| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2017-04-18 | use freezero() instead of explicit_bzero + free | Theo de Raadt | |
| 2016-10-06 | - better check for seckeyname/pubkeyname "equality", remove the path | Marc Espie | |
| (you could legitimately store secret keys on a temporary mount - error out if seckeyname does not follow the *.sec pattern for signing, augment the check to deal with that. - special case: seckeyfile can come from a pipe, and then, well, there's no way to store *.pub in the comment. okay tedu@ | |||
| 2016-10-05 | when generating keys, make sure the names specified adhere to all | Ted Unangst | |
| department of keyname compliance regulations. see if anybody complains... | |||
| 2016-10-05 | more properly check the secret key extension. from espie | Ted Unangst | |
| 2016-10-05 | combining an assignment and *two* tests in one conditional is a bit much. | Ted Unangst | |
| pull things apart. reported by espie in a separate complaint. :) | |||
| 2016-09-27 | the keytype checking is logically part of verify, and it's small, so | Ted Unangst | |
| always include it. but it can be made a bit simpler with zero malloc. | |||
| 2016-09-27 | no need to copy keypath if we already have one | Ted Unangst | |
| 2016-09-26 | have to advance pointer past the / to get basename. | Ted Unangst | |
| noticed by naddy | |||
| 2016-09-26 | there's a hidden feature to infer the public key from the signature | Ted Unangst | |
| comment, but it doesn't work well because it encodes the full path. signature creaters don't usually keep the secret keys in /etc/signify, but that's where we look for public keys. switch to saving only the basename, and have the verifier add the path. should make it easier to start using this feature. anybody depending on the current behavior may have to adjust, but there's a reason this was never officially documented. | |||
| 2016-09-10 | spaces found during re-read | Theo de Raadt | |
| 2016-09-03 | fix parameters checking | Marc Espie | |
| 2016-09-02 | use err() instead of errx when an errno is set | Ted Unangst | |
| 2016-09-02 | the old check for when verify needed to create files (affecting pledge) | Ted Unangst | |
| was slightly wrong, but it didn't matter. new gzip mode however falls into the gap. the zsig code will default to stdout, therefore it needs much fewer privileges if msgfile is not specified. | |||
| 2016-09-02 | combine the pledge switch with the execution switch. no changes yet, | Ted Unangst | |
| but we can do a little better in some cases. | |||
| 2016-09-02 | -e and -z cannot be combined | Ted Unangst | |
| 2016-09-02 | document the new stuff, usage nits. | Marc Espie | |
| some input by jmc@, to be polished later "get it in now" tedu@ deraadt@ | |||
| 2016-09-02 | add a new option (-z) for signing gzip archives. | Marc Espie | |
| - simple barebones gzip header parsing - signature is outside of the archive - checksums for blocks of 64K - verify stuff then pass it to the pipeline lots of inputs by tedu@ and deraadt@ okay tedu@ | |||
| 2016-09-02 | move more code into createsig. callers just pass seckey filename. | Ted Unangst | |
| 2016-09-02 | split the sign() function into two, with a pure memory core made | Ted Unangst | |
| available as a separate function to make it easier to reuse in other code. | |||
| 2016-09-01 | don't initialize variables with functions | Ted Unangst | |
| 2016-09-01 | add a -t keytype option for untrusted comment automatic key extraction | Marc Espie | |
| (not in VERIFYONLY mode) to be documented and used shortly okay tedu@ | |||
| 2016-06-08 | use getprogname | Ted Unangst | |
| 2015-12-04 | polishing | Ted Unangst | |
| 2015-11-02 | Make signify's stdout line buffered. This allows to run the verbose | Alexander Bluhm | |
| output through a pipe and still see the progress immediately. OK tedu@ | |||
| 2015-10-30 | mark usage __dead | Ted Unangst | |
| 2015-10-09 | Change all tame callers to namechange to pledge(2). | Theo de Raadt | |
| 2015-10-08 | add some tame calls. we may need a bunch of permissions to create files | Ted Unangst | |
| and manipulate the tty for readpassphrase, but once we've parsed options and have some idea of what's going to happen next, we can reduce down quite a bit more. particular use case of "signify | patch" is limited to feeding garbage to patch. | |||
| 2015-01-16 | improve checksum parsing slightly. now handles filenames with spaces. | Ted Unangst | |
| (though not names with ')'; sorry.) | |||
| 2015-01-16 | just to be careful, add a cpp guard that the sscanf sizes are ok | Ted Unangst | |
| 2015-01-15 | use PATH_MAX for path buffers. in case, you know... | Ted Unangst | |
| 2015-01-09 | absurd optimization. reduce initial space by one to avoid leaving one byte | Ted Unangst | |
| hanging off on a page by itself. | |||
| 2015-01-07 | bcallah noticed the ifndef guard for headers was wrong. don't fix, just | Ted Unangst | |
| remove it, and put these includes up with their friends. | |||
| 2014-12-29 | useless change. overwriting the nul byte with a newline means b64_ntop | Ted Unangst | |
| can use the whole buffer, even the last byte. | |||
| 2014-12-29 | rename fingerprint struct field. no longer exposed to users, but since it's | Ted Unangst | |
| not technically a fingerprint as others understand the term, pick another. now it's a keynum! after an email from Florian Weimer | |||
| 2014-12-29 | remove the inspect debug command. should not be used by users, who are not | Ted Unangst | |
| supposed to know what fingerprints are or that they exist. | |||
| 2014-11-20 | Yet more #include de-duplication. | Kenneth R Westerback | |
| ok deraadt@ tedu@ | |||
| 2014-07-13 | compare snprintf return value with -1. this isn't really necessary because | Ted Unangst | |
| int promotion rules guarantee the correct result when compared with sizeof, but it is perhaps easier for some people to understand it this way. from Doug Hogan. | |||
| 2014-05-30 | don't assign variables in if() that's not error checking | Ted Unangst | |
| 2014-05-30 | a little style consistency with error checking | Ted Unangst | |
| 2014-05-16 | save up the failures for the end in the argc == 0. | Ted Unangst | |
| help ok espie | |||
| 2014-05-16 | a few changes for new code to match local style | Ted Unangst | |
| 2014-05-16 | checksum mode can use magic pubkey finder too | Ted Unangst | |
| 2014-05-16 | rework -C (perfect candidate for using hash tables, really): | Marc Espie | |
| insert files we want to check into a hash, parse SHA256 message on the fly, delete entries whose checksum match, then display entries that failed. This completely avoids allocating temporary storage for file names and checksums and removes the quadratic match (argv[i] vs line[n]). okay tedu@ | |||
| 2014-05-15 | fix the band-aid error. | Marc Espie | |
| tedu was bitten by the RETARDED interface in sha2.h (who names string LENGTH things that are actually buffer SIZES) ? make -C mode work again. okay beck@ | |||
| 2014-05-14 | let cpp do some of the work | Ted Unangst | |
| 2014-05-14 | spell out base64 in error messages | Ted Unangst | |
| 2014-05-14 | save some memory by reducing buffer sizes | Ted Unangst | |
| 2014-05-14 | recode base64 hashes if necessary | Ted Unangst | |
| 2014-05-14 | realloc like a boss, so checksum verification doesn't take minutes. | Ted Unangst | |
| 2014-05-06 | temp variable for a bit of clarity | Ted Unangst | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |