diff options
Diffstat (limited to 'roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64')
3 files changed, 860 insertions, 0 deletions
diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/CMakeLists.txt b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/CMakeLists.txt new file mode 100644 index 000000000..15ee6916f --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/CMakeLists.txt @@ -0,0 +1,20 @@ +include_directories(../../include) + +add_library( + base64 + + OBJECT + + base64.c +) + +add_executable( + base64_test + + base64_test.cc + + $<TARGET_OBJECTS:test_support> +) + +target_link_libraries(base64_test crypto) +add_dependencies(all_tests base64_test) diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64.c b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64.c new file mode 100644 index 000000000..7afadf746 --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64.c @@ -0,0 +1,444 @@ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] */ + +#include <openssl/base64.h> + +#include <assert.h> +#include <limits.h> +#include <string.h> + +#include <openssl/type_check.h> + +#include "../internal.h" + + +/* Encoding. */ + +static const unsigned char data_bin2ascii[65] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + +#define conv_bin2ascii(a) (data_bin2ascii[(a) & 0x3f]) + +OPENSSL_COMPILE_ASSERT(sizeof(((EVP_ENCODE_CTX *)(NULL))->data) % 3 == 0, + data_length_must_be_multiple_of_base64_chunk_size); + +int EVP_EncodedLength(size_t *out_len, size_t len) { + if (len + 2 < len) { + return 0; + } + len += 2; + len /= 3; + + if (((len << 2) >> 2) != len) { + return 0; + } + len <<= 2; + + if (len + 1 < len) { + return 0; + } + len++; + + *out_len = len; + return 1; +} + +void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) { + OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX)); +} + +void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len, + const uint8_t *in, size_t in_len) { + size_t total = 0; + + *out_len = 0; + if (in_len == 0) { + return; + } + + assert(ctx->data_used < sizeof(ctx->data)); + + if (sizeof(ctx->data) - ctx->data_used > in_len) { + OPENSSL_memcpy(&ctx->data[ctx->data_used], in, in_len); + ctx->data_used += (unsigned)in_len; + return; + } + + if (ctx->data_used != 0) { + const size_t todo = sizeof(ctx->data) - ctx->data_used; + OPENSSL_memcpy(&ctx->data[ctx->data_used], in, todo); + in += todo; + in_len -= todo; + + size_t encoded = EVP_EncodeBlock(out, ctx->data, sizeof(ctx->data)); + ctx->data_used = 0; + + out += encoded; + *(out++) = '\n'; + *out = '\0'; + + total = encoded + 1; + } + + while (in_len >= sizeof(ctx->data)) { + size_t encoded = EVP_EncodeBlock(out, in, sizeof(ctx->data)); + in += sizeof(ctx->data); + in_len -= sizeof(ctx->data); + + out += encoded; + *(out++) = '\n'; + *out = '\0'; + + if (total + encoded + 1 < total) { + *out_len = 0; + return; + } + + total += encoded + 1; + } + + if (in_len != 0) { + OPENSSL_memcpy(ctx->data, in, in_len); + } + + ctx->data_used = (unsigned)in_len; + + if (total > INT_MAX) { + /* We cannot signal an error, but we can at least avoid making *out_len + * negative. */ + total = 0; + } + *out_len = (int)total; +} + +void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len) { + if (ctx->data_used == 0) { + *out_len = 0; + return; + } + + size_t encoded = EVP_EncodeBlock(out, ctx->data, ctx->data_used); + out[encoded++] = '\n'; + out[encoded] = '\0'; + ctx->data_used = 0; + + /* ctx->data_used is bounded by sizeof(ctx->data), so this does not + * overflow. */ + assert(encoded <= INT_MAX); + *out_len = (int)encoded; +} + +size_t EVP_EncodeBlock(uint8_t *dst, const uint8_t *src, size_t src_len) { + uint32_t l; + size_t remaining = src_len, ret = 0; + + while (remaining) { + if (remaining >= 3) { + l = (((uint32_t)src[0]) << 16L) | (((uint32_t)src[1]) << 8L) | src[2]; + *(dst++) = conv_bin2ascii(l >> 18L); + *(dst++) = conv_bin2ascii(l >> 12L); + *(dst++) = conv_bin2ascii(l >> 6L); + *(dst++) = conv_bin2ascii(l); + remaining -= 3; + } else { + l = ((uint32_t)src[0]) << 16L; + if (remaining == 2) { + l |= ((uint32_t)src[1] << 8L); + } + + *(dst++) = conv_bin2ascii(l >> 18L); + *(dst++) = conv_bin2ascii(l >> 12L); + *(dst++) = (remaining == 1) ? '=' : conv_bin2ascii(l >> 6L); + *(dst++) = '='; + remaining = 0; + } + ret += 4; + src += 3; + } + + *dst = '\0'; + return ret; +} + + +/* Decoding. */ + +int EVP_DecodedLength(size_t *out_len, size_t len) { + if (len % 4 != 0) { + return 0; + } + + *out_len = (len / 4) * 3; + return 1; +} + +void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) { + OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX)); +} + +/* kBase64ASCIIToBinData maps characters (c < 128) to their base64 value, or + * else 0xff if they are invalid. As a special case, the padding character + * ('=') is mapped to zero. */ +static const uint8_t kBase64ASCIIToBinData[128] = { + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe0, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f, + 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff, + 0xff, 0x00, 0xff, 0xff, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, + 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, + 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, + 0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff, +}; + +static uint8_t base64_ascii_to_bin(uint8_t a) { + if (a >= 128) { + return 0xFF; + } + + return kBase64ASCIIToBinData[a]; +} + +/* base64_decode_quad decodes a single “quad” (i.e. four characters) of base64 + * data and writes up to three bytes to |out|. It sets |*out_num_bytes| to the + * number of bytes written, which will be less than three if the quad ended + * with padding. It returns one on success or zero on error. */ +static int base64_decode_quad(uint8_t *out, size_t *out_num_bytes, + const uint8_t *in) { + const uint8_t a = base64_ascii_to_bin(in[0]); + const uint8_t b = base64_ascii_to_bin(in[1]); + const uint8_t c = base64_ascii_to_bin(in[2]); + const uint8_t d = base64_ascii_to_bin(in[3]); + if (a == 0xff || b == 0xff || c == 0xff || d == 0xff) { + return 0; + } + + const uint32_t v = ((uint32_t)a) << 18 | ((uint32_t)b) << 12 | + ((uint32_t)c) << 6 | (uint32_t)d; + + const unsigned padding_pattern = (in[0] == '=') << 3 | + (in[1] == '=') << 2 | + (in[2] == '=') << 1 | + (in[3] == '='); + + switch (padding_pattern) { + case 0: + /* The common case of no padding. */ + *out_num_bytes = 3; + out[0] = v >> 16; + out[1] = v >> 8; + out[2] = v; + break; + + case 1: /* xxx= */ + *out_num_bytes = 2; + out[0] = v >> 16; + out[1] = v >> 8; + break; + + case 3: /* xx== */ + *out_num_bytes = 1; + out[0] = v >> 16; + break; + + default: + return 0; + } + + return 1; +} + +int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len, + const uint8_t *in, size_t in_len) { + *out_len = 0; + + if (ctx->error_encountered) { + return -1; + } + + size_t bytes_out = 0, i; + for (i = 0; i < in_len; i++) { + const char c = in[i]; + switch (c) { + case ' ': + case '\t': + case '\r': + case '\n': + continue; + } + + if (base64_ascii_to_bin(c) == 0xff || ctx->eof_seen) { + ctx->error_encountered = 1; + return -1; + } + + ctx->data[ctx->data_used++] = c; + if (ctx->data_used == 4) { + size_t num_bytes_resulting; + if (!base64_decode_quad(out, &num_bytes_resulting, ctx->data)) { + ctx->error_encountered = 1; + return -1; + } + + ctx->data_used = 0; + bytes_out += num_bytes_resulting; + out += num_bytes_resulting; + + if (num_bytes_resulting < 3) { + ctx->eof_seen = 1; + } + } + } + + if (bytes_out > INT_MAX) { + ctx->error_encountered = 1; + *out_len = 0; + return -1; + } + *out_len = (int)bytes_out; + + if (ctx->eof_seen) { + return 0; + } + + return 1; +} + +int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len) { + *out_len = 0; + if (ctx->error_encountered || ctx->data_used != 0) { + return -1; + } + + return 1; +} + +int EVP_DecodeBase64(uint8_t *out, size_t *out_len, size_t max_out, + const uint8_t *in, size_t in_len) { + *out_len = 0; + + if (in_len % 4 != 0) { + return 0; + } + + size_t max_len; + if (!EVP_DecodedLength(&max_len, in_len) || + max_out < max_len) { + return 0; + } + + size_t i, bytes_out = 0; + for (i = 0; i < in_len; i += 4) { + size_t num_bytes_resulting; + + if (!base64_decode_quad(out, &num_bytes_resulting, &in[i])) { + return 0; + } + + bytes_out += num_bytes_resulting; + out += num_bytes_resulting; + if (num_bytes_resulting != 3 && i != in_len - 4) { + return 0; + } + } + + *out_len = bytes_out; + return 1; +} + +int EVP_DecodeBlock(uint8_t *dst, const uint8_t *src, size_t src_len) { + /* Trim spaces and tabs from the beginning of the input. */ + while (src_len > 0) { + if (src[0] != ' ' && src[0] != '\t') { + break; + } + + src++; + src_len--; + } + + /* Trim newlines, spaces and tabs from the end of the line. */ + while (src_len > 0) { + switch (src[src_len-1]) { + case ' ': + case '\t': + case '\r': + case '\n': + src_len--; + continue; + } + + break; + } + + size_t dst_len; + if (!EVP_DecodedLength(&dst_len, src_len) || + dst_len > INT_MAX || + !EVP_DecodeBase64(dst, &dst_len, dst_len, src, src_len)) { + return -1; + } + + /* EVP_DecodeBlock does not take padding into account, so put the + * NULs back in... so the caller can strip them back out. */ + while (dst_len % 3 != 0) { + dst[dst_len++] = '\0'; + } + assert(dst_len <= INT_MAX); + + return (int)dst_len; +} diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64_test.cc b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64_test.cc new file mode 100644 index 000000000..bdf3d9a4d --- /dev/null +++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/boringssl/crypto/base64/base64_test.cc @@ -0,0 +1,396 @@ +/* Copyright (c) 2014, Google Inc. + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include <stdio.h> +#include <string.h> + +#include <string> +#include <vector> + +#include <openssl/base64.h> +#include <openssl/crypto.h> +#include <openssl/err.h> + +#include "../internal.h" + + +enum encoding_relation { + // canonical indicates that the encoding is the expected encoding of the + // input. + canonical, + // valid indicates that the encoding is /a/ valid encoding of the input, but + // need not be the canonical one. + valid, + // invalid indicates that the encoded data is valid. + invalid, +}; + +struct TestVector { + enum encoding_relation relation; + const char *decoded; + const char *encoded; +}; + +// Test vectors from RFC 4648. +static const TestVector kTestVectors[] = { + {canonical, "", ""}, + {canonical, "f", "Zg==\n"}, + {canonical, "fo", "Zm8=\n"}, + {canonical, "foo", "Zm9v\n"}, + {canonical, "foob", "Zm9vYg==\n"}, + {canonical, "fooba", "Zm9vYmE=\n"}, + {canonical, "foobar", "Zm9vYmFy\n"}, + {valid, "foobar", "Zm9vYmFy\n\n"}, + {valid, "foobar", " Zm9vYmFy\n\n"}, + {valid, "foobar", " Z m 9 v Y m F y\n\n"}, + {invalid, "", "Zm9vYmFy=\n"}, + {invalid, "", "Zm9vYmFy==\n"}, + {invalid, "", "Zm9vYmFy===\n"}, + {invalid, "", "Z"}, + {invalid, "", "Z\n"}, + {invalid, "", "ab!c"}, + {invalid, "", "ab=c"}, + {invalid, "", "abc"}, + + {canonical, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", + "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==\n"}, + {valid, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", + "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA\n==\n"}, + {valid, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", + "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA=\n=\n"}, + {invalid, "", + "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA=\n==\n"}, + {canonical, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", + "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neHh4eHh" + "4eHh4eHh4\n"}, + {canonical, + "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", + "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4\neHh4eHh" + "4eHh4eHh4eHh4eA==\n"}, + {valid, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", + "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh\n4eHh4eHh" + "4eHh4eHh4eHh4eA==\n"}, + {valid, "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", + "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4e" + "Hh4eHh4eHh4eA==\n"}, + {invalid, "", + "eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eHh4eA==" + "\neHh4eHh4eHh4eHh4eHh4eHh4\n"}, + + // A '-' has traditionally been treated as the end of the data by OpenSSL + // and anything following would be ignored. BoringSSL does not accept this + // non-standard extension. + {invalid, "", "Zm9vYmFy-anythinggoes"}, + {invalid, "", "Zm9vYmFy\n-anythinggoes"}, + + // CVE-2015-0292 + {invalid, "", + "ZW5jb2RlIG1lCg===========================================================" + "=======\n"}, +}; + +static const size_t kNumTests = OPENSSL_ARRAY_SIZE(kTestVectors); + +// RemoveNewlines returns a copy of |in| with all '\n' characters removed. +static std::string RemoveNewlines(const char *in) { + std::string ret; + const size_t in_len = strlen(in); + + for (size_t i = 0; i < in_len; i++) { + if (in[i] != '\n') { + ret.push_back(in[i]); + } + } + + return ret; +} + +static bool TestEncodeBlock() { + for (unsigned i = 0; i < kNumTests; i++) { + const TestVector *t = &kTestVectors[i]; + if (t->relation != canonical) { + continue; + } + + const size_t decoded_len = strlen(t->decoded); + size_t max_encoded_len; + if (!EVP_EncodedLength(&max_encoded_len, decoded_len)) { + fprintf(stderr, "#%u: EVP_EncodedLength failed\n", i); + return false; + } + + std::vector<uint8_t> out_vec(max_encoded_len); + uint8_t *out = out_vec.data(); + size_t len = EVP_EncodeBlock(out, (const uint8_t *)t->decoded, decoded_len); + + std::string encoded(RemoveNewlines(t->encoded)); + if (len != encoded.size() || + OPENSSL_memcmp(out, encoded.data(), len) != 0) { + fprintf(stderr, "encode(\"%s\") = \"%.*s\", want \"%s\"\n", + t->decoded, (int)len, (const char*)out, encoded.c_str()); + return false; + } + } + + return true; +} + +static bool TestDecodeBase64() { + size_t len; + + for (unsigned i = 0; i < kNumTests; i++) { + const TestVector *t = &kTestVectors[i]; + + if (t->relation == valid) { + // The non-canonical encodings will generally have odd whitespace etc + // that |EVP_DecodeBase64| will reject. + continue; + } + + const std::string encoded(RemoveNewlines(t->encoded)); + std::vector<uint8_t> out_vec(encoded.size()); + uint8_t *out = out_vec.data(); + + int ok = EVP_DecodeBase64(out, &len, out_vec.size(), + (const uint8_t *)encoded.data(), encoded.size()); + + if (t->relation == invalid) { + if (ok) { + fprintf(stderr, "decode(\"%s\") didn't fail but should have\n", + encoded.c_str()); + return false; + } + } else if (t->relation == canonical) { + if (!ok) { + fprintf(stderr, "decode(\"%s\") failed\n", encoded.c_str()); + return false; + } + + if (len != strlen(t->decoded) || + OPENSSL_memcmp(out, t->decoded, len) != 0) { + fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n", + encoded.c_str(), (int)len, (const char*)out, t->decoded); + return false; + } + } + } + + return true; +} + +static bool TestDecodeBlock() { + for (unsigned i = 0; i < kNumTests; i++) { + const TestVector *t = &kTestVectors[i]; + if (t->relation != canonical) { + continue; + } + + std::string encoded(RemoveNewlines(t->encoded)); + + std::vector<uint8_t> out_vec(encoded.size()); + uint8_t *out = out_vec.data(); + + // Test that the padding behavior of the deprecated API is preserved. + int ret = + EVP_DecodeBlock(out, (const uint8_t *)encoded.data(), encoded.size()); + if (ret < 0) { + fprintf(stderr, "EVP_DecodeBlock(\"%s\") failed\n", t->encoded); + return false; + } + if (ret % 3 != 0) { + fprintf(stderr, "EVP_DecodeBlock did not ignore padding\n"); + return false; + } + size_t expected_len = strlen(t->decoded); + if (expected_len % 3 != 0) { + ret -= 3 - (expected_len % 3); + } + if (static_cast<size_t>(ret) != strlen(t->decoded) || + OPENSSL_memcmp(out, t->decoded, ret) != 0) { + fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n", + t->encoded, ret, (const char*)out, t->decoded); + return false; + } + } + + return true; +} + +static bool TestEncodeDecode() { + for (unsigned test_num = 0; test_num < kNumTests; test_num++) { + const TestVector *t = &kTestVectors[test_num]; + + EVP_ENCODE_CTX ctx; + const size_t decoded_len = strlen(t->decoded); + + if (t->relation == canonical) { + size_t max_encoded_len; + if (!EVP_EncodedLength(&max_encoded_len, decoded_len)) { + fprintf(stderr, "#%u: EVP_EncodedLength failed\n", test_num); + return false; + } + + // EVP_EncodeUpdate will output new lines every 64 bytes of output so we + // need slightly more than |EVP_EncodedLength| returns. */ + max_encoded_len += (max_encoded_len + 63) >> 6; + std::vector<uint8_t> out_vec(max_encoded_len); + uint8_t *out = out_vec.data(); + + EVP_EncodeInit(&ctx); + + int out_len; + EVP_EncodeUpdate(&ctx, out, &out_len, + reinterpret_cast<const uint8_t *>(t->decoded), + decoded_len); + size_t total = out_len; + + EVP_EncodeFinal(&ctx, out + total, &out_len); + total += out_len; + + if (total != strlen(t->encoded) || + OPENSSL_memcmp(out, t->encoded, total) != 0) { + fprintf(stderr, "#%u: EVP_EncodeUpdate produced different output: '%s' (%u)\n", + test_num, out, static_cast<unsigned>(total)); + return false; + } + } + + std::vector<uint8_t> out_vec(strlen(t->encoded)); + uint8_t *out = out_vec.data(); + + EVP_DecodeInit(&ctx); + int out_len; + size_t total = 0; + int ret = EVP_DecodeUpdate(&ctx, out, &out_len, + reinterpret_cast<const uint8_t *>(t->encoded), + strlen(t->encoded)); + if (ret != -1) { + total = out_len; + ret = EVP_DecodeFinal(&ctx, out + total, &out_len); + total += out_len; + } + + switch (t->relation) { + case canonical: + case valid: + if (ret == -1) { + fprintf(stderr, "#%u: EVP_DecodeUpdate failed\n", test_num); + return false; + } + if (total != decoded_len || + OPENSSL_memcmp(out, t->decoded, decoded_len)) { + fprintf(stderr, "#%u: EVP_DecodeUpdate produced incorrect output\n", + test_num); + return false; + } + break; + + case invalid: + if (ret != -1) { + fprintf(stderr, "#%u: EVP_DecodeUpdate was successful but shouldn't have been\n", test_num); + return false; + } + break; + } + } + + return true; +} + +static bool TestDecodeUpdateStreaming() { + for (unsigned test_num = 0; test_num < kNumTests; test_num++) { + const TestVector *t = &kTestVectors[test_num]; + if (t->relation == invalid) { + continue; + } + + const size_t encoded_len = strlen(t->encoded); + + std::vector<uint8_t> out(encoded_len); + + for (size_t chunk_size = 1; chunk_size <= encoded_len; chunk_size++) { + size_t out_len = 0; + EVP_ENCODE_CTX ctx; + EVP_DecodeInit(&ctx); + + for (size_t i = 0; i < encoded_len;) { + size_t todo = encoded_len - i; + if (todo > chunk_size) { + todo = chunk_size; + } + + int bytes_written; + int ret = EVP_DecodeUpdate( + &ctx, out.data() + out_len, &bytes_written, + reinterpret_cast<const uint8_t *>(t->encoded + i), todo); + i += todo; + + switch (ret) { + case -1: + fprintf(stderr, "#%u: EVP_DecodeUpdate returned error\n", test_num); + return 0; + case 0: + out_len += bytes_written; + if (i == encoded_len || + (i + 1 == encoded_len && t->encoded[i] == '\n') || + /* If there was an '-' in the input (which means “EOF”) then + * this loop will continue to test that |EVP_DecodeUpdate| will + * ignore the remainder of the input. */ + strchr(t->encoded, '-') != nullptr) { + break; + } + + fprintf(stderr, + "#%u: EVP_DecodeUpdate returned zero before end of " + "encoded data\n", + test_num); + return 0; + default: + out_len += bytes_written; + } + } + + int bytes_written; + int ret = EVP_DecodeFinal(&ctx, out.data() + out_len, &bytes_written); + if (ret == -1) { + fprintf(stderr, "#%u: EVP_DecodeFinal returned error\n", test_num); + return 0; + } + out_len += bytes_written; + + if (out_len != strlen(t->decoded) || + OPENSSL_memcmp(out.data(), t->decoded, out_len) != 0) { + fprintf(stderr, "#%u: incorrect output\n", test_num); + return 0; + } + } + } + + return true; +} + +int main(void) { + CRYPTO_library_init(); + + if (!TestEncodeBlock() || + !TestDecodeBase64() || + !TestDecodeBlock() || + !TestDecodeUpdateStreaming() || + !TestEncodeDecode()) { + return 1; + } + + printf("PASS\n"); + return 0; +} |