On 10/28/21 18:17, Justus Winter wrote:
Panu Matilainen <pmati...@redhat.com> writes:
https://tests.sequoia-pgp.org/rpmsop.html#Detached_Sign-Verify_roundtrip_with_key__Bob___MD5
- accepts MD5 signatures !!!
https://tests.sequoia-pgp.org/rpmsop.html#Signature_over_the_shattered_collision
- accepts SHA1 signatures !!!
Rpm needs to be able to work with content from the nineties, when MD5
was still the hottest thing around, ditto with SHA1.
Contemporary versions of RPM need to work with content from the
nineties? I find that hard to believe.
We still support rpm V3 format... not to mention all the content from
the beginning of the millenium. Some 3rd party packages are incredibly
long lived.
At least openssl backend supports FIPS mode, which is where these get
rejected as expected nowadays.
FIPS mode as in /proc/sys/crypto/fips_enabled? Or is there another
mechanism for openssl or RPM? What about the security of systems that
are not in FIPS mode?
At least openssl has a way to enable it via it's API, but there's no way
to enable it via rpm. From the accepted algorithms POV, FIPS is just one
crypto policy, distros/users are free to set them up as they see fit.
In my opinion, these signatures should be rejected by RPM. If working
with nineties material is really a thing, the user should explicitly
opt-into these unsafe algorithms.
These kind of policies are not rpm's business.
- Panu -
Justus
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
