From e4b3ffbb034af234a782a1a764af73c4a6ce68f5 Mon Sep 17 00:00:00 2001
From: Panu Matilainen <pmatilai@redhat.com>
Date: Tue, 10 Sep 2024 10:32:38 +0300
Subject: [PATCH] Don't consider MD5 digest for package verification by default

MD5 is long long obsolete crypto-wise, and modern systems are
starting to have trouble verifying them due to crypto policies denying
the whole algorithm. Stop using the MD5 header+payload digest for
verification.

This renders all rpm v3 and v4 content built with older than rpm 4.14
unverifiable by digests only and thus uninstallable by default, so it's
a fairly drastic change, but since it's just a configuration default,
change, it's trivial to override locally for those who need it.
Also the older content can still be verified by changing verification
level to signature instead (assuming signatures use stronger crypto)

Tests updated to match the new expectations, and in some cases doubled
to test for both the old and new behavior. Couple of peculiarities too:
with the MD5 digest out of the way, the PAYLOADDIGESTALT thing can now
function as intended so the expectation on that test turns from fail
to success. A weirder case is that since this makes us ignore the MD5
digest entirely, we can merrily sign a package with malformed MD5 hash
if it's otherwise okay. Dealing with that is out of scope here, filed
as #3291.

Related: #1292
---
 macros.in                  |  2 +-
 tests/pinned/rpmsigdig.txt |  1 -
 tests/rpmdb.at             |  8 ++--
 tests/rpmsigdig.at         | 76 +++++++++++++++++++++-----------------
 4 files changed, 47 insertions(+), 40 deletions(-)

diff --git a/macros.in b/macros.in
index a177c182ef..65967dd54d 100644
--- a/macros.in
+++ b/macros.in
@@ -688,7 +688,7 @@ Supplements:   (%{name} = %{version}-%{release} and langpacks-%{1})\
 %_pkgverify_level digest
 
 # Disabler flags for package verification (similar to vsflags)
-%_pkgverify_flags 0x0
+%_pkgverify_flags 0x20000
 
 # Minimize writes during transactions (at the cost of more reads) to
 # conserve eg SSD disks (EXPERIMENTAL).
diff --git a/tests/pinned/rpmsigdig.txt b/tests/pinned/rpmsigdig.txt
index 37d263d777..e4196ed32c 100644
--- a/tests/pinned/rpmsigdig.txt
+++ b/tests/pinned/rpmsigdig.txt
@@ -10,4 +10,3 @@ PAYLOADSIZEALT: (none)
     Header SHA1 digest: OK
     Payload SHA256 ALT digest: OK
     Payload SHA256 digest: OK
-    MD5 digest: OK
diff --git a/tests/rpmdb.at b/tests/rpmdb.at
index 416f61086c..5f1d5b8575 100644
--- a/tests/rpmdb.at
+++ b/tests/rpmdb.at
@@ -315,14 +315,14 @@ RPMDB_INIT
 
 RPMTEST_CHECK([
 runroot rpm -i \
-  --noscripts --nodeps --ignorearch \
+  --noscripts --nodeps --ignorearch --noverify \
   /data/RPMS/hello-1.0-1.i386.rpm
 ],
 [0])
 
 RPMTEST_CHECK([
 runroot rpm -i \
-  --noscripts --nodeps --ignorearch \
+  --noscripts --nodeps --ignorearch --noverify \
   /data/RPMS/hello-1.0-1.ppc64.rpm
 ],
 [1],
@@ -332,7 +332,7 @@ runroot rpm -i \
 
 RPMTEST_CHECK([
 runroot rpm -i \
-  --noscripts --nodeps --ignorearch --relocate=/usr=/check \
+  --noscripts --nodeps --ignorearch --noverify --relocate=/usr=/check \
   /data/RPMS/hello-1.0-1.ppc64.rpm
 ],
 [0])
@@ -355,7 +355,7 @@ AT_KEYWORDS([rpmdb])
 RPMTEST_CHECK([
 RPMDB_INIT
 
-runroot rpm -U --noscripts --nodeps --ignorearch \
+runroot rpm -U --noscripts --nodeps --ignorearch --noverify \
   /data/RPMS/hello-1.0-1.i386.rpm
 runroot rpm -qa --qf "%{nevra} %{dbinstance}\n"
 runroot rpm -U --noscripts --nodeps --ignorearch \
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
index 5230391135..995fa0e0c4 100644
--- a/tests/rpmsigdig.at
+++ b/tests/rpmsigdig.at
@@ -19,17 +19,18 @@ runroot rpmkeys -Kv /data/RPMS/hello-2.0-1.x86_64.rpm
     Header SHA256 digest: OK
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
-    MD5 digest: OK
 ],
 [])
 
 RPMTEST_CHECK([
 runroot rpmkeys -Kv /data/RPMS/hello-1.0-1.i386.rpm
 ],
-[0],
+[1],
 [/data/RPMS/hello-1.0-1.i386.rpm:
     Header SHA1 digest: OK
-    MD5 digest: OK
+    Payload SHA256 digest: NOTFOUND
+    Payload SHA256 ALT digest: NOTFOUND
+    MD5 digest: NOTFOUND
 ],
 [])
 RPMTEST_CLEANUP
@@ -64,13 +65,23 @@ runroot rpmkeys -Kv /tmp/hello-c.rpm
     Header SHA256 digest: OK
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
-    MD5 digest: OK
 ],
 [])
 
 RPMTEST_CHECK([
 runroot rpmkeys -Kv /tmp/hello-uc.rpm
 ],
+[0],
+[/tmp/hello-uc.rpm:
+    Header SHA256 digest: OK
+    Header SHA1 digest: OK
+    Payload SHA256 ALT digest: OK
+],
+[])
+
+RPMTEST_CHECK([
+runroot rpmkeys --define "_pkgverify_flags 0" -Kv /tmp/hello-uc.rpm
+],
 [1],
 [/tmp/hello-uc.rpm:
     Header SHA256 digest: OK
@@ -82,10 +93,9 @@ runroot rpmkeys -Kv /tmp/hello-uc.rpm
 RPMTEST_CLEANUP
 
 # ------------------------------
-# Test corrupted package verification (corrupted signature)
+# Test corrupted package verification (corrupted md5 hash in signature)
 AT_SETUP([rpmkeys -Kv <corrupted unsigned> 1])
 AT_KEYWORDS([rpmkeys digest])
-RPMTEST_CHECK([
 RPMDB_INIT
 
 pkg="hello-2.0-1.x86_64.rpm"
@@ -93,8 +103,21 @@ cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
 # conv=notrunc bs=1 seek=261 count=6 2> /dev/null
 dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
    conv=notrunc bs=1 seek=333 count=4 2> /dev/null
+
+RPMTEST_CHECK([
 runroot rpmkeys -Kv /tmp/${pkg}
 ],
+[0],
+[/tmp/hello-2.0-1.x86_64.rpm:
+    Header SHA256 digest: OK
+    Header SHA1 digest: OK
+    Payload SHA256 digest: OK
+],
+[])
+
+RPMTEST_CHECK([
+runroot rpmkeys -Kv --define "_pkgverify_flags 0" /tmp/${pkg}
+],
 [1],
 [/tmp/hello-2.0-1.x86_64.rpm:
     Header SHA256 digest: OK
@@ -122,7 +145,7 @@ runroot rpmkeys -Kv /tmp/${pkg}
     Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82)
     Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
     Payload SHA256 digest: OK
-    MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e)
+    MD5 digest: NOTFOUND
 ],
 [])
 RPMTEST_CLEANUP
@@ -146,7 +169,7 @@ runroot rpmkeys -Kv /tmp/${pkg}
     Header SHA1 digest: OK
     Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
     Payload SHA256 ALT digest: NOTFOUND
-    MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38)
+    MD5 digest: NOTFOUND
 ],
 [])
 RPMTEST_CLEANUP
@@ -328,7 +351,6 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel
     Payload SHA256 digest: OK
     RSA signature: NOTFOUND
     DSA signature: NOTFOUND
-    MD5 digest: OK
 1
 Importing key:
 0
@@ -340,7 +362,6 @@ Checking package after importing key:
     Header SHA256 digest: OK
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
-    MD5 digest: OK
 0
 Checking package after importing key, no digest:
 /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
@@ -355,7 +376,6 @@ Checking package after importing key, no signature:
     Header SHA256 digest: OK
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
-    MD5 digest: OK
 0
 ]],
 [])
@@ -392,7 +412,6 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel
     Payload SHA256 digest: OK
     RSA signature: NOTFOUND
     DSA signature: NOTFOUND
-    MD5 digest: OK
 1
 Importing key:
 0
@@ -412,7 +431,6 @@ RPMOUTPUT_SEQUOIA([      because: Expired on 2022-04-12T00:00:15Z])dnl
     Payload SHA256 digest: OK
     RSA signature: NOTFOUND
     DSA signature: NOTFOUND
-    MD5 digest: OK
 1
 Checking package after importing key, no digest:
 /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
@@ -431,7 +449,6 @@ Checking package after importing key, no signature:
     Header SHA256 digest: OK
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
-    MD5 digest: OK
 0
 ],
 [])
@@ -468,7 +485,6 @@ runroot rpmkeys --define '_pkgverify_level all' -Kv --nosignature /data/RPMS/hel
     Payload SHA256 digest: OK
     RSA signature: NOTFOUND
     DSA signature: NOTFOUND
-    MD5 digest: OK
 1
 Importing key:
 0
@@ -486,7 +502,6 @@ RPMOUTPUT_SEQUOIA([  Key 1F71177215217EE0 is invalid: key is revoked])dnl
     Payload SHA256 digest: OK
     RSA signature: NOTFOUND
     DSA signature: NOTFOUND
-    MD5 digest: OK
 1
 Checking package after importing key, no digest:
 /data/RPMS/hello-2.0-1.x86_64-signed-with-subkey.rpm:
@@ -503,7 +518,6 @@ Checking package after importing key, no signature:
     Header SHA256 digest: OK
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
-    MD5 digest: OK
 0
 ],
 [])
@@ -679,7 +693,6 @@ runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
     V3 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
-    MD5 digest: OK
 1
 /data/RPMS/hello-2.0-1.x86_64-signed.rpm:
     Header V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
@@ -687,7 +700,6 @@ runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
     V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
-    MD5 digest: OK
 1
 0
 /data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm:
@@ -696,7 +708,6 @@ runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
     V3 RSA/SHA256 Signature, key ID 1964c5fc: OK
-    MD5 digest: OK
 0
 /data/RPMS/hello-2.0-1.x86_64-signed.rpm:
     Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
@@ -704,7 +715,6 @@ runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
     V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
-    MD5 digest: OK
 0
 /data/RPMS/hello-2.0-1.x86_64-v3-signed.rpm:
     Header V3 RSA/SHA256 Signature, key ID 1964c5fc: OK
@@ -718,13 +728,11 @@ runroot rpmkeys -Kv --nosignature /data/RPMS/hello-2.0-1.x86_64-signed.rpm; echo
     Header SHA256 digest: OK
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
-    MD5 digest: OK
 0
 /data/RPMS/hello-2.0-1.x86_64-signed.rpm:
     Header SHA256 digest: OK
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
-    MD5 digest: OK
 0
 ],
 [])
@@ -758,7 +766,6 @@ RPMOUTPUT_SEQUOIA([      because: Malformed MPI: leading bit is not set: expecte
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
     V4 RSA/SHA256 Signature, key ID 1964c5fc: NOKEY
-    MD5 digest: OK
 /tmp/hello-2.0-1.x86_64-signed.rpm:
 RPMOUTPUT_LEGACY([    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Signature without creation time)])dnl
 RPMOUTPUT_SEQUOIA([    Header RSA signature: BAD (package tag 268: invalid OpenPGP signature: Parsing an OpenPGP packet:])dnl
@@ -769,7 +776,6 @@ RPMOUTPUT_SEQUOIA([      because: Malformed MPI: leading bit is not set: expecte
     Header SHA1 digest: OK
     Payload SHA256 digest: OK
     V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
-    MD5 digest: OK
 ],
 [])
 RPMTEST_CLEANUP
@@ -798,14 +804,14 @@ runroot rpmkeys -Kv /tmp/${pkg}
     Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != fe227d93273221c252c6bb45e67a8489fcb48f88)
     Payload SHA256 digest: OK
     V3 RSA/SHA256 Signature, key ID 1964c5fc: BAD
-    MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != b2981e215576c2142676d9b1e0902075)
+    MD5 digest: NOTFOUND
 /tmp/hello-2.0-1.x86_64-v3-signed.rpm:
     Header V3 RSA/SHA256 Signature, key ID 1964c5fc: BAD
     Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 63a0502eb7f5eaa07d43fe8fa805665b86e58d53db38ccf625bbbf01e3cd67ab)
     Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != fe227d93273221c252c6bb45e67a8489fcb48f88)
     Payload SHA256 digest: OK
     V3 RSA/SHA256 Signature, key ID 1964c5fc: BAD
-    MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != b2981e215576c2142676d9b1e0902075)
+    MD5 digest: NOTFOUND
 ],
 [])
 RPMTEST_CLEANUP
@@ -833,14 +839,14 @@ runroot rpmkeys -Kv /tmp/${pkg}
     Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
     Payload SHA256 digest: OK
     V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
-    MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e)
+    MD5 digest: NOTFOUND
 /tmp/hello-2.0-1.x86_64-signed.rpm:
     Header V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
     Header SHA256 digest: BAD (Expected ef920781af3bf072ae9888eec3de1c589143101dff9cc0b561468d395fb766d9 != 29fdfe92782fb0470a9a164a6c94af87d3b138c63b39d4c30e0223ca1202ba82)
     Header SHA1 digest: BAD (Expected 5cd9874c510b67b44483f9e382a1649ef7743bac != 4261b2c1eb861a4152c2239bce20bfbcaa8971ba)
     Payload SHA256 digest: OK
     V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
-    MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != de65519eeb4ab52eb076ec054d42e34e)
+    MD5 digest: NOTFOUND
 ],
 [])
 RPMTEST_CLEANUP
@@ -870,7 +876,7 @@ runroot rpmkeys -Kv /tmp/${pkg}
     Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
     Payload SHA256 ALT digest: NOTFOUND
     V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
-    MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38)
+    MD5 digest: NOTFOUND
 /tmp/hello-2.0-1.x86_64-signed.rpm:
     Header V4 RSA/SHA256 Signature, key ID 1964c5fc: OK
     Header SHA256 digest: OK
@@ -879,7 +885,7 @@ runroot rpmkeys -Kv /tmp/${pkg}
     Payload SHA256 ALT digest: NOTFOUND
     V4 RSA/SHA256 Signature, key ID 1964c5fc: BAD
     DSA signature: NOTFOUND
-    MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38)
+    MD5 digest: NOTFOUND
 ],
 [])
 RPMTEST_CLEANUP
@@ -1038,6 +1044,8 @@ run rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "${RPMTEST}"/tmp/he
 [])
 
 # rpmsign --addsign corrupted md5 hash
+# This is behaves counter-intuitively / is buggy if md5 verification is
+# disabled, see https://github.com/rpm-software-management/rpm/issues/3291
 RPMTEST_CHECK([
 RPMDB_INIT
 
@@ -1045,7 +1053,7 @@ pkg="hello-2.0-1.x86_64.rpm"
 cp "${RPMTEST}"/data/RPMS/${pkg} "${RPMTEST}"/tmp/${pkg}
 dd if=/dev/zero of="${RPMTEST}"/tmp/${pkg} \
    conv=notrunc bs=1 seek=333 count=4 2> /dev/null
-runroot rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "/tmp/${pkg}"
+runroot rpmsign --define "_pkgverify_flags 0" --key-id 1964C5FC --digest-algo sha256 --addsign "/tmp/${pkg}"
 ],
 [1],
 [/tmp/hello-2.0-1.x86_64.rpm:
@@ -1054,7 +1062,7 @@ runroot rpmsign --key-id 1964C5FC --digest-algo sha256 --addsign "/tmp/${pkg}"
 ])
 
 RPMTEST_CHECK([
-runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm
+runroot rpmkeys -Kv --define "_pkgverify_flags 0" /tmp/hello-2.0-1.x86_64.rpm
 ],
 [1],
 [/tmp/hello-2.0-1.x86_64.rpm:
@@ -1090,7 +1098,7 @@ runroot rpmkeys -Kv /tmp/hello-2.0-1.x86_64.rpm
     Header SHA1 digest: OK
     Payload SHA256 digest: BAD (Expected 84a7338287bf19715c4eed0243f5cdb447eeb0ade37b2af718d4060aefca2f7c != bea903609dceac36e1f26a983c493c98064d320fdfeb423034ed63d649b2c8dc)
     Payload SHA256 ALT digest: NOTFOUND
-    MD5 digest: BAD (Expected 137ca1d8b35cca02a1854ba301c5432e != d662cd0d81601a7107312684ad1ddf38)
+    MD5 digest: NOTFOUND
 ],
 [])
 gpgconf --kill gpg-agent