[PATCH] Provide a gnutls_x509_crt_verify_hash

Cedric BAIL moa.bluebugs at gmail.com
Fri Apr 17 12:02:57 CEST 2009


On Fri, Apr 17, 2009 at 11:20 AM, Simon Josefsson <simon at josefsson.org> wrote:
> Simon Josefsson <simon at josefsson.org> writes:
>> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
>>> Cedric BAIL wrote:
>>>> Hi,
>>>>
>>>>    I am currently using gnutls_x509_crt_verify_data to check the
>>>> signature of a file generated with a GNUTLS_DIG_SHA1. After that I
>>>> compare the SHA1 of the file in a database. So with the current API I
>>>> wasn't able to find a way to do SHA1 computation only one time.
>>>>    I finally decided to implement gnutls_x509_crt_get_hash_algorithm
>>>> and gnutls_x509_crt_verify_hash for this usecase on top of
>>>> gnutls-2.7.6. So as I would like to solve this case in mainline, I
>>>> would appreciate any comment to work on this goal.
>>>
>>> I like it. I have only renamed gnutls_x509_crt_get_hash_algorithm() to
>>> gnutls_x509_crt_get_sig_algorithm().
>>
>> The function 'gnutls_x509_crt_get_signature_algorithm' already exist,
>> isn't that new name confusing?  How about
>> gnutls_x509_crt_get_verify_algorithm instead?  That would be more
>> consistent with the internal naming (e.g.,
>> gnutls_x509_verify_algorithm).
>>
>> Btw, there is some problem in the code:
>>
>> verify.c: In function '_pkcs1_rsa_verify_sig':
>> verify.c:667: error: assignment from incompatible pointer type
>
> The code seems broken, this assignment:
>
>       cmp = &md;
>
> should clearly be
>
>       cmp = md;

Sounds better. Sorry for the mistake.

> There is another problem too:
>
> x509.c:2330: error: passing argument 1 of '_gnutls_x509_verify_algorithm' from incompatible pointer type

As I did send the patch against 2.7.6, the first argument of
_gnutls_x509_verify_algorithm should be "gnutls_mac_algorithm_t
*hash". So it should not raise any warning.

-- 
Cedric BAIL





More information about the Gnutls-devel mailing list