summaryrefslogtreecommitdiff
path: root/src/package.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/package.c')
-rw-r--r--src/package.c34
1 files changed, 21 insertions, 13 deletions
diff --git a/src/package.c b/src/package.c
index 1dd83e3..9ad17e9 100644
--- a/src/package.c
+++ b/src/package.c
@@ -705,15 +705,27 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
switch (sctx->action) {
case APK_SIGN_VERIFY:
case APK_SIGN_VERIFY_AND_GENERATE:
- r = EVP_VerifyFinal(&sctx->mdctx,
- (unsigned char *) sctx->signature.data.ptr,
- sctx->signature.data.len,
- sctx->signature.pkey);
- if (r != 1)
- return -EKEYREJECTED;
- sctx->control_verified = 1;
- if (!sctx->has_data_checksum && part == APK_MPART_END)
- sctx->data_verified = 1;
+ if (sctx->signature.pkey != NULL) {
+ r = EVP_VerifyFinal(&sctx->mdctx,
+ (unsigned char *) sctx->signature.data.ptr,
+ sctx->signature.data.len,
+ sctx->signature.pkey);
+ if (r != 1 && !(apk_flags & APK_ALLOW_UNTRUSTED))
+ return -EKEYREJECTED;
+ } else {
+ r = 0;
+ if (!(apk_flags & APK_ALLOW_UNTRUSTED))
+ return -ENOKEY;
+ }
+ if (r == 1) {
+ sctx->control_verified = 1;
+ if (!sctx->has_data_checksum && part == APK_MPART_END)
+ sctx->data_verified = 1;
+ }
+ if (sctx->action == APK_SIGN_VERIFY_AND_GENERATE) {
+ sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
+ EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
+ }
break;
case APK_SIGN_VERIFY_IDENTITY:
/* Reset digest for hashing data */
@@ -734,10 +746,6 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
return -ECANCELED;
break;
}
- if (sctx->action == APK_SIGN_VERIFY_AND_GENERATE) {
- sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
- EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
- }
reset_digest:
EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
EVP_MD_CTX_set_flags(&sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);