On Thu, 31 Jul 2014, Joel Sing wrote:
> On Thu, 31 Jul 2014, Dmitry Eremin-Solenikov wrote:
> > Hello,
> >
> > I have spotted a problem with the patch of crypto/evp/encode.c done by
> > jsing on May 3.
> > Sometimes decoding of base64 will fail. For example the attached file
> > will fail decodiding
> > (and produce an empty output):
> >
> > ./apps/openssl enc -d -base64 < 34.10-01.key
> >
> > The OpenSSL team has applied another fix:
> >
> > http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fce3821111e33
> >07 a599d2378f2cca2ef2097c6c4;hp=12e9f627f9dd9a9f75d4a7beb6baf30a3697d8e0
> >
> > The attached patch (differing from OpenSSL one) fixes base64 decoding for
> > me.
>
> PEM != base64 - there is base64 content inside the PEM markers, but you're
> trying to decode the entire thing, with PEM markers, as base64. If you
> remove the PEM markers it decodes correctly. I suspect that this is related
> to the end-of-line handling flags, which will be causing the '\n' to be
> discarded and the next character ('-') to be treated as part of the base64
> content (which, sadly, is likely working-as-intended).
Just to confirm, this is not actually related to BIO_FLAGS_BASE64_NO_NL - as
far as the base64 decoding is concerned, the '-----END PRIVATE KEY-----'
marker is considered to be part of the base64 content, since we've not yet
reached the end of the file. This is obviously invalid base64 content, hence
decoding fails.
--
"Action without study is fatal. Study without action is futile."
-- Mary Ritter Beard
