x/crypto/openpgp: ReadEntity doesn't support V3 signatures #27679
Description
What version of Go are you using (go version)?
1.11
Does this issue reproduce with the latest release?
Aye.
What operating system and processor architecture are you using (go env)?
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/simon/.cache/go-build"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/simon/go"
GOPROXY=""
GORACE=""
GOROOT="/usr/lib/go"
GOTMPDIR=""
GOTOOLDIR="/usr/lib/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="clang"
CXX="clang++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build609952039=/tmp/go-build -gno-record-gcc-switches"
What did you do?
Try to use openpgp.ReadEntity on a keyring containing V3 signatures (for instance http://keyserver.mattrude.com/dump/current/sks-dump-0000.pgp).
package main
import (
"io"
"log"
"os"
"golang.org/x/crypto/openpgp"
"golang.org/x/crypto/openpgp/packet"
)
func main() {
pr := packet.NewReader(os.Stdin)
for {
_, err := openpgp.ReadEntity(pr)
if err == io.EOF {
break
} else if err != nil {
log.Fatal(err)
}
}
}What did you expect to see?
No error.
What did you see instead?
openpgp: invalid data: subkey packet not followed by signature
This happens because of this line: https://github.com/golang/crypto/blob/master/openpgp/keys.go#L442
- We should at least provide a sensible error message if it's a
*packet.SignatureV3("V3 signatures not supported by Entity"). - We could add a
SignatureV3field alongsideSignaturefields (just likeMessageDetails)
What do you think?