go.crypto/openpgp: return signature error rather than unknown issuer.

In the event that a detached signature fails to verify, the code would
continue trying to find other keys with the same key ID and eventually
conclude that the signature was issued by someone unknown
(ErrUnknownIssuer).

With this change, the signature verification error would be returned
instead. (Technically the last error if several keys had a matching key
id and neither verified.)

Fixes golang/go#8509.

LGTM=bradfitz
R=bradfitz
CC=golang-codereviews
https://golang.org/cl/125030043

Author: agl

openpgp/read.go

@@ -405,7 +405,10 @@ func CheckDetachedSignature(keyring KeyRing, signed, signature io.Reader) (signe
 		}
 	}
 
-	return nil, errors.ErrUnknownIssuer
+	if err == nil {
+		err = errors.ErrUnknownIssuer
+	}
+	return nil, err
 }
 
 // CheckArmoredDetachedSignature performs the same actions as

openpgp/read_test.go

@@ -279,6 +279,15 @@ func TestDetachedSignature(t *testing.T) {
 	testDetachedSignature(t, kring, readerFromHex(detachedSignatureHex), signedInput, "binary", testKey1KeyId)
 	testDetachedSignature(t, kring, readerFromHex(detachedSignatureTextHex), signedInput, "text", testKey1KeyId)
 	testDetachedSignature(t, kring, readerFromHex(detachedSignatureV3TextHex), signedInput, "v3", testKey1KeyId)
+
+	incorrectSignedInput := signedInput + "X"
+	_, err := CheckDetachedSignature(kring, bytes.NewBufferString(incorrectSignedInput), readerFromHex(detachedSignatureHex))
+	if err == nil {
+		t.Fatal("CheckDetachedSignature returned without error for bad signature")
+	}
+	if err == errors.ErrUnknownIssuer {
+		t.Fatal("CheckDetachedSignature returned ErrUnknownIssuer when the signer was known, but the signature invalid")
+	}
 }
 
 func TestDetachedSignatureDSA(t *testing.T) {