Allow parsing empty Key Flags subpackets (#214)

twiss · web-flow · commit 196c8f5f31c4 · 2024-07-08T15:29:02.000+02:00
This is allowed by the spec, which says:

&gt; This subpacket contains a list of binary flags that hold information
&gt; about a key. It is a string of octets, and an implementation MUST NOT
&gt; assume a fixed size. This is so it can grow over time. If a list is
&gt; shorter than an implementation expects, the unstated flags are
&gt; considered to be zero.

And it can be useful to explicitly say that a primary key is not allowed
to be used for any purpose (except certifying subkeys), for example.
diff --git a/openpgp/packet/signature.go b/openpgp/packet/signature.go
@@ -518,11 +518,10 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r
 		}
 	case keyFlagsSubpacket:
 		// Key flags, section 5.2.3.21
+		sig.FlagsValid = true
 		if len(subpacket) == 0 {
-			err = errors.StructuralError("empty key flags subpacket")
 			return
 		}
-		sig.FlagsValid = true
 		if subpacket[0]&KeyFlagCertify != 0 {
 			sig.FlagCertify = true
 		}

Original file line number	Diff line number	Diff line change
`@@ -518,11 +518,10 @@ func parseSignatureSubpacket(sig *Signature, subpacket []byte, isHashed bool) (r`
`518`	`518`	`}`
`519`	`519`	`case keyFlagsSubpacket:`
`520`	`520`	`// Key flags, section 5.2.3.21`
	`521`	`+ sig.FlagsValid = true`
`521`	`522`	`if len(subpacket) == 0 {`
`522`		`- err = errors.StructuralError("empty key flags subpacket")`
`523`	`523`	`return`
`524`	`524`	`}`
`525`		`- sig.FlagsValid = true`
`526`	`525`	`if subpacket[0]&KeyFlagCertify != 0 {`
`527`	`526`	`sig.FlagCertify = true`
`528`	`527`	`}`