From 9c9c11359b0638d17496183b75044c00f57f0e6e Mon Sep 17 00:00:00 2001 From: Ted Unangst Date: Sat, 23 Mar 2019 07:10:07 +0000 Subject: allow -n to zero the gzip header timestamp. suggestion from Andre Stoebe. ok tb --- usr.bin/signify/signify.1 | 13 +++++++++---- usr.bin/signify/signify.c | 15 +++++++-------- usr.bin/signify/signify.h | 4 ++-- usr.bin/signify/zsig.c | 11 ++++++++--- 4 files changed, 26 insertions(+), 17 deletions(-) (limited to 'usr.bin') diff --git a/usr.bin/signify/signify.1 b/usr.bin/signify/signify.1 index b8fea18538d..ca9ab673e0b 100644 --- a/usr.bin/signify/signify.1 +++ b/usr.bin/signify/signify.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: signify.1,v 1.45 2019/02/26 22:24:41 deraadt Exp $ +.\" $OpenBSD: signify.1,v 1.46 2019/03/23 07:10:06 tedu Exp $ .\" .\"Copyright (c) 2013 Marc Espie .\"Copyright (c) 2013 Ted Unangst @@ -14,7 +14,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: February 26 2019 $ +.Dd $Mdocdate: March 23 2019 $ .Dt SIGNIFY 1 .Os .Sh NAME @@ -35,7 +35,7 @@ .Fl s Ar seckey .Nm signify .Fl S -.Op Fl ez +.Op Fl enz .Op Fl x Ar sigfile .Fl s Ar seckey .Fl m Ar message @@ -91,10 +91,15 @@ When verifying with .Fl e , the file to create. .It Fl n -Do not ask for a passphrase during key generation. +When generating a key pair, do not ask for a passphrase. Otherwise, .Nm will prompt the user for a passphrase to protect the secret key. +When signing with +.Fl z , +store a zero time stamp in the +.Xr gzip 1 +header. .It Fl p Ar pubkey Public key produced by .Fl G , diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c index 8cdd20ce3ba..08f684a4676 100644 --- a/usr.bin/signify/signify.c +++ b/usr.bin/signify/signify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.130 2019/01/17 05:40:10 tedu Exp $ */ +/* $OpenBSD: signify.c,v 1.131 2019/03/23 07:10:06 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst * @@ -80,7 +80,7 @@ usage(const char *error) #ifndef VERIFYONLY "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n" "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n" - "\t%1$s -S [-ez] [-x sigfile] -s seckey -m message\n" + "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n" #endif "\t%1$s -V [-eqz] [-p pubkey] [-t keytype] [-x sigfile] -m message\n", getprogname()); @@ -754,7 +754,8 @@ main(int argc, char **argv) char sigfilebuf[PATH_MAX]; const char *comment = "signify"; char *keytype = NULL; - int ch, rounds; + int ch; + int none = 0; int embedded = 0; int quiet = 0; int gzip = 0; @@ -769,8 +770,6 @@ main(int argc, char **argv) if (pledge("stdio rpath wpath cpath tty", NULL) == -1) err(1, "pledge"); - rounds = 42; - while ((ch = getopt(argc, argv, "CGSVzc:em:np:qs:t:x:")) != -1) { switch (ch) { #ifndef VERIFYONLY @@ -808,7 +807,7 @@ main(int argc, char **argv) msgfile = optarg; break; case 'n': - rounds = 0; + none = 1; break; case 'p': pubkeyfile = optarg; @@ -871,14 +870,14 @@ main(int argc, char **argv) if (!pubkeyfile || !seckeyfile) usage("must specify pubkey and seckey"); check_keyname_compliance(pubkeyfile, seckeyfile); - generate(pubkeyfile, seckeyfile, rounds, comment); + generate(pubkeyfile, seckeyfile, none ? 0 : 42, comment); break; case SIGN: /* no pledge */ if (gzip) { if (!msgfile || !seckeyfile || !sigfile) usage("must specify message sigfile seckey"); - zsign(seckeyfile, msgfile, sigfile); + zsign(seckeyfile, msgfile, sigfile, none); } else { if (!msgfile || !seckeyfile) usage("must specify message and seckey"); diff --git a/usr.bin/signify/signify.h b/usr.bin/signify/signify.h index 6edb6a422aa..db7df8f0714 100644 --- a/usr.bin/signify/signify.h +++ b/usr.bin/signify/signify.h @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.h,v 1.1 2016/09/02 16:10:56 espie Exp $ */ +/* $OpenBSD: signify.h,v 1.2 2019/03/23 07:10:06 tedu Exp $ */ /* * Copyright (c) 2016 Marc Espie * @@ -19,7 +19,7 @@ #ifndef signify_h #define signify_h extern void zverify(const char *, const char *, const char *, const char *); -extern void zsign(const char *, const char *, const char *); +extern void zsign(const char *, const char *, const char *, int); extern void *xmalloc(size_t); extern void writeall(int, const void *, size_t, const char *); diff --git a/usr.bin/signify/zsig.c b/usr.bin/signify/zsig.c index c60f24715ad..35ab0cdc4f9 100644 --- a/usr.bin/signify/zsig.c +++ b/usr.bin/signify/zsig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: zsig.c,v 1.15 2017/07/11 23:52:05 tedu Exp $ */ +/* $OpenBSD: zsig.c,v 1.16 2019/03/23 07:10:06 tedu Exp $ */ /* * Copyright (c) 2016 Marc Espie * @@ -231,7 +231,8 @@ zverify(const char *pubkeyfile, const char *msgfile, const char *sigfile, } void -zsign(const char *seckeyfile, const char *msgfile, const char *sigfile) +zsign(const char *seckeyfile, const char *msgfile, const char *sigfile, + int skipdate) { size_t bufsize = MYBUFSIZE; int fdin, fdout; @@ -261,7 +262,11 @@ zsign(const char *seckeyfile, const char *msgfile, const char *sigfile) msg = xmalloc(space); buffer = xmalloc(bufsize); - time(&clock); + if (skipdate) { + clock = 0; + } else { + time(&clock); + } strftime(date, sizeof date, "%Y-%m-%dT%H:%M:%SZ", gmtime(&clock)); snprintf(msg, space, "date=%s\n" -- cgit v1.2.3