Hello, On Thu, Jul 31, 2014 at 9:41 AM, Joel Sing <[email protected]> wrote: > On Thu, 31 Jul 2014, Joel Sing wrote: >> On Thu, 31 Jul 2014, Dmitry Eremin-Solenikov wrote: >> > Hello, >> > >> > I have spotted a problem with the patch of crypto/evp/encode.c done by >> > jsing on May 3. >> > Sometimes decoding of base64 will fail. For example the attached file >> > will fail decodiding >> > (and produce an empty output): >> > >> > ./apps/openssl enc -d -base64 < 34.10-01.key >> > >> > The OpenSSL team has applied another fix: >> > >> > http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fce3821111e33 >> >07 a599d2378f2cca2ef2097c6c4;hp=12e9f627f9dd9a9f75d4a7beb6baf30a3697d8e0 >> > >> > The attached patch (differing from OpenSSL one) fixes base64 decoding for >> > me. >> >> PEM != base64 - there is base64 content inside the PEM markers, but you're >> trying to decode the entire thing, with PEM markers, as base64. If you >> remove the PEM markers it decodes correctly. I suspect that this is related >> to the end-of-line handling flags, which will be causing the '\n' to be >> discarded and the next character ('-') to be treated as part of the base64 >> content (which, sadly, is likely working-as-intended). > > Just to confirm, this is not actually related to BIO_FLAGS_BASE64_NO_NL - as > far as the base64 decoding is concerned, the '-----END PRIVATE KEY-----' > marker is considered to be part of the base64 content, since we've not yet > reached the end of the file. This is obviously invalid base64 content, hence > decoding fails.
No, it is not related to that flag. I stumbled upon this while verifying GOST handling of S/MIME. It might be that my test case is incorrect. It is supported by OpenSSL though. I'm attaching the file for the reference. S/MIME handling functions pass the whole PEM part to the base64 BIO decoder. B64 handler finds the BEGIN line, returns an error. It gets stripped. The body is processed but then the decoder gets stuck with END line and returns an error. I still think that the original OpenSSL intent was to be able to process such data. In the end, the '-' in the base64 decoding is referenced as 'B64_EOF'. -- With best wishes Dmitry
34.10-01-keytrans.p7m
Description: S/MIME encrypted message
