[Help-gnutls] Re: Small inconsistencies of the OpenPGP API

Simon Josefsson jas at extundo.com
Mon Oct 30 13:41:38 CET 2006

ludovic.courtes at laas.fr (Ludovic Courtès) writes:

> Hi,
> `gnutls_openpgp_key_get_pk_algorithm ()' currently returns an `int'
> while it should really return `gnutls_pk_algorithm_t'.  Same for
> `privkey_get_pk_algorithm ()'.

Hi!  Thanks, fixed in CVS.

> Also, `key_get_name ()' assumes that SIZEOF_BUF points to the size of
> BUF when it is invoked and uses that information to avoid buffer
> overflows; however, it does not modify *SIZEOF_BUF as one would expect
> to indicate the actual length of the name returned on success.

Fixed too, but please verify that it works OK.

> Conversely, `key_get_fingerprint ()' does not take into account the
> initial value of *FPRLEN (thus, it may write data past the end of FPR)
> but it does modify it on return to indicate the actual length of the
> fingerprint returned.

Here the problem is that cdk_pk_get_fingerprint doesn't take a length
parameter.  I think a better solution here is to simply require that
key_get_fingerprint must get a buffer of at least 20 bytes in size.
Otherwise we would change the OpenCDK API/ABI, and that seems
unwarranted here.  Fixed in CVS now.

> I think it would be best to both take into account the original value of
> these arguments _and_ modify them upon return to indicate the actual
> length of the element returned in both cases.

Right, although API/ABI concerns may trump this, I think.


More information about the Gnutls-help mailing list