diff options
author | Emilia Kasper <emilia@openssl.org> | 2015-09-02 15:31:28 +0200 |
---|---|---|
committer | Emilia Kasper <emilia@openssl.org> | 2015-09-17 20:12:34 +0200 |
commit | 37faf117965de181f4de0b4032eecac2566de5f6 (patch) | |
tree | f728aa67cf53c15bd3cd521d055fd6e7096c1ba3 /CHANGES | |
parent | 0711826ae946138b94c19aabbcdc2f716cd98684 (diff) |
RT3757: base64 encoding bugs
Rewrite EVP_DecodeUpdate.
In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.
Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.
In addition, this appears to fix a possible two-byte oob read.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
(cherry picked from commit 3cdd1e94b1d71f2ce3002738f9506da91fe2af45)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 6 |
1 files changed, 6 insertions, 0 deletions
@@ -4,6 +4,12 @@ Changes between 1.0.2d and 1.0.2e [xx XXX xxxx] + *) Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs. + This changes the decoding behaviour for some invalid messages, + though the change is mostly in the more lenient direction, and + legacy behaviour is preserved as much as possible. + [Emilia Käsper] + *) In DSA_generate_parameters_ex, if the provided seed is too short, return an error [Rich Salz and Ismo Puustinen <ismo.puustinen@intel.com>] |