git.ipfire.org Git - thirdparty/openssl.git/commit

EVP_DecodeUpdate() should not produce padding zeros to the decoded output (Fixes #26677)

EVP_DecodeUpdate() should not produce zeros for input padding `=` signs to avoid writing to non-allocated memory regions.

To achieve this:
- Add `eof` parameter to `evp_decodeblock_int` function in `openssl/crypto/evp`. The parameter should either contain the number of the input padding characters to ignore or `-1` if the function has to count them.
- Use precalculated `eof` in `EVP_DecodeUpdate` to fix its behaviour.
- Use `eof = -1` in `EVP_DecodeFinal` to count it in `evp_decodeblock_int`.
- Do not ignore padding in `EVP_DecodeBlock` (`eof = 0`) because it should write padding zeros according to the documentation.
- Add the HISTORY section to EVP_EncodeInit documentation to describe the fix.

Other changes:
- Update AUTHORS.md
- Update the copyright date in the documentation.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26678)

author	Valerii Krygin <5962274+definability@users.noreply.github.com>
	Tue, 25 Feb 2025 15:57:26 +0000 (15:57 +0000)
committer	Valerii Krygin <5962274+definability@users.noreply.github.com>
	Thu, 27 Feb 2025 17:38:57 +0000 (17:38 +0000)
commit	f86acc9434e3b1ff8bc11bac6210dbef25cbb4b1
tree	1cae80179f10d851edf507101444872e4d616b28	tree
parent	6ef393b89be1f329214ae07388812b245950095f	commit \| diff

AUTHORS.md		diff \| blob \| blame \| history
CHANGES.md		diff \| blob \| blame \| history
crypto/evp/encode.c		diff \| blob \| blame \| history
doc/man3/EVP_EncodeInit.pod		diff \| blob \| blame \| history
test/evp_test.c		diff \| blob \| blame \| history