Age | Commit message (Collapse) | Author | |
---|---|---|---|
2022-01-05 | adjust Xr for fw_update to section 8; | Jason McIntyre | |
ok afresh sthen deraadt | |||
2021-09-19 | bump example versions | Sebastian Benoit | |
Whatever deraadt@ | |||
2021-08-17 | 7.0-beta | Theo de Raadt | |
2020-08-31 | crank to 6.8-beta | Theo de Raadt | |
2020-04-05 | crank to 6.7-beta | Theo de Raadt | |
2020-01-21 | In -C mode, the public key is optional since it can be deduced from | Theo Buehler | |
the untrusted comment. In this case, don't ignore -t but rather make it work as expected. ok tedu | |||
2019-12-22 | have parseb64file be non-destructive, so we can write the | Marc Espie | |
comment in zsig without needing an extra copy okay tedu@ | |||
2019-12-09 | tweak -z mode verification to save the header and actually output it, | Marc Espie | |
so that signify -zV >saved.tgz keeps the signature for later checks. Uses slightly more memory, but simplifies some processes. okay tedu@ | |||
2019-09-09 | use PATH_MAX instead of 1024; ok tedu | Theo de Raadt | |
2019-08-10 | move to 6.6-beta | Theo de Raadt | |
2019-07-03 | snprintf/vsnprintf return < 0 on error, rather than -1. | Theo de Raadt | |
2019-05-08 | xr to sysupgrade | Ted Unangst | |
2019-03-23 | allow -n to zero the gzip header timestamp. suggestion from Andre Stoebe. | Ted Unangst | |
ok tb | |||
2019-02-26 | crank to 6.5-beta | Theo de Raadt | |
2019-01-17 | change an error message to be less misleading. | Ted Unangst | |
a secret key can have a valid base64 encoding but still won't parse as a public key. request from tb | |||
2019-01-17 | clean up the user's password even after various errors. | Ted Unangst | |
noticed by Gabriel Bartolini via Jesper Wallin | |||
2018-08-10 | crank to 6.4-beta | Theo de Raadt | |
2018-02-28 | move to 6.3-beta | Theo de Raadt | |
2018-01-16 | g/c unused defines that were only used by nacl's SHA-512 implementation | Christian Weisgerber | |
ok tedu@ | |||
2017-08-20 | also crank for 6.2 | Theo de Raadt | |
2017-07-11 | adjust size to be one less than power of 2, so that doubling will never | Ted Unangst | |
roll to 0, but instead something very large, and thus fail in realloc | |||
2017-07-11 | fix style compliance, in the keyname compliance function no less | Ted Unangst | |
2017-05-28 | when copying curvy files from ssh, an extra one snuck in. | Ted Unangst | |
signify doesn't do any kex stuff and doesn't need scalarmult. | |||
2017-04-18 | use freezero() instead of explicit_bzero + free | Theo de Raadt | |
2017-03-09 | show how to verify the next release after 6.1 | Sebastian Benoit | |
2016-10-06 | - better check for seckeyname/pubkeyname "equality", remove the path | Marc Espie | |
(you could legitimately store secret keys on a temporary mount - error out if seckeyname does not follow the *.sec pattern for signing, augment the check to deal with that. - special case: seckeyfile can come from a pipe, and then, well, there's no way to store *.pub in the comment. okay tedu@ | |||
2016-10-05 | when generating keys, make sure the names specified adhere to all | Ted Unangst | |
department of keyname compliance regulations. see if anybody complains... | |||
2016-10-05 | more properly check the secret key extension. from espie | Ted Unangst | |
2016-10-05 | document the previously hidden keyname detection. urged by espie. | Ted Unangst | |
2016-10-05 | combining an assignment and *two* tests in one conditional is a bit much. | Ted Unangst | |
pull things apart. reported by espie in a separate complaint. :) | |||
2016-10-04 | typo | Marc Espie | |
2016-09-27 | can make function static now that it's living in a separate file. | Ted Unangst | |
bye bye XXX! | |||
2016-09-27 | the keytype checking is logically part of verify, and it's small, so | Ted Unangst | |
always include it. but it can be made a bit simpler with zero malloc. | |||
2016-09-27 | no need to copy keypath if we already have one | Ted Unangst | |
2016-09-26 | have to advance pointer past the / to get basename. | Ted Unangst | |
noticed by naddy | |||
2016-09-26 | there's a hidden feature to infer the public key from the signature | Ted Unangst | |
comment, but it doesn't work well because it encodes the full path. signature creaters don't usually keep the secret keys in /etc/signify, but that's where we look for public keys. switch to saving only the basename, and have the verifier add the path. should make it easier to start using this feature. anybody depending on the current behavior may have to adjust, but there's a reason this was never officially documented. | |||
2016-09-19 | use a shell glob wildcard, that's clearer than an out of scope variable | Ted Unangst | |
2016-09-10 | spaces found during re-read | Theo de Raadt | |
2016-09-08 | simplify the extra buffer size copy | Marc Espie | |
2016-09-04 | well, adding the filename doesn't help... mostly used with pipes anyhow | Marc Espie | |
2016-09-03 | add the keyname to meta-info that passes thru | Marc Espie | |
2016-09-03 | switch back to SHA512/256 now that we have the official nist flavor | Ted Unangst | |
2016-09-03 | naddy@ pointed out that SHA512/256 is slightly different | Marc Espie | |
so use SHA384 which is on the shelf and good enough | |||
2016-09-03 | fix parameters checking | Marc Espie | |
2016-09-03 | MAJOR tweak: switch to SHA512/256 | Marc Espie | |
adjust the header information to be self-descripting and contain a signature date, and pass that thru when checking. | |||
2016-09-03 | nitpicks. all header info is relative. make gzheader freeable. | Marc Espie | |
allocate properly for storing shas. | |||
2016-09-02 | style polishing | Ted Unangst | |
2016-09-02 | replace exit() with err() and errx() so user knows what happened | Ted Unangst | |
2016-09-02 | use err() instead of errx when an errno is set | Ted Unangst | |
2016-09-02 | the old check for when verify needed to create files (affecting pledge) | Ted Unangst | |
was slightly wrong, but it didn't matter. new gzip mode however falls into the gap. the zsig code will default to stdout, therefore it needs much fewer privileges if msgfile is not specified. |