[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl

[Salz, Rich]

> Uhmmmm...  the d2i functions are already both in one.  Are you saying they
> should be split in two, one part that does all the checking and the other that
> just decodes, trusting that all checks are already done?  What you're gonna
> do there is double part of the work.

Well, not double, but first do the cascade then return an indicator of which specific one worked.  Then the application can call a routine to again do the decode.

If it bothers you, return the size as an output parameter.  That fits with our i2d model.
 
> But, what I get from you is "what if a octet stream matches two different
> ASN.1 types?  Is that it?

Yes among others.  How do you know it will *never* happen?