summaryrefslogtreecommitdiff
path: root/usr.bin/signify
AgeCommit message (Collapse)Author
2022-01-05adjust Xr for fw_update to section 8;Jason McIntyre
ok afresh sthen deraadt
2021-09-19bump example versionsSebastian Benoit
Whatever deraadt@
2021-08-177.0-betaTheo de Raadt
2020-08-31crank to 6.8-betaTheo de Raadt
2020-04-05crank to 6.7-betaTheo de Raadt
2020-01-21In -C mode, the public key is optional since it can be deduced fromTheo Buehler
the untrusted comment. In this case, don't ignore -t but rather make it work as expected. ok tedu
2019-12-22have parseb64file be non-destructive, so we can write theMarc Espie
comment in zsig without needing an extra copy okay tedu@
2019-12-09tweak -z mode verification to save the header and actually output it,Marc Espie
so that signify -zV >saved.tgz keeps the signature for later checks. Uses slightly more memory, but simplifies some processes. okay tedu@
2019-09-09use PATH_MAX instead of 1024; ok teduTheo de Raadt
2019-08-10move to 6.6-betaTheo de Raadt
2019-07-03snprintf/vsnprintf return < 0 on error, rather than -1.Theo de Raadt
2019-05-08xr to sysupgradeTed Unangst
2019-03-23allow -n to zero the gzip header timestamp. suggestion from Andre Stoebe.Ted Unangst
ok tb
2019-02-26crank to 6.5-betaTheo de Raadt
2019-01-17change an error message to be less misleading.Ted Unangst
a secret key can have a valid base64 encoding but still won't parse as a public key. request from tb
2019-01-17clean up the user's password even after various errors.Ted Unangst
noticed by Gabriel Bartolini via Jesper Wallin
2018-08-10crank to 6.4-betaTheo de Raadt
2018-02-28move to 6.3-betaTheo de Raadt
2018-01-16g/c unused defines that were only used by nacl's SHA-512 implementationChristian Weisgerber
ok tedu@
2017-08-20also crank for 6.2Theo de Raadt
2017-07-11adjust size to be one less than power of 2, so that doubling will neverTed Unangst
roll to 0, but instead something very large, and thus fail in realloc
2017-07-11fix style compliance, in the keyname compliance function no lessTed Unangst
2017-05-28when copying curvy files from ssh, an extra one snuck in.Ted Unangst
signify doesn't do any kex stuff and doesn't need scalarmult.
2017-04-18use freezero() instead of explicit_bzero + freeTheo de Raadt
2017-03-09show how to verify the next release after 6.1Sebastian Benoit
2016-10-06- better check for seckeyname/pubkeyname "equality", remove the pathMarc Espie
(you could legitimately store secret keys on a temporary mount - error out if seckeyname does not follow the *.sec pattern for signing, augment the check to deal with that. - special case: seckeyfile can come from a pipe, and then, well, there's no way to store *.pub in the comment. okay tedu@
2016-10-05when generating keys, make sure the names specified adhere to allTed Unangst
department of keyname compliance regulations. see if anybody complains...
2016-10-05more properly check the secret key extension. from espieTed Unangst
2016-10-05document the previously hidden keyname detection. urged by espie.Ted Unangst
2016-10-05combining an assignment and *two* tests in one conditional is a bit much.Ted Unangst
pull things apart. reported by espie in a separate complaint. :)
2016-10-04typoMarc Espie
2016-09-27can make function static now that it's living in a separate file.Ted Unangst
bye bye XXX!
2016-09-27the keytype checking is logically part of verify, and it's small, soTed Unangst
always include it. but it can be made a bit simpler with zero malloc.
2016-09-27no need to copy keypath if we already have oneTed Unangst
2016-09-26have to advance pointer past the / to get basename.Ted Unangst
noticed by naddy
2016-09-26there's a hidden feature to infer the public key from the signatureTed Unangst
comment, but it doesn't work well because it encodes the full path. signature creaters don't usually keep the secret keys in /etc/signify, but that's where we look for public keys. switch to saving only the basename, and have the verifier add the path. should make it easier to start using this feature. anybody depending on the current behavior may have to adjust, but there's a reason this was never officially documented.
2016-09-19use a shell glob wildcard, that's clearer than an out of scope variableTed Unangst
2016-09-10spaces found during re-readTheo de Raadt
2016-09-08simplify the extra buffer size copyMarc Espie
2016-09-04well, adding the filename doesn't help... mostly used with pipes anyhowMarc Espie
2016-09-03add the keyname to meta-info that passes thruMarc Espie
2016-09-03switch back to SHA512/256 now that we have the official nist flavorTed Unangst
2016-09-03naddy@ pointed out that SHA512/256 is slightly differentMarc Espie
so use SHA384 which is on the shelf and good enough
2016-09-03fix parameters checkingMarc Espie
2016-09-03MAJOR tweak: switch to SHA512/256Marc Espie
adjust the header information to be self-descripting and contain a signature date, and pass that thru when checking.
2016-09-03nitpicks. all header info is relative. make gzheader freeable.Marc Espie
allocate properly for storing shas.
2016-09-02style polishingTed Unangst
2016-09-02replace exit() with err() and errx() so user knows what happenedTed Unangst
2016-09-02use err() instead of errx when an errno is setTed Unangst
2016-09-02the old check for when verify needed to create files (affecting pledge)Ted Unangst
was slightly wrong, but it didn't matter. new gzip mode however falls into the gap. the zsig code will default to stdout, therefore it needs much fewer privileges if msgfile is not specified.