Ignore revoked subkeys

RPM could not handle revoked subkeys: old versions accepted signatures made by them, while more recent versions will usually fail to import the signature. This ignores such subkeys. Additionally, require all signatures following a subkey to be subkey binding or revocation signatures issued by the main key. Anything else is most likely an alternate method of revocation that RPM doesn’t implement, and so importing such a key would be unsafe.
rpm-software-management · Apr 12, 2022 · 126d896 · 126d896
1 parent ae35666
commit 126d896
Show file tree

Hide file tree

Showing 6 changed files with 354 additions and 15 deletions.
diff --git a/rpmio/rpmpgp_internal.c b/rpmio/rpmpgp_internal.c
@@ -1090,29 +1090,39 @@ int pgpPrtParamsSubkeys(const uint8_t *pkts, size_t pktlen,
 		continue;
 	    }
 
-	    pgpDigParams subkey_sig = NULL;
-	    if (decodePkt(p, pend - p, &pkt) ||
-	        parseSubkeySig(&pkt, 0, &subkey_sig))
-	    {
-		pgpDigParamsFree(digps[count]);
-		break;
-	    }
+	    int ignore = 0;
+	    do {
+		pgpDigParams subkey_sig = NULL;
+		if (decodePkt(p, pend - p, &pkt) ||
+		    parseSubkeySig(&pkt, 0, &subkey_sig))
+		{
+		    pgpDigParamsFree(digps[count]);
+		    goto end;
+		}
+
+		/* if this is wrong this will be freed anyway */
+		digps[count]->saved |= PGPDIG_SIG_HAS_KEY_FLAGS;
+		digps[count]->key_flags = subkey_sig->key_flags;
 
-	    /* Is the subkey revoked or incapable of signing? */
-	    int ignore = subkey_sig->sigtype != PGPSIGTYPE_SUBKEY_BINDING ||
-			 !((subkey_sig->saved & PGPDIG_SIG_HAS_KEY_FLAGS) &&
-			   (subkey_sig->key_flags & 0x02));
+		/* Is the subkey revoked or incapable of signing? */
+		if (subkey_sig->sigtype != PGPSIGTYPE_SUBKEY_BINDING ||
+		    !((subkey_sig->saved & PGPDIG_SIG_HAS_KEY_FLAGS) &&
+		      (subkey_sig->key_flags & 0x02))) {
+		    ignore = 1;
+		}
+		p += (pkt.body - pkt.head) + pkt.blen;
+		pgpDigParamsFree(subkey_sig);
+		if (p >= pend || decodePkt(p, pend - p, &pkt))
+		    break; /* next iteration will catch any error */
+	    } while (pkt.tag != PGPTAG_PUBLIC_SUBKEY);
 	    if (ignore) {
 		pgpDigParamsFree(digps[count]);
 	    } else {
-		digps[count]->key_flags = subkey_sig->key_flags;
-		digps[count]->saved |= PGPDIG_SIG_HAS_KEY_FLAGS;
 		count++;
 	    }
-	    p += (pkt.body - pkt.head) + pkt.blen;
-	    pgpDigParamsFree(subkey_sig);
 	}
     }
+end:
     rc = (p == pend) ? 0 : -1;
 
     if (rc == 0) {

diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -118,6 +118,9 @@ EXTRA_DIST += data/SOURCES/hello.c
 EXTRA_DIST += data/SPECS/hello-attr-buildid.spec
 EXTRA_DIST += data/SPECS/hello-config-buildid.spec
 EXTRA_DIST += data/SPECS/hello-cd.spec
+EXTRA_DIST += data/keys/rpm.org-ed25519-subkey-test.pub
+EXTRA_DIST += data/keys/rpm.org-ed25519-subkey-2-test.pub
+EXTRA_DIST += data/keys/first-signing-key-revoked.asc
 EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.pub
 EXTRA_DIST += data/keys/rpm.org-rsa-2048-test.secret
 EXTRA_DIST += data/keys/CVE-2021-3521-badbind.asc

diff --git a/tests/data/keys/first-signing-key-revoked.asc b/tests/data/keys/first-signing-key-revoked.asc
@@ -0,0 +1,26 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYj+PQhYJKwYBBAHaRw8BAQdAP4QSxJCz09EVaKH6BUHYfWrZNlworVRa0W8H
+UQsp2AG0J0Fub3RoZXIgY29tcGxleCB0ZXN0IGtleSA8dGVzdEBycG0ub3JnPoia
+BBMWCgBCFiEEyeRYWl0CAamgd85g0RW+m+vd0mQFAmI/j0ICGwMFCQPCZwAFCwkI
+BwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJENEVvpvr3dJkjjEBAMhVviHU9uTY
+6Qzk4MDNCk0Okz96j+tFHd9R/dCJu6jRAP4s3WRnv3QtRqfZNZY6UsAp/n+Fv8MP
+8fdQfN6la/V6CrgzBGI/j1sWCSsGAQQB2kcPAQEHQHv8VulNMB1K5gkm4lX1g5EA
+6ikbpqrne6lZ9RWlcTxjiKsEKBYKAFMWIQTJ5FhaXQIBqaB3zmDRFb6b693SZAUC
+Yj+PqDUdAVRlc3RpbmcgYSBjb3JuZXIgY2FzZSBpbiBSUE3igJlzIE9wZW5QR1Ag
+cHJvY2Vzc2luZwAKCRDRFb6b693SZDcaAP9ObjfoUbWoAZCk5YHDRJM46iIm3Rso
+7PM6YiQyZj+IsAD/Vy+GyFI6HSjseRRyv5CRYAFGrooE8zZiEKKYy36mpAWI7wQY
+FgoAIBYhBMnkWFpdAgGpoHfOYNEVvpvr3dJkBQJiP49bAhsCAIEJENEVvpvr3dJk
+diAEGRYKAB0WIQTOb01Xo6PinL6M2XkCZ0a0bI6plQUCYj+PWwAKCRACZ0a0bI6p
+lb06AQC9L1W6jk5afsbeqsVnmUeqFZOPoIXpRv4I4Weeset2RQEA65JuqlX2Rwnx
+O+Ks6i6ProtEJc9PJfurmqTkw9Husw3QmAEAy9wakg7Q/SCKaGCOEM/hk4dbvlWr
+dRKzP4R71bNh5mYBAOjg0WqQhhZpe2ocrT5Q0UnGFykd4W3Uw6vYuWRSbRgAuDME
+Yj+PqxYJKwYBBAHaRw8BAQdAiarMGXScnHY1b3kTHmKFEN8zZi/lCpp5rgFyYbCe
+sCeI7wQYFgoAIBYhBMnkWFpdAgGpoHfOYNEVvpvr3dJkBQJiP4+rAhsCAIEJENEV
+vpvr3dJkdiAEGRYKAB0WIQRXTUwdJeAh19V7FuDLLiTHrB+/PQUCYj+PqwAKCRDL
+LiTHrB+/PemvAQD98K824iCRReNI9fa6tKoJIOT++2ju/LaS6Ux4NiuQ6AEAsTZW
+Fz+SBgUEYUo/IG3DfYdE12QG8mosjwlSn++2iQGZCwEA75OsfeW4x8ltyduRAj5h
+5nFoswUnFC2C9SpJeiZDLSgBAO5h6mRI9iafOref8xhCf6qAtnXD3J195VMX1zCU
+chEM
+=MpKy
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/data/keys/rpm.org-ed25519-subkey-2-test.pub b/tests/data/keys/rpm.org-ed25519-subkey-2-test.pub
@@ -0,0 +1,45 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYj9egBYJKwYBBAHaRw8BAQdAqeaD3Smr6MJd1fzczVHdNcVnpGNO6fXPQ1W3
+Bir40C60eXRlc3QgcnBtLm9yZyBlZDI1NTE5IGtleSB3aXRoIHZhbGlkIHNpZ25p
+bmcgYW5kIGVuY3J5cHRpb24gc3Via2V5cyBhbmQgYSByZXZva2VkIHNpZ25pbmcg
+c3Via2V5IDxjb21wbGV4LWVkMjU1MTlAcnBtLm9yZz6ImgQTFgoAQhYhBHsyy8MN
+NCMWJzLdhZ3W8Dmg4MHHBQJiP2F3AhsDBQkDwmcABQsJCAcCAyICAQYVCgkICwIE
+FgIDAQIeBwIXgAAKCRCd1vA5oODBx1y0AQCC14V8ULAoBdQsoanET2beUJgkIdT6
+LBdncZx8loRLiAD+LEWLpAGBMEq+iblPTAHjApsik02eDawLdl66Yi69Xgi4OARi
+P16AEgorBgEEAZdVAQUBAQdAeHhEFfY5qU6cpSMQ/LgzayG+8Q/VBbO5X8B3R433
+zi4DAQgHiLYEKBYKAF4WIQR7MsvDDTQjFicy3YWd1vA5oODBxwUCYj+JTUAdAVJl
+dm9rZWQgdG8gdGVzdCBob3cgUlBNIGhhbmRsZXMgdGhlIGZpcnN0IHN1YmtleSBi
+ZWluZyByZXZva2VkAAoJEJ3W8Dmg4MHHL78A/2LHlQiy8DUaH0J9XobkuEGNQYfE
+e23oEZ388bqKsKDGAQDA7M0RyiM+7PskRSYTKEU36o4wqh0ePJkdcW6KQDhGBYh4
+BBgWCgAgAhsMFiEEezLLww00IxYnMt2FndbwOaDgwccFAmI/iMUACgkQndbwOaDg
+wcd/RwD9HAZ8Jsvwthz+f10SsZAuNSP7x89VLO7mNVu1IF96VxQBAJodLZqehAsa
+HDw71wkAdLgnpPTpdQLf5MfjwKgPxC0NuDMEYj9enhYJKwYBBAHaRw8BAQdAioo3
+y5vRSJzPkTtTKiex1agJT0ETOzCPTUY9BLdd+XmI7wQYFgoAIBYhBHsyy8MNNCMW
+JzLdhZ3W8Dmg4MHHBQJiP16eAhsCAIEJEJ3W8Dmg4MHHdiAEGRYKAB0WIQQBtk+j
+jLwMTnHv1J6p7PJc9XVyRwUCYj9engAKCRCp7PJc9XVyR3KAAQC/vEsyeWSH7Vsn
+ljWv/a+nT3syIk+tpHuHFLP58yUVMwEA6HatEqVno0huk4BAZUei3EHfindIs0U7
+XG9N0Mi0PguqQwD/WcaD6pZ8nvw2NzoTXdVMauSW8itL3tecYtyGZUmJfBUBAJiX
+VbDIeV35E8OPf+Y5FwHWtdn2yj4G4M9BhfFOadkPuDMEYj9ethYJKwYBBAHaRw8B
+AQdAw3cfxFTkAo81xCnJU0DYTLudtw7ddNBmlgqa+OW3QjmIlAQoFgoAPBYhBHsy
+y8MNNCMWJzLdhZ3W8Dmg4MHHBQJiP17tHh0DVGVzdCBSUE0gcmV2b2NhdGlvbiBo
+YW5kbGluZwAKCRCd1vA5oODBxxDOAQCl+gCOa4oSQKOM7VL+yoYIg/y+pf33eRH5
+xB/hXfYaXQEAjLmobeeKtPZBcUMNkudpgOw/Smu37hMcqd6QMh8mqQ+I7wQYFgoA
+IBYhBHsyy8MNNCMWJzLdhZ3W8Dmg4MHHBQJiP162AhsCAIEJEJ3W8Dmg4MHHdiAE
+GRYKAB0WIQRO2qNgIg7sWTkLvjbb+ICPe6sQegUCYj9etgAKCRDb+ICPe6sQei5t
+AP4pRYKmQvLNW9C7MUTq4Ta/2U0Ty+blDx8T3tZui5KW8wEAlgNsHN2AusrIqV1B
++2MpHhz0GuwjE/g+G5csEBaiEwYynAD/fV6NHcdOj60+LHDlOFtRhNju1QhKA6ti
+uDNgH2SY8ekBAJep9gWDfWfWQDkMaJJFYU04LnSCoFdEaPgnWO2AfkQCuQGNBGI/
+X2kBDACvy8pGSoYzAbVVkLq94YvvhSg28LYSg40G/SrCNBkym6QKMyOBum9tXQYk
+dDArgzzUvR8G/pOZXm+Nw0pZ2IA4M61jSuoZHDXsI3P7umvq4znkCl6rp/d4XlnT
+MbnC4Y9EifHzsD9DxKYnJnhvn7LnrfKnbs0bxb+0eWKhxSXeRwDFg4Hw4pQND7oc
+p21jVGlFRFmGl9RdRe/GEOZSD64CrCafkaMtnUWrVHF3IM2r1Jtpr9GKULJiwTJB
+ZbMIMcTuMLHzz9zDOV4zbizLT8zPAvVVPamK/RA22Y0eiSVsRffU4j3ljr0vuEeg
+oBWc4aAKZByzdCHuvYzfqQru46W53xM2fTvEJxmS446S21R+n1xWZLXLLDiDF/CV
+qNPP6dUgK/RV38xtYnN5e16btMAmILmQSZcQSkJPZL4Fp59L7XHnbF4XpMMLQhst
+sHZ3ZUVB4r6PEqLnld+oteNjQBUmIKZ+uzafpfN9RFQDoJLuStdf4yS3fOzqNxte
+zvrH1w0AEQEAAYh4BBgWCgAgFiEEezLLww00IxYnMt2FndbwOaDgwccFAmI/X2kC
+GwwACgkQndbwOaDgwcex0AD+K1FEH6u0I9zfDGQ/KxydAYWzaSLDS4Mb5bp/0lbo
+2iEBAM0cwefyPleuBRb1WbOIhWCW78KVxqYmbOml8UQWjhcP
+=GmPE
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/data/keys/rpm.org-ed25519-subkey-test.pub b/tests/data/keys/rpm.org-ed25519-subkey-test.pub
@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEYj9egBYJKwYBBAHaRw8BAQdAqeaD3Smr6MJd1fzczVHdNcVnpGNO6fXPQ1W3
+Bir40C60eXRlc3QgcnBtLm9yZyBlZDI1NTE5IGtleSB3aXRoIHZhbGlkIHNpZ25p
+bmcgYW5kIGVuY3J5cHRpb24gc3Via2V5cyBhbmQgYSByZXZva2VkIHNpZ25pbmcg
+c3Via2V5IDxjb21wbGV4LWVkMjU1MTlAcnBtLm9yZz6ImgQTFgoAQhYhBHsyy8MN
+NCMWJzLdhZ3W8Dmg4MHHBQJiP2F3AhsDBQkDwmcABQsJCAcCAyICAQYVCgkICwIE
+FgIDAQIeBwIXgAAKCRCd1vA5oODBx1y0AQCC14V8ULAoBdQsoanET2beUJgkIdT6
+LBdncZx8loRLiAD+LEWLpAGBMEq+iblPTAHjApsik02eDawLdl66Yi69Xgi4OARi
+P16AEgorBgEEAZdVAQUBAQdAeHhEFfY5qU6cpSMQ/LgzayG+8Q/VBbO5X8B3R433
+zi4DAQgHiHgEGBYKACAWIQR7MsvDDTQjFicy3YWd1vA5oODBxwUCYj9egAIbDAAK
+CRCd1vA5oODBx6lSAP9l0egUO0D64YP3PtIdVL7UFVjwwvWUFrqj/xHwtDNPDQD/
+SHbV968XVh/qsvcijlmzkh+cKZHZU7yq+bQwADL/LAa4MwRiP16eFgkrBgEEAdpH
+DwEBB0CKijfLm9FInM+RO1MqJ7HVqAlPQRM7MI9NRj0Et135eYjvBBgWCgAgFiEE
+ezLLww00IxYnMt2FndbwOaDgwccFAmI/Xp4CGwIAgQkQndbwOaDgwcd2IAQZFgoA
+HRYhBAG2T6OMvAxOce/Unqns8lz1dXJHBQJiP16eAAoJEKns8lz1dXJHcoABAL+8
+SzJ5ZIftWyeWNa/9r6dPezIiT62ke4cUs/nzJRUzAQDodq0SpWejSG6TgEBlR6Lc
+Qd+Kd0izRTtcb03QyLQ+C6pDAP9ZxoPqlnye/DY3OhNd1Uxq5JbyK0ve15xi3IZl
+SYl8FQEAmJdVsMh5XfkTw49/5jkXAda12fbKPgbgz0GF8U5p2Q+4MwRiP162Fgkr
+BgEEAdpHDwEBB0DDdx/EVOQCjzXEKclTQNhMu523Dt100GaWCpr45bdCOYiUBCgW
+CgA8FiEEezLLww00IxYnMt2FndbwOaDgwccFAmI/Xu0eHQNUZXN0IFJQTSByZXZv
+Y2F0aW9uIGhhbmRsaW5nAAoJEJ3W8Dmg4MHHEM4BAKX6AI5rihJAo4ztUv7KhgiD
+/L6l/fd5EfnEH+Fd9hpdAQCMuaht54q09kFxQw2S52mA7D9Ka7fuExyp3pAyHyap
+D4jvBBgWCgAgFiEEezLLww00IxYnMt2FndbwOaDgwccFAmI/XrYCGwIAgQkQndbw
+OaDgwcd2IAQZFgoAHRYhBE7ao2AiDuxZOQu+Ntv4gI97qxB6BQJiP162AAoJENv4
+gI97qxB6Lm0A/ilFgqZC8s1b0LsxROrhNr/ZTRPL5uUPHxPe1m6LkpbzAQCWA2wc
+3YC6ysipXUH7YykeHPQa7CMT+D4blywQFqITBjKcAP99Xo0dx06PrT4scOU4W1GE
+2O7VCEoDq2K4M2AfZJjx6QEAl6n2BYN9Z9ZAOQxokkVhTTgudIKgV0Ro+CdY7YB+
+RAK5AY0EYj9faQEMAK/LykZKhjMBtVWQur3hi++FKDbwthKDjQb9KsI0GTKbpAoz
+I4G6b21dBiR0MCuDPNS9Hwb+k5leb43DSlnYgDgzrWNK6hkcNewjc/u6a+rjOeQK
+Xqun93heWdMxucLhj0SJ8fOwP0PEpicmeG+fsuet8qduzRvFv7R5YqHFJd5HAMWD
+gfDilA0PuhynbWNUaUVEWYaX1F1F78YQ5lIPrgKsJp+Roy2dRatUcXcgzavUm2mv
+0YpQsmLBMkFlswgxxO4wsfPP3MM5XjNuLMtPzM8C9VU9qYr9EDbZjR6JJWxF99Ti
+PeWOvS+4R6CgFZzhoApkHLN0Ie69jN+pCu7jpbnfEzZ9O8QnGZLjjpLbVH6fXFZk
+tcssOIMX8JWo08/p1SAr9FXfzG1ic3l7Xpu0wCYguZBJlxBKQk9kvgWnn0vtceds
+XhekwwtCGy2wdndlRUHivo8SoueV36i142NAFSYgpn67Np+l831EVAOgku5K11/j
+JLd87Oo3G17O+sfXDQARAQABiHgEGBYKACAWIQR7MsvDDTQjFicy3YWd1vA5oODB
+xwUCYj9faQIbDAAKCRCd1vA5oODBx7HQAP4rUUQfq7Qj3N8MZD8rHJ0BhbNpIsNL
+gxvlun/SVujaIQEAzRzB5/I+V64FFvVZs4iFYJbvwpXGpiZs6aXxRBaOFw8=
+=rm2D
+-----END PGP PUBLIC KEY BLOCK-----