Google Git
Sign in
go / crypto.git / fd5f17ee729917fcb39f16421460212d917a0813
commitfd5f17ee729917fcb39f16421460212d917a0813[log] [tgz]
authoraviau <alexandre@alexandreviau.net>Tue Jun 12 16:26:42 2018 -0400
committerFilippo Valsorda <filippo@golang.org>Thu Jun 14 17:48:26 2018 +0000
tree0c4120c9b115ca521841c53a9a03911eed04e076
parent37a17fe027db43f76fd88b056ddf588563fc8722 [diff]
openpgp: read keys with revoked user ids

The existing code was wrongly assuming that UserID packets must be
immediately followed by a Signature packet. However, this is not true.

See RFC4880 11.1:
> Immediately following each User ID packet, there are zero or more
> Signature packets.

This change will ensure that Entities that are not immediately followed
by a Signature packet are read without raising a StructuralError.
Instead, UserID packets that are not immediately followed by a self
signature will be ignored.

Maximum backwards compatibility is retained because revoked UserIDs are
not added to the Entity's identities.

In a follow-up patch, we should probably add these UserIDs to the
Entity's identities too, but not without making sure that the revocation
is also available in the Entity's (or the Identity's) Revocations slice.
This would require adding support for a new Signature Type,
"Certification revocation signature", as defined in RFC 48880 5.2.1.

Fixes golang/go#25850

Change-Id: Idde34b97429998f28e0c687171024e51ed959bf0
Reviewed-on: https://go-review.googlesource.com/118376
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
2 files changed
tree: 0c4120c9b115ca521841c53a9a03911eed04e076
  1. acme/
  2. argon2/
  3. bcrypt/
  4. blake2b/
  5. blake2s/
  6. blowfish/
  7. bn256/
  8. cast5/
  9. chacha20poly1305/
  10. cryptobyte/
  11. curve25519/
  12. ed25519/
  13. hkdf/
  14. internal/
  15. md4/
  16. nacl/
  17. ocsp/
  18. openpgp/
  19. otr/
  20. pbkdf2/
  21. pkcs12/
  22. poly1305/
  23. ripemd160/
  24. salsa20/
  25. scrypt/
  26. sha3/
  27. ssh/
  28. tea/
  29. twofish/
  30. xtea/
  31. xts/
  32. .gitattributes
  33. .gitignore
  34. AUTHORS
  35. codereview.cfg
  36. CONTRIBUTING.md
  37. CONTRIBUTORS
  38. LICENSE
  39. PATENTS
  40. README.md
README.md

Go Cryptography

This repository holds supplementary Go cryptography libraries.

Download/Install

The easiest way to install is to run go get -u golang.org/x/crypto/.... You can also manually git clone the repository to $GOPATH/src/golang.org/x/crypto.

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the crypto repository is located at https://github.com/golang/go/issues. Prefix your issue with “x/crypto:” in the subject line, so it is easy to find.

Note that contributions to the cryptography package receive additional scrutiny due to their sensitive nature. Patches may take longer than normal to receive feedback.