EVP_DecodeBlock() [in crypto/evp/encode.c] returns the length of the result of the base-64 decode. However this length is not the true length of the result but includes any trailing fills ('=') so it's always 0 mod 3. This obviously can cause errors in any processing on the result, e.g. decryption. I would suggest that adding something like: while (*--f == '=') --ret; immediately before the "return(ret);" would solve the problem. Chris Brook
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]