#790883 enc -d -base64 doesn't work when there's no final \n

Package:
openssl
Source:
openssl
Description:
Secure Sockets Layer toolkit - cryptographic utility
Submitter:
Jean-Michel Vourgère
Date:
2023-01-17 15:54:02 UTC
Severity:
minor
Tags:
#790883#5
Date:
2015-07-02 16:16:24 UTC
From:
To:
Hello

When trying to decode a simple 44 character base64 text, I get errors like
error reading input file
unless I append a \n at the end of the string.

You can reproduce the issue with:
echo -n U2FsdGVkX1+eutlR490O+0HBLNL19kT2jiUb4RxLxhQ= | openssl enc -aes-256-cbc -pass pass:bar -d -base64

I expected openssl to ignore all space character since they are not part of the base64 alphabet.
I can add spaces and \n anywhere in the encoded string. This is weird the last line is a special case.

I know a base64 file should be \n-terminated.
But I belive openssl should be handle to handle file or pipes who are not.

Thanks.

#790883#10
Date:
2023-01-17 15:49:15 UTC
From:
To:
The command from the original report fails for me with openssl 3.0.7 with

I came up with a slightly different set of commands that reproduce this
behaviour, and which also includes -pbkdf2 that now seems to be required to
avoid a warning.

porridge@fujitsu:~$ echo peekaboo | openssl enc -aes-256-cbc -pbkdf2 -pass
pass:bar  -base64
U2FsdGVkX190F0Gf0mikyIDlIh9oDADRLtCA0wSMEHg=
porridge@fujitsu:~$ echo -n U2FsdGVkX190F0Gf0mikyIDlIh9oDADRLtCA0wSMEHg= |
openssl enc -aes-256-cbc -pbkdf2 -pass pass:bar -d -base64
error reading input file

I also learned about the -A flag which seems to make openssl work in this
case:

porridge@fujitsu:~$ echo -n U2FsdGVkX190F0Gf0mikyIDlIh9oDADRLtCA0wSMEHg= |
openssl enc -aes-256-cbc -A -pbkdf2 -pass pass:bar -d -base64
peekaboo

However even in the manpage it is mentioned to be buggy:

       The -A option when used with large files doesn't work properly.

I also found an upstream issue about base64 handling which seems to be
closely related to this bug report:
https://github.com/openssl/openssl/issues/18780
Jean-Michel, if you consider this a good enough workaround for your use
case, please consider closing this bug.

Marcin

#790883#13
Date:
2023-01-17 15:49:15 UTC
From:
To:
The command from the original report fails for me with openssl 3.0.7 with

I came up with a slightly different set of commands that reproduce this
behaviour, and which also includes -pbkdf2 that now seems to be required to
avoid a warning.

porridge@fujitsu:~$ echo peekaboo | openssl enc -aes-256-cbc -pbkdf2 -pass
pass:bar  -base64
U2FsdGVkX190F0Gf0mikyIDlIh9oDADRLtCA0wSMEHg=
porridge@fujitsu:~$ echo -n U2FsdGVkX190F0Gf0mikyIDlIh9oDADRLtCA0wSMEHg= |
openssl enc -aes-256-cbc -pbkdf2 -pass pass:bar -d -base64
error reading input file

I also learned about the -A flag which seems to make openssl work in this
case:

porridge@fujitsu:~$ echo -n U2FsdGVkX190F0Gf0mikyIDlIh9oDADRLtCA0wSMEHg= |
openssl enc -aes-256-cbc -A -pbkdf2 -pass pass:bar -d -base64
peekaboo

However even in the manpage it is mentioned to be buggy:

       The -A option when used with large files doesn't work properly.

I also found an upstream issue about base64 handling which seems to be
closely related to this bug report:
https://github.com/openssl/openssl/issues/18780
Jean-Michel, if you consider this a good enough workaround for your use
case, please consider closing this bug.

Marcin