Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not allow 64 bit ciphers for encryption without explicit option. #2266

Merged
merged 5 commits into from
Nov 28, 2024
Merged

Do not allow 64 bit ciphers for encryption without explicit option. #2266

merged 5 commits into from
Nov 28, 2024

Conversation

desvxx
Copy link
Contributor

@desvxx desvxx commented Aug 29, 2024

fixes #1598

@desvxx desvxx requested a review from ni4 August 29, 2024 19:51
@codecov Codecov
Copy link

codecov bot commented Aug 29, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 93.15068% with 5 lines in your changes missing coverage. Please review.

Project coverage is 84.81%. Comparing base (24895aa) to head (3867501).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
src/lib/rnp.cpp 92.30% 2 Missing ⚠️
src/rnp/fficli.cpp 92.30% 2 Missing ⚠️
src/rnp/rnpcfg.cpp 80.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2266      +/-   ##
==========================================
+ Coverage   84.80%   84.81%   +0.01%     
==========================================
  Files         116      116              
  Lines       23280    23346      +66     
==========================================
+ Hits        19743    19802      +59     
- Misses       3537     3544       +7

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@desvxx desvxx force-pushed the desvxx-1598-prohibit-old-64bit-ciphers branch from 32242b1 to 8eaebd4 Compare September 7, 2024 14:00
@desvxx desvxx changed the title [WIP]Do not allow 64 bit ciphers for encryption without explicit option. Do not allow 64 bit ciphers for encryption without explicit option. Sep 16, 2024
@desvxx desvxx force-pushed the desvxx-1598-prohibit-old-64bit-ciphers branch 3 times, most recently from b469fa4 to 4c9fee3 Compare September 17, 2024 19:31
@ni4
Copy link
Contributor

ni4 commented Sep 18, 2024

@desvxx linter failed.

@desvxx desvxx force-pushed the desvxx-1598-prohibit-old-64bit-ciphers branch 7 times, most recently from 480d3d7 to 135db4a Compare September 29, 2024 23:17
@desvxx desvxx force-pushed the desvxx-1598-prohibit-old-64bit-ciphers branch from 135db4a to 0c01729 Compare October 13, 2024 19:57
@desvxx desvxx force-pushed the desvxx-1598-prohibit-old-64bit-ciphers branch from 0c01729 to 68f103b Compare November 19, 2024 23:49
desvxx
desvxx commented Nov 24, 2024
View reviewed changes
src/lib/sec_profile.cpp Outdated
@@ -196,6 +196,13 @@ SecurityContext::SecurityContext() : time_(0), prov_state_(NULL), rng(RNG::Type:
SecurityAction::VerifyKey});
/* Mark MD5 insecure since 2012-01-01 */
profile.add_rule({FeatureType::Hash, PGP_HASH_MD5, SecurityLevel::Insecure, 1325376000});
/* Mark CAST5, 3DES, IDEA, BLOWFISH insecure since 2024-10-01*/ // TODO: tbd
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And also we need to decide what date we want here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@desvxx As there is no reason to use cut-off date much older than release, and no sense to make it in future, let's use the one you typed in, just please remove the TODO item.

ni4
ni4 approved these changes Nov 28, 2024
View reviewed changes
Copy link
Contributor

@ni4 ni4 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

maxirmx
maxirmx approved these changes Nov 28, 2024
View reviewed changes
Copy link
Member

@maxirmx maxirmx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@desvxx desvxx force-pushed the desvxx-1598-prohibit-old-64bit-ciphers branch from 68f103b to 3867501 Compare November 28, 2024 22:34
@desvxx desvxx merged commit ddcbaa9 into rnpgp:main Nov 28, 2024
124 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ni4 ni4 ni4 approved these changes

@maxirmx maxirmx maxirmx approved these changes

@ronaldtse ronaldtse Awaiting requested review from ronaldtse

@antonsviridenko antonsviridenko Awaiting requested review from antonsviridenko

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Do not allow 64 bit ciphers for encryption without explicit option.
3 participants
@desvxx @ni4 @maxirmx