From 82d73b8bc0608cbe3f416705febece62888524d1 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Tue, 9 Jul 2024 12:13:43 +0200
Subject: [PATCH] PGPSignature: Use proper method to update signature with salt

CANONICAL_TEXT signatures update() would handle 'd0' specially,
resulting in broken signature verification if salt contained 'd0'.
With this patch, we push salt to sigOut directly.
---
 .../java/org/bouncycastle/openpgp/PGPSignature.java    | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java
index fc2c3d1515..b5060ef848 100644
--- a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java
+++ b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java
@@ -191,10 +191,18 @@ private void checkSaltSize()
     }
 
     private void updateWithSalt()
+            throws PGPException
     {
         if (getVersion() == SignaturePacket.VERSION_6)
         {
-            update(sigPck.getSalt());
+            try
+            {
+                sigOut.write(sigPck.getSalt());
+            }
+            catch (IOException e)
+            {
+                throw new PGPException("Cannot update signature with salt.", e);
+            }
         }
     }