[Help-gnutls] Client OpenPGP verification fails (update)

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Jul 25 20:17:37 CEST 2006


On Tue 25 Jul 2006 19:56, Mario Lenz wrote:
> Hi!
>
> > Are you sure? I didn't test it but it seems that the first call to
> > cdk_kbnode_write_to_mem() does the work...
>
> (I'm talking about 1.4.1 here. I think I'll have some time next week
> to have a look at 1.5.0.)

I think the openpgp part is the same since 1.0.x. Hasn't really changed.

> Well, the function gnutls_openpgp_key_export looks like this:
>
> /* call cdk_kbnode_write_to_mem() and handle return value */

This should be doing the convertion to raw encoding. Then
it proceeds if only if conversion to base64 is needed.



> But then there's another problem in libextra/gnutls_openpgp.c. Please
> have a look at _gnutls_openpgp_key_to_gcert:
>
> ret = gnutls_openpgp_key_export (cert, GNUTLS_OPENPGP_FMT_RAW, NULL,
> &der_size);
> if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
>   {
>     gnutls_assert ();
>     return ret;
>   }

This should be correct since decoding should fail (check that the output 
pointer is NULL so there is no place to copy the output). That call is 
there to get the size of the exported key only.

> The function always dies, except when there's a specific error.

You're not really supposed to call this function directly! :)
But anyway did you notice failures in this function?


regards,
Nikos





More information about the Gnutls-help mailing list