[Rpm-maint] [rpm-software-management/rpm] Binary PGP keys cannot be imported (Issue #2689)
Neal H. Walfield
notifications at github.com
Wed Oct 4 05:46:14 UTC 2023
I think we need to introduce a new interface.
`rpmkeys` imports keys using [the `doImport` function](https://github.com/rpm-software-management/rpm/blob/1c98b67911e19a5f92c7fa4492aaa1000a06edad/lib/rpmchecksig.c#L27).
That function looks for ASCII armor blocks, and the uses [`pgpParsePkts`](https://github.com/rpm-software-management/rpm/blob/master/rpmio/rpmpgp_internal.c#L1331) to parse the certificate. `pgpParsePkts` takes a NUL-terminated string as input.
```
/** \ingroup rpmpgp
* Parse armored OpenPGP packets from memory.
* @param armor armored OpenPGP packet string
* @param[out] pkt dearmored OpenPGP packet(s) (malloced)
* @param[out] pktlen dearmored OpenPGP packet(s) length in bytes
* @return type of armor found
*/
pgpArmor pgpParsePkts(const char *armor, uint8_t ** pkt, size_t * pktlen);
```
This means that even if we were willing to change the semantics of the function, we can't because a binary OpenPGP packets may contain embedded NULs.
As such, we need a new interface, in which the length is passed explicitly. Perhaps:
```
pgpArmor pgpParsePkts2(const uint8_t *maybe_armor, size_t maybe_armor_len, uint8_t ** pkt, size_t * pktlen);
```
Since we are parsing the data anyway in order to figure out its type, I'd rather just immediately return an array of `PgpDigParamsObj`, one for each object found.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2689#issuecomment-1746176336
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2689/1746176336 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20231003/1964e7a7/attachment.html>
More information about the Rpm-maint
mailing list