/src/openssl/crypto/evp/encode.c

Source (jump to first uncovered line)
/* crypto/evp/encode.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <limits.h>
#include "cryptlib.h"
#include <openssl/evp.h>

static unsigned char conv_ascii2bin(unsigned char a);
#ifndef CHARSET_EBCDIC
# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
#else
/*
 * We assume that PEM encoded files are EBCDIC files (i.e., printable text
 * files). Convert them here while decoding. When encoding, output is EBCDIC
 * (text) format again. (No need for conversion in the conv_bin2ascii macro,
 * as the underlying textstring data_bin2ascii[] is already EBCDIC)
 */
# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
#endif

/*-
 * 64 char lines
 * pad input with 0
 * left over chars are set to =
 * 1 byte  => xx==
 * 2 bytes => xxx=
 * 3 bytes => xxxx
 */
#define BIN_PER_LINE    (64/4*3)
#define CHUNKS_PER_LINE (64/4)
#define CHAR_PER_LINE   (64+1)

static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
abcdefghijklmnopqrstuvwxyz0123456789+/";

/*-
 * 0xF0 is a EOLN
 * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
 * 0xF2 is EOF
 * 0xE0 is ignore at start of line.
 * 0xFF is error
 */

#define B64_EOLN                0xF0
#define B64_CR                  0xF1
#define B64_EOF                 0xF2
#define B64_WS                  0xE0
#define B64_ERROR               0xFF
#define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
#define B64_BASE64(a)           !B64_NOT_BASE64(a)

static const unsigned char data_ascii2bin[128] = {
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
    0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
    0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
    0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
    0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
    0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
    0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
    0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
    0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
    0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
    0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
};

#ifndef CHARSET_EBCDIC
static unsigned char conv_ascii2bin(unsigned char a)
{
    if (a & 0x80)
        return B64_ERROR;
    return data_ascii2bin[a];
}
#else
static unsigned char conv_ascii2bin(unsigned char a)
{
    a = os_toascii[a];
    if (a & 0x80)
        return B64_ERROR;
    return data_ascii2bin[a];
}
#endif

void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
{
    ctx->length = 48;
    ctx->num = 0;
    ctx->line_num = 0;
}

void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                      const unsigned char *in, int inl)
{
    int i, j;
    size_t total = 0;

    *outl = 0;
    if (inl <= 0)
        return;
    OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
    if (ctx->length - ctx->num > inl) {
        memcpy(&(ctx->enc_data[ctx->num]), in, inl);
        ctx->num += inl;
        return;
    }
    if (ctx->num != 0) {
        i = ctx->length - ctx->num;
        memcpy(&(ctx->enc_data[ctx->num]), in, i);
        in += i;
        inl -= i;
        j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length);
        ctx->num = 0;
        out += j;
        *(out++) = '\n';
        *out = '\0';
        total = j + 1;
    }
    while (inl >= ctx->length && total <= INT_MAX) {
        j = EVP_EncodeBlock(out, in, ctx->length);
        in += ctx->length;
        inl -= ctx->length;
        out += j;
        *(out++) = '\n';
        *out = '\0';
        total += j + 1;
    }
    if (total > INT_MAX) {
        /* Too much output data! */
        *outl = 0;
        return;
    }
    if (inl != 0)
        memcpy(&(ctx->enc_data[0]), in, inl);
    ctx->num = inl;
    *outl = total;
}

void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
{
    unsigned int ret = 0;

    if (ctx->num != 0) {
        ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num);
        out[ret++] = '\n';
        out[ret] = '\0';
        ctx->num = 0;
    }
    *outl = ret;
}

int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
{
    int i, ret = 0;
    unsigned long l;

    for (i = dlen; i > 0; i -= 3) {
        if (i >= 3) {
            l = (((unsigned long)f[0]) << 16L) |
                (((unsigned long)f[1]) << 8L) | f[2];
            *(t++) = conv_bin2ascii(l >> 18L);
            *(t++) = conv_bin2ascii(l >> 12L);
            *(t++) = conv_bin2ascii(l >> 6L);
            *(t++) = conv_bin2ascii(l);
        } else {
            l = ((unsigned long)f[0]) << 16L;
            if (i == 2)
                l |= ((unsigned long)f[1] << 8L);

            *(t++) = conv_bin2ascii(l >> 18L);
            *(t++) = conv_bin2ascii(l >> 12L);
            *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L);
            *(t++) = '=';
        }
        ret += 4;
        f += 3;
    }

    *t = '\0';
    return (ret);
}

void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
{
    /* Only ctx->num is used during decoding. */
    ctx->num = 0;
    ctx->length = 0;
    ctx->line_num = 0;
    ctx->expect_nl = 0;
}

/*-
 * -1 for error
 *  0 for last line
 *  1 for full line
 *
 * Note: even though EVP_DecodeUpdate attempts to detect and report end of
 * content, the context doesn't currently remember it and will accept more data
 * in the next call. Therefore, the caller is responsible for checking and
 * rejecting a 0 return value in the middle of content.
 *
 * Note: even though EVP_DecodeUpdate has historically tried to detect end of
 * content based on line length, this has never worked properly. Therefore,
 * we now return 0 when one of the following is true:
 *   - Padding or B64_EOF was detected and the last block is complete.
 *   - Input has zero-length.
 * -1 is returned if:
 *   - Invalid characters are detected.
 *   - There is extra trailing padding, or data after padding.
 *   - B64_EOF is detected after an incomplete base64 block.
 */
int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
                     const unsigned char *in, int inl)
{
    int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
    unsigned char *d;

    n = ctx->num;
    d = ctx->enc_data;

    if (n > 0 && d[n - 1] == '=') {
        eof++;
        if (n > 1 && d[n - 2] == '=')
            eof++;
    }

     /* Legacy behaviour: an empty input chunk signals end of input. */
    if (inl == 0) {
        rv = 0;
        goto end;
    }

    for (i = 0; i < inl; i++) {
        tmp = *(in++);
        v = conv_ascii2bin(tmp);
        if (v == B64_ERROR) {
            rv = -1;
            goto end;
        }

        if (tmp == '=') {
            eof++;
        } else if (eof > 0 && B64_BASE64(v)) {
            /* More data after padding. */
            rv = -1;
            goto end;
        }

        if (eof > 2) {
            rv = -1;
            goto end;
        }

        if (v == B64_EOF) {
            seof = 1;
            goto tail;
        }

        /* Only save valid base64 characters. */
        if (B64_BASE64(v)) {
            if (n >= 64) {
                /*
                 * We increment n once per loop, and empty the buffer as soon as
                 * we reach 64 characters, so this can only happen if someone's
                 * manually messed with the ctx. Refuse to write any more data.
                 */
                rv = -1;
                goto end;
            }
            OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
            d[n++] = tmp;
        }

        if (n == 64) {
            decoded_len = EVP_DecodeBlock(out, d, n);
            n = 0;
            if (decoded_len < 0 || eof > decoded_len) {
                rv = -1;
                goto end;
            }
            ret += decoded_len - eof;
            out += decoded_len - eof;
        }
    }

    /*
     * Legacy behaviour: if the current line is a full base64-block (i.e., has
     * 0 mod 4 base64 characters), it is processed immediately. We keep this
     * behaviour as applications may not be calling EVP_DecodeFinal properly.
     */
tail:
    if (n > 0) {
        if ((n & 3) == 0) {
            decoded_len = EVP_DecodeBlock(out, d, n);
            n = 0;
            if (decoded_len < 0 || eof > decoded_len) {
                rv = -1;
                goto end;
            }
            ret += (decoded_len - eof);
        } else if (seof) {
            /* EOF in the middle of a base64 block. */
            rv = -1;
            goto end;
        }
    }

    rv = seof || (n == 0 && eof) ? 0 : 1;
end:
    /* Legacy behaviour. This should probably rather be zeroed on error. */
    *outl = ret;
    ctx->num = n;
    return (rv);
}

int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
{
    int i, ret = 0, a, b, c, d;
    unsigned long l;

    /* trim white space from the start of the line. */
    while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
        f++;
        n--;
    }

    /*
     * strip off stuff at the end of the line ascii2bin values B64_WS,
     * B64_EOLN, B64_EOLN and B64_EOF
     */
    while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1]))))
        n--;

    if (n % 4 != 0)
        return (-1);

    for (i = 0; i < n; i += 4) {
        a = conv_ascii2bin(*(f++));
        b = conv_ascii2bin(*(f++));
        c = conv_ascii2bin(*(f++));
        d = conv_ascii2bin(*(f++));
        if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80))
            return (-1);
        l = ((((unsigned long)a) << 18L) |
             (((unsigned long)b) << 12L) |
             (((unsigned long)c) << 6L) | (((unsigned long)d)));
        *(t++) = (unsigned char)(l >> 16L) & 0xff;
        *(t++) = (unsigned char)(l >> 8L) & 0xff;
        *(t++) = (unsigned char)(l) & 0xff;
        ret += 3;
    }
    return (ret);
}

int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
{
    int i;

    *outl = 0;
    if (ctx->num != 0) {
        i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num);
        if (i < 0)
            return (-1);
        ctx->num = 0;
        *outl = i;
        return (1);
    } else
        return (1);
}

#ifdef undef
int EVP_DecodeValid(unsigned char *buf, int len)
{
    int i, num = 0, bad = 0;

    if (len == 0)
        return (-1);
    while (conv_ascii2bin(*buf) == B64_WS) {
        buf++;
        len--;
        if (len == 0)
            return (-1);
    }

    for (i = len; i >= 4; i -= 4) {
        if ((conv_ascii2bin(buf[0]) >= 0x40) ||
            (conv_ascii2bin(buf[1]) >= 0x40) ||
            (conv_ascii2bin(buf[2]) >= 0x40) ||
            (conv_ascii2bin(buf[3]) >= 0x40))
            return (-1);
        buf += 4;
        num += 1 + (buf[2] != '=') + (buf[3] != '=');
    }
    if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
        return (num);
    if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
        (conv_ascii2bin(buf[0]) == B64_EOLN))
        return (num);
    return (1);
}
#endif

Coverage Report

Created: 2022-11-30 06:20

Line	Count	Source (jump to first uncovered line)
1		/* crypto/evp/encode.c */
2		/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3		* All rights reserved.
4		*
5		* This package is an SSL implementation written
6		* by Eric Young (eay@cryptsoft.com).
7		* The implementation was written so as to conform with Netscapes SSL.
8		*
9		* This library is free for commercial and non-commercial use as long as
10		* the following conditions are aheared to. The following conditions
11		* apply to all code found in this distribution, be it the RC4, RSA,
12		* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13		* included with this distribution is covered by the same copyright terms
14		* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15		*
16		* Copyright remains Eric Young's, and as such any Copyright notices in
17		* the code are not to be removed.
18		* If this package is used in a product, Eric Young should be given attribution
19		* as the author of the parts of the library used.
20		* This can be in the form of a textual message at program startup or
21		* in documentation (online or textual) provided with the package.
22		*
23		* Redistribution and use in source and binary forms, with or without
24		* modification, are permitted provided that the following conditions
25		* are met:
26		* 1. Redistributions of source code must retain the copyright
27		* notice, this list of conditions and the following disclaimer.
28		* 2. Redistributions in binary form must reproduce the above copyright
29		* notice, this list of conditions and the following disclaimer in the
30		* documentation and/or other materials provided with the distribution.
31		* 3. All advertising materials mentioning features or use of this software
32		* must display the following acknowledgement:
33		* "This product includes cryptographic software written by
34		* Eric Young (eay@cryptsoft.com)"
35		* The word 'cryptographic' can be left out if the rouines from the library
36		* being used are not cryptographic related :-).
37		* 4. If you include any Windows specific code (or a derivative thereof) from
38		* the apps directory (application code) you must include an acknowledgement:
39		* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40		*
41		* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44		* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51		* SUCH DAMAGE.
52		*
53		* The licence and distribution terms for any publically available version or
54		* derivative of this code cannot be changed. i.e. this code cannot simply be
55		* copied and put under another distribution licence
56		* [including the GNU Public Licence.]
57		*/
58
59		#include <stdio.h>
60		#include <limits.h>
61		#include "cryptlib.h"
62		#include <openssl/evp.h>
63
64		static unsigned char conv_ascii2bin(unsigned char a);
65		#ifndef CHARSET_EBCDIC
66	0	# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
67		#else
68		/*
69		* We assume that PEM encoded files are EBCDIC files (i.e., printable text
70		* files). Convert them here while decoding. When encoding, output is EBCDIC
71		* (text) format again. (No need for conversion in the conv_bin2ascii macro,
72		* as the underlying textstring data_bin2ascii[] is already EBCDIC)
73		*/
74		# define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f])
75		#endif
76
77		/*-
78		* 64 char lines
79		* pad input with 0
80		* left over chars are set to =
81		* 1 byte => xx==
82		* 2 bytes => xxx=
83		* 3 bytes => xxxx
84		*/
85		#define BIN_PER_LINE (64/4*3)
86		#define CHUNKS_PER_LINE (64/4)
87		#define CHAR_PER_LINE (64+1)
88
89		static const unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
90		abcdefghijklmnopqrstuvwxyz0123456789+/";
91
92		/*-
93		* 0xF0 is a EOLN
94		* 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
95		* 0xF2 is EOF
96		* 0xE0 is ignore at start of line.
97		* 0xFF is error
98		*/
99
100		#define B64_EOLN 0xF0
101		#define B64_CR 0xF1
102	234M	#define B64_EOF 0xF2
103	3.67M	#define B64_WS 0xE0
104	234M	#define B64_ERROR 0xFF
105	238M	#define B64_NOT_BASE64(a) (((a)\|0x13) == 0xF3)
106	234M	#define B64_BASE64(a) !B64_NOT_BASE64(a)
107
108		static const unsigned char data_ascii2bin[128] = {
109		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
110		0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
111		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
112		0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
113		0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
114		0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
115		0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
116		0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
117		0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
118		0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
119		0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
120		0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
121		0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
122		0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
123		0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
124		0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
125		};
126
127		#ifndef CHARSET_EBCDIC
128		static unsigned char conv_ascii2bin(unsigned char a)
129	472M	{
130	472M	if (a & 0x80)
131	0	return B64_ERROR;
132	472M	return data_ascii2bin[a];
133	472M	}
134		#else
135		static unsigned char conv_ascii2bin(unsigned char a)
136		{
137		a = os_toascii[a];
138		if (a & 0x80)
139		return B64_ERROR;
140		return data_ascii2bin[a];
141		}
142		#endif
143
144		void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
145	0	{
146	0	ctx->length = 48;
147	0	ctx->num = 0;
148	0	ctx->line_num = 0;
149	0	}
150
151		void EVP_EncodeUpdate(EVP_ENCODE_CTX ctx, unsigned char out, int *outl,
152		const unsigned char *in, int inl)
153	0	{
154	0	int i, j;
155	0	size_t total = 0;
156
157	0	*outl = 0;
158	0	if (inl <= 0)
159	0	return;
160	0	OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
161	0	if (ctx->length - ctx->num > inl) {
162	0	memcpy(&(ctx->enc_data[ctx->num]), in, inl);
163	0	ctx->num += inl;
164	0	return;
165	0	}
166	0	if (ctx->num != 0) {
167	0	i = ctx->length - ctx->num;
168	0	memcpy(&(ctx->enc_data[ctx->num]), in, i);
169	0	in += i;
170	0	inl -= i;
171	0	j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length);
172	0	ctx->num = 0;
173	0	out += j;
174	0	*(out++) = '\n';
175	0	*out = '\0';
176	0	total = j + 1;
177	0	}
178	0	while (inl >= ctx->length && total <= INT_MAX) {
179	0	j = EVP_EncodeBlock(out, in, ctx->length);
180	0	in += ctx->length;
181	0	inl -= ctx->length;
182	0	out += j;
183	0	*(out++) = '\n';
184	0	*out = '\0';
185	0	total += j + 1;
186	0	}
187	0	if (total > INT_MAX) {
188		/* Too much output data! */
189	0	*outl = 0;
190	0	return;
191	0	}
192	0	if (inl != 0)
193	0	memcpy(&(ctx->enc_data[0]), in, inl);
194	0	ctx->num = inl;
195	0	*outl = total;
196	0	}
197
198		void EVP_EncodeFinal(EVP_ENCODE_CTX ctx, unsigned char out, int *outl)
199	0	{
200	0	unsigned int ret = 0;
201
202	0	if (ctx->num != 0) {
203	0	ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num);
204	0	out[ret++] = '\n';
205	0	out[ret] = '\0';
206	0	ctx->num = 0;
207	0	}
208	0	*outl = ret;
209	0	}
210
211		int EVP_EncodeBlock(unsigned char t, const unsigned char f, int dlen)
212	0	{
213	0	int i, ret = 0;
214	0	unsigned long l;
215
216	0	for (i = dlen; i > 0; i -= 3) {
217	0	if (i >= 3) {
218	0	l = (((unsigned long)f[0]) << 16L) \|
219	0	(((unsigned long)f[1]) << 8L) \| f[2];
220	0	*(t++) = conv_bin2ascii(l >> 18L);
221	0	*(t++) = conv_bin2ascii(l >> 12L);
222	0	*(t++) = conv_bin2ascii(l >> 6L);
223	0	*(t++) = conv_bin2ascii(l);
224	0	} else {
225	0	l = ((unsigned long)f[0]) << 16L;
226	0	if (i == 2)
227	0	l \|= ((unsigned long)f[1] << 8L);
228
229	0	*(t++) = conv_bin2ascii(l >> 18L);
230	0	*(t++) = conv_bin2ascii(l >> 12L);
231	0	*(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L);
232	0	*(t++) = '=';
233	0	}
234	0	ret += 4;
235	0	f += 3;
236	0	}
237
238	0	*t = '\0';
239	0	return (ret);
240	0	}
241
242		void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
243	157k	{
244		/* Only ctx->num is used during decoding. */
245	157k	ctx->num = 0;
246	157k	ctx->length = 0;
247	157k	ctx->line_num = 0;
248	157k	ctx->expect_nl = 0;
249	157k	}
250
251		/*-
252		* -1 for error
253		* 0 for last line
254		* 1 for full line
255		*
256		* Note: even though EVP_DecodeUpdate attempts to detect and report end of
257		* content, the context doesn't currently remember it and will accept more data
258		* in the next call. Therefore, the caller is responsible for checking and
259		* rejecting a 0 return value in the middle of content.
260		*
261		* Note: even though EVP_DecodeUpdate has historically tried to detect end of
262		* content based on line length, this has never worked properly. Therefore,
263		* we now return 0 when one of the following is true:
264		* - Padding or B64_EOF was detected and the last block is complete.
265		* - Input has zero-length.
266		* -1 is returned if:
267		* - Invalid characters are detected.
268		* - There is extra trailing padding, or data after padding.
269		* - B64_EOF is detected after an incomplete base64 block.
270		*/
271		int EVP_DecodeUpdate(EVP_ENCODE_CTX ctx, unsigned char out, int *outl,
272		const unsigned char *in, int inl)
273	157k	{
274	157k	int seof = 0, eof = 0, rv = -1, ret = 0, i, v, tmp, n, decoded_len;
275	157k	unsigned char *d;
276
277	157k	n = ctx->num;
278	157k	d = ctx->enc_data;
279
280	157k	if (n > 0 && d[n - 1] == '=') {
281	0	eof++;
282	0	if (n > 1 && d[n - 2] == '=')
283	0	eof++;
284	0	}
285
286		/* Legacy behaviour: an empty input chunk signals end of input. */
287	157k	if (inl == 0) {
288	0	rv = 0;
289	0	goto end;
290	0	}
291
292	234M	for (i = 0; i < inl; i++) {
293	234M	tmp = *(in++);
294	234M	v = conv_ascii2bin(tmp);
295	234M	if (v == B64_ERROR) {
296	0	rv = -1;
297	0	goto end;
298	0	}
299
300	234M	if (tmp == '=') {
301	135k	eof++;
302	234M	} else if (eof > 0 && B64_BASE64(v)) {
303		/* More data after padding. */
304	0	rv = -1;
305	0	goto end;
306	0	}
307
308	234M	if (eof > 2) {
309	0	rv = -1;
310	0	goto end;
311	0	}
312
313	234M	if (v == B64_EOF) {
314	0	seof = 1;
315	0	goto tail;
316	0	}
317
318		/* Only save valid base64 characters. */
319	234M	if (B64_BASE64(v)) {
320	230M	if (n >= 64) {
321		/*
322		* We increment n once per loop, and empty the buffer as soon as
323		* we reach 64 characters, so this can only happen if someone's
324		* manually messed with the ctx. Refuse to write any more data.
325		*/
326	0	rv = -1;
327	0	goto end;
328	0	}
329	230M	OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
330	230M	d[n++] = tmp;
331	230M	}
332
333	234M	if (n == 64) {
334	3.53M	decoded_len = EVP_DecodeBlock(out, d, n);
335	3.53M	n = 0;
336	3.53M	if (decoded_len < 0 \|\| eof > decoded_len) {
337	0	rv = -1;
338	0	goto end;
339	0	}
340	3.53M	ret += decoded_len - eof;
341	3.53M	out += decoded_len - eof;
342	3.53M	}
343	234M	}
344
345		/*
346		* Legacy behaviour: if the current line is a full base64-block (i.e., has
347		* 0 mod 4 base64 characters), it is processed immediately. We keep this
348		* behaviour as applications may not be calling EVP_DecodeFinal properly.
349		*/
350	157k	tail:
351	157k	if (n > 0) {
352	146k	if ((n & 3) == 0) {
353	146k	decoded_len = EVP_DecodeBlock(out, d, n);
354	146k	n = 0;
355	146k	if (decoded_len < 0 \|\| eof > decoded_len) {
356	0	rv = -1;
357	0	goto end;
358	0	}
359	146k	ret += (decoded_len - eof);
360	146k	} else if (seof) {
361		/* EOF in the middle of a base64 block. */
362	0	rv = -1;
363	0	goto end;
364	0	}
365	146k	}
366
367	157k	rv = seof \|\| (n == 0 && eof) ? 0 : 1;
368	157k	end:
369		/* Legacy behaviour. This should probably rather be zeroed on error. */
370	157k	*outl = ret;
371	157k	ctx->num = n;
372	157k	return (rv);
373	157k	}
374
375		int EVP_DecodeBlock(unsigned char t, const unsigned char f, int n)
376	3.67M	{
377	3.67M	int i, ret = 0, a, b, c, d;
378	3.67M	unsigned long l;
379
380		/* trim white space from the start of the line. */
381	3.67M	while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
382	0	f++;
383	0	n--;
384	0	}
385
386		/*
387		* strip off stuff at the end of the line ascii2bin values B64_WS,
388		* B64_EOLN, B64_EOLN and B64_EOF
389		*/
390	3.67M	while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1]))))
391	0	n--;
392
393	3.67M	if (n % 4 != 0)
394	0	return (-1);
395
396	61.3M	for (i = 0; i < n; i += 4) {
397	57.6M	a = conv_ascii2bin(*(f++));
398	57.6M	b = conv_ascii2bin(*(f++));
399	57.6M	c = conv_ascii2bin(*(f++));
400	57.6M	d = conv_ascii2bin(*(f++));
401	57.6M	if ((a & 0x80) \|\| (b & 0x80) \|\| (c & 0x80) \|\| (d & 0x80))
402	0	return (-1);
403	57.6M	l = ((((unsigned long)a) << 18L) \|
404	57.6M	(((unsigned long)b) << 12L) \|
405	57.6M	(((unsigned long)c) << 6L) \| (((unsigned long)d)));
406	57.6M	*(t++) = (unsigned char)(l >> 16L) & 0xff;
407	57.6M	*(t++) = (unsigned char)(l >> 8L) & 0xff;
408	57.6M	*(t++) = (unsigned char)(l) & 0xff;
409	57.6M	ret += 3;
410	57.6M	}
411	3.67M	return (ret);
412	3.67M	}
413
414		int EVP_DecodeFinal(EVP_ENCODE_CTX ctx, unsigned char out, int *outl)
415	157k	{
416	157k	int i;
417
418	157k	*outl = 0;
419	157k	if (ctx->num != 0) {
420	0	i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num);
421	0	if (i < 0)
422	0	return (-1);
423	0	ctx->num = 0;
424	0	*outl = i;
425	0	return (1);
426	0	} else
427	157k	return (1);
428	157k	}
429
430		#ifdef undef
431		int EVP_DecodeValid(unsigned char *buf, int len)
432		{
433		int i, num = 0, bad = 0;
434
435		if (len == 0)
436		return (-1);
437		while (conv_ascii2bin(*buf) == B64_WS) {
438		buf++;
439		len--;
440		if (len == 0)
441		return (-1);
442		}
443
444		for (i = len; i >= 4; i -= 4) {
445		if ((conv_ascii2bin(buf[0]) >= 0x40) \|\|
446		(conv_ascii2bin(buf[1]) >= 0x40) \|\|
447		(conv_ascii2bin(buf[2]) >= 0x40) \|\|
448		(conv_ascii2bin(buf[3]) >= 0x40))
449		return (-1);
450		buf += 4;
451		num += 1 + (buf[2] != '=') + (buf[3] != '=');
452		}
453		if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
454		return (num);
455		if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
456		(conv_ascii2bin(buf[0]) == B64_EOLN))
457		return (num);
458		return (1);
459		}
460		#endif