-u: like -m, but decrypt to verify MAC, see if it's valid then decrypt to dst.

[tfcrypt.git] / tfc_error.c

diff --git a/tfc_error.c b/tfc_error.c
index 16e4cd0352010ced823d281de6fb6e3d7ac987f5..2108dc519a02a1822a305355c546ec39fe9526f8 100644 (file)
--- a/tfc_error.c
+++ b/tfc_error.c
@@ -91,11 +91,14 @@ void usage(void)
        tfc_yesno is_embedded_prog = NO;
 
        if (optopt == 'V') {
-               char shash[64];
                tfc_say("tfcrypt toolkit, version %s.", _TFCRYPT_VERSION);
-               hash_defaults(shash, sizeof(shash));
-               tfc_say("Defaults hash: %s", shash);
-               memset(shash, 0, sizeof(shash));
+               if (ctr_mode != TFC_MODE_PLAIN) {
+                       char shash[64];
+
+                       hash_defaults(shash, sizeof(shash));
+                       tfc_say("Defaults hash: %s", shash);
+                       memset(shash, 0, sizeof(shash));
+               }
                xexit(0);
        }
 
@@ -266,7 +269,11 @@ void usage(void)
        tfc_say("    -: read a detached MAC signature from stdin,");
        tfc_say("    drop: do not verify attached MAC, if any, and drop it from output.");
        tfc_say("  -m: just verify MAC provided with -M. Do not write output file.");
-       tfc_say("    This option must be specified after -M.");
+       tfc_say("  -u: almost same as -m, but turns on MAC pre-test mode, when verified");
+       tfc_say("    signature enables writing output file. It is useful when decrypting small texts.");
+       tfc_say("    The source must be a seekable file, otherwise this mode will be disabled.");
+       tfc_say("    In this mode, decryption is done twice and verification done once.");
+       tfc_say("    Both -m and -u options must be specified after -M.");
        tfc_say("  -E how: how to behave on I/O errors (both src or dst):");
        tfc_say("    exit: print error if not quiet, then exit,");
        tfc_say("    cont: print error if not quiet, then continue,");