Fix import of ASCII armored OpenPGP keys, patch from ludovic.courtes@laas.fr (Ludovic Courtès).

3 files changed, 23 insertions, 7 deletions

diff --git a/libextra/gnutls_openpgp.c b/libextra/gnutls_openpgp.c
index 1775ca14bd..e9967cd6e3 100644
--- a/libextra/gnutls_openpgp.c
+++ b/libextra/gnutls_openpgp.c
@@ -309,6 +309,7 @@ openpgp_pk_to_gnutls_cert (gnutls_cert * cert, cdk_pkt_pubkey_t pk)
  * _gnutls_openpgp_raw_privkey_to_gkey - Converts an OpenPGP secret key to GnuTLS
  * @pkey: the GnuTLS private key context to store the key.
  * @raw_key: the raw data which contains the whole key packets.
+ * @format: the format of the key packets.
  *
  * The RFC2440 (OpenPGP Message Format) data is converted into the
  * GnuTLS specific data which is need to perform secret key operations.
@@ -317,9 +318,10 @@ openpgp_pk_to_gnutls_cert (gnutls_cert * cert, cdk_pkt_pubkey_t pk)
  -*/
 int
 _gnutls_openpgp_raw_privkey_to_gkey (gnutls_privkey * pkey,
-				     const gnutls_datum_t * raw_key)
+				     const gnutls_datum_t * raw_key,
+				     gnutls_openpgp_key_fmt_t format)
 {
-  cdk_kbnode_t snode;
+  cdk_kbnode_t snode = NULL;
   cdk_packet_t pkt;
   cdk_stream_t out;
   cdk_pkt_seckey_t sk = NULL;
@@ -338,6 +340,17 @@ _gnutls_openpgp_raw_privkey_to_gkey (gnutls_privkey * pkey,
   if (!out)
     return GNUTLS_E_CERTIFICATE_ERROR;
 
+  if (format == GNUTLS_OPENPGP_FMT_BASE64)
+    {
+      rc = cdk_stream_set_armor_flag (out, 0);
+      if (rc)
+	{
+	  rc = _gnutls_map_cdk_rc (rc);
+	  gnutls_assert ();
+	  goto leave;
+	}
+    }
+
   cdk_stream_write (out, raw_key->data, raw_key->size);
   cdk_stream_seek (out, 0);
 
@@ -559,7 +572,7 @@ stream_to_datum (cdk_stream_t inp, gnutls_datum_t * raw)
  * @key: the datum that contains the secret key.
  *
  * This funtion is used to load OpenPGP keys into the GnuTLS credential structure.
- * It doesn't matter whether the keys are armored or but, but the files
+ * It doesn't matter whether the keys are armored or not, but the files
  * should only contain one key which should not be encrypted.
  **/
 int
@@ -695,7 +708,8 @@ gnutls_certificate_set_openpgp_key_mem (gnutls_certificate_credentials_t
   cdk_stream_close (inp);
 
   rc = _gnutls_openpgp_raw_privkey_to_gkey (&res->pkey[res->ncerts - 1],
-					    &raw);
+					    &raw,
+					    GNUTLS_OPENPGP_FMT_RAW);
   if (rc)
     {
       gnutls_assert ();
@@ -717,7 +731,7 @@ leave:
  * @keyfile: the file that contains the secret key.
  *
  * This funtion is used to load OpenPGP keys into the GnuTLS credentials structure.
- * It doesn't matter whether the keys are armored or but, but the files
+ * It doesn't matter whether the keys are armored or not, but the files
  * should only contain one key which should not be encrypted.
  **/
 int
diff --git a/libextra/openpgp/gnutls_openpgp.h b/libextra/openpgp/gnutls_openpgp.h
index a84b903981..4385a43fe3 100644
--- a/libextra/openpgp/gnutls_openpgp.h
+++ b/libextra/openpgp/gnutls_openpgp.h
@@ -66,7 +66,8 @@ int _gnutls_openpgp_raw_key_to_gcert (gnutls_cert * cert,
 
 int
 _gnutls_openpgp_raw_privkey_to_gkey (gnutls_privkey * pkey,
-				     const gnutls_datum_t * raw_key);
+				     const gnutls_datum_t * raw_key,
+				     gnutls_openpgp_key_fmt_t format);
 
 int
 _gnutls_openpgp_request_key (gnutls_session_t,
diff --git a/libextra/openpgp/privkey.c b/libextra/openpgp/privkey.c
index e9a9f10af3..2ba49df140 100644
--- a/libextra/openpgp/privkey.c
+++ b/libextra/openpgp/privkey.c
@@ -94,7 +94,8 @@ gnutls_openpgp_privkey_import (gnutls_openpgp_privkey_t key,
 {
   int rc;
 
-  rc = _gnutls_openpgp_raw_privkey_to_gkey (&key->pkey, data);
+  rc = _gnutls_openpgp_raw_privkey_to_gkey (&key->pkey, data,
+					    format);
   if (rc)
     {
       gnutls_assert ();