From c2344f0a99ee75fa87df41e7b189f22d340a84b2 Mon Sep 17 00:00:00 2001 From: minfrin Date: Mon, 3 Oct 2022 20:41:53 +0100 Subject: [PATCH] Domain/Selector/KeyFile no longer mandatory in verifying mode Limit checks for Domain/Selector/KeyFile to signing mode only. https://github.com/trusteddomainproject/OpenARC/pull/159 --- openarc/openarc-config.h | 6 +++--- openarc/openarc.c | 40 ++++++++++++++++++++++++---------------- 2 files changed, 27 insertions(+), 19 deletions(-) diff --git a/openarc/openarc-config.h b/openarc/openarc-config.h index 26d30c1..38dffaf 100644 --- a/openarc/openarc-config.h +++ b/openarc/openarc-config.h @@ -29,20 +29,20 @@ struct configdef arcf_config[] = { "BaseDirectory", CONFIG_TYPE_STRING, FALSE }, { "Canonicalization", CONFIG_TYPE_STRING, FALSE }, { "ChangeRootDirectory", CONFIG_TYPE_STRING, FALSE }, - { "Domain", CONFIG_TYPE_STRING, TRUE }, + { "Domain", CONFIG_TYPE_STRING, FALSE }, { "EnableCoredumps", CONFIG_TYPE_BOOLEAN, FALSE }, { "FinalReceiver", CONFIG_TYPE_BOOLEAN, FALSE }, { "FixedTimestamp", CONFIG_TYPE_STRING, FALSE }, { "Include", CONFIG_TYPE_INCLUDE, FALSE }, { "InternalHosts", CONFIG_TYPE_STRING, FALSE }, { "KeepTemporaryFiles", CONFIG_TYPE_BOOLEAN, FALSE }, - { "KeyFile", CONFIG_TYPE_STRING, TRUE }, + { "KeyFile", CONFIG_TYPE_STRING, FALSE }, { "MaximumHeaders", CONFIG_TYPE_INTEGER, FALSE }, { "MilterDebug", CONFIG_TYPE_INTEGER, FALSE }, { "Mode", CONFIG_TYPE_STRING, FALSE }, { "PeerList", CONFIG_TYPE_STRING, FALSE }, { "PidFile", CONFIG_TYPE_STRING, FALSE }, - { "Selector", CONFIG_TYPE_STRING, TRUE }, + { "Selector", CONFIG_TYPE_STRING, FALSE }, { "SignatureAlgorithm", CONFIG_TYPE_STRING, FALSE }, { "SignHeaders", CONFIG_TYPE_STRING, FALSE }, { "OverSignHeaders", CONFIG_TYPE_STRING, FALSE }, diff --git a/openarc/openarc.c b/openarc/openarc.c index 8b211ff..fc5211e 100644 --- a/openarc/openarc.c +++ b/openarc/openarc.c @@ -1469,17 +1469,32 @@ arcf_config_load(struct config *data, struct arcf_config *conf, conf->conf_signalg = ARC_SIGN_RSASHA256; } - (void) config_get(data, "Domain", - &conf->conf_domain, - sizeof conf->conf_domain); + if ((conf->conf_mode & ARC_MODE_SIGN)) + { + if (config_get(data, "Domain", + &conf->conf_domain, + sizeof conf->conf_domain) < 1) + { + strlcpy(err, "parameter \"Domain\" required when signing", errlen); + return -1; + } - (void) config_get(data, "Selector", - &conf->conf_selector, - sizeof conf->conf_selector); + if (config_get(data, "Selector", + &conf->conf_selector, + sizeof conf->conf_selector) < 1) + { + strlcpy(err, "parameter \"Selector\" required when signing", errlen); + return -1; + } - (void) config_get(data, "KeyFile", - &conf->conf_keyfile, - sizeof conf->conf_keyfile); + if (config_get(data, "KeyFile", + &conf->conf_keyfile, + sizeof conf->conf_keyfile) < 1) + { + strlcpy(err, "parameter \"KeyFile\" required when signing", errlen); + return -1; + } + } (void) config_get(data, "EnableCoredumps", &conf->conf_enablecores, @@ -4445,13 +4460,6 @@ main(int argc, char **argv) return EX_CONFIG; } - if (curconf->conf_selector == NULL || curconf->conf_domain == FALSE) - { - fprintf(stderr, "%s: selector and domain must be specified\n", - progname); - return EX_CONFIG; - } - /* suppress a bunch of things if we're in test mode */ if (testmode) {