Re: [PATCH v11 08/32] crypto/x509-utils: Add helper functions for DIAG 320 subcode 2

Fri, 22 May 2026 13:31:14 -0700 

On 5/5/26 16:18, Zhuoying Cai wrote:
> Introduce new helper functions to extract certificate metadata:

Just a few typos.

> +int qcrypto_x509_get_cert_key_id(uint8_t *cert, size_t size,
> +                                 QCryptoHashAlgo hash_alg,
> +                                 uint8_t **result,
> +                                 size_t *resultlen,
> +                                 Error **errp)
> +{
> +    int rc;
> +    int ret = -1;
> +    gnutls_x509_crt_t crt;
> +    gnutls_datum_t datum = {.data = cert, .size = size};
> +
> +    if (hash_alg >= G_N_ELEMENTS(qcrypto_to_gnutls_hash_alg_map)) {
> +        error_setg(errp, "Unknown hash algorithm %d", hash_alg);
> +        return ret;
> +    }
> +
> +    if (hash_alg >= G_N_ELEMENTS(qcrypto_to_gnutls_keyid_flags_map) ||
> +        qcrypto_to_gnutls_keyid_flags_map[hash_alg] == -1) {
> +        error_setg(errp, "Unsupported key id flag %d", hash_alg);
> +        return ret;
> +    }
> +
> +    rc = gnutls_x509_crt_init(&crt);
> +    if (rc < 0) {
> +        error_setg(errp, "Failed to initialize certificate: %s", 
> gnutls_strerror(rc));
> +        return ret;
> +    }
> +
> +    rc = gnutls_x509_crt_import(crt, &datum, GNUTLS_X509_FMT_PEM);
> +    if (rc != 0) {
> +        error_setg(errp, "Failed to import certificate: %s", 
> gnutls_strerror(rc));
> +        goto cleanup;
> +    }
> +
> +    *resultlen = 
> gnutls_hash_get_len(qcrypto_to_gnutls_hash_alg_map[hash_alg]);
> +    if (*resultlen == 0) {
> +        error_setg(errp, "Failed to get hash algorithn length: %s", 
> gnutls_strerror(rc));

s/algorithn/algorithm

> +        goto cleanup;
> +    }
> +

[...]

> +/**
> + * qcrypto_x509_check_cert_times
> + * @cert: pointer to the raw certificate data
> + * @size: size of the certificate
> + * @errp: error pointer
> + *
> + * Check whether the activation and expiration times of @cert
> + * are valid at the current time.
> + *
> + * Returns: 0 if the certificate times are valid,
> + *         -1 on error.
> + */
> +int qcrypto_x509_check_cert_times(uint8_t *cert, size_t size, Error **errp);
> +
> +/**
> + * qcrypto_x509_get_cert_key_id
> + * @cert: pointer to the raw certificate data
> + * @size: size of the certificate
> + * @hash_alg: the hash algorithm flag
> + * @result: output location for the allocated buffer for key ID
> + *          (the function allocates memory which must be freed by the caller)
> + * @resultlen: pointer to the size of the buffer
> + *             (will be updated with the actual size of key id)
> + * @errp: error pointer
> + *
> + * Retrieve the key ID from the @cert based on the specified @flag.

s/@flag/@hash_alg ?


-- 
Regards,
  Collin

Reply via email to