search

rnpgp / rnp

RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird
https://www.rnpgp.org
Other
194 stars 55 forks source link

Make one-pass signature reading more relaxed. #1806

Open ni4 opened 2 years ago

ni4 commented 2 years ago

Description

Currently if we have multiple one-pass signatures we stop on the first one with nested=1. This results in the following messages in the log:

[signed_read_single_signature() /Users/nickolay/Ribose/rnp/src/librepgp/stream-parse.cpp:956] failed to read signature packet header
[signed_read_signatures() /Users/nickolay/Ribose/rnp/src/librepgp/stream-parse.cpp:1027] Warning: premature end of signatures
[signed_src_finish() /Users/nickolay/Ribose/rnp/src/librepgp/stream-parse.cpp:1057] warning: unexpected data on the stream end

However, GnuPG allows such case, so we should also change our behaviour (maybe issuing just a single warning). The main usecase for this is multiple-user signing of the document/re-signing of the documents.

ni4 commented 2 years ago

Additionally, we may check whether document is already signed (includes one-pass signature packets at the beginning), and update their nested field (one-pass signature packet is not hashed).