On 10/6/2010 9:15 PM, Andre Zepezauer wrote: > On Wed, 2010-10-06 at 23:12 +0300, Martin Paljak wrote: >> Hello, >> >> On Oct 6, 2010, at 7:10 PM, Douglas E. Engert wrote: >>> PROPOSAL: >>> >>> I would like to do the following to cleanup some of the duplication: >>> >>> Replace sc_pkcs15_pubkey_from_cert with non OpenSSL code, that would >>> use the sc_asn1_decode_algorithm_id, and other code from parse_x509_cert >>> to get the algorithm, its parameter, and the pubkey. >> OK. This helps with reducing OpenSSL dependancies and reduce duplicated >> functionality. > > Attached is some prototyping stuff related to x509 parsing. Maybe it > could be helpful. Execute the following command to get the required > attributes from a certificate: > > cat cert.der | tools/cert-tool
Yes that looks good, but is has to be in the libopensc to support PKCS#11, and need to replace sc_pkcs15_pubkey_from_cert, and be used by parse_x509_cert. The parse_x509_cert actually get the algorithm and its parameters, but does not save the parameters, as there is a lot of missing code to copy the parameters as retrieved in pkcs15-algo.c and reformated into the union in sc_pkcs15_pubkey. The pkcs15-algo.c already knows how to parse parameters for algorithms, it just did not know how to do EC. The pkcs15-cert.c parse_x509_cert would get the parameters but not save then in the sc_pkcs15_pubkey. The sc_pkcs15_pubkey_from_cert could call parse_x590_cert, and retried only the sc_pkcs15_pubkey. I have this mostly working, and the proposal I had was to cleanup some of the code which would also mean changes in other routines where the sc_pkcs15_cert now has a pointer to an sc_algorithm_id and a pointer to a sc_pkcs15_pubkey. -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
