src - OpenBSD base system

Age	Commit message (Collapse)	Author
2021-09-19	bump example versions	Sebastian Benoit
	Whatever deraadt@
2021-08-17	7.0-beta	Theo de Raadt

2020-08-31	crank to 6.8-beta	Theo de Raadt

2020-04-05	crank to 6.7-beta	Theo de Raadt

2020-01-21	In -C mode, the public key is optional since it can be deduced from	Theo Buehler
	the untrusted comment. In this case, don't ignore -t but rather make it work as expected. ok tedu
2019-12-22	have parseb64file be non-destructive, so we can write the	Marc Espie
	comment in zsig without needing an extra copy okay tedu@
2019-12-09	tweak -z mode verification to save the header and actually output it,	Marc Espie
	so that signify -zV >saved.tgz keeps the signature for later checks. Uses slightly more memory, but simplifies some processes. okay tedu@
2019-09-09	use PATH_MAX instead of 1024; ok tedu	Theo de Raadt

2019-08-10	move to 6.6-beta	Theo de Raadt

2019-07-03	snprintf/vsnprintf return < 0 on error, rather than -1.	Theo de Raadt

2019-05-08	xr to sysupgrade	Ted Unangst

2019-03-23	allow -n to zero the gzip header timestamp. suggestion from Andre Stoebe.	Ted Unangst
	ok tb
2019-02-26	crank to 6.5-beta	Theo de Raadt

2019-01-17	change an error message to be less misleading.	Ted Unangst
	a secret key can have a valid base64 encoding but still won't parse as a public key. request from tb
2019-01-17	clean up the user's password even after various errors.	Ted Unangst
	noticed by Gabriel Bartolini via Jesper Wallin
2018-08-10	crank to 6.4-beta	Theo de Raadt

2018-02-28	move to 6.3-beta	Theo de Raadt

2018-01-16	g/c unused defines that were only used by nacl's SHA-512 implementation	Christian Weisgerber
	ok tedu@
2017-08-20	also crank for 6.2	Theo de Raadt

2017-07-11	adjust size to be one less than power of 2, so that doubling will never	Ted Unangst
	roll to 0, but instead something very large, and thus fail in realloc
2017-07-11	fix style compliance, in the keyname compliance function no less	Ted Unangst

2017-05-28	when copying curvy files from ssh, an extra one snuck in.	Ted Unangst
	signify doesn't do any kex stuff and doesn't need scalarmult.
2017-04-18	use freezero() instead of explicit_bzero + free	Theo de Raadt

2017-03-09	show how to verify the next release after 6.1	Sebastian Benoit

2016-10-06	- better check for seckeyname/pubkeyname "equality", remove the path	Marc Espie
	(you could legitimately store secret keys on a temporary mount - error out if seckeyname does not follow the .sec pattern for signing, augment the check to deal with that. - special case: seckeyfile can come from a pipe, and then, well, there's no way to store .pub in the comment. okay tedu@
2016-10-05	when generating keys, make sure the names specified adhere to all	Ted Unangst
	department of keyname compliance regulations. see if anybody complains...
2016-10-05	more properly check the secret key extension. from espie	Ted Unangst

2016-10-05	document the previously hidden keyname detection. urged by espie.	Ted Unangst

2016-10-05	combining an assignment and two tests in one conditional is a bit much.	Ted Unangst
	pull things apart. reported by espie in a separate complaint. :)
2016-10-04	typo	Marc Espie

2016-09-27	can make function static now that it's living in a separate file.	Ted Unangst
	bye bye XXX!
2016-09-27	the keytype checking is logically part of verify, and it's small, so	Ted Unangst
	always include it. but it can be made a bit simpler with zero malloc.
2016-09-27	no need to copy keypath if we already have one	Ted Unangst

2016-09-26	have to advance pointer past the / to get basename.	Ted Unangst
	noticed by naddy
2016-09-26	there's a hidden feature to infer the public key from the signature	Ted Unangst
	comment, but it doesn't work well because it encodes the full path. signature creaters don't usually keep the secret keys in /etc/signify, but that's where we look for public keys. switch to saving only the basename, and have the verifier add the path. should make it easier to start using this feature. anybody depending on the current behavior may have to adjust, but there's a reason this was never officially documented.
2016-09-19	use a shell glob wildcard, that's clearer than an out of scope variable	Ted Unangst

2016-09-10	spaces found during re-read	Theo de Raadt

2016-09-08	simplify the extra buffer size copy	Marc Espie

2016-09-04	well, adding the filename doesn't help... mostly used with pipes anyhow	Marc Espie

2016-09-03	add the keyname to meta-info that passes thru	Marc Espie

2016-09-03	switch back to SHA512/256 now that we have the official nist flavor	Ted Unangst

2016-09-03	naddy@ pointed out that SHA512/256 is slightly different	Marc Espie
	so use SHA384 which is on the shelf and good enough
2016-09-03	fix parameters checking	Marc Espie

2016-09-03	MAJOR tweak: switch to SHA512/256	Marc Espie
	adjust the header information to be self-descripting and contain a signature date, and pass that thru when checking.
2016-09-03	nitpicks. all header info is relative. make gzheader freeable.	Marc Espie
	allocate properly for storing shas.
2016-09-02	style polishing	Ted Unangst

2016-09-02	replace exit() with err() and errx() so user knows what happened	Ted Unangst

2016-09-02	use err() instead of errx when an errno is set	Ted Unangst

2016-09-02	the old check for when verify needed to create files (affecting pledge)	Ted Unangst
	was slightly wrong, but it didn't matter. new gzip mode however falls into the gap. the zsig code will default to stdout, therefore it needs much fewer privileges if msgfile is not specified.
2016-09-02	combine the pledge switch with the execution switch. no changes yet,	Ted Unangst
	but we can do a little better in some cases.