Hello,

On Oct 6, 2010, at 7:10 PM, Douglas E. Engert wrote:
> PROPOSAL:
> 
> I would like to do the following to cleanup some of the duplication:
> 
> Replace sc_pkcs15_pubkey_from_cert with non OpenSSL code, that would
> use the sc_asn1_decode_algorithm_id, and other code from parse_x509_cert
> to get the algorithm, its parameter, and the pubkey.
OK. This helps with reducing OpenSSL dependancies and reduce duplicated 
functionality. 
OpenSC should not implement any pubkey methods itself, so having OpenSSL 
objects does not make much sense and parsing ASN.1 directly is sufficient.


> parse_x509_cert would call sc_pkcs15_pubkey_from_cert.
> 
> The sc_pubkey would contain an sc_algorithm_id (or a pointer to one.)
> 
> The sc_pkcs15_pubkey_rsa would not change, but the
> sc_pkcs15_pubkey_dsa would change, as the DSA parameters are now
> in the sc_algorithm_id parameters.
I don't have a card to verify, but is there any hope currently that a 
pre-initialized card with a DSA key could actually work?
pkcs15-init sure does not support creating DSA keys, so I doubt anything else 
works as well, skimming through the rest of the code leaves the same impression.

So I would not say it would be improving/changing DSA related code, it would be 
implementing DSA support. Thus anything goes.


> The processing of the goostr3410 looks like it not completed,
> as the algorithm parameters where never copied to the
> sc_pkcs15_pubkey_gostr3410. So very little would need to change.
> as the parameters would be in the sc_algrithm_id that is part
> of  the sc_pubkey.
> 
> The sc_pkcs15_cert rather then having a sc_pkcs15_pubkey, would
> have a pointer to one.
> 
> 
> Using pointers rather then embedding the algorithm and pubkey in
> other structure would allow one to parts a certificate, and copy
> the pubkey pointer then free the certificate.
Makes sense.

I hoped to prepare the release candidates for 0.11.14/0.12.0 but as my office 
internet connection got screwed I need to wait for the ISP guy to come and 
fix/replace the dsl router so that non-http download and any kind of upload 
traffic would actually survive more than a few packets :/ I gave up trying to 
upload anything. That would make sense for 0.12.1 if that feels like a 
reasonable target.


-- 
@MartinPaljak.net
+3725156495

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to