On Thu, 2010-09-30 at 10:59 -0500, Douglas E. Engert wrote: > > On 9/30/2010 3:56 AM, Martin Paljak wrote: > > Hello, > > On Sep 27, 2010, at 11:58 PM, Douglas E. Engert wrote: > > > >> There has been a effort to be able to build OpenSC without the use > >> of OpenSSL. Yet there is newer code that keeps creeping in to the > >> trunk that requires OpenSSL. > > This has been discussed several times during past few years. There was the > > idea of keeping the core libopensc OpenSSL free, for various reasons. > > > > I believe one was size, i.e. someone wanted to use OpenSC on some phone or > PDA? > > > As the main function of OpenSC has turned out to be PKCS#11/crypto cards > > and libopensc is AFAIK not used for anything else, > > I'm not sure it is any longer relevant. Yes, OpenSSL support is not > > required by configure and probably OpenSC can be built without OpenSSL, but > > there > > is no nice list about what will break if you do it. > > Yes it does build and the PIC card works. Having spent the last few weeks > looking > at OpenSSL and EC it looks like all the software crypto code is only used for > initialization and thus not needed for end users. But SM could change that. > > The closest thing to a list is the pkcs11-tool -M, with the card of your > choice. > > So it might be a good idea for developers to test their cards without OpenSSL, > just to see if it is required or not. It may depend on the calling > application, > more then OpenSC, if the application depends on OpenSC supporting some hash or > verify function. But any good application should implement hash and verify > on its own.
This is correct and in accordance with paragraphs 6.1 6.2 and 6.3 of the PKCS#11 specification. Interestingly the attitude there is, that PKCS#11 is good for device access but is not a general purpose cryptographic library. Therefore the use of PKCS#11 within NSS may be good example of the intended use. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
