Re: [PATCH] Generalized infrastructure for public key algorithms

Tue, 16 Nov 2004 02:17:56 -0800 

Hi Victor,

some first short notes:

Victor B. Wagner wrote:
...

--- /home/vitus/src/openssl-SNAP-20041105.orig/apps/req.c       2004-11-09 
12:35:42.000000000 +0300
+++ apps/req.c  2004-11-15 14:24:36.000000000 +0300
@@ -167,9 +167,10 @@
... 
                else if (strcmp(*argv,"-new") == 0)
                        {
+                               as=EVP_get_asymmetricbynid(NID_rsaEncryption);
+                               if (!as) {
+                                       BIO_printf(bio_err,"RSA algorithm is not 
supported by this version of OpenSSL\n");
+                                       goto end;
+                               }
+                               pkey = EVP_PKEY_new();
                        newreq=1;
+                       
                        }


why ? in case I want to create a new cert request for a dsa key I don't
need rsa support.

... 
--- /home/vitus/src/openssl-SNAP-20041105.orig/crypto/asn1/x_pubkey.c   
2004-11-09 12:35:42.000000000 +0300
+++ crypto/asn1/x_pubkey.c      2004-11-15 16:08:06.000000000 +0300
... 
-#endif
-       else if (1)
-               {
-               X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
-               goto err;
+       if (pkey->save_parameters && as->i2d_algor_params) {
+               as->i2d_algor_params(pkey,a->parameter);
+       } else {
+               a->parameter->type=V_ASN1_NULL;
                }


this might be a problem if the parameters must be omitted for
some future algorithm

...
--- /home/vitus/src/openssl-SNAP-20041105.orig/crypto/evp/evp.h 2004-11-09 12:35:42.000000000 +0300
+++ crypto/evp/evp.h 2004-11-15 15:29:22.000000000 +0300
@@ -385,6 +385,47 @@
int expect_nl;
} EVP_ENCODE_CTX;
+typedef struct evp_asymmetric_st + {
+ int nid; //NID of 

please don't use c++ style comments

... 
--- /home/vitus/src/openssl-SNAP-20041105.orig/crypto/evp/c_alla.c      
1970-01-01 03:00:00.000000000 +0300
+++ crypto/evp/c_alla.c 2004-11-15 15:42:13.000000000 +0300
... 
+#ifndef OPENSSL_NO_EC
+
+static int d2i_EC_X509_pub_key(EVP_PKEY *key, const unsigned char *buf, long 
length) {
+       /* Moved from d2i_PublicKey */
+               if (!o2i_ECPublicKey(&(key->pkey.eckey),
+                                    &buf, length))


the name d2i_EC_X509_pubkey isn't appropriate for this function, as it
doesn't expect some DER encoded input (afaik d2i means 'DER to
internal') whereas o2i means 'octet to internal'.

Btw: wouldn't it be better (cleaner) to put these algorithm specific
functions in the corresponding directory (i.e. crypto(rsa etc.)

Cheers,
Nils
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to