Return-Path: 
 <security-dev-return-4874-apmail-xml-security-dev-archive=xml.apache.org@xml.apache.org>
Delivered-To: apmail-xml-security-dev-archive@www.apache.org
Received: (qmail 65329 invoked from network); 26 Jan 2006 20:55:20 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 26 Jan 2006 20:55:20 -0000
Received: (qmail 649 invoked by uid 500); 26 Jan 2006 20:55:19 -0000
Delivered-To: apmail-xml-security-dev-archive@xml.apache.org
Received: (qmail 632 invoked by uid 500); 26 Jan 2006 20:55:19 -0000
Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:security-dev@xml.apache.org>
List-Help: <mailto:security-dev-help@xml.apache.org>
List-Unsubscribe: <mailto:security-dev-unsubscribe@xml.apache.org>
Reply-To: security-dev@xml.apache.org
List-Id: <security-dev.xml.apache.org>
Delivered-To: mailing list security-dev@xml.apache.org
Received: (qmail 621 invoked by uid 99); 26 Jan 2006 20:55:18 -0000
Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 26 Jan 2006 12:55:18 -0800
X-ASF-Spam-Status: No, hits=2.6 required=10.0
	tests=NO_DNS_FOR_FROM
X-Spam-Check-By: apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Received: from [202.164.195.42] (HELO cerberus.wingsofhermes.org)
 (202.164.195.42)
    by apache.org (qpsmtpd/0.29) with SMTP; Thu, 26 Jan 2006 12:55:16 -0800
Received: (qmail 6010 invoked by uid 1008); 26 Jan 2006 20:54:52 -0000
Received: from 192.168.3.10 by cerberus.wingsofhermes.org (envelope-from
 <berin@wingsofhermes.org>, uid 1002) with qmail-scanner-1.25
 (clamdscan: 0.88/1246. spamassassin: 3.0.4.  
 Clear:RC:1(192.168.3.10):.
 Processed in 0.100173 secs); 26 Jan 2006 20:54:52 -0000
Received: from unknown (HELO ?192.168.3.10?) (192.168.3.10)
  by 0 with SMTP; 26 Jan 2006 20:54:51 -0000
Message-ID: <43D9371B.6050002@wingsofhermes.org>
Date: Fri, 27 Jan 2006 07:54:51 +1100
From: Berin Lautenbach <berin@wingsofhermes.org>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
 rv:1.7.3) Gecko/20040910
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: security-dev@xml.apache.org
Subject: Re: base64 elements linebreak
References: <20060125221741.67072.qmail@web36709.mail.mud.yahoo.com>
In-Reply-To: <20060125221741.67072.qmail@web36709.mail.mud.yahoo.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

Tech Rams wrote:

> Yes, that is true. This flag does not work if there are NL chars in the 
> message (anywhere). Thus, you will have to scan the message to find out 
> if there are NL chars - but the input has to follow some spec - either 
> they do not have any new lines at all, per 
> _http://www.w3.org/TR/xmlschema-2/#base64Binary_ - or they have new 
> lines within 76 chars, per RFC2045.

Unfortunately bitter experience says that you have to support people who 
do wierd things outside the 76 chars.  I also don't want to pre-scan 
base64 data, which could be megabytes.  So I try to avoid using OpenSSL 
anywhere that it might be an issue now.

Cheers,
	Berin