On 3/29/2018 1:08 AM, Richard Levitte wrote: > In message <1ce93d56-6fa4-1bae-d440-5ab843900...@jordan.maileater.net> on > Wed, 28 Mar 2018 17:10:40 -0700, Jordan Brown <open...@jordan.maileater.net> > said: > > openssl> Matt: Indeed, looks very promising. Now if only we were on > openssl> 1.1.1 :-(. I'm a little surprised that it doesn't read from a > openssl> BIO. > > It's certainly possible to add such an API. As a matter of fact, we > do have that internally, specifically for PEM files... have a look in > 1.1.1's crypto/include/internal/store_int.h. That's not the initial > intention with the API, though...
To be clear: it doesn't bother me one way or the other. It just seemed like the general design for "reading data from a stream" for OpenSSL is to read from a BIO, rather than directly providing "read from file", "read from memory buffer", et cetera. I was surprised to see a new feature that didn't follow that pattern. I *do* need "read from memory" for my application, but writing a temporary file would not be a problem. > Also, I can't quite shake the feeling that a BIO API would be a bit > shaky. Internally, the file: scheme loader opens all files in binary > mode, as it's designed to detect if the file is a PEM file or raw DER, > so the question remains, if we would open up a BIO STORE API, what are > th expectations? Will people open such files in binary mode at all > times? Should that be a content type agnostic interface (i.e. should > it detect if the file is PEM or raw DER), or should there be separate > functions for PEM and raw DER content? I would expect the behavior to be identical for a BIO interface and any other - which, I guess, would mean that the BIO would need to be in binary mode. > Please note that for each question, we're getting further and further > away from the idea of having an interface where the caller doesn't > need to know much more than how to indicate where to load stuff from, > to an API that almost becomes a 1:1 mapping of PEM and d2i functions. > When we've come that far, what have we gained? Agreed that for this interface the caller shouldn't need to know what's being read. -- Jordan Brown, Oracle Solaris
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users