#1844 Improve comparison logic during signature joining

gefeili · gefeili · commit 40cd5fa1158c · 2024-10-22T14:39:19.000+10:30
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPPublicKey.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPPublicKey.java
@@ -1216,7 +1216,8 @@ private static void joinPgpSignatureList(List<PGPSignature> source,
             for (int i = 0; isNotNull && i < rlt.size(); i++)
             {
                 PGPSignature existingSubSig = (PGPSignature)rlt.get(i);
-                if (PGPSignature.isSignatureEncodingEqual(existingSubSig, copySubSig))
+                if (existingSubSig.getVersion() == copySubSig.getVersion() &&
+                        PGPSignature.isSignatureEncodingEqual(existingSubSig, copySubSig))
                 {
                     found = true;
                     // join existing sig with copy to apply modifications in unhashed subpackets
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java
@@ -923,7 +923,13 @@ public static boolean isSignatureEncodingEqual(PGPSignature sig1, PGPSignature s
     public static PGPSignature join(PGPSignature sig1, PGPSignature sig2)
         throws PGPException
     {
-        if (!isSignatureEncodingEqual(sig1, sig2))
+        if (sig1.getVersion() < SignaturePacket.VERSION_4) {
+            // Version 2/3 signatures have no subpackets, so don't need to get merged.
+            return sig1;
+        }
+
+        if (sig1.getVersion() != sig2.getVersion() ||
+                !isSignatureEncodingEqual(sig1, sig2))
         {
             throw new IllegalArgumentException("These are different signatures.");
         }

Original file line number	Diff line number	Diff line change
`@@ -1216,7 +1216,8 @@ private static void joinPgpSignatureList(List<PGPSignature> source,`
`1216`	`1216`	`for (int i = 0; isNotNull && i < rlt.size(); i++)`
`1217`	`1217`	`{`
`1218`	`1218`	`PGPSignature existingSubSig = (PGPSignature)rlt.get(i);`
`1219`		`- if (PGPSignature.isSignatureEncodingEqual(existingSubSig, copySubSig))`
	`1219`	`+ if (existingSubSig.getVersion() == copySubSig.getVersion() &&`
	`1220`	`+ PGPSignature.isSignatureEncodingEqual(existingSubSig, copySubSig))`
`1220`	`1221`	`{`
`1221`	`1222`	`found = true;`
`1222`	`1223`	`// join existing sig with copy to apply modifications in unhashed subpackets`
Original file line number	Diff line number	Diff line change
`@@ -923,7 +923,13 @@ public static boolean isSignatureEncodingEqual(PGPSignature sig1, PGPSignature s`
`923`	`923`	`public static PGPSignature join(PGPSignature sig1, PGPSignature sig2)`
`924`	`924`	`throws PGPException`
`925`	`925`	`{`
`926`		`- if (!isSignatureEncodingEqual(sig1, sig2))`
	`926`	`+ if (sig1.getVersion() < SignaturePacket.VERSION_4) {`
	`927`	`+ // Version 2/3 signatures have no subpackets, so don't need to get merged.`
	`928`	`+ return sig1;`
	`929`	`+ }`
	`930`	`+`
	`931`	`+ if (sig1.getVersion() != sig2.getVersion() \|\|`
	`932`	`+ !isSignatureEncodingEqual(sig1, sig2))`
`927`	`933`	`{`
`928`	`934`	`throw new IllegalArgumentException("These are different signatures.");`
`929`	`935`	`}`