On Wed, Jul 30, 2014 at 23:31, Dmitry Eremin-Solenikov wrote:
> Hello,
>
> I have spotted a problem with the patch of crypto/evp/encode.c done by
> jsing on May 3.
> Sometimes decoding of base64 will fail. For example the attached file
> will fail decodiding
> (and produce an empty output):
>
> ./apps/openssl enc -d -base64 < 34.10-01.key
>
> The OpenSSL team has applied another fix:
>
> http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fce3821111e3307a599d2378f2cca2ef2097c6c4;hp=12e9f627f9dd9a9f75d4a7beb6baf30a3697d8e0
>
>
> The attached patch (differing from OpenSSL one) fixes base64 decoding for me.
>
diff --git a/src/lib/libssl/src/crypto/evp/encode.c
b/src/lib/libssl/src/crypto/evp/encode.c index 6c0e08b..9163de3 100644
--- a/src/lib/libssl/src/crypto/evp/encode.c
+++ b/src/lib/libssl/src/crypto/evp/encode.c
@@ -261,7 +261,7 @@ EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out,
int *outl,
}
/* There should not be base64 data after padding. */
- if (eof && tmp != '=' && tmp != '\r' && tmp != '\n') {
+ if (eof && tmp != '=' && tmp != '\r' && tmp != '\n' && tmp !=
'-') {
rv = -1;
goto end;
}
Thanks, but I don't think this is the correct fix. The ----- lines
should be not be processed as base64 data. The bug is that a '-'
character is showing up in the base64 data, not that the decode
function is failing to ignore it.
Possibly a bug in PEM_read_bio?
