[xmlsec] Mscrypto IS patch

Wouter wsh at xs4all.nl
Sun Sep 21 13:52:35 PDT 2003


This patch fixes the following issues:

== Taken from README in src/mscrypto:

	Issuer/serial of certificates lookup and writing is now
	supported. The conversion from and to xml integer
	representation of the serial number has something odd (I
	think), the MS Cert serial must be word base swapped... Why??? 
	Certificate lookup is now extended:
	When the xmlsec application is started, with the config
	parameter the name of the (system) keystore can be given. That
	keystore will be used for certificate (=key) lookup.
	With the keyname now two types of values can be given:
	simple name (called friendly name with MS)
	full subject name (recommended) of the certificate that is

The key loading functions (app.c) now all have their load from Memory
counterpart, like OpenSSL has. Global interfaces for these funtions
aren't provided (yet).

Also I've fixed a few checks in the (new) xmlSecBinaryToHexString
function. This was needed to get the function work properly for me,
could special attention be given to this to see if I haven't changed the
function wrongly?

In mscrypto/bignum.h/c I've added routines that convert hex numbers to
decimal format and vice versa. I have to review these functions based
upon new info I received from a friend, however at the end there is a
possibility that perhaps they can be moved to buffer.c/h, if there is a
need for that.

This patch is created agains the XMLSEC_MSCRYPTO_083103 tree in CVS,
with the latest diffs from Aleksey's reviews. Which is great that he's
doing that! :) 
Unfortunately some things we're done in parallel by us, and also had I
already made big changes in exactly some of the files Aleksey just
reviewed.. So after quite some merging time tonight, I made this patch a
bit in a hurry to avoid more merging, and getting too much changes at
once. I'm afraid that therefore I haven't been able to follow all the
points Aleksey pointed out in the first review patch :( I'm sorry for
that, but I feel I better submit the code now.

Finally I did also take a look at the keyDuplicate function, and it
looks good, but I cannot garantuee this is the way to handle duplicating
of a cryptoprovider context when the flag fCallerFreeContext is set to
FALSE. Possibly somebody else does have a clue in this?

Wouter Ketting

-------------- next part --------------
A non-text attachment was scrubbed...
Name: mscrypto.patch.gz
Type: application/x-gzip
Size: 8611 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20030921/7b3a65c2/mscrypto.patch.bin

More information about the xmlsec mailing list