summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2012-04-03 13:14:55 +0300
committerTimo Teräs <timo.teras@iki.fi>2012-04-03 13:16:49 +0300
commita3280c30611c4db8a65a920850bfe0a8aeb09d23 (patch)
treedb406cdd5b7efaf35f6cc41db6296308fc9afc25
parent7458e4d3f4e85664238938ddeea47419ea3c070b (diff)
downloadapk-tools-a3280c30611c4db8a65a920850bfe0a8aeb09d23.tar.gz
apk-tools-a3280c30611c4db8a65a920850bfe0a8aeb09d23.tar.bz2
apk-tools-a3280c30611c4db8a65a920850bfe0a8aeb09d23.tar.xz
apk-tools-a3280c30611c4db8a65a920850bfe0a8aeb09d23.zip
pkg: honor --allow-untrusted when installing non-repository packages
fixes #1072
-rw-r--r--src/package.c34
1 files changed, 21 insertions, 13 deletions
diff --git a/src/package.c b/src/package.c
index 1dd83e3..9ad17e9 100644
--- a/src/package.c
+++ b/src/package.c
@@ -705,15 +705,27 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
switch (sctx->action) {
case APK_SIGN_VERIFY:
case APK_SIGN_VERIFY_AND_GENERATE:
- r = EVP_VerifyFinal(&sctx->mdctx,
- (unsigned char *) sctx->signature.data.ptr,
- sctx->signature.data.len,
- sctx->signature.pkey);
- if (r != 1)
- return -EKEYREJECTED;
- sctx->control_verified = 1;
- if (!sctx->has_data_checksum && part == APK_MPART_END)
- sctx->data_verified = 1;
+ if (sctx->signature.pkey != NULL) {
+ r = EVP_VerifyFinal(&sctx->mdctx,
+ (unsigned char *) sctx->signature.data.ptr,
+ sctx->signature.data.len,
+ sctx->signature.pkey);
+ if (r != 1 && !(apk_flags & APK_ALLOW_UNTRUSTED))
+ return -EKEYREJECTED;
+ } else {
+ r = 0;
+ if (!(apk_flags & APK_ALLOW_UNTRUSTED))
+ return -ENOKEY;
+ }
+ if (r == 1) {
+ sctx->control_verified = 1;
+ if (!sctx->has_data_checksum && part == APK_MPART_END)
+ sctx->data_verified = 1;
+ }
+ if (sctx->action == APK_SIGN_VERIFY_AND_GENERATE) {
+ sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
+ EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
+ }
break;
case APK_SIGN_VERIFY_IDENTITY:
/* Reset digest for hashing data */
@@ -734,10 +746,6 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
return -ECANCELED;
break;
}
- if (sctx->action == APK_SIGN_VERIFY_AND_GENERATE) {
- sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
- EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
- }
reset_digest:
EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
EVP_MD_CTX_set_flags(&sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);