[PATCH] Provide a gnutls_x509_crt_verify_hash

Thu Apr 23 15:20:40 CEST 2009

Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

> Simon Josefsson wrote:
>> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
>> 
>>> Cedric BAIL wrote:
>>>
>>>> Hum, I don't have a simple test case, but I already did commit some
>>>> code in eet that use it, look around line 554 at :
>>>> http://trac.enlightenment.org/e/browser/trunk/eet/src/lib/eet_cipher.c
>>> I've added a simple test case at:
>>> http://git.savannah.gnu.org/cgit/gnutls.git/tree/tests/x509sign-verify.c
>> 
>> Thanks, I made some minor cleanups.  Still, there seems to be memory
>> leaks in the new API?  See valgrind output below.
>
> Indeed there was a memory leak in _gnutls_x509_verify_algorithm(). I
> fixed it at:
> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=1f6b42660f6aae92fae2e7de5662f4ada2aabce2

I added code to test DSA keys as well, and there seems to be some memory
leak there too, see below.

/Simon

==17240== 20 bytes in 1 blocks are indirectly lost in loss record 1 of 7
==17240==    at 0x402601E: malloc (vg_replace_malloc.c:207)
==17240==    by 0x411A3CF: _gcry_private_malloc (stdmem.c:108)
==17240==    by 0x411651F: do_malloc (global.c:737)
==17240==    by 0x411674C: _gcry_malloc (global.c:759)
==17240==    by 0x411677F: _gcry_xmalloc (global.c:903)
==17240==    by 0x4166257: _gcry_mpi_alloc_limb_space (mpiutil.c:91)
==17240==    by 0x4166330: _gcry_mpi_alloc (mpiutil.c:53)
==17240==    by 0x416393E: _gcry_mpi_scan (mpicoder.c:422)
==17240==    by 0x4115208: gcry_mpi_scan (visibility.c:299)
==17240==    by 0x4066954: wrap_gcry_mpi_scan (mpi-libgcrypt.c:58)
==17240==    by 0x405154F: _gnutls_mpi_scan (gnutls_mpi.c:132)
==17240==    by 0x40515DF: _gnutls_mpi_scan_nz (gnutls_mpi.c:150)
==17240==    by 0x4065705: _wrap_gcry_pk_verify (pk-libgcrypt.c:421)
==17240==    by 0x4051F35: _gnutls_dsa_verify (gnutls_pk.c:512)
==17240==    by 0x4093147: verify_sig (verify.c:712)
==17240==    by 0x4093550: _gnutls_x509_verify_signature (verify.c:852)
==17240==    by 0x4095A96: gnutls_x509_crt_verify_hash (x509.c:2398)
==17240==    by 0x8048B04: doit (x509sign-verify.c:181)
==17240==    by 0x8048CB4: main (utils.c:148)
==17240== 
==17240== 
==17240== 40 (20 direct, 20 indirect) bytes in 1 blocks are definitely lost in loss record 2 of 7
==17240==    at 0x402601E: malloc (vg_replace_malloc.c:207)
==17240==    by 0x411A3CF: _gcry_private_malloc (stdmem.c:108)
==17240==    by 0x411651F: do_malloc (global.c:737)
==17240==    by 0x411674C: _gcry_malloc (global.c:759)
==17240==    by 0x411677F: _gcry_xmalloc (global.c:903)
==17240==    by 0x4166318: _gcry_mpi_alloc (mpiutil.c:52)
==17240==    by 0x416393E: _gcry_mpi_scan (mpicoder.c:422)
==17240==    by 0x4115208: gcry_mpi_scan (visibility.c:299)
==17240==    by 0x4066954: wrap_gcry_mpi_scan (mpi-libgcrypt.c:58)
==17240==    by 0x405154F: _gnutls_mpi_scan (gnutls_mpi.c:132)
==17240==    by 0x40515DF: _gnutls_mpi_scan_nz (gnutls_mpi.c:150)
==17240==    by 0x4065705: _wrap_gcry_pk_verify (pk-libgcrypt.c:421)
==17240==    by 0x4051F35: _gnutls_dsa_verify (gnutls_pk.c:512)
==17240==    by 0x4093147: verify_sig (verify.c:712)
==17240==    by 0x4093550: _gnutls_x509_verify_signature (verify.c:852)
==17240==    by 0x4095A96: gnutls_x509_crt_verify_hash (x509.c:2398)
==17240==    by 0x8048B04: doit (x509sign-verify.c:181)
==17240==    by 0x8048CB4: main (utils.c:148)