Fix NPE when encoding signature without hashed area

vanitasvitae · vanitasvitae · commit 6f6fe18635e1 · 2025-09-29T15:41:20.000+02:00
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java
@@ -907,7 +907,10 @@ public void encode(
         throws IOException
     {
         // Exportable signatures MUST NOT be exported if forTransfer==true
-        if (forTransfer && (!getHashedSubPackets().isExportable() || !getUnhashedSubPackets().isExportable()))
+        if (forTransfer &&
+                ((getHashedSubPackets() != null && !getHashedSubPackets().isExportable()) ||
+                (getUnhashedSubPackets() != null && !getUnhashedSubPackets().isExportable()))
+        )
         {
             return;
         }
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/api/OpenPGPCertificate.java b/pg/src/main/java/org/bouncycastle/openpgp/api/OpenPGPCertificate.java
@@ -1015,7 +1015,7 @@ public int compare(OpenPGPSignatureChain o1, OpenPGPSignatureChain o2)
         {
             OpenPGPSignatureChain binding = it.next();
             PGPSignature sig = binding.getSignature().getSignature();
-            if (sig.getHashedSubPackets().isPrimaryUserID())
+            if (sig.getHashedSubPackets() != null && sig.getHashedSubPackets().isPrimaryUserID())
             {
                 return binding;
             }
@@ -1830,6 +1830,11 @@ private void verifyEmbeddedPrimaryKeyBinding(PGPContentVerifierBuilderProvider c
                                                      OpenPGPPolicy policy, Date signatureCreationTime)
             throws PGPSignatureException
         {
+            if (signature.getHashedSubPackets() == null)
+            {
+                return;
+            }
+
             int keyFlags = signature.getHashedSubPackets().getKeyFlags();
             if ((keyFlags & KeyFlags.SIGN_DATA) != KeyFlags.SIGN_DATA)
             {

Original file line number	Diff line number	Diff line change
`@@ -907,7 +907,10 @@ public void encode(`
`907`	`907`	`throws IOException`
`908`	`908`	`{`
`909`	`909`	`// Exportable signatures MUST NOT be exported if forTransfer==true`
`910`		`- if (forTransfer && (!getHashedSubPackets().isExportable() \|\| !getUnhashedSubPackets().isExportable()))`
	`910`	`+ if (forTransfer &&`
	`911`	`+ ((getHashedSubPackets() != null && !getHashedSubPackets().isExportable()) \|\|`
	`912`	`+ (getUnhashedSubPackets() != null && !getUnhashedSubPackets().isExportable()))`
	`913`	`+ )`
`911`	`914`	`{`
`912`	`915`	`return;`
`913`	`916`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1015,7 +1015,7 @@ public int compare(OpenPGPSignatureChain o1, OpenPGPSignatureChain o2)`
`1015`	`1015`	`{`
`1016`	`1016`	`OpenPGPSignatureChain binding = it.next();`
`1017`	`1017`	`PGPSignature sig = binding.getSignature().getSignature();`
`1018`		`- if (sig.getHashedSubPackets().isPrimaryUserID())`
	`1018`	`+ if (sig.getHashedSubPackets() != null && sig.getHashedSubPackets().isPrimaryUserID())`
`1019`	`1019`	`{`
`1020`	`1020`	`return binding;`
`1021`	`1021`	`}`
`@@ -1830,6 +1830,11 @@ private void verifyEmbeddedPrimaryKeyBinding(PGPContentVerifierBuilderProvider c`
`1830`	`1830`	`OpenPGPPolicy policy, Date signatureCreationTime)`
`1831`	`1831`	`throws PGPSignatureException`
`1832`	`1832`	`{`
	`1833`	`+ if (signature.getHashedSubPackets() == null)`
	`1834`	`+ {`
	`1835`	`+ return;`
	`1836`	`+ }`
	`1837`	`+`
`1833`	`1838`	`int keyFlags = signature.getHashedSubPackets().getKeyFlags();`
`1834`	`1839`	`if ((keyFlags & KeyFlags.SIGN_DATA) != KeyFlags.SIGN_DATA)`
`1835`	`1840`	`{`