Re: [opensc-devel] ID of cryptographic objects

[Aktiv Co. Aleksey Samsonov]

Viktor TARASOV:
> Aktiv Co. Aleksey Samsonov wrote:
>> Viktor TARASOV:
>>> Hi,
>> Hi

Hi,

>>> Nevertheless, IMHO, it would be nice, for the cryptographic objects (and
>>> maybe for the others)
>>> to have the possibility of some unique ID calculated from the object
>>> itself, as it was discussed in thread:
>>> 'CKA_ID and pkcs15 ID' 05.09.2005 13:34 .
>>>
>>> The idea is to have a choice of method to calculate the ID:
>>> - SHA1 of the modulus (Mozilla style),
>>> - SHA1 of public key (recommended by RFC2459)
>>> - or the actual one byte ID (default).
>>> Then use some additional profile option to indicate the method to be
>>> used.
>>>
>>>
>>> Any objection if I implement it?
>> I think, this is a true idea.
> 
> It's commited ...


Thanks, but some remarks:

Potencial memory leaks (see /* */):

1) sc_pkcs15_pubkey_from_prvkey:

579:        pubkey = (struct sc_pkcs15_pubkey *) calloc(1, sizeof(struct 
sc_pkcs15_pubkey));
...
584:        switch (prvkey->algorithm) {
...
595: and 616:        arr[ii].dst->data = malloc(arr[ii].src->len);
                      if (!arr[ii].dst->data)
                              return SC_ERROR_OUT_OF_MEMORY; /* 
free(arr[XX].dst->data); free(pubkey) */
...
627:        default:
                     sc_error(ctx, "Unsupported private key algorithm");
                     return SC_ERROR_NOT_SUPPORTED; /* free(pubkey) */
...

2) sc_pkcs15_pubkey_from_cert:

615:        pubkey = (struct sc_pkcs15_pubkey *) calloc(1, sizeof(struct 
sc_pkcs15_pubkey));

...
658:        SC_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "BIO new memory 
buffer error"); /* free(pubkey) */
...
662:        SC_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "X509 parse error"); 
/* BIO_free(mem); free(pubkey) */
...
666:        SC_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Get public key 
error"); /* (if (pkey) free(EVP_PKEY_free(pkey);); X509_free(x); 
BIO_free(mem); free(pubkey) */

...
669:        pubkey->u.rsa.modulus.data = malloc(pubkey->u.rsa.modulus.len);

             pubkey->u.rsa.exponent.len = BN_num_bytes(pkey->pkey.rsa->e);
             pubkey->u.rsa.exponent.data = 
malloc(pubkey->u.rsa.exponent.len);

             if (!pubkey->u.rsa.modulus.data || 
!pubkey->u.rsa.exponent.data)
                     SC_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot 
allocate key components"); /* free(pubkey->u.rsa.modulus.data); 
free(pubkey->u.rsa.exponent.data);  ;EVP_PKEY_free(pkey); X509_free(x); 
BIO_free(mem); free(pubkey) */

             if (BN_bn2bin(pkey->pkey.rsa->n, 
pubkey->u.rsa.modulus.data) != pubkey->u.rsa.modulus.len)
                     SC_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "BN to BIN 
conversion error"); /* !!! */
             if (BN_bn2bin(pkey->pkey.rsa->e, 
pubkey->u.rsa.exponent.data) != pubkey->u.rsa.exponent.len)
                     SC_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "BN to BIN 
conversion error"); /* !!! */


Also (style, mix tab/space character):
src/pkcs15init/pkcs15-lib.c:1397
src/pkcs15init/pkcs15-lib.c:1477
src/pkcs15init/pkcs15-lib.c:1393
src/libopensc/pkcs15.h:491:         struct sc_pkcs15_pubkey **__out__);
src/libopensc/pkcs15-pubkey.c:655

and:
pkcs15-pubkey.c: In function 'sc_pkcs15_pubkey_from_cert':
pkcs15-pubkey.c:677: warning: comparison between signed and unsigned
pkcs15-pubkey.c:679: warning: comparison between signed and unsigned

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel