Re: [Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)

2021-10-27 Thread Justus Winter 
@teythoon commented on this pull request.



> @@ -503,6 +500,9 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, 
> pgpSigType sigtype,
case PGPSUBTYPE_REVOKE_REASON:
case PGPSUBTYPE_FEATURES:
case PGPSUBTYPE_EMBEDDED_SIG:
+   pgpPrtHex("", p+1, plen-1);
+   break;
+   case PGPSUBTYPE_NOTATION:

The difference is that you made an conscious decision to ignore a subpacket 
like the features subpacket, whereas you did not make a conscious decision to 
ignore the notation with the name "something-import...@example.org".

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1813#discussion_r737562867___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)

2021-10-27 Thread Demi Marie Obenour 
@DemiMarie commented on this pull request.



> @@ -503,6 +500,9 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, 
> pgpSigType sigtype,
case PGPSUBTYPE_REVOKE_REASON:
case PGPSUBTYPE_FEATURES:
case PGPSUBTYPE_EMBEDDED_SIG:
+   pgpPrtHex("", p+1, plen-1);
+   break;
+   case PGPSUBTYPE_NOTATION:

PGPSUBTYPE_NOTATION is definitely not recognized unless the notation name is 
recognized.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1813#discussion_r737527899___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)

2021-10-27 Thread Panu Matilainen 
@pmatilai commented on this pull request.



> @@ -503,6 +500,9 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, 
> pgpSigType sigtype,
case PGPSUBTYPE_REVOKE_REASON:
case PGPSUBTYPE_FEATURES:
case PGPSUBTYPE_EMBEDDED_SIG:
+   pgpPrtHex("", p+1, plen-1);
+   break;
+   case PGPSUBTYPE_NOTATION:

I fail to see how notations are any different from all the other stuff in the 
above that we don't handle. I mean, if "recognizing" is a matter of being in a 
switch-case then PGPSUBTYPE_NOTATION is just as "recognized" as, say, 
PGPSUBTYPE_REVOKE_KEY. And if not, then most of these should be in the "not 
recognized" category, which is basically what my "implemented" flag did.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1813#pullrequestreview-790700598___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)

2021-10-27 Thread Justus Winter 
@teythoon pushed 1 commit.

1780fbe2286b309f8bdc24728731f2e28603  Fix handling of signature notations


-- 
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1813/files/d70ee8e68871281664d8b0edfbdc511ad6947fcf..1780fbe2286b309f8bdc24728731f2e28603
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)

2021-10-27 Thread Michael Schroeder 
@mlschroe commented on this pull request.



> @@ -422,8 +422,6 @@ static int pgpVerifySigEDDSA(pgpDigAlg pgpkey, pgpDigAlg 
> pgpsig, uint8_t *hash,
return rc;
 if (pgpkey->curve != PGPCURVE_ED25519)
return rc;
-if (hash_algo != PGPHASHALGO_SHA256)
-   return rc;

I think the check was from a time where we used a different way to set up the 
sexp, and we just forgot to remove it. Thanks for spotting this.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1813#pullrequestreview-790417240___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

[Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)

2021-10-27 Thread Justus Winter 

You can view, comment on, or merge this pull request online at:

  https://github.com/rpm-software-management/rpm/pull/1813

-- Commit Summary --

  * https://github.com/rpm-software-management/rpm/pull/1813/commits/5d7965a23779321ba2e8820e1859507f03e0e152;>Fix
 signature subpacket type handling
  * https://github.com/rpm-software-management/rpm/pull/1813/commits/7c261daabb14299c53e5f6ad966ece6d9e398f4a;>Fix
 handling of critical signature subpackets
  * https://github.com/rpm-software-management/rpm/pull/1813/commits/0d83d29ba824e4f2d8ef7f3073327d5f2253f7c0;>Fix
 hashlen overflow
  * https://github.com/rpm-software-management/rpm/pull/1813/commits/73a3eddbb22f559f6e1ecd85331b6f28e9045ef2;>Fix
 typo
  * https://github.com/rpm-software-management/rpm/pull/1813/commits/d70ee8e68871281664d8b0edfbdc511ad6947fcf;>Fix
 Ed25519 signature verification using libgcrypt

-- File Changes --

M rpmio/digest.h (2)
M rpmio/digest_libgcrypt.c (2)
M rpmio/rpmkeyring.h (2)
M rpmio/rpmpgp.c (11)

-- Patch Links --

https://github.com/rpm-software-management/rpm/pull/1813.patch
https://github.com/rpm-software-management/rpm/pull/1813.diff

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1813
___
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint