From 45efba1e62f430ece89aed6663273e4f8db0b61e Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 21 Jan 2020 12:13:21 +0000
Subject: [PATCH] In -C mode, the public key is optional since it can be
 deduced from the untrusted comment.  In this case, don't ignore -t but rather
 make it work as expected.

ok tedu
---
 usr.bin/signify/signify.1 |  7 ++++---
 usr.bin/signify/signify.c | 12 ++++++------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/usr.bin/signify/signify.1 b/usr.bin/signify/signify.1
index fc76fa55646..511209a735a 100644
--- a/usr.bin/signify/signify.1
+++ b/usr.bin/signify/signify.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: signify.1,v 1.48 2019/08/10 03:56:02 deraadt Exp $
+.\" $OpenBSD: signify.1,v 1.49 2020/01/21 12:13:21 tb Exp $
 .\"
 .\"Copyright (c) 2013 Marc Espie <espie@openbsd.org>
 .\"Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
@@ -14,7 +14,7 @@
 .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: August 10 2019 $
+.Dd $Mdocdate: January 21 2020 $
 .Dt SIGNIFY 1
 .Os
 .Sh NAME
@@ -24,7 +24,8 @@
 .Nm signify
 .Fl C
 .Op Fl q
-.Fl p Ar pubkey
+.Op Fl p Ar pubkey
+.Op Fl t Ar keytype
 .Fl x Ar sigfile
 .Op Ar
 .Nm signify
diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c
index 6a9660fb24f..42c7500ab9b 100644
--- a/usr.bin/signify/signify.c
+++ b/usr.bin/signify/signify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: signify.c,v 1.134 2019/12/22 06:37:25 espie Exp $ */
+/* $OpenBSD: signify.c,v 1.135 2020/01/21 12:13:21 tb Exp $ */
 /*
  * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
  *
@@ -78,7 +78,7 @@ usage(const char *error)
 		fprintf(stderr, "%s\n", error);
 	fprintf(stderr, "usage:"
 #ifndef VERIFYONLY
-	    "\t%1$s -C [-q] -p pubkey -x sigfile [file ...]\n"
+	    "\t%1$s -C [-q] [-p pubkey] [-t keytype] -x sigfile [file ...]\n"
 	    "\t%1$s -G [-n] [-c comment] -p pubkey -s seckey\n"
 	    "\t%1$s -S [-enz] [-x sigfile] -s seckey -m message\n"
 #endif
@@ -715,13 +715,13 @@ verifychecksums(char *msg, int argc, char **argv, int quiet)
 }
 
 static void
-check(const char *pubkeyfile, const char *sigfile, int quiet, int argc,
-    char **argv)
+check(const char *pubkeyfile, const char *sigfile, const char *keytype,
+    int quiet, int argc, char **argv)
 {
 	unsigned long long msglen;
 	uint8_t *msg;
 
-	msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen, NULL);
+	msg = verifyembedded(pubkeyfile, sigfile, quiet, &msglen, keytype);
 	verifychecksums((char *)msg, argc, argv, quiet);
 
 	free(msg);
@@ -846,7 +846,7 @@ main(int argc, char **argv)
 			err(1, "pledge");
 		if (!sigfile)
 			usage("must specify sigfile");
-		check(pubkeyfile, sigfile, quiet, argc, argv);
+		check(pubkeyfile, sigfile, keytype, quiet, argc, argv);
 		return 0;
 	}
 #endif