At the moment signify(1) requires sigfiles to begin with 'untrusted comment: '. Sometimes one wants to have no comments and just signature itself.
Index: signify.c =================================================================== RCS file: /cvs/src/usr.bin/signify/signify.c,v retrieving revision 1.126 diff -u -p -r1.126 signify.c --- signify.c 6 Oct 2016 22:38:25 -0000 1.126 +++ signify.c 11 Oct 2016 00:19:35 -0000 @@ -125,27 +125,33 @@ static size_t parseb64file(const char *filename, char *b64, void *buf, size_t buflen, char *comment) { - char *commentend, *b64end; + char *linebegin, *lineend; - commentend = strchr(b64, '\n'); - if (!commentend || commentend - b64 <= COMMENTHDRLEN || - memcmp(b64, COMMENTHDR, COMMENTHDRLEN) != 0) - errx(1, "invalid comment in %s; must start with '%s'", - filename, COMMENTHDR); - *commentend = '\0'; - if (comment) { - if (strlcpy(comment, b64 + COMMENTHDRLEN, - COMMENTMAXLEN) >= COMMENTMAXLEN) - errx(1, "comment too long"); + linebegin = b64; + lineend = strchr(linebegin, '\n'); + if (!lineend) { + errx(1, "not enough lines in %s", filename); } - if (!(b64end = strchr(commentend + 1, '\n'))) - errx(1, "missing new line after base64 in %s", filename); - *b64end = '\0'; - if (b64_pton(commentend + 1, buf, buflen) != buflen) - errx(1, "invalid base64 encoding in %s", filename); + if (lineend - linebegin > COMMENTHDRLEN && + memcmp(b64, COMMENTHDR, COMMENTHDRLEN) == 0) { + *lineend = '\0'; + if (comment) { + if (strlcpy(comment, b64 + COMMENTHDRLEN, + COMMENTMAXLEN) >= COMMENTMAXLEN) + errx(1, "comment too long"); + } + linebegin = lineend + 1; + + if (!(lineend = strchr(linebegin, '\n'))) + errx(1, "missing new line after base64 in %s", filename); + } + + *lineend = '\0'; + if (b64_pton(linebegin, buf, buflen) != buflen) + errx(1, "invalid base64 encoding or corrupted comment in %s", filename); if (memcmp(buf, PKALG, 2) != 0) errx(1, "unsupported file %s", filename); - return b64end - b64 + 1; + return lineend - b64 + 1; } static void