diff options
Diffstat (limited to 'src/package.c')
-rw-r--r-- | src/package.c | 31 |
1 files changed, 24 insertions, 7 deletions
diff --git a/src/package.c b/src/package.c index 1cd85dd..32d4564 100644 --- a/src/package.c +++ b/src/package.c @@ -449,10 +449,26 @@ void apk_sign_ctx_free(struct apk_sign_ctx *ctx) EVP_MD_CTX_cleanup(&ctx->mdctx); } +static int check_signing_key_trust(struct apk_sign_ctx *sctx) +{ + switch (sctx->action) { + case APK_SIGN_VERIFY: + case APK_SIGN_VERIFY_AND_GENERATE: + if (sctx->signature.pkey == NULL) { + if (apk_flags & APK_ALLOW_UNTRUSTED) + break; + return -ENOKEY; + } + } + return 0; +} + int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, const struct apk_file_info *fi, struct apk_istream *is) { + int r; + if (ctx->data_started) return 1; @@ -465,6 +481,9 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, return -ENOMSG; ctx->data_started = 1; ctx->control_started = 1; + r = check_signing_key_trust(ctx); + if (r < 0) + return r; return 1; } @@ -491,7 +510,7 @@ int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, if (strncmp(&fi->name[6], "RSA.", 4) == 0 || strncmp(&fi->name[6], "DSA.", 4) == 0) { int fd = openat(ctx->keys_fd, &fi->name[10], O_RDONLY|O_CLOEXEC); - BIO *bio; + BIO *bio; if (fd < 0) return 0; @@ -604,15 +623,13 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data) return 0; } + r = check_signing_key_trust(sctx); + if (r < 0) + return r; + switch (sctx->action) { case APK_SIGN_VERIFY: case APK_SIGN_VERIFY_AND_GENERATE: - if (sctx->signature.pkey == NULL) { - if (apk_flags & APK_ALLOW_UNTRUSTED) - break; - return -ENOKEY; - } - r = EVP_VerifyFinal(&sctx->mdctx, (unsigned char *) sctx->signature.data.ptr, sctx->signature.data.len, |