OpenSSLCryptoKeyRSA::verifySHA1PKCS1Base64Signature() uses OpenSSL's EVP_Decode...() routines to decode the base64 contents of SignatureValue. This fails if line breaks don't occur where OpenSSL thinks they should. I think this is contrary to the specification (see rationale below), and that this function should use XSCryptCryptoBase64, as WinCAPICryptoKeyRSA::verifySHA1PKCS1Base64Signature() does, rather than the EVP_Decode...() routines.
Rationale: Section 4.2 of the XML-Dsig spec (http://www.w3.org/TR/xmldsig-core/) says that SignatureValues are of Schema type base64Binary. http://www.w3.org/TR/xmlschema-2/#base64Binary says, "For compatibility with older mail gateways, [RFC 2045] suggests that base64 data should have lines limited to at most 76 characters in length. This line-length limitation is not mandated in the lexical forms of base64Binary data and must not be enforced by XML Schema processors." If the line-length limitation is not mandated, XSec should be able to handle arbitrary line lengths. I'm happy to file a bug and/or create a patch if that would be useful.
