Viktor TARASOV: > Aktiv Co. Aleksey Samsonov wrote: >> Viktor TARASOV: >>> Hi, >> Hi
Hi, >>> Nevertheless, IMHO, it would be nice, for the cryptographic objects (and >>> maybe for the others) >>> to have the possibility of some unique ID calculated from the object >>> itself, as it was discussed in thread: >>> 'CKA_ID and pkcs15 ID' 05.09.2005 13:34 . >>> >>> The idea is to have a choice of method to calculate the ID: >>> - SHA1 of the modulus (Mozilla style), >>> - SHA1 of public key (recommended by RFC2459) >>> - or the actual one byte ID (default). >>> Then use some additional profile option to indicate the method to be >>> used. >>> >>> >>> Any objection if I implement it? >> I think, this is a true idea. > > It's commited ... Thanks, but some remarks: Potencial memory leaks (see /* */): 1) sc_pkcs15_pubkey_from_prvkey: 579: pubkey = (struct sc_pkcs15_pubkey *) calloc(1, sizeof(struct sc_pkcs15_pubkey)); ... 584: switch (prvkey->algorithm) { ... 595: and 616: arr[ii].dst->data = malloc(arr[ii].src->len); if (!arr[ii].dst->data) return SC_ERROR_OUT_OF_MEMORY; /* free(arr[XX].dst->data); free(pubkey) */ ... 627: default: sc_error(ctx, "Unsupported private key algorithm"); return SC_ERROR_NOT_SUPPORTED; /* free(pubkey) */ ... 2) sc_pkcs15_pubkey_from_cert: 615: pubkey = (struct sc_pkcs15_pubkey *) calloc(1, sizeof(struct sc_pkcs15_pubkey)); ... 658: SC_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "BIO new memory buffer error"); /* free(pubkey) */ ... 662: SC_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "X509 parse error"); /* BIO_free(mem); free(pubkey) */ ... 666: SC_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "Get public key error"); /* (if (pkey) free(EVP_PKEY_free(pkey);); X509_free(x); BIO_free(mem); free(pubkey) */ ... 669: pubkey->u.rsa.modulus.data = malloc(pubkey->u.rsa.modulus.len); pubkey->u.rsa.exponent.len = BN_num_bytes(pkey->pkey.rsa->e); pubkey->u.rsa.exponent.data = malloc(pubkey->u.rsa.exponent.len); if (!pubkey->u.rsa.modulus.data || !pubkey->u.rsa.exponent.data) SC_TEST_RET(ctx, SC_ERROR_OUT_OF_MEMORY, "Cannot allocate key components"); /* free(pubkey->u.rsa.modulus.data); free(pubkey->u.rsa.exponent.data); ;EVP_PKEY_free(pkey); X509_free(x); BIO_free(mem); free(pubkey) */ if (BN_bn2bin(pkey->pkey.rsa->n, pubkey->u.rsa.modulus.data) != pubkey->u.rsa.modulus.len) SC_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "BN to BIN conversion error"); /* !!! */ if (BN_bn2bin(pkey->pkey.rsa->e, pubkey->u.rsa.exponent.data) != pubkey->u.rsa.exponent.len) SC_TEST_RET(ctx, SC_ERROR_INVALID_DATA, "BN to BIN conversion error"); /* !!! */ Also (style, mix tab/space character): src/pkcs15init/pkcs15-lib.c:1397 src/pkcs15init/pkcs15-lib.c:1477 src/pkcs15init/pkcs15-lib.c:1393 src/libopensc/pkcs15.h:491: struct sc_pkcs15_pubkey **__out__); src/libopensc/pkcs15-pubkey.c:655 and: pkcs15-pubkey.c: In function 'sc_pkcs15_pubkey_from_cert': pkcs15-pubkey.c:677: warning: comparison between signed and unsigned pkcs15-pubkey.c:679: warning: comparison between signed and unsigned _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel