Victor B. Wagner wrote: ...
2. To implement a lookup table for asymmetric algorithms
When EVP_PKEY structure is created, the following parameters should be determined from the algorithm identifier:
a) A type of algorithm specific structure which should be used for holding algorithm specific information (the pkey field in EVP_PKEY structure). The type of structure actually pointed at by this field (which is a union) is determined by the value of the type field containing one of the constants defined in the crypto/evp/evp.h, while the save_type field contains the actual identifier (NID) of the algorithm.
b) A method which should be stored in the method field of DSA or RSA structure. There are additional problems concerning the ec_key_st structure which doesn't contain the method field and which is the same for two algorithm types - ECDSA and ECDH. These problems need further investigation.
the fact that EC_KEY doesn't contain a method pointer is intentional as the EC_KEY structure is/should be (ec) method indepent. Method depend information should be stored in the derived objects (i.e ECDSA_DATA and ECDH_DATA).
...
3. To generalize the table of elliptic curves.
In the current version of OpenSSL a set of the supported elliptic curve parameters is hardcoded in crypto/ec/ec_curve.c
We propose to use the lhash table to handle elliptic curve parameters.
I would prefer I linked list instead of lhash
That would allow engines to add new elliptic curves with their names and OIDs similar to the table of asymmetric algorithms described above. This is necessary because national cryptographic algorithms typically use their own curves.
what parameter do the GOST signatures curve have ? (I guess there's no non-russian description of this alg)
...
5. To associate a particular message digest with a digital signature
algorithm
Also, some asymmetric algorithms require a particular message digest to be used when signing the (self-signed) certificate request. This digest type is required by the established standards and should override the one specified in the command line.
don't know if it's good override a command line option but at least it should be the default digest alg
For DSA it is dss1, for the GOST signature algorithms it is the GOST message
digest and so on.
This can be handled also by adding one more field for a message digest identifier to the EVP_ASYMMETRIC structure.
this isn't really sufficient, better would something like STACK_OF(digest id) as, for example, the next x9.62 (ecdsa) standard will allow to restrict the use of a public key to a set of digests.
...
7. Provide callbacks for packing and unpacking the public keys.
8. Provide callbacks for packing and unpacking of a signature objects
Cheers, Nils ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
