This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
[PATCH setup draft 1/4] Allow validation of signatures using the cygwin key only
- From: Ken Brown <kbrown at cornell dot edu>
- To: cygwin-apps at cygwin dot com
- Date: Mon, 11 Dec 2017 16:41:33 -0500
- Subject: [PATCH setup draft 1/4] Allow validation of signatures using the cygwin key only
- Authentication-results: sourceware.org; auth=none
- References: <20171211214136.6500-1-kbrown@cornell.edu>
Add an optional argument 'main_key_only' to
crypto.cc:verify_ini_file_sig() and ini.cc:check_ini_sig(). The
argument is 'false' by default. If it is 'true', validation uses the
official cygwin signing key only.
---
crypto.cc | 5 +++--
crypto.h | 3 ++-
ini.cc | 5 +++--
3 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/crypto.cc b/crypto.cc
index 5a10e16..6a97acb 100644
--- a/crypto.cc
+++ b/crypto.cc
@@ -429,7 +429,8 @@ add_key_from_sexpr (gcry_sexp_t key)
/* Verify the signature on an ini file. Takes care of all key-handling. */
bool
-verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner)
+verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file,
+ HWND owner, bool main_key_only)
{
/* DSA public key in s-expr format. */
gcry_sexp_t dsa_key;
@@ -629,7 +630,7 @@ verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner)
// Well, we're actually there! Try it against the main key.
rv = gcry_pk_verify (dsa_sig, dsa_hash, dsa_key);
// If not that, try any supplied on the commandline.
- if (rv != GPG_ERR_NO_ERROR)
+ if (rv != GPG_ERR_NO_ERROR && !main_key_only)
{
std::vector<gcry_sexp_t>::iterator it;
for (it = keys_to_try.begin (); it < keys_to_try.end (); ++it)
diff --git a/crypto.h b/crypto.h
index 860df6c..9725b19 100644
--- a/crypto.h
+++ b/crypto.h
@@ -30,7 +30,8 @@ class io_stream;
file in another. It is called from ini.cc/do_remote_ini() and returns
true if the signature verified OK; if it returns false, you MUST NOT
use the failed ini file - doubly so if it's a compressed stream! */
-extern bool verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner);
+extern bool verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file,
+ HWND owner, bool main_key_only = false);
/*
5.2.2. Version 3 Signature Packet Format
diff --git a/ini.cc b/ini.cc
index f021ed2..18ab2e3 100644
--- a/ini.cc
+++ b/ini.cc
@@ -172,7 +172,8 @@ decompress_ini (io_stream *ini_file)
static io_stream*
check_ini_sig (io_stream* ini_file, io_stream* ini_sig_file,
- bool& sig_fail, const char* site, const char* sig_name, HWND owner)
+ bool& sig_fail, const char* site, const char* sig_name,
+ HWND owner, bool main_key_only = false)
{
/* Unless the NoVerifyOption is set, check the signature for the
current setup and record the result. On a failed signature check
@@ -192,7 +193,7 @@ check_ini_sig (io_stream* ini_file, io_stream* ini_sig_file,
sig_fail = true;
}
}
- else if (!verify_ini_file_sig (ini_file, ini_sig_file, owner))
+ else if (!verify_ini_file_sig (ini_file, ini_sig_file, owner, main_key_only))
{
note (owner, IDS_SIG_INVALID, sig_name, site);
delete ini_sig_file;
--
2.15.1