From 1f6fba7c52a8c9bc93eed44a8018c7d22614e8a7 Mon Sep 17 00:00:00 2001 From: David Shaw Date: Wed, 5 Apr 2006 14:25:40 +0000 Subject: [PATCH] * make-dns-cert.c: Some changes from Peter Palfrader to send errors to stderr and allow spaces in a fingerprint. Also warn when a key is over 16k (as that is the default max-cert-size) and fail when a key is over 64k as that is the DNS limit in many places. --- tools/ChangeLog | 8 ++++++ tools/make-dns-cert.c | 65 ++++++++++++++++++++++++++++++------------- 2 files changed, 53 insertions(+), 20 deletions(-) diff --git a/tools/ChangeLog b/tools/ChangeLog index 090f2ec27..af68f3a0c 100644 --- a/tools/ChangeLog +++ b/tools/ChangeLog @@ -1,3 +1,11 @@ +2006-04-05 David Shaw + + * make-dns-cert.c: Some changes from Peter Palfrader to send + errors to stderr and allow spaces in a fingerprint. Also warn + when a key is over 16k (as that is the default max-cert-size) and + fail when a key is over 64k as that is the DNS limit in many + places. + 2006-04-04 David Shaw * make-dns-cert.c: New program to generate properly formatted CERT diff --git a/tools/make-dns-cert.c b/tools/make-dns-cert.c index 6cf92645d..4d63f2b4f 100644 --- a/tools/make-dns-cert.c +++ b/tools/make-dns-cert.c @@ -44,23 +44,28 @@ cert_key(const char *name,const char *keyfile) fd=open(keyfile,O_RDONLY); if(fd==-1) { - printf("Cannot open key file %s: %s\n",keyfile,strerror(errno)); + fprintf(stderr,"Cannot open key file %s: %s\n",keyfile,strerror(errno)); return 1; } err=fstat(fd,&statbuf); if(err==-1) { - printf("Unable to stat key file %s: %s\n",keyfile,strerror(errno)); + fprintf(stderr,"Unable to stat key file %s: %s\n", + keyfile,strerror(errno)); goto fail; } - if(statbuf.st_size>32768) + if(statbuf.st_size>65536) { - printf("Key %s too large for CERT encoding\n",keyfile); + fprintf(stderr,"Key %s too large for CERT encoding\n",keyfile); goto fail; } + if(statbuf.st_size>16384) + fprintf(stderr,"Warning: key file %s is larger than the default" + " GnuPG max-cert-size\n",keyfile); + printf("%s\tTYPE37\t\\# %u 0003 0000 00 ", name,(unsigned int)statbuf.st_size+5); @@ -72,7 +77,8 @@ cert_key(const char *name,const char *keyfile) err=read(fd,buffer,1024); if(err==-1) { - printf("Unable to read key file %s: %s\n",keyfile,strerror(errno)); + fprintf(stderr,"Unable to read key file %s: %s\n", + keyfile,strerror(errno)); goto fail; } @@ -97,10 +103,28 @@ url_key(const char *name,const char *fpr,const char *url) if(fpr) { - fprlen=strlen(fpr); + const char *tmp = fpr; + while (*tmp) + { + if ((*tmp >= 'A' && *tmp <= 'F') || + (*tmp >= 'a' && *tmp <= 'f') || + (*tmp >= '0' && *tmp <= '9')) + { + fprlen++; + } + else if (*tmp != ' ' && *tmp != '\t') + { + fprintf(stderr,"Fingerprint must consist of only hex digits" + " and whitespace\n"); + return 1; + } + + tmp++; + } + if(fprlen%2) { - printf("Fingerprint must be an even number of characters\n"); + fprintf(stderr,"Fingerprint must be an even number of characters\n"); return 1; } @@ -113,7 +137,8 @@ url_key(const char *name,const char *fpr,const char *url) if(!fpr && !url) { - printf("Cannot generate a CERT without either a fingerprint or URL\n"); + fprintf(stderr, + "Cannot generate a CERT without either a fingerprint or URL\n"); return 1; } @@ -136,13 +161,13 @@ url_key(const char *name,const char *fpr,const char *url) } static void -usage(void) +usage(FILE *stream) { - printf("make-dns-cert\n"); - printf("\t-f\tfingerprint\n"); - printf("\t-u\tURL\n"); - printf("\t-k\tkey file\n"); - printf("\t-n\tDNS name\n"); + fprintf(stream,"make-dns-cert\n"); + fprintf(stream,"\t-f\tfingerprint\n"); + fprintf(stream,"\t-u\tURL\n"); + fprintf(stream,"\t-k\tkey file\n"); + fprintf(stream,"\t-n\tDNS name\n"); } int @@ -153,7 +178,7 @@ main(int argc,char *argv[]) if(argc==1) { - usage(); + usage(stderr); return 0; } else if(argc>1 && strcmp(argv[1],"--version")==0) @@ -163,7 +188,7 @@ main(int argc,char *argv[]) } else if(argc>1 && strcmp(argv[1],"--help")==0) { - usage(); + usage(stdout); return 0; } @@ -172,7 +197,7 @@ main(int argc,char *argv[]) { default: case 'h': - usage(); + usage(stdout); exit(0); case 'f': @@ -194,14 +219,14 @@ main(int argc,char *argv[]) if(!name) { - printf("No name provided\n"); + fprintf(stderr,"No name provided\n"); return 1; } if(keyfile && (fpr || url)) { - printf("Cannot generate a CERT record with both a keyfile and" - " a fingerprint or URL\n"); + fprintf(stderr,"Cannot generate a CERT record with both a keyfile and" + " a fingerprint or URL\n"); return 1; }