aboutsummaryrefslogtreecommitdiffstats
path: root/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64
diff options
context:
space:
mode:
authorAngelos Mouzakitis <a.mouzakitis@virtualopensystems.com>2023-10-10 14:33:42 +0000
committerAngelos Mouzakitis <a.mouzakitis@virtualopensystems.com>2023-10-10 14:33:42 +0000
commitaf1a266670d040d2f4083ff309d732d648afba2a (patch)
tree2fc46203448ddcc6f81546d379abfaeb323575e9 /roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64
parente02cda008591317b1625707ff8e115a4841aa889 (diff)
Add submodule dependency filesHEADmaster
Change-Id: Iaf8d18082d3991dec7c0ebbea540f092188eb4ec
Diffstat (limited to 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64')
-rw-r--r--roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/CMakeLists.txt20
-rw-r--r--roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64.c444
-rw-r--r--roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64_test.cc396
3 files changed, 860 insertions, 0 deletions
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/CMakeLists.txt b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/CMakeLists.txt
new file mode 100644
index 000000000..15ee6916f
--- /dev/null
+++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/CMakeLists.txt
@@ -0,0 +1,20 @@
+include_directories(../../include)
+
+add_library(
+ base64
+
+ OBJECT
+
+ base64.c
+)
+
+add_executable(
+ base64_test
+
+ base64_test.cc
+
+ $<TARGET_OBJECTS:test_support>
+)
+
+target_link_libraries(base64_test crypto)
+add_dependencies(all_tests base64_test)
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64.c
new file mode 100644
index 000000000..7afadf746
--- /dev/null
+++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64.c
@@ -0,0 +1,444 @@
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.] */
+
+#include <openssl/base64.h>
+
+#include <assert.h>
+#include <limits.h>
+#include <string.h>
+
+#include <openssl/type_check.h>
+
+#include "../internal.h"
+
+
+/* Encoding. */
+
+static const unsigned char data_bin2ascii[65] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+
+#define conv_bin2ascii(a) (data_bin2ascii[(a) & 0x3f])
+
+OPENSSL_COMPILE_ASSERT(sizeof(((EVP_ENCODE_CTX *)(NULL))->data) % 3 == 0,
+ data_length_must_be_multiple_of_base64_chunk_size);
+
+int EVP_EncodedLength(size_t *out_len, size_t len) {
+ if (len + 2 < len) {
+ return 0;
+ }
+ len += 2;
+ len /= 3;
+
+ if (((len << 2) >> 2) != len) {
+ return 0;
+ }
+ len <<= 2;
+
+ if (len + 1 < len) {
+ return 0;
+ }
+ len++;
+
+ *out_len = len;
+ return 1;
+}
+
+void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) {
+ OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX));
+}
+
+void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len,
+ const uint8_t *in, size_t in_len) {
+ size_t total = 0;
+
+ *out_len = 0;
+ if (in_len == 0) {
+ return;
+ }
+
+ assert(ctx->data_used < sizeof(ctx->data));
+
+ if (sizeof(ctx->data) - ctx->data_used > in_len) {
+ OPENSSL_memcpy(&ctx->data[ctx->data_used], in, in_len);
+ ctx->data_used += (unsigned)in_len;
+ return;
+ }
+
+ if (ctx->data_used != 0) {
+ const size_t todo = sizeof(ctx->data) - ctx->data_used;
+ OPENSSL_memcpy(&ctx->data[ctx->data_used], in, todo);
+ in += todo;
+ in_len -= todo;
+
+ size_t encoded = EVP_EncodeBlock(out, ctx->data, sizeof(ctx->data));
+ ctx->data_used = 0;
+
+ out += encoded;
+ *(out++) = '\n';
+ *out = '\0';
+
+ total = encoded + 1;
+ }
+
+ while (in_len >= sizeof(ctx->data)) {
+ size_t encoded = EVP_EncodeBlock(out, in, sizeof(ctx->data));
+ in += sizeof(ctx->data);
+ in_len -= sizeof(ctx->data);
+
+ out += encoded;
+ *(out++) = '\n';
+ *out = '\0';
+
+ if (total + encoded + 1 < total) {
+ *out_len = 0;
+ return;
+ }
+
+ total += encoded + 1;
+ }
+
+ if (in_len != 0) {
+ OPENSSL_memcpy(ctx->data, in, in_len);
+ }
+
+ ctx->data_used = (unsigned)in_len;
+
+ if (total > INT_MAX) {
+ /* We cannot signal an error, but we can at least avoid making *out_len
+ * negative. */
+ total = 0;
+ }
+ *out_len = (int)total;
+}
+
+void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len) {
+ if (ctx->data_used == 0) {
+ *out_len = 0;
+ return;
+ }
+
+ size_t encoded = EVP_EncodeBlock(out, ctx->data, ctx->data_used);
+ out[encoded++] = '\n';
+ out[encoded] = '\0';
+ ctx->data_used = 0;
+
+ /* ctx->data_used is bounded by sizeof(ctx->data), so this does not
+ * overflow. */
+ assert(encoded <= INT_MAX);
+ *out_len = (int)encoded;
+}
+
+size_t EVP_EncodeBlock(uint8_t *dst, const uint8_t *src, size_t src_len) {
+ uint32_t l;
+ size_t remaining = src_len, ret = 0;
+
+ while (remaining) {
+ if (remaining >= 3) {
+ l = (((uint32_t)src[0]) << 16L) | (((uint32_t)src[1]) << 8L) | src[2];
+ *(dst++) = conv_bin2ascii(l >> 18L);
+ *(dst++) = conv_bin2ascii(l >> 12L);
+ *(dst++) = conv_bin2ascii(l >> 6L);
+ *(dst++) = conv_bin2ascii(l);
+ remaining -= 3;
+ } else {
+ l = ((uint32_t)src[0]) << 16L;
+ if (remaining == 2) {
+ l |= ((uint32_t)src[1] << 8L);
+ }
+
+ *(dst++) = conv_bin2ascii(l >> 18L);
+ *(dst++) = conv_bin2ascii(l >> 12L);
+ *(dst++) = (remaining == 1) ? '=' : conv_bin2ascii(l >> 6L);
+ *(dst++) = '=';
+ remaining = 0;
+ }
+ ret += 4;
+ src += 3;
+ }
+
+ *dst = '\0';
+ return ret;
+}
+
+
+/* Decoding. */
+
+int EVP_DecodedLength(size_t *out_len, size_t len) {
+ if (len % 4 != 0) {
+ return 0;
+ }
+
+ *out_len = (len / 4) * 3;
+ return 1;
+}
+
+void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) {
+ OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX));
+}
+
+/* kBase64ASCIIToBinData maps characters (c < 128) to their base64 value, or
+ * else 0xff if they are invalid. As a special case, the padding character
+ * ('=') is mapped to zero. */
+static const uint8_t kBase64ASCIIToBinData[128] = {
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff,
+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
+ 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff,
+ 0xff, 0x00, 0xff, 0xff, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
+ 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
+ 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
+ 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+ 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff,
+};
+
+static uint8_t base64_ascii_to_bin(uint8_t a) {
+ if (a >= 128) {
+ return 0xFF;
+ }
+
+ return kBase64ASCIIToBinData[a];
+}
+
+/* base64_decode_quad decodes a single “quad” (i.e. four characters) of base64
+ * data and writes up to three bytes to |out|. It sets |*out_num_bytes| to the
+ * number of bytes written, which will be less than three if the quad ended
+ * with padding. It returns one on success or zero on error. */
+static int base64_decode_quad(uint8_t *out, size_t *out_num_bytes,
+ const uint8_t *in) {
+ const uint8_t a = base64_ascii_to_bin(in[0]);
+ const uint8_t b = base64_ascii_to_bin(in[1]);
+ const uint8_t c = base64_ascii_to_bin(in[2]);
+ const uint8_t d = base64_ascii_to_bin(in[3]);
+ if (a == 0xff || b == 0xff || c == 0xff || d == 0xff) {
+ return 0;
+ }
+
+ const uint32_t v = ((uint32_t)a) << 18 | ((uint32_t)b) << 12 |
+ ((uint32_t)c) << 6 | (uint32_t)d;
+
+ const unsigned padding_pattern = (in[0] == '=') << 3 |
+ (in[1] == '=') << 2 |
+ (in[2] == '=') << 1 |
+ (in[3] == '=');
+
+ switch (padding_pattern) {
+ case 0:
+ /* The common case of no padding. */
+ *out_num_bytes = 3;
+ out[0] = v >> 16;
+ out[1] = v >> 8;
+ out[2] = v;
+ break;
+
+ case 1: /* xxx= */
+ *out_num_bytes = 2;
+ out[0] = v >> 16;
+ out[1] = v >> 8;
+ break;
+
+ case 3: /* xx== */
+ *out_num_bytes = 1;
+ out[0] = v >> 16;
+ break;
+
+ default:
+ return 0;
+ }
+
+ return 1;
+}
+
+int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len,
+ const uint8_t *in, size_t in_len) {
+ *out_len = 0;
+
+ if (ctx->error_encountered) {
+ return -1;
+ }
+
+ size_t bytes_out = 0, i;
+ for (i = 0; i < in_len; i++) {
+ const char c = in[i];
+ switch (c) {
+ case ' ':
+ case '\t':
+ case '\r':
+ case '\n':
+ continue;
+ }
+
+ if (base64_ascii_to_bin(c) == 0xff || ctx->eof_seen) {
+ ctx->error_encountered = 1;
+ return -1;
+ }
+
+ ctx->data[ctx->data_used++] = c;
+ if (ctx->data_used == 4) {
+ size_t num_bytes_resulting;
+ if (!base64_decode_quad(out, &num_bytes_resulting, ctx->data)) {
+ ctx->error_encountered = 1;
+ return -1;
+ }
+
+ ctx->data_used = 0;
+ bytes_out += num_bytes_resulting;
+ out += num_bytes_resulting;
+
+ if (num_bytes_resulting < 3) {
+ ctx->eof_seen = 1;
+ }
+ }
+ }
+
+ if (bytes_out > INT_MAX) {
+ ctx->error_encountered = 1;
+ *out_len = 0;
+ return -1;
+ }
+ *out_len = (int)bytes_out;
+
+ if (ctx->eof_seen) {
+ return 0;
+ }
+
+ return 1;
+}
+
+int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len) {
+ *out_len = 0;
+ if (ctx->error_encountered || ctx->data_used != 0) {
+ return -1;
+ }
+
+ return 1;
+}
+
+int EVP_DecodeBase64(uint8_t *out, size_t *out_len, size_t max_out,
+ const uint8_t *in, size_t in_len) {
+ *out_len = 0;
+
+ if (in_len % 4 != 0) {
+ return 0;
+ }
+
+ size_t max_len;
+ if (!EVP_DecodedLength(&max_len, in_len) ||
+ max_out < max_len) {
+ return 0;
+ }
+
+ size_t i, bytes_out = 0;
+ for (i = 0; i < in_len; i += 4) {
+ size_t num_bytes_resulting;
+
+ if (!base64_decode_quad(out, &num_bytes_resulting, &in[i])) {
+ return 0;
+ }
+
+ bytes_out += num_bytes_resulting;
+ out += num_bytes_resulting;
+ if (num_bytes_resulting != 3 && i != in_len - 4) {
+ return 0;
+ }
+ }
+
+ *out_len = bytes_out;
+ return 1;
+}
+
+int EVP_DecodeBlock(uint8_t *dst, const uint8_t *src, size_t src_len) {
+ /* Trim spaces and tabs from the beginning of the input. */
+ while (src_len > 0) {
+ if (src[0] != ' ' && src[0] != '\t') {
+ break;
+ }
+
+ src++;
+ src_len--;
+ }
+
+ /* Trim newlines, spaces and tabs from the end of the line. */
+ while (src_len > 0) {
+ switch (src[src_len-1]) {
+ case ' ':
+ case '\t':
+ case '\r':
+ case '\n':
+ src_len--;
+ continue;
+ }
+
+ break;
+ }
+
+ size_t dst_len;
+ if (!EVP_DecodedLength(&dst_len, src_len) ||
+ dst_len > INT_MAX ||
+ !EVP_DecodeBase64(dst, &dst_len, dst_len, src, src_len)) {
+ return -1;
+ }
+
+ /* EVP_DecodeBlock does not take padding into account, so put the
+ * NULs back in... so the caller can strip them back out. */
+ while (dst_len % 3 != 0) {
+ dst[dst_len++] = '\0';
+ }
+ assert(dst_len <= INT_MAX);
+
+ return (int)dst_len;
+}
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64_test.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64_test.cc
new file mode 100644
index 000000000..bdf3d9a4d
--- /dev/null
+++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64_test.cc
@@ -0,0 +1,396 @@
+/* Copyright (c) 2014, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <stdio.h>
+#include <string.h>
+
+#include <string>
+#include <vector>
+
+#include <openssl/base64.h>
+#include <openssl/crypto.h>
+#include <openssl/err.h>
+
+#include "../internal.h"
+
+
+enum encoding_relation {
+ // canonical indicates that the encoding is the expected encoding of the
+ // input.
+ canonical,
+ // valid indicates that the encoding is /a/ valid encoding of the input, but
+ // need not be the canonical one.
+ valid,
+ // invalid indicates that the encoded data is valid.
+ invalid,
+};
+
+struct TestVector {
+ enum encoding_relation relation;
+ const char *decoded;
+ const char *encoded;
+};
+
+// Test vectors from RFC 4648.
+static const TestVector kTestVectors[] = {
+ {canonical, "", ""},
+ {canonical, "f", "Zg==\n"},
+ {canonical, "fo", "Zm8=\n"},
+ {canonical, "foo", "Zm9v\n"},
+ {canonical, "foob", "Zm9vYg==\n"},
+ {canonical, "fooba", "Zm9vYmE=\n"},
+ {canonical, "foobar", "Zm9vYmFy\n"},
+ {valid, "foobar", "Zm9vYmFy\n\n"},
+ {valid, "foobar", " Zm9vYmFy\n\n"},
+ {valid, "foobar", " Z m 9 v Y m F y\n\n"},
+ {invalid, "", "Zm9vYmFy=\n"},
+ {invalid, "", "Zm9vYmFy==\n"},
+ {invalid, "", "Zm9vYmFy===\n"},
+ {invalid, "", "Z"},
+ {invalid, "", "Z\n"},
+ {invalid, "", "ab!c"},
+ {invalid, "", "ab=c"},
+ {invalid, "", "abc"},
+
+ {canonical, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==\n"},
+ {valid, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA\n==\n"},
+ {valid, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA=\n=\n"},
+ {invalid, "",
+ "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA=\n==\n"},
+ {canonical, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neHh4eHh"
+ "4eHh4eHh4\n"},
+ {canonical,
+ "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neHh4eHh"
+ "4eHh4eHh4eHh4eA==\n"},
+ {valid, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh\n4eHh4eHh"
+ "4eHh4eHh4eHh4eA==\n"},
+ {valid, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4e"
+ "Hh4eHh4eHh4eA==\n"},
+ {invalid, "",
+ "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA=="
+ "\neHh4eHh4eHh4eHh4eHh4eHh4\n"},
+
+ // A '-' has traditionally been treated as the end of the data by OpenSSL
+ // and anything following would be ignored. BoringSSL does not accept this
+ // non-standard extension.
+ {invalid, "", "Zm9vYmFy-anythinggoes"},
+ {invalid, "", "Zm9vYmFy\n-anythinggoes"},
+
+ // CVE-2015-0292
+ {invalid, "",
+ "ZW5jb2RlIG1lCg==========================================================="
+ "=======\n"},
+};
+
+static const size_t kNumTests = OPENSSL_ARRAY_SIZE(kTestVectors);
+
+// RemoveNewlines returns a copy of |in| with all '\n' characters removed.
+static std::string RemoveNewlines(const char *in) {
+ std::string ret;
+ const size_t in_len = strlen(in);
+
+ for (size_t i = 0; i < in_len; i++) {
+ if (in[i] != '\n') {
+ ret.push_back(in[i]);
+ }
+ }
+
+ return ret;
+}
+
+static bool TestEncodeBlock() {
+ for (unsigned i = 0; i < kNumTests; i++) {
+ const TestVector *t = &kTestVectors[i];
+ if (t->relation != canonical) {
+ continue;
+ }
+
+ const size_t decoded_len = strlen(t->decoded);
+ size_t max_encoded_len;
+ if (!EVP_EncodedLength(&max_encoded_len, decoded_len)) {
+ fprintf(stderr, "#%u: EVP_EncodedLength failed\n", i);
+ return false;
+ }
+
+ std::vector<uint8_t> out_vec(max_encoded_len);
+ uint8_t *out = out_vec.data();
+ size_t len = EVP_EncodeBlock(out, (const uint8_t *)t->decoded, decoded_len);
+
+ std::string encoded(RemoveNewlines(t->encoded));
+ if (len != encoded.size() ||
+ OPENSSL_memcmp(out, encoded.data(), len) != 0) {
+ fprintf(stderr, "encode(\"%s\") = \"%.*s\", want \"%s\"\n",
+ t->decoded, (int)len, (const char*)out, encoded.c_str());
+ return false;
+ }
+ }
+
+ return true;
+}
+
+static bool TestDecodeBase64() {
+ size_t len;
+
+ for (unsigned i = 0; i < kNumTests; i++) {
+ const TestVector *t = &kTestVectors[i];
+
+ if (t->relation == valid) {
+ // The non-canonical encodings will generally have odd whitespace etc
+ // that |EVP_DecodeBase64| will reject.
+ continue;
+ }
+
+ const std::string encoded(RemoveNewlines(t->encoded));
+ std::vector<uint8_t> out_vec(encoded.size());
+ uint8_t *out = out_vec.data();
+
+ int ok = EVP_DecodeBase64(out, &len, out_vec.size(),
+ (const uint8_t *)encoded.data(), encoded.size());
+
+ if (t->relation == invalid) {
+ if (ok) {
+ fprintf(stderr, "decode(\"%s\") didn't fail but should have\n",
+ encoded.c_str());
+ return false;
+ }
+ } else if (t->relation == canonical) {
+ if (!ok) {
+ fprintf(stderr, "decode(\"%s\") failed\n", encoded.c_str());
+ return false;
+ }
+
+ if (len != strlen(t->decoded) ||
+ OPENSSL_memcmp(out, t->decoded, len) != 0) {
+ fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n",
+ encoded.c_str(), (int)len, (const char*)out, t->decoded);
+ return false;
+ }
+ }
+ }
+
+ return true;
+}
+
+static bool TestDecodeBlock() {
+ for (unsigned i = 0; i < kNumTests; i++) {
+ const TestVector *t = &kTestVectors[i];
+ if (t->relation != canonical) {
+ continue;
+ }
+
+ std::string encoded(RemoveNewlines(t->encoded));
+
+ std::vector<uint8_t> out_vec(encoded.size());
+ uint8_t *out = out_vec.data();
+
+ // Test that the padding behavior of the deprecated API is preserved.
+ int ret =
+ EVP_DecodeBlock(out, (const uint8_t *)encoded.data(), encoded.size());
+ if (ret < 0) {
+ fprintf(stderr, "EVP_DecodeBlock(\"%s\") failed\n", t->encoded);
+ return false;
+ }
+ if (ret % 3 != 0) {
+ fprintf(stderr, "EVP_DecodeBlock did not ignore padding\n");
+ return false;
+ }
+ size_t expected_len = strlen(t->decoded);
+ if (expected_len % 3 != 0) {
+ ret -= 3 - (expected_len % 3);
+ }
+ if (static_cast<size_t>(ret) != strlen(t->decoded) ||
+ OPENSSL_memcmp(out, t->decoded, ret) != 0) {
+ fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n",
+ t->encoded, ret, (const char*)out, t->decoded);
+ return false;
+ }
+ }
+
+ return true;
+}
+
+static bool TestEncodeDecode() {
+ for (unsigned test_num = 0; test_num < kNumTests; test_num++) {
+ const TestVector *t = &kTestVectors[test_num];
+
+ EVP_ENCODE_CTX ctx;
+ const size_t decoded_len = strlen(t->decoded);
+
+ if (t->relation == canonical) {
+ size_t max_encoded_len;
+ if (!EVP_EncodedLength(&max_encoded_len, decoded_len)) {
+ fprintf(stderr, "#%u: EVP_EncodedLength failed\n", test_num);
+ return false;
+ }
+
+ // EVP_EncodeUpdate will output new lines every 64 bytes of output so we
+ // need slightly more than |EVP_EncodedLength| returns. */
+ max_encoded_len += (max_encoded_len + 63) >> 6;
+ std::vector<uint8_t> out_vec(max_encoded_len);
+ uint8_t *out = out_vec.data();
+
+ EVP_EncodeInit(&ctx);
+
+ int out_len;
+ EVP_EncodeUpdate(&ctx, out, &out_len,
+ reinterpret_cast<const uint8_t *>(t->decoded),
+ decoded_len);
+ size_t total = out_len;
+
+ EVP_EncodeFinal(&ctx, out + total, &out_len);
+ total += out_len;
+
+ if (total != strlen(t->encoded) ||
+ OPENSSL_memcmp(out, t->encoded, total) != 0) {
+ fprintf(stderr, "#%u: EVP_EncodeUpdate produced different output: '%s' (%u)\n",
+ test_num, out, static_cast<unsigned>(total));
+ return false;
+ }
+ }
+
+ std::vector<uint8_t> out_vec(strlen(t->encoded));
+ uint8_t *out = out_vec.data();
+
+ EVP_DecodeInit(&ctx);
+ int out_len;
+ size_t total = 0;
+ int ret = EVP_DecodeUpdate(&ctx, out, &out_len,
+ reinterpret_cast<const uint8_t *>(t->encoded),
+ strlen(t->encoded));
+ if (ret != -1) {
+ total = out_len;
+ ret = EVP_DecodeFinal(&ctx, out + total, &out_len);
+ total += out_len;
+ }
+
+ switch (t->relation) {
+ case canonical:
+ case valid:
+ if (ret == -1) {
+ fprintf(stderr, "#%u: EVP_DecodeUpdate failed\n", test_num);
+ return false;
+ }
+ if (total != decoded_len ||
+ OPENSSL_memcmp(out, t->decoded, decoded_len)) {
+ fprintf(stderr, "#%u: EVP_DecodeUpdate produced incorrect output\n",
+ test_num);
+ return false;
+ }
+ break;
+
+ case invalid:
+ if (ret != -1) {
+ fprintf(stderr, "#%u: EVP_DecodeUpdate was successful but shouldn't have been\n", test_num);
+ return false;
+ }
+ break;
+ }
+ }
+
+ return true;
+}
+
+static bool TestDecodeUpdateStreaming() {
+ for (unsigned test_num = 0; test_num < kNumTests; test_num++) {
+ const TestVector *t = &kTestVectors[test_num];
+ if (t->relation == invalid) {
+ continue;
+ }
+
+ const size_t encoded_len = strlen(t->encoded);
+
+ std::vector<uint8_t> out(encoded_len);
+
+ for (size_t chunk_size = 1; chunk_size <= encoded_len; chunk_size++) {
+ size_t out_len = 0;
+ EVP_ENCODE_CTX ctx;
+ EVP_DecodeInit(&ctx);
+
+ for (size_t i = 0; i < encoded_len;) {
+ size_t todo = encoded_len - i;
+ if (todo > chunk_size) {
+ todo = chunk_size;
+ }
+
+ int bytes_written;
+ int ret = EVP_DecodeUpdate(
+ &ctx, out.data() + out_len, &bytes_written,
+ reinterpret_cast<const uint8_t *>(t->encoded + i), todo);
+ i += todo;
+
+ switch (ret) {
+ case -1:
+ fprintf(stderr, "#%u: EVP_DecodeUpdate returned error\n", test_num);
+ return 0;
+ case 0:
+ out_len += bytes_written;
+ if (i == encoded_len ||
+ (i + 1 == encoded_len && t->encoded[i] == '\n') ||
+ /* If there was an '-' in the input (which means “EOF”) then
+ * this loop will continue to test that |EVP_DecodeUpdate| will
+ * ignore the remainder of the input. */
+ strchr(t->encoded, '-') != nullptr) {
+ break;
+ }
+
+ fprintf(stderr,
+ "#%u: EVP_DecodeUpdate returned zero before end of "
+ "encoded data\n",
+ test_num);
+ return 0;
+ default:
+ out_len += bytes_written;
+ }
+ }
+
+ int bytes_written;
+ int ret = EVP_DecodeFinal(&ctx, out.data() + out_len, &bytes_written);
+ if (ret == -1) {
+ fprintf(stderr, "#%u: EVP_DecodeFinal returned error\n", test_num);
+ return 0;
+ }
+ out_len += bytes_written;
+
+ if (out_len != strlen(t->decoded) ||
+ OPENSSL_memcmp(out.data(), t->decoded, out_len) != 0) {
+ fprintf(stderr, "#%u: incorrect output\n", test_num);
+ return 0;
+ }
+ }
+ }
+
+ return true;
+}
+
+int main(void) {
+ CRYPTO_library_init();
+
+ if (!TestEncodeBlock() ||
+ !TestDecodeBase64() ||
+ !TestDecodeBlock() ||
+ !TestDecodeUpdateStreaming() ||
+ !TestEncodeDecode()) {
+ return 1;
+ }
+
+ printf("PASS\n");
+ return 0;
+}