Re: [Help-gnutls] gnutls_openpgp_privkey_import() behavior seems inconsistent depending on choice of "format" variable

[Nikos Mavrogiannopoulos]

Daniel Kahn Gillmor wrote:
> Hi GnuTLS folks--
>
> I just opened another ticket, this time about weirdly inconsistent
> behavior in the gnutls_openpgp_privkey_import() function:
>
>  http://trac.gnutls.org/cgi-bin/trac.cgi/ticket/23
>
> Please let me know if i can do anything to help debug it further.

This is not quite easy to fix since it depends on the internals of 
opencdk. As far as I remember opencdk auto detects the input data and 
acts accordingly. However in gnutls we specifically set the raw/base64 
flag. An improvement I could think would be to check the data after the 
import in order to verify that import was successful.

Does the attached patch solve the issue for you?

regards,
Nikos

diff --git a/lib/openpgp/privkey.c b/lib/openpgp/privkey.c
index aa9c82b..57d0342 100644
--- a/lib/openpgp/privkey.c
+++ b/lib/openpgp/privkey.c
@@ -93,7 +93,8 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
                               gnutls_openpgp_crt_fmt_t format,
                               const char *pass, unsigned int flags)
 {
-  cdk_stream_t inp;  
+  cdk_stream_t inp;
+  cdk_packet_t pkt;
   int rc;
   
   if (format == GNUTLS_OPENPGP_FMT_RAW)
@@ -119,6 +120,14 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t 
key,
          return rc;
        }
     }
+
+  /* Test if the import was successful. */
+  pkt = cdk_kbnode_find_packet (key->knode, CDK_PKT_SECRET_KEY);
+  if (pkt == NULL)
+    {
+      gnutls_assert();
+      return GNUTLS_E_OPENPGP_GETKEY_FAILED;
+    }
   
   return 0;
 }