Brent Cook <busterb <at> gmail.com> writes: > > We have released LibreSSL 2.0.5, which should be arriving in the > LibreSSL directory of an OpenBSD mirror near you. > [SNIP] > > We welcome feedback and support from the community as we continue to > work on LibreSSL.
First of all, many thanks to the entire team for the ongoing LibreSSL (libcrypto/libssl) efforts - great stuff. Those wishing to verify LibreSSL tarballs can use my portable version of OpenBSD's signify (project I began back in May [1]). It is quite self-contained and doesn't depend on things like libbsd for BSDisms or OpenSSL/LibreSSL for prng seed material. So, I anticipate it should build on many POSIXy systems (tested on Linux and Windows/Cygwin). The latest version was sync'd on 20140902 and includes signify.c rev1.91 and updated support code including tweaks that hopefully make explicit_bzero more resistant to overzealous compilers: http://sf.net/projects/slackdepot/files/signify/signify-portable-20140902.tar.bz2 My example-driven HOWTO should be enough to get one started. --mancha PS A few LibreSSL versions ago, verification worked flawlessly. However, the latest SHA256 digest lists contain full paths (e.g. /home/sign/libressl-2.0.2.tar.gz) which interfere with verification. Mistake? === [1] http://www.linuxquestions.org/questions/slackware-14/openbsd%27s-new-john-hancock-4175504101/
