From 436bca0b9f78e590823fb4bab1104516f6e4604d Mon Sep 17 00:00:00 2001 From: jsing Date: Wed, 6 Aug 2014 16:01:44 +0000 Subject: [PATCH] Allow B64_EOF to follow a base64 padding character. This restores previous behaviour that allows a PEM block to be fed through the base64 decoder. Reported by Dmitry Eremin-Solenikov on tech@ ok deraadt@ tedu@ --- lib/libcrypto/evp/encode.c | 5 +++-- lib/libssl/src/crypto/evp/encode.c | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/libcrypto/evp/encode.c b/lib/libcrypto/evp/encode.c index f33afb03d3b..067e62dfe90 100644 --- a/lib/libcrypto/evp/encode.c +++ b/lib/libcrypto/evp/encode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encode.c,v 1.18 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: encode.c,v 1.19 2014/08/06 16:01:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -261,7 +261,8 @@ EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, } /* There should not be base64 data after padding. */ - if (eof && tmp != '=' && tmp != '\r' && tmp != '\n') { + if (eof && tmp != '=' && tmp != '\r' && tmp != '\n' && + v != B64_EOF) { rv = -1; goto end; } diff --git a/lib/libssl/src/crypto/evp/encode.c b/lib/libssl/src/crypto/evp/encode.c index f33afb03d3b..067e62dfe90 100644 --- a/lib/libssl/src/crypto/evp/encode.c +++ b/lib/libssl/src/crypto/evp/encode.c @@ -1,4 +1,4 @@ -/* $OpenBSD: encode.c,v 1.18 2014/07/11 08:44:48 jsing Exp $ */ +/* $OpenBSD: encode.c,v 1.19 2014/08/06 16:01:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -261,7 +261,8 @@ EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, } /* There should not be base64 data after padding. */ - if (eof && tmp != '=' && tmp != '\r' && tmp != '\n') { + if (eof && tmp != '=' && tmp != '\r' && tmp != '\n' && + v != B64_EOF) { rv = -1; goto end; } -- 2.20.1