Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reject unimplemented critical PGP packets as per RFC-4880 #1702

Merged
merged 2 commits into from Jun 15, 2021
Merged

Reject unimplemented critical PGP packets as per RFC-4880 #1702

merged 2 commits into from Jun 15, 2021

Conversation

pmatilai
Copy link
Member 

Reject unimplemented critical PGP packets as per RFC-4880

    Bit 7 of the subpacket type is the "critical" bit.  If set, it
    denotes that the subpacket is one that is critical for the evaluator
    of the signature to recognize.  If a subpacket is encountered that is
    marked critical but is unknown to the evaluating software, the
    evaluator SHOULD consider the signature to be in error.

We only implement creation time and issuer keyid, everything else is
unimplemented and should be flagged as an error if critical as per above.

Initial patch by Demi Marie Obenour.

@pmatilai
Refactor error tracking to helper variable in PGP subtype parsing
7c0dbdd 
No functional changes here, but makes easier to flag different errors
in the next commits.
@pmatilai
Reject unimplemented critical PGP packets as per RFC-4880
37bd8d8 
    Bit 7 of the subpacket type is the "critical" bit.  If set, it
    denotes that the subpacket is one that is critical for the evaluator
    of the signature to recognize.  If a subpacket is encountered that is
    marked critical but is unknown to the evaluating software, the
    evaluator SHOULD consider the signature to be in error.

We only implement creation time and issuer keyid, everything else is
unimplemented and should be flagged as an error if critical as per above.

Initial patch by Demi Marie Obenour.
@pmatilai pmatilai added the RFE label Jun 15, 2021
@pmatilai
Copy link
Member Author

Another piece based on PGP parser PR's by @DemiMarie but taking care to really track the implemented status, and keep debug printing intact.

@pmatilai pmatilai merged commit f22499a into rpm-software-management:master Jun 15, 2021
@pmatilai pmatilai deleted the pgpcrit-pr branch June 15, 2021 13:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
RFE
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@pmatilai