In message <2360f57bb7504a328e5517ac92e19...@usma1ex-dag1mb1.msg.corp.akamai.com> on Wed, 23 Nov 2016 13:51:03 +0000, "Salz, Rich" <rs...@akamai.com> said:
rsalz> rsalz> > Why is it different if we do exactly that in libcrypto? rsalz> rsalz> Because *we* are not guessing. We are telling the application rsalz> "we think it's a FOO" and then letting the application decide rsalz> what to do. We don't have the functionality to do it that way, at all. All we have are the d2i functions, which will either return with an error indication or return the fully parsed and decoded structure. Essentially, you're suggesting that we split out the matching part of the d2i functions and put that to good use. Or do you have some other idea, along the lines if magic? rsalz> Security libraries *should not guess.* Isn't telling the application "we think it's a FOO" guessing? What's the application going to do, go "naaaah, methinks it's a BAR" and try to decode the blob as that (and most probably fail) rather than FOO? Cheers, Richard -- Richard Levitte levi...@openssl.org OpenSSL Project http://www.openssl.org/~levitte/ -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev