:54 1.63 --- src/usr.bin/signify/signify.c 2014/03/17 03:07:10 1.64 *************** *** 1,4 **** ! /* $OpenBSD: signify.c,v 1.63 2014/03/17 02:54:54 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst * --- 1,4 ---- ! /* $OpenBSD: signify.c,v 1.64 2014/03/17 03:07:10 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst * *************** *** 441,452 **** free(dummybuf); } static void verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile, int quiet) { ! char comment[COMMENTMAXLEN]; struct sig sig; struct pubkey pubkey; unsigned long long msglen; --- 441,468 ---- free(dummybuf); } + static void + readpubkey(const char *pubkeyfile, struct pubkey *pubkey, + const char *sigcomment) + { + if (!pubkeyfile) { + if ((pubkeyfile = strstr(sigcomment, VERIFYWITH))) { + pubkeyfile += strlen(VERIFYWITH); + if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 || + strstr(pubkeyfile, "/../") != NULL) + errx(1, "untrusted path %s", pubkeyfile); + } else + usage("need pubkey"); + } + readb64file(pubkeyfile, pubkey, sizeof(*pubkey), NULL); + } + static void verifysimple(const char *pubkeyfile, const char *msgfile, const char *sigfile, int quiet) { ! char sigcomment[COMMENTMAXLEN]; struct sig sig; struct pubkey pubkey; unsigned long long msglen; *************** *** 454,470 **** msg = readmsg(msgfile, &msglen); ! readb64file(sigfile, &sig, sizeof(sig), comment); ! if (!pubkeyfile) { ! if ((pubkeyfile = strstr(comment, VERIFYWITH))) { ! pubkeyfile += strlen(VERIFYWITH); ! if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 || ! strstr(pubkeyfile, "/../") != NULL) ! errx(1, "untrusted path %s", pubkeyfile); ! } else ! usage("need pubkey"); ! } ! readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); verifymsg(&pubkey, msg, msglen, &sig, quiet); --- 470,477 ---- msg = readmsg(msgfile, &msglen); ! readb64file(sigfile, &sig, sizeof(sig), sigcomment); ! readpubkey(pubkeyfile, &pubkey, sigcomment); verifymsg(&pubkey, msg, msglen, &sig, quiet); *************** *** 475,481 **** verifyembedded(const char *pubkeyfile, const char *sigfile, int quiet, unsigned long long *msglenp) { ! char comment[COMMENTMAXLEN]; struct sig sig; struct pubkey pubkey; unsigned long long msglen, siglen; --- 482,488 ---- verifyembedded(const char *pubkeyfile, const char *sigfile, int quiet, unsigned long long *msglenp) { ! char sigcomment[COMMENTMAXLEN]; struct sig sig; struct pubkey pubkey; unsigned long long msglen, siglen; *************** *** 483,502 **** msg = readmsg(sigfile, &msglen); ! siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), comment); msglen -= siglen; memmove(msg, msg + siglen, msglen); msg[msglen] = 0; - if (!pubkeyfile) { - if ((pubkeyfile = strstr(comment, VERIFYWITH))) { - pubkeyfile += strlen(VERIFYWITH); - if (strncmp(pubkeyfile, "/etc/signify/", 13) != 0 || - strstr(pubkeyfile, "/../") != NULL) - errx(1, "untrusted path %s", pubkeyfile); - } else - usage("need pubkey"); - } - readb64file(pubkeyfile, &pubkey, sizeof(pubkey), NULL); verifymsg(&pubkey, msg, msglen, &sig, quiet); --- 490,501 ---- msg = readmsg(sigfile, &msglen); ! siglen = parseb64file(sigfile, msg, &sig, sizeof(sig), sigcomment); ! readpubkey(pubkeyfile, &pubkey, sigcomment); ! msglen -= siglen; memmove(msg, msg + siglen, msglen); msg[msglen] = 0; verifymsg(&pubkey, msg, msglen, &sig, quiet);