[openssl-dev] [RFC 0/2] Proposal for seamless handling of TPM based RSA keys in openssl
Salz, Rich
rsalz at akamai.com
Wed Nov 23 13:13:05 UTC 2016
> Uhmmmm... the d2i functions are already both in one. Are you saying they
> should be split in two, one part that does all the checking and the other that
> just decodes, trusting that all checks are already done? What you're gonna
> do there is double part of the work.
Well, not double, but first do the cascade then return an indicator of which specific one worked. Then the application can call a routine to again do the decode.
If it bothers you, return the size as an output parameter. That fits with our i2d model.
> But, what I get from you is "what if a octet stream matches two different
> ASN.1 types? Is that it?
Yes among others. How do you know it will *never* happen?
More information about the openssl-dev
mailing list