In message <1479820158.8937.29.ca...@infradead.org> on Tue, 22 Nov 2016 13:09:18 +0000, David Woodhouse <dw...@infradead.org> said:
dwmw2> On Tue, 2016-11-22 at 12:54 +0000, Salz, Rich wrote: dwmw2> > > would much rather have seen a patch where OpenSSL's PEM module is dwmw2> > > tought to recognise 'BEGIN TSS KEY BLOB', pull out the blob from it, securing dwmw2> > dwmw2> > Yes, that would be much more consistent with the existing OpenSSL dwmw2> > code which -- like it or not -- works that way. dwmw2> dwmw2> Yeah. Although I'd note that the OpenSSL code only works that way for dwmw2> PEM files. I really want to make it work the same way for DER files dwmw2> too. There's an *attempt* in d2i_AutoPrivateKey() but that doesn't dwmw2> handle encrypted PKCS#8 IIRC. Or PKCS#12. And the app still shouldn't dwmw2> have to call different functions for PEM vs. DER files anyway. Just let me shamelessly mention my STORE effort again ;-) Among others, it does attempt to solve that very problem (in the 'file' scheme handler). -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev