[PATCH] Provide a gnutls_x509_crt_verify_hash
Simon Josefsson
simon at josefsson.org
Fri Apr 17 11:20:57 CEST 2009
Simon Josefsson <simon at josefsson.org> writes:
> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
>
>> Cedric BAIL wrote:
>>> Hi,
>>>
>>> I am currently using gnutls_x509_crt_verify_data to check the
>>> signature of a file generated with a GNUTLS_DIG_SHA1. After that I
>>> compare the SHA1 of the file in a database. So with the current API I
>>> wasn't able to find a way to do SHA1 computation only one time.
>>> I finally decided to implement gnutls_x509_crt_get_hash_algorithm
>>> and gnutls_x509_crt_verify_hash for this usecase on top of
>>> gnutls-2.7.6. So as I would like to solve this case in mainline, I
>>> would appreciate any comment to work on this goal.
>>
>> I like it. I have only renamed gnutls_x509_crt_get_hash_algorithm() to
>> gnutls_x509_crt_get_sig_algorithm().
>
> The function 'gnutls_x509_crt_get_signature_algorithm' already exist,
> isn't that new name confusing? How about
> gnutls_x509_crt_get_verify_algorithm instead? That would be more
> consistent with the internal naming (e.g.,
> gnutls_x509_verify_algorithm).
>
> Btw, there is some problem in the code:
>
> verify.c: In function '_pkcs1_rsa_verify_sig':
> verify.c:667: error: assignment from incompatible pointer type
The code seems broken, this assignment:
cmp = &md;
should clearly be
cmp = md;
Do you have any self-test code that exercise this code path?
There is another problem too:
x509.c:2330: error: passing argument 1 of '_gnutls_x509_verify_algorithm' from incompatible pointer type
/Simon
More information about the Gnutls-devel
mailing list