security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2024-06-26 01:52:45 +02:00
Code Activity

* make-dns-cert.c: Some changes from Peter Palfrader to send errors to

Browse Source 
stderr and allow spaces in a fingerprint.  Also warn when a key is
over 16k (as that is the default max-cert-size) and fail when a key is
over 64k as that is the DNS limit in many places.
This commit is contained in:
David Shaw 2006-04-05 14:25:40 +00:00
parent d855bd31ab
commit 1f6fba7c52
2 changed files with 53 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
tools/ChangeLog
View File

@ -1,3 +1,11 @@
2006-04-05 David Shaw <dshaw@jabberwocky.com>
* make-dns-cert.c: Some changes from Peter Palfrader to send
errors to stderr and allow spaces in a fingerprint. Also warn
when a key is over 16k (as that is the default max-cert-size) and
fail when a key is over 64k as that is the DNS limit in many
places.
2006-04-04 David Shaw <dshaw@jabberwocky.com> 2006-04-04 David Shaw <dshaw@jabberwocky.com>
* make-dns-cert.c: New program to generate properly formatted CERT * make-dns-cert.c: New program to generate properly formatted CERT

63
tools/make-dns-cert.c
View File

@ -44,23 +44,28 @@ cert_key(const char *name,const char *keyfile)
fd=open(keyfile,O_RDONLY); fd=open(keyfile,O_RDONLY);
if(fd==-1) if(fd==-1)
{ {
printf("Cannot open key file %s: %s\n",keyfile,strerror(errno)); fprintf(stderr,"Cannot open key file %s: %s\n",keyfile,strerror(errno));
return 1; return 1;
} }
err=fstat(fd,&statbuf); err=fstat(fd,&statbuf);
if(err==-1) if(err==-1)
{ {
printf("Unable to stat key file %s: %s\n",keyfile,strerror(errno)); fprintf(stderr,"Unable to stat key file %s: %s\n",
keyfile,strerror(errno));
goto fail; goto fail;
} }
if(statbuf.st_size>32768) if(statbuf.st_size>65536)
{ {
printf("Key %s too large for CERT encoding\n",keyfile); fprintf(stderr,"Key %s too large for CERT encoding\n",keyfile);
goto fail; goto fail;
} }
if(statbuf.st_size>16384)
fprintf(stderr,"Warning: key file %s is larger than the default"
" GnuPG max-cert-size\n",keyfile);
printf("%s\tTYPE37\t\\# %u 0003 0000 00 ", printf("%s\tTYPE37\t\\# %u 0003 0000 00 ",
name,(unsigned int)statbuf.st_size+5); name,(unsigned int)statbuf.st_size+5);
@ -72,7 +77,8 @@ cert_key(const char *name,const char *keyfile)
err=read(fd,buffer,1024); err=read(fd,buffer,1024);
if(err==-1) if(err==-1)
{ {
printf("Unable to read key file %s: %s\n",keyfile,strerror(errno)); fprintf(stderr,"Unable to read key file %s: %s\n",
keyfile,strerror(errno));
goto fail; goto fail;
} }
@ -97,10 +103,28 @@ url_key(const char *name,const char *fpr,const char *url)
if(fpr) if(fpr)
{ {
fprlen=strlen(fpr); const char *tmp = fpr;
while (*tmp)
{
if ((*tmp >= 'A' && *tmp <= 'F') ||
(*tmp >= 'a' && *tmp <= 'f') ||
(*tmp >= '0' && *tmp <= '9'))
{
fprlen++;
}
else if (*tmp != ' ' && *tmp != '\t')
{
fprintf(stderr,"Fingerprint must consist of only hex digits"
" and whitespace\n");
return 1;
}
tmp++;
}
if(fprlen%2) if(fprlen%2)
{ {
printf("Fingerprint must be an even number of characters\n"); fprintf(stderr,"Fingerprint must be an even number of characters\n");
return 1; return 1;
} }
@ -113,7 +137,8 @@ url_key(const char *name,const char *fpr,const char *url)
if(!fpr && !url) if(!fpr && !url)
{ {
printf("Cannot generate a CERT without either a fingerprint or URL\n"); fprintf(stderr,
"Cannot generate a CERT without either a fingerprint or URL\n");
return 1; return 1;
} }
@ -136,13 +161,13 @@ url_key(const char *name,const char *fpr,const char *url)
} }
static void static void
usage(void) usage(FILE *stream)
{ {
printf("make-dns-cert\n"); fprintf(stream,"make-dns-cert\n");
printf("\t-f\tfingerprint\n"); fprintf(stream,"\t-f\tfingerprint\n");
printf("\t-u\tURL\n"); fprintf(stream,"\t-u\tURL\n");
printf("\t-k\tkey file\n"); fprintf(stream,"\t-k\tkey file\n");
printf("\t-n\tDNS name\n"); fprintf(stream,"\t-n\tDNS name\n");
} }
int int
@ -153,7 +178,7 @@ main(int argc,char *argv[])
if(argc==1) if(argc==1)
{ {
usage(); usage(stderr);
return 0; return 0;
} }
else if(argc>1 && strcmp(argv[1],"--version")==0) else if(argc>1 && strcmp(argv[1],"--version")==0)
@ -163,7 +188,7 @@ main(int argc,char *argv[])
} }
else if(argc>1 && strcmp(argv[1],"--help")==0) else if(argc>1 && strcmp(argv[1],"--help")==0)
{ {
usage(); usage(stdout);
return 0; return 0;
} }
@ -172,7 +197,7 @@ main(int argc,char *argv[])
{ {
default: default:
case 'h': case 'h':
usage(); usage(stdout);
exit(0); exit(0);
case 'f': case 'f':
@ -194,13 +219,13 @@ main(int argc,char *argv[])
if(!name) if(!name)
{ {
printf("No name provided\n"); fprintf(stderr,"No name provided\n");
return 1; return 1;
} }
if(keyfile && (fpr || url)) if(keyfile && (fpr || url))
{ {
printf("Cannot generate a CERT record with both a keyfile and" fprintf(stderr,"Cannot generate a CERT record with both a keyfile and"
" a fingerprint or URL\n"); " a fingerprint or URL\n");
return 1; return 1;
} }