x/crypto/openpgp missing support for uncompressed data in compressed data packets

[Aleks Rudzitis]

Hello,

I think I may have found a bug in the x/crypto/openpgp implementation. However, I wanted to ask here to make sure, before filing a bug report.

The gist of it is, the RFC for OpenPGP states that "Implementations MUST implement uncompressed data" (source: https://datatracker.ietf.org/doc/html/rfc4880#section-9.3). However, the implementation in Go does not: https://github.com/golang/crypto/blob/master/openpgp/packet/compressed.go#L50

I encountered this issue while trying to use the OpenPGP implementation in Go to read uncompressed data in a compressed data packet. For reference, GnuPG seems to handle this case.

I created a proof of concept to verify the bug: https://gist.github.com/ajrudzitis/a6b240763f2211da9990480bbd73cfbf

I was able to parse the message with GnuPG, but not Go:

# off=0 ctb=c8 tag=8 hlen=2 plen=24 new-ctb

:compressed packet: algo=0

# off=3 ctb=cb tag=11 hlen=2 plen=21 new-ctb

:literal data packet:

        mode t (74), created 0, name="hello.txt",

        raw data: 6 byte

If other folks agree, I am happy to open an issue.

Cheers,

Aleks

[Sean Liao]

Note as of https://github.com/golang/go/issues/44226 x/crypto/openpgp is frozen and deprecated