[PATCH setup draft 1/4] Allow validation of signatures using the cygwin key only

Ken Brown kbrown@cornell.edu
Mon Dec 11 21:41:00 GMT 2017 

Add an optional argument 'main_key_only' to
crypto.cc:verify_ini_file_sig() and ini.cc:check_ini_sig().  The
argument is 'false' by default.  If it is 'true', validation uses the
official cygwin signing key only.
---
 crypto.cc | 5 +++--
 crypto.h  | 3 ++-
 ini.cc    | 5 +++--
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/crypto.cc b/crypto.cc
index 5a10e16..6a97acb 100644
--- a/crypto.cc
+++ b/crypto.cc
@@ -429,7 +429,8 @@ add_key_from_sexpr (gcry_sexp_t key)
 
 /*  Verify the signature on an ini file.  Takes care of all key-handling.  */
 bool
-verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner)
+verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file,
+		     HWND owner, bool main_key_only)
 {
   /*  DSA public key in s-expr format.  */
   gcry_sexp_t dsa_key;
@@ -629,7 +630,7 @@ verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner)
       // Well, we're actually there!  Try it against the main key.
       rv = gcry_pk_verify (dsa_sig, dsa_hash, dsa_key);
       // If not that, try any supplied on the commandline.
-      if (rv != GPG_ERR_NO_ERROR)
+      if (rv != GPG_ERR_NO_ERROR && !main_key_only)
 	{
 	  std::vector<gcry_sexp_t>::iterator it;
 	  for (it = keys_to_try.begin (); it < keys_to_try.end (); ++it)
diff --git a/crypto.h b/crypto.h
index 860df6c..9725b19 100644
--- a/crypto.h
+++ b/crypto.h
@@ -30,7 +30,8 @@ class io_stream;
   file in another.  It is called from ini.cc/do_remote_ini() and returns
   true if the signature verified OK; if it returns false, you MUST NOT
   use the failed ini file - doubly so if it's a compressed stream!  */
-extern bool verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file, HWND owner);
+extern bool verify_ini_file_sig (io_stream *ini_file, io_stream *ini_sig_file,
+				 HWND owner, bool main_key_only = false);
 
 /*
 5.2.2.  Version 3 Signature Packet Format
diff --git a/ini.cc b/ini.cc
index f021ed2..18ab2e3 100644
--- a/ini.cc
+++ b/ini.cc
@@ -172,7 +172,8 @@ decompress_ini (io_stream *ini_file)
 
 static io_stream*
 check_ini_sig (io_stream* ini_file, io_stream* ini_sig_file,
-	       bool& sig_fail, const char* site, const char* sig_name, HWND owner)
+	       bool& sig_fail, const char* site, const char* sig_name,
+	       HWND owner, bool main_key_only = false)
 {
   /* Unless the NoVerifyOption is set, check the signature for the
      current setup and record the result.  On a failed signature check
@@ -192,7 +193,7 @@ check_ini_sig (io_stream* ini_file, io_stream* ini_sig_file,
 	    sig_fail = true;
 	  }
       }
-      else if (!verify_ini_file_sig (ini_file, ini_sig_file, owner))
+      else if (!verify_ini_file_sig (ini_file, ini_sig_file, owner, main_key_only))
 	{
 	  note (owner, IDS_SIG_INVALID, sig_name, site);
 	  delete ini_sig_file;
-- 
2.15.1

More information about the Cygwin-apps mailing list