[gnutls-devel] Guile-GnuTLS | gnutls-sign-algorithm-enum is missing a lot of values (#31)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Feb 28 15:31:08 CET 2025



Dariqq created an issue: https://gitlab.com/gnutls/guile/-/issues/31



Hello,

I am trying to manually verify a certificates signature.

When I try to get the algorithm with `(x509-certificate-signature-algorithm cert)` i get  `#f`.

Using
```sh
openssl x509 -in cert.pem --text | grep 'Signature Algorithm'
    Signature Algorithm: ecdsa-with-SHA256

```
however it seems that the algorithm is `ecdsa-with-SHA256` which i guess should map to `GNUTLS_SIGN_ECDSA_SHA256` of `gnutls_sign_algorithm_t`.


Investigating more deeply I noticed many #f entries in the list of sign algorithms:

here is the output of `(sign-algorithm-list)`

It seems many elements are nowhere to be found.
```
,pp (sign-algorithm-list)
$3 = (#<gnutls-sign-algorithm-enum RSA-SHA256>
 #<gnutls-sign-algorithm-enum RSA-SHA384>
 #<gnutls-sign-algorithm-enum RSA-SHA512>
 #<gnutls-sign-algorithm-enum RSA-PSS-SHA256>
 #<gnutls-sign-algorithm-enum RSA-PSS-RSAE-SHA256>
 #<gnutls-sign-algorithm-enum RSA-PSS-SHA384>
 #<gnutls-sign-algorithm-enum RSA-PSS-RSAE-SHA384>
 #<gnutls-sign-algorithm-enum RSA-PSS-SHA512>
 #<gnutls-sign-algorithm-enum RSA-PSS-RSAE-SHA512>
 #<gnutls-sign-algorithm-enum EdDSA-Ed25519>
 #<gnutls-sign-algorithm-enum EdDSA-Ed448>
 #f
 #f
 #f
 #<gnutls-sign-algorithm-enum ECDSA-SECP256R1-SHA256>
 #<gnutls-sign-algorithm-enum ECDSA-SECP384R1-SHA384>
 #<gnutls-sign-algorithm-enum ECDSA-SECP521R1-SHA512>
 #f
 #f
 #f
 #f
 #f
 #f
 #f
 #f
 #f
 #f
 #f
 #f
 #f
 #<gnutls-sign-algorithm-enum RSA-SHA1>
 #<gnutls-sign-algorithm-enum RSA-SHA1>
 #f
 #<gnutls-sign-algorithm-enum RSA-RMD160>
 #<gnutls-sign-algorithm-enum DSA-SHA1>
 #<gnutls-sign-algorithm-enum DSA-SHA1>
 #f
 #f
 #<gnutls-sign-algorithm-enum RSA-MD5>
 #<gnutls-sign-algorithm-enum RSA-MD5>
 #<gnutls-sign-algorithm-enum RSA-MD2>
 #f
 #f
 #f
 #f
 #f
 #f
 #f)
```
The length almost matches the enum in gnutls.h only GNUTLS_SIGN_UNKNOWN is missing. Doing anything with `sign-algorithm/unknown` segfaults guile.


I havent checked the other enums in gnutls/gnutls.h but it could be possible that others may be incomplete as well.

Version: guile-gnutls 4.0.0

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/31
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250228/8a5799c8/attachment-0001.html>


More information about the Gnutls-devel mailing list