Commit Graph

11 Commits

Author SHA1 Message Date
Adam Langley
d09175ffe3 Replace base64 decoding.
This code has caused a long history of problems. This change rewrites it
completely with something that is, hopefully, much simplier and robust
and adds more testing.

Change-Id: Ibeef51f9386afd95d5b73316e451eb3a2d7ec4e0
Reviewed-on: https://boringssl-review.googlesource.com/8033
Reviewed-by: Adam Langley <agl@google.com>
2016-05-26 17:59:10 +00:00
David Benjamin
de2cf273d7 Avoid theoretical overflows in EVP_EncodeUpdate.
See also upstream's 172c6e1e14defe7d49d62f5fc9ea6a79b225424f, but note our
values have different types. In particular, because we put in_len in a size_t
and C implicitly requires that all valid buffers' lengths fit in a ptrdiff_t
(signed), the overflow was impossible, assuming EVP_ENCODE_CTX::length is
untouched externally.

More importantly, this function is stuck taking an int output and has no return
value, so the only plausible contract is the caller is responsible for ensuring
the length fits anyway. Indeed, callers all call EVP_EncodeUpdate in bounded
chunks, so upstream's analysis is off.

Anyway, in theory that logic could locally overflow, so tweak it slightly. Tidy
up some of the variable names while I'm here.

Change-Id: Ifa78707cc26c11e0d67019918a028531b3d6738c
Reviewed-on: https://boringssl-review.googlesource.com/7847
Reviewed-by: Adam Langley <agl@google.com>
2016-05-03 16:45:42 +00:00
David Benjamin
642f1498d0 evp: prevent underflow in base64 decoding
This patch resolves RT ticket #2608.

(Imported from upstream's d0666f289ac013094bbbf547bfbcd616199b7d2d.)

Change-Id: If0c8f583f3f643f3db6b6158cbc9ad7541bab8ec
Reviewed-on: https://boringssl-review.googlesource.com/4060
Reviewed-by: Adam Langley <agl@google.com>
2015-03-19 21:59:28 +00:00
Adam Langley
2b2d66d409 Remove string.h from base.h.
Including string.h in base.h causes any file that includes a BoringSSL
header to include string.h. Generally this wouldn't be a problem,
although string.h might slow down the compile if it wasn't otherwise
needed. However, it also causes problems for ipsec-tools in Android
because OpenSSL didn't have this behaviour.

This change removes string.h from base.h and, instead, adds it to each
.c file that requires it.

Change-Id: I5968e50b0e230fd3adf9b72dd2836e6f52d6fb37
Reviewed-on: https://boringssl-review.googlesource.com/3200
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2015-02-02 19:14:15 +00:00
David Benjamin
d698f322b5 Introduce EVP_DecodeBase64.
This fixes several of the problems with the old API.
- Padding was completely ignored.
- ='s in the middle of the input were accepted.
- It tries to be helpful and strips leading/trailing whitespace.

Change-Id: I99b9d5e6583f7eaf9bf0b6ee9ca39799811b58dc
Reviewed-on: https://boringssl-review.googlesource.com/1602
Reviewed-by: Adam Langley <agl@google.com>
2014-08-25 23:00:28 +00:00
Adam Langley
660140206e Add EVP_EncodedLength.
Several callers of EVP_EncodeBlock are doing ad-hoc versions of this
function without any overflow checks.

Change-Id: I4d0cad2347ea8c44b42465e8b14b2783db69ee8f
Reviewed-on: https://boringssl-review.googlesource.com/1511
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-08-14 16:37:22 +00:00
Adam Langley
ded93581f1 Windows build fixes.
Windows doesn't have ssize_t, sadly. There's SSIZE_T, but defining an
OPENSSL_SSIZE_T seems worse than just using an int.

Change-Id: I09bb5aa03f96da78b619e551f92ed52ce24d9f3f
Reviewed-on: https://boringssl-review.googlesource.com/1352
Reviewed-by: Adam Langley <agl@google.com>
2014-08-11 22:10:02 +00:00
David Benjamin
7b35b58ae6 Fix EVP_DecodeBlock and add tests.
Another signedness error. Leave a TODO to possibly resolve EVP_DecodeBlock's
ignoring padding. Document some of the Init/Update/Finish versions' behavior.

Change-Id: I78a72c3163f8543172a7008b2d09fb10e003d957
Reviewed-on: https://boringssl-review.googlesource.com/1230
Reviewed-by: Adam Langley <agl@google.com>
2014-07-17 17:32:45 +00:00
Adam Langley
8750fe58f4 base64: fix underflow in EVP_EncodeBlock.
When I switched the base64 code to use size_t, I missed that one of the
loops was counting down, not up, and depended on the loop variable going
negative.

Additionally this change fixes a bug in NETSCAPE_SPKI_b64_encode where
the size of the result buffer was incorrectly calculated and a possible
memory leak.

Change-Id: Ibdf644244291274f50b314f3bb13a61b46858ca1
Reviewed-on: https://boringssl-review.googlesource.com/1220
Reviewed-by: David Benjamin <davidben@chromium.org>
Reviewed-by: Adam Langley <agl@google.com>
2014-07-16 18:14:32 +00:00
Adam Langley
64bda23cad Base64 padding fix.
https://rt.openssl.org/Ticket/Display.html?id=2608

Previously, this input to the base64 code:

================================================================================-

Would cause the output length of EVP_DecodeUpdate to be negative. When
that happened in the base64 BIO, it would crash. In PEM decoding, the
ASN.1 code actually maintains signed lengths and manages to simply error
out!
2014-06-20 13:17:36 -07:00
Adam Langley
95c29f3cd1 Inital import.
Initial fork from f2d678e6e89b6508147086610e985d4e8416e867 (1.0.2 beta).

(This change contains substantial changes from the original and
effectively starts a new history.)
2014-06-20 13:17:32 -07:00