diff options
| author | Emilia Kasper <emilia@openssl.org> | 2015-09-02 15:31:28 +0200 |
|---|---|---|
| committer | Emilia Kasper <emilia@openssl.org> | 2015-09-17 19:48:14 +0200 |
| commit | 3cdd1e94b1d71f2ce3002738f9506da91fe2af45 (patch) | |
| tree | 0fc97f2792ce196b5486448aed1b2642a19bca21 /test/evptests.txt | |
| parent | 4bd16463b84efb13ce5fb35add284e284b0fd819 (diff) | |
| download | openssl-3cdd1e94b1d71f2ce3002738f9506da91fe2af45.tar.gz | |
RT3757: base64 encoding bugs
Rewrite EVP_DecodeUpdate.
In particular: reject extra trailing padding, and padding in the middle
of the content. Don't limit line length. Add tests.
Previously, the behaviour was ill-defined, and depended on the position
of the padding within the input.
In addition, this appears to fix a possible two-byte oob read.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Dr Stephen Henson <steve@openssl.org>
Diffstat (limited to 'test/evptests.txt')
| -rw-r--r-- | test/evptests.txt | 173 |
1 files changed, 173 insertions, 0 deletions
diff --git a/test/evptests.txt b/test/evptests.txt index 2b0b7ba6e2..e8de2c16ec 100644 --- a/test/evptests.txt +++ b/test/evptests.txt @@ -2624,3 +2624,176 @@ Salt = 7361006c74 iter = 4096 MD = sha512 Key = 9d9e9c4cd21fe4be24d5b8244c759665 + +# Base64 tests + +Encoding = canonical +Input = "" +Output = "" + +Encoding = canonical +Input = "h" +Output = "aA==\n" + +Encoding = canonical +Input = "hello" +Output = "aGVsbG8=\n" + +Encoding = canonical +Input = "hello world!" +Output = "aGVsbG8gd29ybGQh\n" + +Encoding = canonical +Input = 00010203040506070809a0b0c0d0e0f000 +Output = "AAECAwQFBgcICaCwwNDg8AA=\n" + +# Missing padding +Encoding = invalid +Output = "aGVsbG8" + +Encoding = invalid +Output = "aGVsbG8\n" + +# Tolerate missing newline +Encoding = valid +Input = "hello" +Output = "aGVsbG8=" + +# Don't tolerate extra trailing '=' +Encoding = invalid +Input = "hello" +Output = "aGVsbG8==\n" + +Encoding = invalid +Output = "aGVsbG8===\n" + +# Don't tolerate data after '=' +Encoding = invalid +Output = "aGV=sbG8=\n" + +# Newlines are ignored +Encoding = valid +Input = "hello" +Output = "aGV\nsbG8=\n" + +Encoding = canonical +Input = "hello" +Output = 614756736247383d0a + +# Invalid characters +Encoding = invalid +Output = 614756736247383d0a00 + +Encoding = invalid +Output = 61475600736247383d0a + +Encoding = invalid +Output = 61475601736247383d0a + +Encoding = canonical +Input = "OpenSSLOpenSSL\n" +Output = "T3BlblNTTE9wZW5TU0wK\n" + +Encoding = valid +Input = "OpenSSLOpenSSL\n" +Output = "T3BlblNTTE9wZW5TU0wK" + +# Truncate 1-3 chars +Encoding = invalid +Output = "T3BlblNTTE9wZW5TU0w" + +Encoding = invalid +Output = "T3BlblNTTE9wZW5TU0" + +Encoding = invalid +Output = "T3BlblNTTE9wZW5TU" + +Encoding = invalid +Output = "T3BlblNTTE9wZW5TU0wK====" + +Encoding = invalid +Output = "T3BlblNTTE9wZW5TU0wK============================================\n" + +Encoding = invalid +Output = "YQ==YQ==YQ==\n" + +Encoding = invalid +Output = "A" + +Encoding = invalid +Output = "A\n" + +Encoding = invalid +Output = "A=" + +Encoding = invalid +Output = "A==\n" + +Encoding = invalid +Output = "A===\n" + +Encoding = invalid +Output = "A====\n" + +Encoding = valid +Input = "OpenSSLOpenSSL\n" +Output = "T3BlblNTTE9wZW5TU0wK\n\n" + +Encoding = valid +Input = "OpenSSLOpenSSL\n" +Output = "T3BlblNTTE\n9wZW5TU0wK" + +# CVE 2015-0292 +Encoding = invalid +Output = "ZW5jb2RlIG1lCg==================================================================\n" + +Encoding = canonical +Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==\n" + +Encoding = valid +Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA\n==\n" + +Encoding = valid +Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA=\n=\n" + +Encoding = invalid +Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA====\n" + +# Multiline output without padding +Encoding = canonical +Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neHh4eHh4eHh4eHh4\n" + +# Multiline output with padding +Encoding = canonical +Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neHh4eHh4eHh4eHh4eHh4eA==\n" + +# Multiline output with line break in the middle of a b64 block is accepted +Encoding = valid +Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh\n4eHh4eHh4eHh4eHh4eHh4eA==\n" + +# Long lines are accepted +Encoding = valid +Input = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" +Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==\n" + +# Multiline input with data after '='. +Encoding = invalid +Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==\neHh4eHh4eHh4eHh4eHh4eHh4\n" + +Encoding = invalid +Output = "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neA==eHh4eHh4eHh4eHh4eHh4\n" + +# B64_EOF ('-') terminates input and trailing bytes are ignored +Encoding = valid +Input = "OpenSSLOpenSSL\n" +Output = "T3BlblNTTE9wZW5TU0wK\n-abcd" + +Encoding = valid +Input = "OpenSSLOpenSSL\n" +Output = "T3BlblNTTE9wZW5TU0wK-abcd" |