Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-144414

Return NotTrusted also for missing keys not-allowed by crypto-policy

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • rhel-10.2
    • rhel-10.1
    • rust-rpm-sequoia
    • None
    • rust-rpm-sequoia-1.10.1.1-1.el10
    • No
    • Important
    • rhel-security-crypto-spades
    • 26
    • 0
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Hide

      Suppose a rpm package contains multiple two signatures S1 and S2.

      AC1) If both S1 and S2 are valid and signature algorithms are known and allowed, signature verification passes.

      AC2) If S1 is valid and signature algorithm is known and allowed but S2 signature algorithm is uknown or not allowed, signature verification passes.

      AC3) If S2 is valid and signature algorithm is known and allowed but S1 signature algorithm is uknown or not allowed, signature verification passes.

      AC4) If S1 is not valid but signature algorithm is known and allowed and S2 signature algorithm is uknown or not allowed, signature verification fails.

      AC5) If S2 is not valid but signature algorithm is known and allowed and S1 signature algorithm is uknown or not allowed, signature verification fails.

      AC6) If both S1 and S2 signature algorithms are unknown uknown or not allowed, signature verification fails.

      Show
      Suppose a rpm package contains multiple two signatures S1 and S2. AC1) If both S1 and S2 are valid and signature algorithms are known and allowed, signature verification passes. AC2) If S1 is valid and signature algorithm is known and allowed but S2 signature algorithm is uknown or not allowed, signature verification passes. AC3) If S2 is valid and signature algorithm is known and allowed but S1 signature algorithm is uknown or not allowed, signature verification passes. AC4) If S1 is not valid but signature algorithm is known and allowed and S2 signature algorithm is uknown or not allowed, signature verification fails. AC5) If S2 is not valid but signature algorithm is known and allowed and S1 signature algorithm is uknown or not allowed, signature verification fails. AC6) If both S1 and S2 signature algorithms are unknown uknown or not allowed, signature verification fails.
    • Pass
    • Enabled
    • Automated
    • Bug Fix
    • Hide
      Cause: Signatures with unknown or disabled algorithms reported error to rpm when the key is not imported.
      Consequence: RPM was failing to validate signatures on RPM packages with some failed signatures.
      Fix: When we encounter unknown algorithm we do not have a key for, we report that the signature is not trusted.
      Result: The crypto policies can be used to disable one of the algorithms we use for signing RPMs.
      Show
      Cause: Signatures with unknown or disabled algorithms reported error to rpm when the key is not imported. Consequence: RPM was failing to validate signatures on RPM packages with some failed signatures. Fix: When we encounter unknown algorithm we do not have a key for, we report that the signature is not trusted. Result: The crypto policies can be used to disable one of the algorithms we use for signing RPMs.
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      This is a spin-off from RHEL-112394, which identified some changes that need to happen in rpm-sequoia side.

      Changes are implemented in the following PR:

      https://github.com/rpm-software-management/rpm-sequoia/pull/105

              jjelen@redhat.com Jakub Jelen
              jjelen@redhat.com Jakub Jelen
              Jakub Jelen Jakub Jelen
              Ondrej Moris Ondrej Moris
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated: