rob at codeweavers.com
Sun Jul 25 17:14:56 CDT 2004
Michael Jung wrote:
>as far as I can tell from looking at your patch, our work is pretty much non
RSABase isn't that big. It is hard to do much without overlapping.
>I worked on the following aspects:
>- Implementation of "real handles", instead of "address-handles".
This is useful. Address handles (pointers to objects in memory) have the
disadvantage that they can leak memory if the application can't be
bothered to free them, although this only really matters if the library
is unloaded (as if the process terminates, all memory will be freed
anyway) and can be just as easily accomplished with a separate heap.
Hmm, maybe it isn't so useful. Why did you go down this route?
>- Separating OpenSSL dependend code from CSP code. I consider
> this beneficial, since there seem to be some license issues
> with OpenSSL (at least for the ReactOS project - there was a short
> discussion on this on the wine-devel list). If the OpenSSL code is
> cleanly separated, it will be easier to support GNUTLS or something
I think this is just making the job harder. Yes, OpenSSL possible has
licensing issues, but that is for the OS. Is there anything stopping you
creating an OpenSSL layer on top of GNUTLS (or any other crypto
library), rather than going down this messy compatibility route?
>- Basically, my code doesn't do any crypto stuff at all until now
> (Besides some first lines of code for MD5 hashing). I tried to
> get the MSDN CryptoAPI examples to compile and run, which only
> acquire contexts, hash data, derive keys, query CSP params and so
> on, but which never verify the results. So my code is mainly skin
> (but elephant skin), no guts.
Yes, it is similar code to mine, except I used the EVP higher-level
routines as they offer a similar framework to CryptoAPI and it is really
no more work to add in new algorithms (except for a case statement in
one or two switch blocks).
>I've attached the current version of my patch.
>Do you have a certain application, which you want to get running?
Not really. I went down this route because I thought it would be needed
for a certain application, but it turned out that it didn't need it. I'd
still to finish the work and to get it incorporated into the Wine tree,
however. I can still use this application to test with though (it calls
ExitProcess if it doesn't verify correctly).
> Would it be
>ok for you if we proceed as follows: I will wait until you submit your patch
>(It would be nice if you could add some unit-tests that test for behaviour
>you depend on). After this you give me a week or two to incorporate my work.
Sure, that sounds good.
>Is there any area in rsabase, which you definitely will not implement in the
>near future and which I could work on until you submit your patch?
Well, pretty much everything that I was going to implement is in the
patch I sent you. The only additional functions I was going to implement
are RSA_CPSignHash and RSA_CPVerifySignature. However, if you want me to
implement some more I would be only too happy to do so having gained a
lot of familiarity with both CryptoAPI and the OpenSSL/Crypto library.
More information about the wine-devel