From b785504a10310cb2872270eb409b70971be5e76e Mon Sep 17 00:00:00 2001 From: Emilia Kasper Date: Thu, 17 Sep 2015 20:08:48 +0200 Subject: [PATCH] base64 decode: check for high bit Previously, the conversion would silently coerce to ASCII. Now, we error out. Reviewed-by: Richard Levitte --- crypto/evp/encode.c | 20 ++++++++++++++++++-- test/evptests.txt | 6 ++++++ 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/crypto/evp/encode.c b/crypto/evp/encode.c index 985fd29d8f..36affe5626 100644 --- a/crypto/evp/encode.c +++ b/crypto/evp/encode.c @@ -60,9 +60,9 @@ #include "internal/cryptlib.h" #include +static unsigned char conv_ascii2bin(unsigned char a); #ifndef CHARSET_EBCDIC # define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -# define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) #else /* * We assume that PEM encoded files are EBCDIC files (i.e., printable text @@ -71,7 +71,6 @@ * as the underlying textstring data_bin2ascii[] is already EBCDIC) */ # define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) -# define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) #endif /*- @@ -124,6 +123,23 @@ static const unsigned char data_ascii2bin[128] = { 0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }; +#ifndef CHARSET_EBCDIC +static unsigned char conv_ascii2bin(unsigned char a) +{ + if (a & 0x80) + return B64_ERROR; + return data_ascii2bin[a]; +} +#else +static unsigned char conv_ascii2bin(unsigned char a) +{ + a = os_toascii[a]; + if (a & 0x80) + return B64_ERROR; + return data_ascii2bin[a]; +} +#endif + void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { ctx->length = 48; diff --git a/test/evptests.txt b/test/evptests.txt index e8de2c16ec..24ef573374 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -2690,6 +2690,12 @@ Output = 61475600736247383d0a Encoding = invalid Output = 61475601736247383d0a +Encoding = invalid +Output = 61475680736247383d0a + +Encoding = invalid +Output = e14756736247383d0a + Encoding = canonical Input = "OpenSSLOpenSSL\n" Output = "T3BlblNTTE9wZW5TU0wK\n" -- 2.25.1