pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt

@@ -139,12 +139,11 @@ class OpenPgpMessageInputStream(
 
         // Comsume packets, potentially stepping into nested layers
         layer@ while (run {
-            packet =
+            packet = try {
-                try {
+                pIn.nextPacketTag()
-                    pIn.nextPacketTag()
+            } catch (e: NoSuchElementException) {
-                } catch (e: NoSuchElementException) {
+                throw MalformedOpenPgpMessageException(e.message)
-                    throw MalformedOpenPgpMessageException(e.message)
+            }
-                }
             packet
         } != null) {
 
@@ -211,24 +210,25 @@ class OpenPgpMessageInputStream(
         syntaxVerifier.next(InputSymbol.LITERAL_DATA)
         val literalData = packetInputStream!!.readLiteralData()
 
-        val streamEncoding =
+        val streamEncoding = try {
-            try {
+            StreamEncoding.requireFromCode(literalData.format)
-                StreamEncoding.requireFromCode(literalData.format)
+        } catch (e: NoSuchElementException) {
-            } catch (e: NoSuchElementException) {
+            throw PGPException("Invalid stream encoding format encountered: ${literalData.format}; ${e.message}")
-                throw PGPException(
+        }
-                    "Invalid stream encoding format encountered: ${literalData.format}; ${e.message}")
-            }
 
-        val fileName =
+        val fileName = try {
-            try {
+            literalData.fileName
-                literalData.fileName
+        } catch (e: IllegalArgumentException) {
-            } catch (e: IllegalArgumentException) {
+            // Non UTF8
-                // Non UTF8
+            throw PGPException("Cannot decode literal data filename: ${e.message}")
-                throw PGPException("Cannot decode literal data filename: ${e.message}")
+        }
-            }
 
         // Extract Metadata
-        layerMetadata.child = LiteralData(fileName, literalData.modificationTime, streamEncoding)
+        layerMetadata.child =
+            LiteralData(
+                fileName,
+                literalData.modificationTime,
+                streamEncoding)
 
         nestedInputStream = literalData.inputStream
     }
@@ -238,15 +238,17 @@ class OpenPgpMessageInputStream(
         signatures.enterNesting()
         val compressedData = packetInputStream!!.readCompressedData()
 
-        val compAlg =
+        val compAlg = try {
-            try {
+            CompressionAlgorithm.requireFromId(compressedData.algorithm)
-                CompressionAlgorithm.requireFromId(compressedData.algorithm)
+        } catch (e: NoSuchElementException) {
-            } catch (e: NoSuchElementException) {
+            throw PGPException(e.message)
-                throw PGPException(e.message)
+        }
-            }
 
         // Extract Metadata
-        val compressionLayer = CompressedData(compAlg, layerMetadata.depth + 1)
+        val compressionLayer =
+            CompressedData(
+                compAlg,
+                layerMetadata.depth + 1)
 
         LOGGER.debug(
             "Compressed Data Packet (${compressionLayer.algorithm}) at depth ${layerMetadata.depth} encountered.")
@@ -345,9 +347,7 @@ class OpenPgpMessageInputStream(
             "Symmetrically Encrypted Data Packet at depth ${layerMetadata.depth} encountered.")
         syntaxVerifier.next(InputSymbol.ENCRYPTED_DATA)
         val encDataList = packetInputStream!!.readEncryptedDataList()
-        if (!encDataList.isIntegrityProtected &&
+        if (!encDataList.isIntegrityProtected && !encDataList.isEmpty && !encDataList.get(0).isAEAD) {
-            !encDataList.isEmpty &&
-            !encDataList.get(0).isAEAD) {
             LOGGER.warn("Symmetrically Encrypted Data Packet is not integrity-protected.")
             if (!options.isIgnoreMDCErrors()) {
                 throw MessageNotIntegrityProtectedException()
@@ -569,14 +569,13 @@ class OpenPgpMessageInputStream(
         pkesk: PGPPublicKeyEncryptedData
     ): Boolean {
         try {
-            val decrypted =
+            val decrypted = try {
-                try {
+                pkesk.getDataStream(decryptorFactory)
-                    pkesk.getDataStream(decryptorFactory)
+            } catch (e: ClassCastException) {
-                } catch (e: ClassCastException) {
+                throw PGPException(e.message)
-                    throw PGPException(e.message)
+            } catch (e: IllegalArgumentException) {
-                } catch (e: IllegalArgumentException) {
+                throw PGPException(e.message)
-                    throw PGPException(e.message)
+            }
-                }
             val sessionKey = SessionKey(pkesk.getSessionKey(decryptorFactory))
             throwIfUnacceptable(sessionKey.algorithm)
 

pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt

@@ -165,13 +165,13 @@ class SignatureUtils {
                     // having them compressed,
                     //  except for an attacker who is trying to exploit flaws in the decompression
                     // algorithm.
-                    //  Therefore, we ignore compressed data packets without attempting
+                    //  Therefore, we ignore compressed data packets without attempting decompression.
-                    // decompression.
                     if (nextObject is PGPCompressedData) {
                         // getInputStream() does not do decompression, contrary to getDataStream().
                         Streams.drain(
                             (nextObject as PGPCompressedData)
-                                .inputStream) // Skip packet without decompressing
+                                .inputStream
+                        ) // Skip packet without decompressing
                     }
 
                     if (nextObject is PGPSignatureList) {

pgpainless-core/src/main/kotlin/org/pgpainless/util/ArmorUtils.kt

@@ -247,8 +247,7 @@ class ArmorUtils {
                 .add(OpenPgpFingerprint.of(publicKey).prettyPrint())
             // Primary / First User ID
             (primary ?: first)?.let {
-                headerMap
+                headerMap.getOrPut(HEADER_COMMENT) { mutableSetOf() }
-                    .getOrPut(HEADER_COMMENT) { mutableSetOf() }
                     .add(it.replace("\n", "\\n").replace("\r", "\\r"))
             }
             // X-1 further identities

pgpainless-core/src/test/kotlin/org/pgpainless/bouncycastle/fuzzing/PGPObjectFactoryFuzzingTest.kt

@@ -6,13 +6,13 @@ package org.pgpainless.bouncycastle.fuzzing
 
 import com.code_intelligence.jazzer.api.FuzzedDataProvider
 import com.code_intelligence.jazzer.junit.FuzzTest
-import java.io.EOFException
-import java.io.IOException
 import org.bouncycastle.bcpg.ArmoredInputException
 import org.bouncycastle.bcpg.UnsupportedPacketVersionException
 import org.bouncycastle.openpgp.PGPException
 import org.bouncycastle.openpgp.PGPUtil
 import org.bouncycastle.openpgp.bc.BcPGPObjectFactory
+import java.io.EOFException
+import java.io.IOException
 
 class PGPObjectFactoryFuzzingTest {
 

pgpainless-sop/src/main/kotlin/org/pgpainless/sop/ArmorImpl.kt

@@ -5,7 +5,6 @@
 package org.pgpainless.sop
 
 import java.io.BufferedOutputStream
-import java.io.IOException
 import java.io.InputStream
 import java.io.OutputStream
 import kotlin.jvm.Throws
@@ -15,6 +14,7 @@ import org.pgpainless.util.ArmoredOutputStreamFactory
 import sop.Ready
 import sop.exception.SOPGPException
 import sop.operation.Armor
+import java.io.IOException
 
 /** Implementation of the `armor` operation using PGPainless. */
 class ArmorImpl : Armor {
@@ -27,15 +27,14 @@ class ArmorImpl : Armor {
                 val bufferedOutputStream = BufferedOutputStream(outputStream)
 
                 // Determine the nature of the given data
-                val openPgpIn =
+                val openPgpIn = OpenPgpInputStream(data, false).apply {
-                    OpenPgpInputStream(data, false).apply {
+                    try {
-                        try {
+                        inspectBuffer()
-                            inspectBuffer()
+                    } catch (e: IOException) {
-                        } catch (e: IOException) {
+                        // ignore
-                            // ignore
-                        }
-                        reset()
                     }
+                    reset()
+                }
 
                 if (openPgpIn.isAsciiArmored) {
                     // armoring already-armored data is an idempotent operation

pgpainless-sop/src/main/kotlin/org/pgpainless/sop/DecryptImpl.kt

@@ -4,13 +4,11 @@
 
 package org.pgpainless.sop
 
+import org.bouncycastle.bcpg.UnsupportedPacketVersionException
 import java.io.IOException
 import java.io.InputStream
 import java.io.OutputStream
 import java.util.*
-import java.util.zip.ZipException
-import kotlin.NoSuchElementException
-import org.bouncycastle.bcpg.UnsupportedPacketVersionException
 import org.bouncycastle.openpgp.PGPException
 import org.bouncycastle.util.io.Streams
 import org.pgpainless.PGPainless
@@ -27,6 +25,8 @@ import sop.SessionKey
 import sop.exception.SOPGPException
 import sop.operation.Decrypt
 import sop.util.UTF8Util
+import java.util.zip.ZipException
+import kotlin.NoSuchElementException
 
 /** Implementation of the `decrypt` operation using PGPainless. */
 class DecryptImpl : Decrypt {
@@ -61,7 +61,8 @@ class DecryptImpl : Decrypt {
                 throw SOPGPException.BadData(e)
             } catch (e: ModificationDetectionException) {
                 throw SOPGPException.BadData(e)
-            } finally {
+            }
+            finally {
                 // Forget passphrases after decryption
                 protector.clear()
             }

pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/AsciiArmorFuzzTest.java

@@ -14,7 +14,7 @@ import java.io.IOException;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 
-public class ArmorFuzzTest {
+public class AsciiArmorFuzzTest {
 
     private final SOP sop = new SOPImpl();
 

pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/EncryptedMessageFuzzingTest.java

@@ -6,8 +6,12 @@ package org.pgpainless.sop.fuzzing;
 
 import com.code_intelligence.jazzer.api.FuzzedDataProvider;
 import com.code_intelligence.jazzer.junit.FuzzTest;
+import org.bouncycastle.util.encoders.Hex;
 import org.bouncycastle.util.io.Streams;
 import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import org.pgpainless.exception.MissingDecryptionMethodException;
+import org.pgpainless.exception.ModificationDetectionException;
 import org.pgpainless.sop.SOPImpl;
 import sop.SOP;
 import sop.exception.SOPGPException;
@@ -17,14 +21,22 @@ import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.ArrayList;
+import java.util.Iterator;
 import java.util.List;
+import java.util.NoSuchElementException;
+import java.util.stream.Stream;
 
 import static org.junit.jupiter.api.Assertions.assertArrayEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
 
-public class EncryptFuzzTest {
+public class EncryptedMessageFuzzingTest {
 
     private final SOP sop = new SOPImpl();
     private final String password = "sw0rdf1sh";
@@ -41,7 +53,7 @@ public class EncryptFuzzTest {
         List<byte[]> keys = new ArrayList<>();
 
         String dir = "/org/pgpainless/sop/fuzzing/testKeys";
-        InputStream in = EncryptFuzzTest.class.getResourceAsStream(dir);
+        InputStream in = EncryptedMessageFuzzingTest.class.getResourceAsStream(dir);
         BufferedReader reader = new BufferedReader(new InputStreamReader(in));
 
         String file;
@@ -50,7 +62,7 @@ public class EncryptFuzzTest {
                 continue;
             }
 
-            try(InputStream fIn = EncryptFuzzTest.class.getResourceAsStream(dir + "/" + file)) {
+            try(InputStream fIn = EncryptedMessageFuzzingTest.class.getResourceAsStream(dir + "/" + file)) {
                 byte[] b = Streams.readAll(fIn);
                 keys.add(b);
             }

pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/SignatureFuzzTest.java

@@ -15,7 +15,7 @@ import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.util.List;
 
-public class VerifyFuzzTest {
+public class SignatureFuzzTest {
 
     private final SOP sop = new SOPImpl();
     private final byte[] data = "Hello, World!\n".getBytes(StandardCharsets.UTF_8);