headers
Geir Ståle Eidissen | 2 Feb 13:52
Favicon

Problem reading b64 encoded certificate

I have narrowed it down to that it is the base64 decoding that reports CRYPT_ERROR_BADDATA when a certificate is base64encoded without linefeeds and there is no b64padding.

 

IF the encoded certificate has b64 padding ( = or == at the end) it works fine:

 

-----BEGIN CERTIFICATE-----

MIIE […]lxsaxft0Q==

-----END CERTIFICATE-----

 

When decoding this certificate, the last call to decodeBase64chunk results in outByteCount being 1 or 2 depending on the padding, so it returns OK_SPECIAL that tells base64decode() that end of data is reached. Note that there are no linefeeds in the base64encoded data.

 

But if there is no padding, the base64decode() function fails.

 

----- BEGIN CERTIFICATE -----

[…] p1TB3zKyHB1avxusOpgVxDM

-----END CERTIFICATE-----

 

Because in the last call to decodeBase64chunk() the outByteCount = 3, so base64decode continues to read and trigs the check in base64.c line 749 that allows only lines of 127 bytes or less.

 

This was no problem in cryptlib 3.2, and the certificate is OK.

Is this something that can be corrected?

 

--

Geir S. Eidissen

 

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply |
headers
Peter Gutmann | 10 Feb 11:54
Picon
Picon
Picon
Favicon

Re: Problem reading b64 encoded certificate

=?iso-8859-1?Q?Geir_St=E5le_Eidissen?= <geir.eidissen <at> medilink.com> writes:

>I have narrowed it down to that it is the base64 decoding that reports
>CRYPT_ERROR_BADDATA when a certificate is base64encoded without linefeeds and
>there is no b64padding.

Having seen the files, the bigger problem is that this data is supposed to be
in PEM base64 format but there are no line breaks in it, it's just one
continuous text string so neither of the two are valid.  It's actually just
coincidence that cryptlib decodes the first one (with the padding), since the
code is shared with generic base64-decoding code for databases that don't
handle binary data.

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply |
headers
Smith, Roland | 10 Feb 14:13
Favicon

Re: Problem reading b64 encoded certificate

Peter,

The change you made fixed the problem! I had to make a couple small changes to my program and now it works great.

If you can send me the final build that would be great.

Thanks,
Roland

-----Original Message-----
From: cryptlib-bounces <at> mbsks.franken.de [mailto:cryptlib-bounces <at> mbsks.franken.de] On Behalf Of
Peter Gutmann
Sent: Friday, February 10, 2012 5:54 AM
To: cryptlib <at> mbsks.franken.de; geir.eidissen <at> medilink.com
Subject: Re: [Cryptlib] Problem reading b64 encoded certificate

=?iso-8859-1?Q?Geir_St=E5le_Eidissen?= <geir.eidissen <at> medilink.com> writes:

>I have narrowed it down to that it is the base64 decoding that reports
>CRYPT_ERROR_BADDATA when a certificate is base64encoded without linefeeds and
>there is no b64padding.

Having seen the files, the bigger problem is that this data is supposed to be
in PEM base64 format but there are no line breaks in it, it's just one
continuous text string so neither of the two are valid.  It's actually just
coincidence that cryptlib decodes the first one (with the padding), since the
code is shared with generic base64-decoding code for databases that don't
handle binary data.

Peter.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.

_______________________________________________
Cryptlib mailing list
Cryptlib <at> mbsks.franken.deAdministration via Mail: cryptlib-request <at> mbsks.franken.de
Archive: ftp://ftp.franken.de/pub/crypt/cryptlib/archives/
http://news.gmane.org/gmane.comp.encryption.cryptlib
Posts from non-subscribed addresses are blocked to prevent spam, please
subscribe in order to post messages.
Permalink | Reply |

Gmane