summaryrefslogtreecommitdiffstats
path: root/usr.bin/signify/signify.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* In -C mode, the public key is optional since it can be deduced fromtb2020-01-211-6/+6
| | | | | | | the untrusted comment. In this case, don't ignore -t but rather make it work as expected. ok tedu
* have parseb64file be non-destructive, so we can write theespie2019-12-221-1/+3
| | | | | | comment in zsig without needing an extra copy okay tedu@
* use PATH_MAX instead of 1024; ok teduderaadt2019-09-091-2/+2
|
* snprintf/vsnprintf return < 0 on error, rather than -1.deraadt2019-07-031-5/+5
|
* allow -n to zero the gzip header timestamp. suggestion from Andre Stoebe.tedu2019-03-231-8/+7
| | | | ok tb
* change an error message to be less misleading.tedu2019-01-171-2/+2
| | | | | | a secret key can have a valid base64 encoding but still won't parse as a public key. request from tb
* clean up the user's password even after various errors.tedu2019-01-171-6/+9
| | | | noticed by Gabriel Bartolini via Jesper Wallin
* fix style compliance, in the keyname compliance function no lesstedu2017-07-111-4/+4
|
* use freezero() instead of explicit_bzero + freederaadt2017-04-181-3/+2
|
* - better check for seckeyname/pubkeyname "equality", remove the pathespie2016-10-061-27/+32
| | | | | | | | | | (you could legitimately store secret keys on a temporary mount - error out if seckeyname does not follow the *.sec pattern for signing, augment the check to deal with that. - special case: seckeyfile can come from a pipe, and then, well, there's no way to store *.pub in the comment. okay tedu@
* when generating keys, make sure the names specified adhere to alltedu2016-10-051-1/+23
| | | | department of keyname compliance regulations. see if anybody complains...
* more properly check the secret key extension. from espietedu2016-10-051-4/+4
|
* combining an assignment and *two* tests in one conditional is a bit much.tedu2016-10-051-11/+14
| | | | | pull things apart. reported by espie in a separate complaint. :)
* the keytype checking is logically part of verify, and it's small, sotedu2016-09-271-19/+16
| | | | always include it. but it can be made a bit simpler with zero malloc.
* no need to copy keypath if we already have onetedu2016-09-271-6/+3
|
* have to advance pointer past the / to get basename.tedu2016-09-261-1/+3
| | | | noticed by naddy
* there's a hidden feature to infer the public key from the signaturetedu2016-09-261-8/+17
| | | | | | | | | | comment, but it doesn't work well because it encodes the full path. signature creaters don't usually keep the secret keys in /etc/signify, but that's where we look for public keys. switch to saving only the basename, and have the verifier add the path. should make it easier to start using this feature. anybody depending on the current behavior may have to adjust, but there's a reason this was never officially documented.
* spaces found during re-readderaadt2016-09-101-6/+6
|
* fix parameters checkingespie2016-09-031-1/+3
|
* use err() instead of errx when an errno is settedu2016-09-021-3/+3
|
* the old check for when verify needed to create files (affecting pledge)tedu2016-09-021-7/+8
| | | | | | was slightly wrong, but it didn't matter. new gzip mode however falls into the gap. the zsig code will default to stdout, therefore it needs much fewer privileges if msgfile is not specified.
* combine the pledge switch with the execution switch. no changes yet,tedu2016-09-021-26/+15
| | | | but we can do a little better in some cases.
* -e and -z cannot be combinedtedu2016-09-021-1/+4
|
* document the new stuff, usage nits.espie2016-09-021-2/+2
| | | | | some input by jmc@, to be polished later "get it in now" tedu@ deraadt@
* add a new option (-z) for signing gzip archives.espie2016-09-021-15/+50
| | | | | | | | | - simple barebones gzip header parsing - signature is outside of the archive - checksums for blocks of 64K - verify stuff then pass it to the pipeline lots of inputs by tedu@ and deraadt@ okay tedu@
* move more code into createsig. callers just pass seckey filename.tedu2016-09-021-33/+33
|
* split the sign() function into two, with a pure memory core madetedu2016-09-021-49/+71
| | | | available as a separate function to make it easier to reuse in other code.
* don't initialize variables with functionstedu2016-09-011-3/+6
|
* add a -t keytype option for untrusted comment automatic key extractionespie2016-09-011-12/+39
| | | | | (not in VERIFYONLY mode) to be documented and used shortly okay tedu@
* use getprognametedu2016-06-081-4/+2
|
* polishingtedu2015-12-041-4/+3
|
* Make signify's stdout line buffered. This allows to run the verbosebluhm2015-11-021-1/+4
| | | | | output through a pipe and still see the progress immediately. OK tedu@
* mark usage __deadtedu2015-10-301-2/+2
|
* Change all tame callers to namechange to pledge(2).deraadt2015-10-091-11/+11
|
* add some tame calls. we may need a bunch of permissions to create filestedu2015-10-081-1/+27
| | | | | | | and manipulate the tty for readpassphrase, but once we've parsed options and have some idea of what's going to happen next, we can reduce down quite a bit more. particular use case of "signify | patch" is limited to feeding garbage to patch.
* improve checksum parsing slightly. now handles filenames with spaces.tedu2015-01-161-4/+3
| | | | (though not names with ')'; sorry.)
* just to be careful, add a cpp guard that the sscanf sizes are oktedu2015-01-161-1/+4
|
* use PATH_MAX for path buffers. in case, you know...tedu2015-01-151-3/+4
|
* absurd optimization. reduce initial space by one to avoid leaving one bytetedu2015-01-091-2/+2
| | | | hanging off on a page by itself.
* bcallah noticed the ifndef guard for headers was wrong. don't fix, justtedu2015-01-071-5/+3
| | | | remove it, and put these includes up with their friends.
* useless change. overwriting the nul byte with a newline means b64_ntoptedu2014-12-291-2/+2
| | | | can use the whole buffer, even the last byte.
* rename fingerprint struct field. no longer exposed to users, but since it'stedu2014-12-291-11/+11
| | | | | | not technically a fingerprint as others understand the term, pick another. now it's a keynum! after an email from Florian Weimer
* remove the inspect debug command. should not be used by users, who are nottedu2014-12-291-37/+2
| | | | supposed to know what fingerprints are or that they exist.
* Yet more #include de-duplication.krw2014-11-201-2/+1
| | | | ok deraadt@ tedu@
* compare snprintf return value with -1. this isn't really necessary becausetedu2014-07-131-16/+17
| | | | | | int promotion rules guarantee the correct result when compared with sizeof, but it is perhaps easier for some people to understand it this way. from Doug Hogan.
* don't assign variables in if() that's not error checkingtedu2014-05-301-3/+5
|
* a little style consistency with error checkingtedu2014-05-301-11/+6
|
* save up the failures for the end in the argc == 0.tedu2014-05-161-16/+16
| | | | help ok espie
* a few changes for new code to match local styletedu2014-05-161-11/+11
|
* checksum mode can use magic pubkey finder tootedu2014-05-161-3/+3
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.