[gnutls-dev] Fixing OpenPGP keyring import

Simon Josefsson simon at josefsson.org
Wed Apr 18 17:24:15 CEST 2007


Timo Schulz <twoaday at gmx.net> writes:

> Simon Josefsson wrote:
>
>>> this feature to the keydb.c code. This would not break any existing
>>> interfaces. I will do it and backport the changes to 0.5.13.
>>> Is this ok for you?
>> 
>> Maybe you could post the patch?  I think it would be fine.
>
> So I won't send the wrong patch.
>
> We decided that opencdk base64 decodes the CDK_DBTYPE_DATA object,
> right?

Yeah, I think so. (Ludovic, correct me if I'm wrong.)

> I could also post the cdk_keydb_new_from_stream but then some other
> files needed to be patched also

I think it may better not to back-port this stuff to the nmav branch.
Let's aim for GnuTLS changing to use OpenCDK HEAD instead.

> and maybe it is easier if I commit the changes directly in the
> nmav-0-5-x branch?

Sure, although please don't change any API/ABI without discussing it
first.  Since we are talking about a big API/ABI break with moving to
OpenCDK HEAD, I think an addition API/ABI break is a no-no, but it
could be discussed.

>> Yes, I agree that gnutls should use your opencdk.  Maybe you could
>> summarize your changes?
>
> OK.
>
> Most of the things I changed are not visible, adjustments for the
> latest openpgp draft, bug fixes for mem leaks. The most visible change
> is, that I dropped the cdk_mpi_t object and now we use gcrypt_mpi_t
> objects directly. Minor things need to be changed in the gnutls openpgp
> code.
>
> I cleaned up the passphrase interface, which should also no problem
> because, IIRC, gnutls do not unprotect secret keys via opencdk.
>
> Some functions now have an additional or fewer parameters. But most of
> the changes are related to bulk encryption. The external interface of
> the key conversion/management API is pretty much the same.

Thanks.

>> Also, I don't think I will have time to develop the patches for gnutls
>> required to do this, so I'm hoping that you will take the lead on that
>> and propose some patches for gnutls.
>
> Of course. I wrote part of the last openpgp gnutls code and it should be
> not too difficult for me to adjust the code for the new opencdk version.
> But FYI, I don't think that much time is needed to finish the migration.
> This is at least what I believe ;-).

Sounds good...  since 1.7.8 was just released, if your changes are
relatively safe you could install your fixes to GnuTLS on HEAD right
now, and we can aim for 1.7.9 to mostly just do the OpenCDK upgrade.
I do want to have HEAD in a buildable stage for most of the time, so
if you think you'll need more than a few days of time to finish the
migration, let's create a branch for it.  What do you think?

/Simon




More information about the Gnutls-devel mailing list