[PATCH] Provide a gnutls_x509_crt_verify_hash

Simon Josefsson simon at josefsson.org
Fri Apr 17 11:20:57 CEST 2009


Simon Josefsson <simon at josefsson.org> writes:

> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
>
>> Cedric BAIL wrote:
>>> Hi,
>>> 
>>>    I am currently using gnutls_x509_crt_verify_data to check the
>>> signature of a file generated with a GNUTLS_DIG_SHA1. After that I
>>> compare the SHA1 of the file in a database. So with the current API I
>>> wasn't able to find a way to do SHA1 computation only one time.
>>>    I finally decided to implement gnutls_x509_crt_get_hash_algorithm
>>> and gnutls_x509_crt_verify_hash for this usecase on top of
>>> gnutls-2.7.6. So as I would like to solve this case in mainline, I
>>> would appreciate any comment to work on this goal.
>>
>> I like it. I have only renamed gnutls_x509_crt_get_hash_algorithm() to
>> gnutls_x509_crt_get_sig_algorithm().
>
> The function 'gnutls_x509_crt_get_signature_algorithm' already exist,
> isn't that new name confusing?  How about
> gnutls_x509_crt_get_verify_algorithm instead?  That would be more
> consistent with the internal naming (e.g.,
> gnutls_x509_verify_algorithm).
>
> Btw, there is some problem in the code:
>
> verify.c: In function '_pkcs1_rsa_verify_sig':
> verify.c:667: error: assignment from incompatible pointer type

The code seems broken, this assignment:

       cmp = &md;

should clearly be

       cmp = md;

Do you have any self-test code that exercise this code path?

There is another problem too:

x509.c:2330: error: passing argument 1 of '_gnutls_x509_verify_algorithm' from incompatible pointer type

/Simon





More information about the Gnutls-devel mailing list