[openssl-users] get type of PEM data

Richard Levitte levitte at openssl.org
Thu Mar 29 08:08:24 UTC 2018

In message <1ce93d56-6fa4-1bae-d440-5ab843900e40 at jordan.maileater.net> on Wed, 28 Mar 2018 17:10:40 -0700, Jordan Brown <openssl at jordan.maileater.net> said:

openssl> Matt: Indeed, looks very promising. Now if only we were on
openssl> 1.1.1 :-(. I'm a little surprised that it doesn't read from a
openssl> BIO.

It's certainly possible to add such an API.  As a matter of fact, we
do have that internally, specifically for PEM files...  have a look in
1.1.1's crypto/include/internal/store_int.h.  That's not the initial
intention with the API, though...

Also, I can't quite shake the feeling that a BIO API would be a bit
shaky.  Internally, the file: scheme loader opens all files in binary
mode, as it's designed to detect if the file is a PEM file or raw DER,
so the question remains, if we would open up a BIO STORE API, what are
th expectations?  Will people open such files in binary mode at all
times?  Should that be a content type agnostic interface (i.e. should
it detect if the file is PEM or raw DER), or should there be separate
functions for PEM and raw DER content?

Please note that for each question, we're getting further and further
away from the idea of having an interface where the caller doesn't
need to know much more than how to indicate where to load stuff from,
to an API that almost becomes a 1:1 mapping of PEM and d2i functions.
When we've come that far, what have we gained?
But I dunno...  I'm ambivalent around these ideas, and considering
those internal functions I mentioned, we do have some kind of base set
up already, so it would probably not be that hard to open up that kind
of functionality to the public.  Perhaps as a side thing, like STORE

Richard Levitte         levitte at openssl.org
OpenSSL Project         http://www.openssl.org/~levitte/

More information about the openssl-users mailing list