From 26ef5580166bc8d9119f867542fa40e12a4b18a4 Mon Sep 17 00:00:00 2001
From: inoguchi <>
Date: Wed, 4 Mar 2020 11:53:21 +0000
Subject: Check high bit for base64 decode

Referred to this OpenSSL commit and adopted to the codebase.
b785504a10310cb2872270eb409b70971be5e76e

suggest and ok tb@
---
 src/lib/libcrypto/evp/encode.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c
index 95dc79d70d..2f942a032f 100644
--- a/src/lib/libcrypto/evp/encode.c
+++ b/src/lib/libcrypto/evp/encode.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: encode.c,v 1.27 2020/03/03 15:03:14 inoguchi Exp $ */
+/* $OpenBSD: encode.c,v 1.28 2020/03/04 11:53:21 inoguchi Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -62,8 +62,8 @@
 
 #include <openssl/evp.h>
 
+static unsigned char conv_ascii2bin(unsigned char a);
 #define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
-#define conv_ascii2bin(a)	(data_ascii2bin[(a)&0x7f])
 
 /* 64 char lines
  * pad input with 0
@@ -113,6 +113,14 @@ static const unsigned char data_ascii2bin[128] = {
 	0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
 };
 
+static unsigned char
+conv_ascii2bin(unsigned char a)
+{
+	if (a & 0x80)
+		return B64_ERROR;
+	return data_ascii2bin[a];
+}
+
 EVP_ENCODE_CTX *
 EVP_ENCODE_CTX_new(void)
 {
-- 
cgit v1.2.3-55-g6feb