On Thu, 31 Jul 2014, Joel Sing wrote: > On Thu, 31 Jul 2014, Dmitry Eremin-Solenikov wrote: > > Hello, > > > > I have spotted a problem with the patch of crypto/evp/encode.c done by > > jsing on May 3. > > Sometimes decoding of base64 will fail. For example the attached file > > will fail decodiding > > (and produce an empty output): > > > > ./apps/openssl enc -d -base64 < 34.10-01.key > > > > The OpenSSL team has applied another fix: > > > > http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fce3821111e33 > >07 a599d2378f2cca2ef2097c6c4;hp=12e9f627f9dd9a9f75d4a7beb6baf30a3697d8e0 > > > > The attached patch (differing from OpenSSL one) fixes base64 decoding for > > me. > > PEM != base64 - there is base64 content inside the PEM markers, but you're > trying to decode the entire thing, with PEM markers, as base64. If you > remove the PEM markers it decodes correctly. I suspect that this is related > to the end-of-line handling flags, which will be causing the '\n' to be > discarded and the next character ('-') to be treated as part of the base64 > content (which, sadly, is likely working-as-intended).
Just to confirm, this is not actually related to BIO_FLAGS_BASE64_NO_NL - as far as the base64 decoding is concerned, the '-----END PRIVATE KEY-----' marker is considered to be part of the base64 content, since we've not yet reached the end of the file. This is obviously invalid base64 content, hence decoding fails. -- "Action without study is fatal. Study without action is futile." -- Mary Ritter Beard