On Thu, Sep 03, 2015 at 04:35:00PM +0000, Salz, Rich wrote: > > PEM_read_bio_X509() fails because of the missing newlines. > > The underlying base64 decoder is horrible. It accepts invalid 8bit chars, and silently enforces a line-length limit. > > Wanna rewrite it? :) A large part of the complexity is that the base64 BIO is doing buffering wrong. Instead of buffering character data it buffers lines, and thus has to set a line length limit. Perhaps this BIO is intended to be used on multi-component PEM files, and to automatically stop when it reaches "-----END ...". I've not looked too closely and the use-cases. In any case, it is the messiest and least efficient (in terms of lines of code not run-time) code I've seen in OpenSSL. This code is very old, and has barely been touched for decades (except for a subtle bug fixed a few years back by EAY himself IIRC). The mess is just not very appealing to go near. The first step would be to figure out what the base64 BIO is currently doing and what we want it it to do going forward. Writing new code is likely easier than figuring out what it is doing now. -- Viktor.
