> Essentially, you're suggesting that we split out the matching part of the d2i
> functions and put that to good use.  Or do you have some other idea, along
> the lines if magic?

NO.  I am suggesting add one new routine that tries varies "convert to native" 
and returns which conversion worked.  And then another new routine that takes 
that return value and calls that conversion routine directly.  The cost of 
doing this is one extra d2i.  By the application.  And that first routine 
should ideally return a bitmask of all functions that succeeded so that 
handling ambiguities are built-in to the API.
 
> rsalz> Security libraries *should not guess.*
> 
> Isn't telling the application "we think it's a FOO" guessing?  What's the
> application going to do, go "naaaah, methinks it's a BAR" and try to decode
> the blob as that (and most probably fail) rather than FOO?

It might.  Or it might throw up its hands and give up.  Or it might check to 
see if the file is ambiguous and do something.  The point is, it is not openssl 
that is doing that.  
-- 
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to