[gnutls-dev] Fixing OpenPGP keyring import

[Ludovic Courtès]

Hi,

The patch below attempts to fix import of OpenPGP keyrings.  This
currently doesn't work at all AFAICT (in fact, I wonder how the current
code relates to the intent ;-)).

The patch is kludgey: since `cdk_keydb_new ()' only supports the raw
format, it changes `gnutls_openpgp_keyring_import ()' so that it returns
an error when asked for a base64 import.

Fixing this would require one of the following:

  1. fixing `cdk_keydb_new ()' so that one can pass an additional
     argument indicating the format.

  2. providing a new function, say `cdk_keydb_from_stream ()', where one
     can pass an arbitrary stream as the keyring source.

Solution (2) seems more flexible and cleaner.  One could pass
`cdk_keydb_from_stream ()' a stream with or without the armor flag set,
thereby fixing our problem.  It would also have the advantage of not
breaking OpenCDK's ABI.  `cdk_keydb_new ()' could then be rewritten in
terms of it.

I'm not familiar with OpenCDK so I may well have missed something.
Any thoughts?

Just in case: is copyright assignment needed for OpenCDK?

Thanks,
Ludovic.


--- orig/libextra/openpgp/extras.c
+++ mod/libextra/openpgp/extras.c
@@ -127,18 +127,18 @@
                               gnutls_openpgp_key_fmt_t format)
 {
   int rc;
-  keybox_blob *blob = NULL;
+  cdk_error_t err;
 
-
-  blob = kbx_read_blob (data, 0);
-  if (!blob)
+  if (format != GNUTLS_OPENPGP_FMT_RAW)
     {
-      gnutls_assert ();
-      return GNUTLS_E_OPENPGP_KEYRING_ERROR;
+      /* FIXME: `cdk_keydb_new ()' currently only supports raw keyrings.  */
+      rc = GNUTLS_E_UNIMPLEMENTED_FEATURE;
+      goto leave;
     }
 
-  keyring->hd = kbx_to_keydb (blob);
-  if (!keyring->hd)
+  err = cdk_keydb_new (&keyring->hd, CDK_DBTYPE_DATA,
+                      data->data, data->size);
+  if (err)
     {
       gnutls_assert ();
       rc = GNUTLS_E_OPENPGP_KEYRING_ERROR;
@@ -148,7 +148,6 @@
   rc = 0;
 
 leave:
-  kbx_blob_release (blob);
   return rc;
 }