Hello, On Oct 6, 2010, at 7:10 PM, Douglas E. Engert wrote: > PROPOSAL: > > I would like to do the following to cleanup some of the duplication: > > Replace sc_pkcs15_pubkey_from_cert with non OpenSSL code, that would > use the sc_asn1_decode_algorithm_id, and other code from parse_x509_cert > to get the algorithm, its parameter, and the pubkey. OK. This helps with reducing OpenSSL dependancies and reduce duplicated functionality. OpenSC should not implement any pubkey methods itself, so having OpenSSL objects does not make much sense and parsing ASN.1 directly is sufficient.
> parse_x509_cert would call sc_pkcs15_pubkey_from_cert. > > The sc_pubkey would contain an sc_algorithm_id (or a pointer to one.) > > The sc_pkcs15_pubkey_rsa would not change, but the > sc_pkcs15_pubkey_dsa would change, as the DSA parameters are now > in the sc_algorithm_id parameters. I don't have a card to verify, but is there any hope currently that a pre-initialized card with a DSA key could actually work? pkcs15-init sure does not support creating DSA keys, so I doubt anything else works as well, skimming through the rest of the code leaves the same impression. So I would not say it would be improving/changing DSA related code, it would be implementing DSA support. Thus anything goes. > The processing of the goostr3410 looks like it not completed, > as the algorithm parameters where never copied to the > sc_pkcs15_pubkey_gostr3410. So very little would need to change. > as the parameters would be in the sc_algrithm_id that is part > of the sc_pubkey. > > The sc_pkcs15_cert rather then having a sc_pkcs15_pubkey, would > have a pointer to one. > > > Using pointers rather then embedding the algorithm and pubkey in > other structure would allow one to parts a certificate, and copy > the pubkey pointer then free the certificate. Makes sense. I hoped to prepare the release candidates for 0.11.14/0.12.0 but as my office internet connection got screwed I need to wait for the ISP guy to come and fix/replace the dsl router so that non-http download and any kind of upload traffic would actually survive more than a few packets :/ I gave up trying to upload anything. That would make sense for 0.12.1 if that feels like a reasonable target. -- @MartinPaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel