[Rpm-maint] [rpm-software-management/rpm] Binary PGP keys cannot be imported (Issue #2689)

Neal H. Walfield notifications at github.com
Wed Oct 4 05:46:14 UTC 2023


I think we need to introduce a new interface.

`rpmkeys` imports keys using [the `doImport` function](https://github.com/rpm-software-management/rpm/blob/1c98b67911e19a5f92c7fa4492aaa1000a06edad/lib/rpmchecksig.c#L27).

That function looks for ASCII armor blocks, and the uses [`pgpParsePkts`](https://github.com/rpm-software-management/rpm/blob/master/rpmio/rpmpgp_internal.c#L1331) to parse the certificate.  `pgpParsePkts` takes a NUL-terminated string as input.

```
/** \ingroup rpmpgp
 * Parse armored OpenPGP packets from memory.
 * @param armor		armored OpenPGP packet string
 * @param[out] pkt	dearmored OpenPGP packet(s) (malloced)
 * @param[out] pktlen	dearmored OpenPGP packet(s) length in bytes
 * @return		type of armor found
 */
pgpArmor pgpParsePkts(const char *armor, uint8_t ** pkt, size_t * pktlen);
```

This means that even if we were willing to change the semantics of the function, we can't because a binary OpenPGP packets may contain embedded NULs.

As such, we need a new interface, in which the length is passed explicitly.  Perhaps:

```
pgpArmor pgpParsePkts2(const uint8_t *maybe_armor, size_t maybe_armor_len, uint8_t ** pkt, size_t * pktlen);
```

Since we are parsing the data anyway in order to figure out its type, I'd rather just immediately return an array of `PgpDigParamsObj`, one for each object found.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2689#issuecomment-1746176336
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/2689/1746176336 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20231003/1964e7a7/attachment.html>


More information about the Rpm-maint mailing list