diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2016-10-05 15:58:51 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2016-10-05 15:58:51 +0000 |
| commit | 64e5576c75e3bae1ee4c55ff0c9454cddde6c197 (patch) | |
| tree | 0ae80ddded6836379b70660ca02028404c9a7400 /usr.bin/signify/signify.c | |
| parent | 7be2d4871a38ff59cb49f2608e6bd9e8f0cfc9df (diff) | |
when generating keys, make sure the names specified adhere to all
department of keyname compliance regulations. see if anybody complains...
Diffstat (limited to 'usr.bin/signify/signify.c')
| -rw-r--r-- | usr.bin/signify/signify.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c index aa7c1bf3039..2f6b4c56126 100644 --- a/usr.bin/signify/signify.c +++ b/usr.bin/signify/signify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: signify.c,v 1.124 2016/10/05 15:48:39 tedu Exp $ */ +/* $OpenBSD: signify.c,v 1.125 2016/10/05 15:58:50 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org> * @@ -343,6 +343,27 @@ generate(const char *pubkeyfile, const char *seckeyfile, int rounds, sizeof(pubkey), O_EXCL, 0666); } +static void +check_keyname_compliance(const char *pubkeyfile, const char *seckeyfile) +{ + size_t len; + + len = strlen(pubkeyfile); + if (strlen(seckeyfile) != len) + goto bad; + if (len < 5) /* ?.key */ + goto bad; + if (strcmp(pubkeyfile + len - 4, ".pub") != 0 || + strcmp(seckeyfile + len - 4, ".sec") != 0) + goto bad; + if (strncmp(pubkeyfile, seckeyfile, len - 4) != 0) + goto bad; + + return; +bad: + errx(1, "please use naming scheme of keyname.pub and keyname.sec"); +} + uint8_t * createsig(const char *seckeyfile, const char *msgfile, uint8_t *msg, unsigned long long msglen) @@ -842,6 +863,7 @@ main(int argc, char **argv) /* no pledge */ if (!pubkeyfile || !seckeyfile) usage("must specify pubkey and seckey"); + check_keyname_compliance(pubkeyfile, seckeyfile); generate(pubkeyfile, seckeyfile, rounds, comment); break; case SIGN: |