[gnutls-devel] Guile-GnuTLS | gnutls-sign-algorithm-enum is missing a lot of values (#31)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Fri Feb 28 15:31:08 CET 2025
Dariqq created an issue: https://gitlab.com/gnutls/guile/-/issues/31
Hello,
I am trying to manually verify a certificates signature.
When I try to get the algorithm with `(x509-certificate-signature-algorithm cert)` i get `#f`.
Using
```sh
openssl x509 -in cert.pem --text | grep 'Signature Algorithm'
Signature Algorithm: ecdsa-with-SHA256
```
however it seems that the algorithm is `ecdsa-with-SHA256` which i guess should map to `GNUTLS_SIGN_ECDSA_SHA256` of `gnutls_sign_algorithm_t`.
Investigating more deeply I noticed many #f entries in the list of sign algorithms:
here is the output of `(sign-algorithm-list)`
It seems many elements are nowhere to be found.
```
,pp (sign-algorithm-list)
$3 = (#<gnutls-sign-algorithm-enum RSA-SHA256>
#<gnutls-sign-algorithm-enum RSA-SHA384>
#<gnutls-sign-algorithm-enum RSA-SHA512>
#<gnutls-sign-algorithm-enum RSA-PSS-SHA256>
#<gnutls-sign-algorithm-enum RSA-PSS-RSAE-SHA256>
#<gnutls-sign-algorithm-enum RSA-PSS-SHA384>
#<gnutls-sign-algorithm-enum RSA-PSS-RSAE-SHA384>
#<gnutls-sign-algorithm-enum RSA-PSS-SHA512>
#<gnutls-sign-algorithm-enum RSA-PSS-RSAE-SHA512>
#<gnutls-sign-algorithm-enum EdDSA-Ed25519>
#<gnutls-sign-algorithm-enum EdDSA-Ed448>
#f
#f
#f
#<gnutls-sign-algorithm-enum ECDSA-SECP256R1-SHA256>
#<gnutls-sign-algorithm-enum ECDSA-SECP384R1-SHA384>
#<gnutls-sign-algorithm-enum ECDSA-SECP521R1-SHA512>
#f
#f
#f
#f
#f
#f
#f
#f
#f
#f
#f
#f
#f
#<gnutls-sign-algorithm-enum RSA-SHA1>
#<gnutls-sign-algorithm-enum RSA-SHA1>
#f
#<gnutls-sign-algorithm-enum RSA-RMD160>
#<gnutls-sign-algorithm-enum DSA-SHA1>
#<gnutls-sign-algorithm-enum DSA-SHA1>
#f
#f
#<gnutls-sign-algorithm-enum RSA-MD5>
#<gnutls-sign-algorithm-enum RSA-MD5>
#<gnutls-sign-algorithm-enum RSA-MD2>
#f
#f
#f
#f
#f
#f
#f)
```
The length almost matches the enum in gnutls.h only GNUTLS_SIGN_UNKNOWN is missing. Doing anything with `sign-algorithm/unknown` segfaults guile.
I havent checked the other enums in gnutls/gnutls.h but it could be possible that others may be incomplete as well.
Version: guile-gnutls 4.0.0
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/guile/-/issues/31
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250228/8a5799c8/attachment-0001.html>
More information about the Gnutls-devel
mailing list