-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
regression: 0.081 fails to parse PEMs that 0.080 parsed fine #110
Comments
PEM parsing is currently done by libtomcrypt functions. It is possible that the old perl implementation was more relaxed as for the key format. If I understand correctly you need to load PEM keys like this (without newlines)?
I think we should stick to the standard which AFAIK requires "-----BEGIN LABEL-----" and "-----END LABEL-----" on a separate lines. See https://www.rfc-editor.org/rfc/rfc7468#section-3 ping @sjaeckel |
After reading that part of RFC7468 again, I've seen the following line:
Currently there's only strict parsing implemented and I didn't even think of having support for a relaxed parser when I wrote this. I'm undecided whether that'd be a good example of Postel's Law, where it wouldn't really hurt if we weren't that strict. And now with my libtomcrypt hat on: Since neither OpenSSL nor OpenSSH accept that relaxed format, I'm pretty sure we're on the safe side with the decision to only support strict parsing. @dakkar Still I see where you're coming from and I also did something similar in the past, but maybe it's time now to fix the producer of those malformed PEM files? :) |
oh, the producer has mostly been fixed. I would still investigate why a malformed PEM input can make the libtomcrypt PEM parser hang |
version 0.080 happily passed the attached test, 0.081 fails most of it and hangs on the last subtest.
pem-parsing.t
Right now I've added code like this to deal with the problem, I hope you have a better solution:
The text was updated successfully, but these errors were encountered: