Is OSSL_DECODER function set only for encoding/decoding keys?

Afshin Pir Afshin.Pir at gallagher.com
Thu Apr 20 21:42:37 UTC 2023


Hi,

Thanks a lot for the info.
OSSL_STORE API seems great, just a quick question about it:
1- Is different encoding of objects (like DER vs PEM) handled internally in these APIs?
2- Is there any benefit for using DECODER API vs STORE API when reading EVP_PKEY type?

Best Regards,
Afshin

-----Original Message-----
From: Tomas Mraz <tomas at openssl.org>
Sent: Thursday, 20 April 2023 8:18 pm
To: Afshin Pir <Afshin.Pir at gallagher.com>; openssl-users at openssl.org
Subject: Re: Is OSSL_DECODER function set only for encoding/decoding keys?

Hi,

yes, although the API is generic and in future can support more object types than EVP_PKEYs, currently the OSSL_DECODER functions are really useful only for decoding EVP_PKEYs. The PEM_read_bio_X509 works fine for X509 objects.

If you want something more generic then you can use the OSSL_STORE API.
See the load_key_certs_crls() function in apps/lib/apps.c for an example on how to use it. This allows loading various object types with single API and it also allows for loading object from different stores provided by third party providers.

Tomas Mraz, OpenSSL

On Thu, 2023-04-20 at 03:31 +0000, Afshin Pir wrote:
> Hi,
>
> I wonder if OSSL_DECODER functions are only for encoding/decoding
> keys, or they have more general purpose.
> For example, I cannot find a function from this set to decode a pem
> encoded certificate to a X509 structure and it seems that I still need
> to use PEM_read_bio_X509 to do that.
>
> Any idea?
>
> Best Regards,
> Afshin
> This email is confidential and may contain information subject to
> legal privilege. If you are not the intended recipient please advise
> us of our error by return e-mail then delete this email and any
> attached files. You may not copy, disclose or use the contents in any
> way. The views expressed in this email may not be those of Gallagher
> Group Ltd or subsidiary companies thereof.

--
Tomáš Mráz, OpenSSL
________________________________
 This email is confidential and may contain information subject to legal privilege. If you are not the intended recipient please advise us of our error by return e-mail then delete this email and any attached files. You may not copy, disclose or use the contents in any way. The views expressed in this email may not be those of Gallagher Group Ltd or subsidiary companies thereof.
________________________________


More information about the openssl-users mailing list