Skip to content

Commit

Permalink
Introduce disable_validate_hash
Browse files Browse the repository at this point in the history 
disable_validate_hash does as its name suggests.

After Master-hash has been fully verified then ALL subsequent hashes
are considered to be valid.
* disable_validate_hash=1

The one exception being Master-hash, which is still validated.
* unset disable_validate_hash

Signed-off-by: Richard T Bonhomme <[email protected]>
  • Loading branch information
@TinCanTech
TinCanTech committed Mar 4, 2022
1 parent f9a9d42 commit 93e4a7b
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions easytls
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1633,6 +1633,11 @@ generate_and_validate_data_hash ()
# Verify valid hash - Only return success or fail
validate_hash ()
{
# If master-hash has been verified then
# All further hashes are considered to be valid
# This is already wildly abusive, so don't abuse it any further..
[ -z "${disable_validate_hash}" ] || return 0

[ "${#}" -eq 1 ] || {
error_msg "validate_hash - invalid input: ${*}"
return 1
Expand Down Expand Up @@ -9331,13 +9336,16 @@ save_master_hash ()
die "save_master_hash - Missing: update_master_hash"
[ -z "${master_save_hash_block}" ] || \
die "Master save hash must only run once"

generate_master_hash || die "save_master_hash - generate_master_hash"
[ "${generated_master_hash}" = "${fixed_hash}" ] && {
unset -v update_master_hash
master_save_hash_block=1
return 0
}

# Get a valid hash, at all costs..
unset -v disable_validate_hash
validate_hash_block="$(( validate_hash_block - 1 ))"
validate_hash "${generated_master_hash}" || \
die "save_master_hash - validate_hash ${generated_master_hash}"
Expand Down Expand Up @@ -10036,6 +10044,8 @@ main ()

# Verify me!
verify_master_hash || die "verify_master_hash"
# From this point forth, ALL hashes should be considered valid
disable_validate_hash=1

# Set "Temp-Dir of last resort", if not already set by config
if [ -n "${EASYTLS_FOR_WINDOWS}" ]; then
Expand Down

1 comment on commit 93e4a7b

@TinCanTech
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#272

Please sign in to comment.