[Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)
Demi Marie Obenour
notifications at github.com
Wed Nov 10 10:47:01 UTC 2021
@DemiMarie requested changes on this pull request.
This change is not safe; some new features need to be implemented in RPM.
> @@ -444,7 +444,7 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
int rc = 0;
while (hlen > 0 && rc == 0) {
- int impl = 0;
+ int recognized = 1;
This makes new values default to being recognized, which is unsafe.
> @@ -503,6 +500,9 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
case PGPSUBTYPE_REVOKE_REASON:
case PGPSUBTYPE_FEATURES:
case PGPSUBTYPE_EMBEDDED_SIG:
+ pgpPrtHex("", p+1, plen-1);
+ break;
+ case PGPSUBTYPE_NOTATION:
RPM must implement the following:
- Signature creation time
- Signature expiration time
- Key expiration time
- Key flags
In these cases, ignoring that a subpacket is marked critical would be a serious error, as it could cause RPM to accept a package that it must not. In all four of these cases, the correct fix is for RPM to actually implement the corresponding subpacket, not to ignore it.
RPM can safely ignore the following, even if marked critical, at least for now:
- exportable certification
- trust signature
- regular expression
- revocable
- revocation key
- primary userid
- embedded signature
- preferred symmetric key
- preferred hash algorithm
- preferred compression algorithm
- key server preferences
- policy URL
For notation subpackets, the default must be to reject unknown critical notations, but some notations may be ignorable. If RPM gets support for revocation or a web of trust, the list of safely ignoreable subpackets will shrink. Note that unlike subkey binding signatures, *primary* key binding signatures do *not* need to be supported *yet*. My understanding is that primary key binding signatures ensure Eve cannot claim to have made a signature actually made by Alice, which is not an issue for RPM at this time.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1813#pullrequestreview-802392675
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20211110/c3e13291/attachment.html>
More information about the Rpm-maint
mailing list