Backport r1834371:

Add the apr_encode_* API that implements RFC4648 and RFC7515
compliant BASE64, BASE64URL, BASE32, BASE32HEX and BASE16
encode/decode functions.


git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.7.x@1834377 13f79535-47bb-0310-9956-ffa450edef68

3 files changed, 666 insertions, 0 deletions

diff --git a/include/apr_encode.h b/include/apr_encode.h
new file mode 100644
index 000000000..ad3813961
--- /dev/null
+++ b/include/apr_encode.h
@@ -0,0 +1,569 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file apr_encode.h
+ * @brief APR-UTIL Encoding
+ */
+#ifndef APR_ENCODE_H
+#define APR_ENCODE_H
+
+#include "apr.h"
+#include "apr_general.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @defgroup APR_Util_Encode Base64/Base64Url/Base32/Base32Hex/Base16 Encoding
+ * @ingroup APR_Util
+ * @{
+ */
+
+/**
+ * RFC4648 and RFC7515 compliant BASE64, BASE64URL, BASE32, BASE32HEX
+ * and BASE16 encode/decode functions.
+ *
+ * The following encodings are supported:
+ *
+ * - Base 64 Encoding
+ *
+ *   o Use flag APR_ENCODE_NONE
+ *   o https://tools.ietf.org/html/rfc4648#section-4
+ *
+ * - Base 64 Encoding with URL and Filename Safe Alphabet
+ *
+ *   o Use flag APR_ENCODE_URL
+ *   o https://tools.ietf.org/html/rfc4648#section-5
+ *
+ * - Base 64 URL Encoding without Padding
+ *
+ *   o Use flag APR_ENCODE_BASE64URL
+ *   o https://tools.ietf.org/html/rfc7515#appendix-C
+ *
+ * - Base 32 Encoding
+ *
+ *   o Use flag APR_ENCODE_NONE
+ *   o https://tools.ietf.org/html/rfc4648#section-6
+ *
+ * - Base 32 Encoding with Extended Hex Alphabet
+ *
+ *   o Use flag APR_ENCODE_BASE32HEX
+ *   o https://tools.ietf.org/html/rfc4648#section-7
+ *
+ * - Base 16 Encoding
+ *
+ *   o Use flags APR_ENCODE_NONE/APR_ENCODE_COLON
+ *   o https://tools.ietf.org/html/rfc4648#section-8
+ *
+ * If a non valid character of any kind including whitespace is passed to any
+ * of the decoder functions, APR_BADCH will be returned. In this case decoding
+ * will still take place, but the results can not be trusted.
+ *
+ * If APR_ENCODE_RELAXED is passed to the decoder functions, decoding will be
+ * attempted up until the first non valid character. If this results in an
+ * invalid state in the decoder, such as but not limited to an odd number of
+ * base16 characters, APR_BADCH will still be returned.
+ *
+ * If APR_ENCODE_RELAXED is not passed to a decoder function, the decoding will
+ * be done in constant time regardless of whether the result returns APR_SUCCESS
+ * or APR_BADCH.
+ *
+ * If the dest parameter is NULL, the maximum theoretical buffer size is
+ * returned in the len field, including space for a terminating zero character
+ * if the destination is a string. This value can be used to allocate buffers
+ * of a suitable safe size.
+ *
+ * If the dest parameter is provided, the encoding or decoding will take place,
+ * and the actual number of characters written is returned in the len field,
+ * ignoring any terminating zero.
+ *
+ * Plain strings are not assumed '\0' terminated unless APR_ENCODE_STRING is
+ * provided.
+ *
+ */
+
+/**
+ * When passing a string to one of the encode functions, this value can be
+ * passed to indicate a string-valued key, and have the length computed
+ * automatically.
+ */
+#define APR_ENCODE_STRING      (-1)
+
+/**
+ * Generate RFC4648 base16/base32/base64.
+ */
+#define APR_ENCODE_NONE 0
+
+/**
+ * If relaxed, decode up until the first non base16/base32/base64 character.
+ */
+#define APR_ENCODE_RELAXED 1
+
+/**
+ * Omit the padding character (=) while encoding.
+ */
+#define APR_ENCODE_NOPADDING 2
+
+/**
+ * Generate RFC4648 Base 64 Encoding with URL and Filename Safe Alphabet
+ */
+#define APR_ENCODE_URL 4
+
+/**
+ * Generate RFC7515 BASE64URL
+ */
+#define APR_ENCODE_BASE64URL APR_ENCODE_NOPADDING | APR_ENCODE_URL
+
+/**
+ * Generate base32hex encoding instead of base32 encoding
+ */
+#define APR_ENCODE_BASE32HEX 8
+
+/**
+ * Generate base16 with colons between each token.
+ */
+#define APR_ENCODE_COLON 16
+
+/**
+ * Generate base16 with lower case characters.
+ */
+#define APR_ENCODE_LOWER 32
+
+/**
+ * Convert text data to base64.
+ * @param dest The destination string, can be NULL.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 64 Encoding. If
+ *  APR_ENCODE_NOPADDING, omit the = padding character.	If APR_ENCODE_URL,
+ *  use RFC4648 Base 64 Encoding with URL and Filename Safe Alphabet.
+ * 	If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination string, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL.
+ */
+APR_DECLARE(apr_status_t) apr_encode_base64(char *dest, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len);
+
+/**
+ * Convert binary data to base64.
+ * @param dest The destination string, can be NULL.
+ * @param src The original buffer.
+ * @param slen The length of the original buffer.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 64 Encoding. If
+ *  APR_ENCODE_NOPADDING, omit the = padding character.	If APR_ENCODE_URL,
+ *  use RFC4648 Base 64 Encoding with URL and Filename Safe Alphabet.
+ * 	If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination string, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL.
+ */
+APR_DECLARE(apr_status_t) apr_encode_base64_binary(char *dest, const unsigned char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len);
+
+/**
+ * Convert text data to base64, and return the results from a pool.
+ * @param p Pool to allocate from.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 64 Encoding. If
+ *  APR_ENCODE_NOPADDING, omit the = padding character.	If APR_ENCODE_URL,
+ *  use RFC4648 Base 64 Encoding with URL and Filename Safe Alphabet.
+ * 	If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding.
+ * @param len If present, returns the number of characters written excluding
+ *  the zero pad.
+ * @return A zero padded string allocated from the pool on success, or
+ * NULL if src was NULL.
+ */
+APR_DECLARE(const char *)apr_pencode_base64(apr_pool_t * p, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len)__attribute__((nonnull(1)));
+
+/**
+ * Convert binary data to base64, and return the results from a pool.
+ * @param p Pool to allocate from.
+ * @param src The original buffer.
+ * @param slen The length of the original buffer.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 64 Encoding. If
+ *  APR_ENCODE_NOPADDING, omit the = padding character.	If APR_ENCODE_URL,
+ *  use RFC4648 Base 64 Encoding with URL and Filename Safe Alphabet.
+ * 	If APR_ENCODE_BASE64URL, use RFC7515 base64url Encoding.
+ * @param len If present, returns the number of characters written excluding
+ *  the zero pad.
+ * @return A zero padded string allocated from the pool on success, or
+ * NULL if src was NULL.
+ */
+APR_DECLARE(const char *)apr_pencode_base64_binary(apr_pool_t * p, const unsigned char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len)__attribute__((nonnull(1)));
+
+/**
+ * Convert base64 or base64url with or without padding to text data.
+ * @param dest The destination string, can be NULL.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, attempt to decode the full original buffer,
+ *  and return NULL if any bad character is detected. If APR_ENCODE_RELAXED,
+ *  decode until the first non base64/base64url character.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination string, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH
+ * if a non hex character is present.
+ */
+APR_DECLARE(apr_status_t) apr_decode_base64(char *dest, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len);
+
+/**
+ * Convert base64 or base64url with or without padding to binary data.
+ * @param dest The destination buffer, can be NULL.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, attempt to decode the full original buffer,
+ *  and return NULL if any bad character is detected. If APR_ENCODE_RELAXED,
+ *  decode until the first non base64/base64url character.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination buffer, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the src was NULL, or APR_BADCH
+ * if a non base64 character is present.
+ */
+APR_DECLARE(apr_status_t) apr_decode_base64_binary(unsigned char *dest,
+        const char *src, apr_ssize_t slen, int flags, apr_size_t * len);
+
+/**
+ * Convert base64 or base64url with or without padding to text data, and
+ * return the results from a pool.
+ * @param p Pool to allocate from.
+ * @param src The base64 string to decode.
+ * @param slen The length of the base64 string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, attempt to decode the full original buffer,
+ *  and return NULL if any bad character is detected. If APR_ENCODE_RELAXED,
+ *  decode until the first non base64/base64url character.
+ * @param len If present, returns the number of characters written, excluding
+ *  the zero padding.
+ * @return A string allocated from the pool containing the result with a zero
+ *  pad. If src was NULL, or an error occurred, NULL is returned.
+ */
+APR_DECLARE(const char *)apr_pdecode_base64(apr_pool_t * p, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len)
+        __attribute__((nonnull(1)));
+
+/**
+ * Convert base64 or base64url with or without padding to binary data, and
+ * return the results from a pool.
+ * @param p Pool to allocate from.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ *  NUL terminated.
+ * @param flags If APR_ENCODE_NONE, attempt to decode the full original buffer,
+ *  and return NULL if any bad character is detected. If APR_ENCODE_RELAXED,
+ *  decode until the first non base64/base64url character.
+ * @param len If present, returns the number of characters written, excluding
+ *  the zero padding.
+ * @return A buffer allocated from the pool containing the result with a zero
+ *  pad. If src was NULL, or an error occurred, NULL is returned.
+ */
+APR_DECLARE(const unsigned char *)apr_pdecode_base64_binary(apr_pool_t * p,
+        const char *src, apr_ssize_t slen, int flags, apr_size_t * len)
+        __attribute__((nonnull(1)));
+
+/**
+ * Convert text data to base32.
+ * @param dest The destination string, can be NULL.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 32 Encoding. If
+ *  APR_ENCODE_NOPADDING, omit the = padding character.	If APR_ENCODE_BASE32HEX,
+ *  use RFC4648 base32hex Encoding.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination string, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL.
+ */
+APR_DECLARE(apr_status_t) apr_encode_base32(char *dest, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len);
+
+/**
+ * Convert binary data to base32.
+ * @param dest The destination string, can be NULL.
+ * @param src The original buffer.
+ * @param slen The length of the original buffer.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 32 Encoding. If
+ *  APR_ENCODE_NOPADDING, omit the = padding character.	If APR_ENCODE_BASE32HEX,
+ *  use RFC4648 base32hex Encoding.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination string, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL.
+ */
+APR_DECLARE(apr_status_t) apr_encode_base32_binary(char *dest, const unsigned char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len);
+
+/**
+ * Convert text data to base32, and return the results from a pool.
+ * @param p Pool to allocate from.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 32 Encoding. If
+ *  APR_ENCODE_NOPADDING, omit the = padding character.	If APR_ENCODE_BASE32HEX,
+ *  use RFC4648 base32hex Encoding.
+ * @param len If present, returns the number of characters written excluding
+ *  the zero pad.
+ * @return A zero padded string allocated from the pool on success, or
+ * NULL if src was NULL.
+ */
+APR_DECLARE(const char *)apr_pencode_base32(apr_pool_t * p, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len)
+        __attribute__((nonnull(1)));
+
+/**
+ * Convert binary data to base32, and return the results from a pool.
+ * @param p Pool to allocate from.
+ * @param src The original buffer.
+ * @param slen The length of the original buffer.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 32 Encoding. If
+ *  APR_ENCODE_NOPADDING, omit the = padding character.	If APR_ENCODE_BASE32HEX,
+ *  use RFC7515 base32hex Encoding.
+ * @param len If present, returns the number of characters written excluding
+ *  the zero pad.
+ * @return A zero padded string allocated from the pool on success, or
+ * NULL if src was NULL.
+ */
+APR_DECLARE(const char *)apr_pencode_base32_binary(apr_pool_t * p, const unsigned char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len)
+        __attribute__((nonnull(1)));
+
+/**
+ * Convert base32 or base32hex with or without padding to text data.
+ * @param dest The destination string, can be NULL.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 32 Encoding. If
+ *  APR_ENCODE_BASE32HEX, use RFC4648 base32hex Encoding.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination buffer, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH
+ * if a non base32 character is present.
+ */
+APR_DECLARE(apr_status_t) apr_decode_base32(char *dest, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len);
+
+/**
+ * Convert base32 or base32hex with or without padding to binary data.
+ * @param dest The destination buffer, can be NULL.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 32 Encoding. If
+ *  APR_ENCODE_BASE32HEX, use RFC4648 base32hex Encoding.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination buffer, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the src was NULL, or APR_BADCH
+ * if a non base32 character is present.
+ */
+APR_DECLARE(apr_status_t) apr_decode_base32_binary(unsigned char *dest,
+        const char *src, apr_ssize_t slen, int flags, apr_size_t * len);
+
+/**
+ * Convert base32 or base32hex with or without padding to text data, and
+ * return the results from a pool.
+ * @param p Pool to allocate from.
+ * @param src The base32 string to decode.
+ * @param slen The length of the base32 string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 32 Encoding. If
+ *  APR_ENCODE_BASE32HEX, use RFC4648 base32hex Encoding.
+ * @param len If present, returns the number of characters written, excluding
+ *  the zero padding.
+ * @return A string allocated from the pool containing the result with a zero
+ *  pad. If src was NULL, or an error occurred, NULL is returned.
+ */
+APR_DECLARE(const char *)apr_pdecode_base32(apr_pool_t * p, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len)
+        __attribute__((nonnull(1)));
+
+/**
+ * Convert base32 or base32hex with or without padding to binary data, and
+ * return the results from a pool.
+ * @param p Pool to allocate from.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ *  NUL terminated.
+ * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 32 Encoding. If
+ *  APR_ENCODE_BASE32HEX, use RFC4648 base32hex Encoding.
+ * @param len If present, returns the number of characters written, excluding
+ *  the zero padding.
+ * @return A buffer allocated from the pool containing the result with a zero
+ *  pad. If src was NULL, or an error occurred, NULL is returned.
+ */
+APR_DECLARE(const unsigned char *)apr_pdecode_base32_binary(apr_pool_t * p,
+        const char *src, apr_ssize_t slen, int flags, apr_size_t * len)
+        __attribute__((nonnull(1)));
+
+/**
+ * Convert text data to base16 (hex).
+ * @param dest The destination string, can be NULL.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 16 Encoding. If
+ *  APR_ENCODE_COLON, separate each token with a colon.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination buffer, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL.
+ */
+APR_DECLARE(apr_status_t) apr_encode_base16(char *dest, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len);
+
+/**
+ * Convert binary data to base16 (hex).
+ * @param dest The destination string, can be NULL.
+ * @param src The original buffer.
+ * @param slen The length of the original buffer.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 16 Encoding. If
+ *  APR_ENCODE_COLON, separate each token with a colon.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination buffer, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL.
+ */
+APR_DECLARE(apr_status_t) apr_encode_base16_binary(char *dest,
+        const unsigned char *src, apr_ssize_t slen, int flags,
+        apr_size_t * len);
+
+/**
+ * Convert text data to base16 (hex), and return the results from a
+ * pool.
+ * @param p Pool to allocate from.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 16 Encoding. If
+ *  APR_ENCODE_COLON, separate each token with a colon.
+ * @param len If present, returns the number of characters written, excluding
+ *  the zero padding.
+ * @return A string allocated from the pool containing the result with a zero
+ *  pad. If src was NULL, or an error occurred, NULL is returned.
+ */
+APR_DECLARE(const char *)apr_pencode_base16(apr_pool_t * p, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len)
+        __attribute__((nonnull(1)));
+
+/**
+ * Convert binary data to base16 (hex), and return the results from a
+ * pool.
+ * @param p Pool to allocate from.
+ * @param src The original buffer.
+ * @param slen The length of the original buffer.
+ * @param flags If APR_ENCODE_NONE, emit RFC4648 Base 16 Encoding. If
+ *  APR_ENCODE_COLON, separate each token with a colon.
+ * @param len If present, returns the number of characters written, excluding
+ *  the zero padding.
+ * @return A string allocated from the pool containing the result with a zero
+ *  pad. If src was NULL, or an error occurred, NULL is returned.
+ */
+APR_DECLARE(const char *)apr_pencode_base16_binary(apr_pool_t * p,
+        const unsigned char *src, apr_ssize_t slen,
+        int flags, apr_size_t * len)__attribute__((nonnull(1)));
+
+/**
+ * Convert base16 (hex) to text data.
+ * @param dest The destination string, can be NULL.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 16 Encoding. If
+ *  APR_ENCODE_COLON, allow tokens to be separated with a colon.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination buffer, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH
+ * if a non hex character is present. A zero pad is appended to the buffer.
+ */
+APR_DECLARE(apr_status_t) apr_decode_base16(char *dest, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len);
+
+/**
+ * Convert base16 (hex) to binary data.
+ * @param dest The destination buffer, can be NULL.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 16 Encoding. If
+ *  APR_ENCODE_COLON, allow tokens to be separated with a colon.
+ * @param len If present and src is NULL, returns the maximum possible length
+ *  of the destination buffer, including a zero pad. If present and src is
+ *  not NULL, returns the number of characters actually written.
+ * @return APR_SUCCESS, or APR_NOTFOUND if the string was NULL, or APR_BADCH
+ * if a non hex character is present. No zero pad is written to the buffer.
+ */
+APR_DECLARE(apr_status_t) apr_decode_base16_binary(unsigned char *dest,
+        const char *src, apr_ssize_t slen, int flags, apr_size_t * len);
+
+/**
+ * Convert base16 (hex) and return the results from a pool.
+ * @param p Pool to allocate from.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 16 Encoding. If
+ *  APR_ENCODE_COLON, allow tokens to be separated with a colon.
+ * @param len If present, returns the number of characters written, excluding
+ *  the zero padding.
+ * @return A buffer allocated from the pool containing the result with a zero
+ *  pad. If src was NULL, or an error occurred, NULL is returned.
+ */
+APR_DECLARE(const char *)apr_pdecode_base16(apr_pool_t * p, const char *src,
+        apr_ssize_t slen, int flags, apr_size_t * len)
+        __attribute__((nonnull(1)));
+
+/**
+ * Convert base16 (hex) to binary data, and return the results from a pool.
+ * @param p Pool to allocate from.
+ * @param src The original string.
+ * @param slen The length of the original string, or APR_ENCODE_STRING if
+ * NUL terminated.
+ * @param flags If APR_ENCODE_NONE, parse RFC4648 Base 16 Encoding. If
+ *  APR_ENCODE_COLON, allow tokens to be separated with a colon.
+ * @param len If present, returns the number of characters written, excluding
+ *  the zero padding.
+ * @return A buffer allocated from the pool containing the result with a zero
+ *  pad. If src was NULL, or an error occurred, NULL is returned.
+ */
+APR_DECLARE(const unsigned char *)apr_pdecode_base16_binary(apr_pool_t * p,
+        const char *src, apr_ssize_t slen, int flags, apr_size_t * len)
+        __attribute__((nonnull(1)));
+
+/** @} */
+#ifdef __cplusplus
+}
+#endif
+
+#endif                          /* !APR_ENCODE_H */
diff --git a/include/apr_escape.h b/include/apr_escape.h
index 536cb9090..42a49c51d 100644
--- a/include/apr_escape.h
+++ b/include/apr_escape.h
@@ -33,6 +33,19 @@ extern "C" {
 
 /* Simple escape/unescape functions.
  *
+ * The design goal of these functions are:
+ *
+ * - Avoid unnecessary work.
+ *
+ * In most cases the strings passed in do not need to be escaped at all. In
+ * these cases the original string will be returned.
+ *
+ * - Lowest possible memory footprint.
+ *
+ * The amount of memory allocated for a given encoding is calculated based
+ * on the exact amount of memory needed, and not the theoretical worst case
+ * scenario.
+ *
  */
 
 /**
diff --git a/include/private/apr_encode_private.h b/include/private/apr_encode_private.h
new file mode 100644
index 000000000..8db2e0166
--- /dev/null
+++ b/include/private/apr_encode_private.h
@@ -0,0 +1,84 @@
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * @file apr_encode_private.h
+ * @brief APR-UTIL Encoding Private
+ */
+#ifndef APR_ENCODE_PRIVATE_H
+#define APR_ENCODE_PRIVATE_H
+
+#include "apr.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @defgroup APR_Util_Encode_Private
+ * @ingroup APR_Util
+ * @{
+ */
+
+#if APR_CHARSET_EBCDIC
+    static int convert_a2e[256] = {
+        0x00, 0x01, 0x02, 0x03, 0x37, 0x2D, 0x2E, 0x2F, 0x16, 0x05, 0x15, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+        0x10, 0x11, 0x12, 0x13, 0x3C, 0x3D, 0x32, 0x26, 0x18, 0x19, 0x3F, 0x27, 0x1C, 0x1D, 0x1E, 0x1F,
+        0x40, 0x5A, 0x7F, 0x7B, 0x5B, 0x6C, 0x50, 0x7D, 0x4D, 0x5D, 0x5C, 0x4E, 0x6B, 0x60, 0x4B, 0x61,
+        0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9, 0x7A, 0x5E, 0x4C, 0x7E, 0x6E, 0x6F,
+        0x7C, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 0xC8, 0xC9, 0xD1, 0xD2, 0xD3, 0xD4, 0xD5, 0xD6,
+        0xD7, 0xD8, 0xD9, 0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xAD, 0xE0, 0xBD, 0x5F, 0x6D,
+        0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96,
+        0x97, 0x98, 0x99, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9, 0xC0, 0x4F, 0xD0, 0xA1, 0x07,
+        0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x06, 0x17, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x09, 0x0A, 0x1B,
+        0x30, 0x31, 0x1A, 0x33, 0x34, 0x35, 0x36, 0x08, 0x38, 0x39, 0x3A, 0x3B, 0x04, 0x14, 0x3E, 0xFF,
+        0x41, 0xAA, 0x4A, 0xB1, 0x9F, 0xB2, 0x6A, 0xB5, 0xBB, 0xB4, 0x9A, 0x8A, 0xB0, 0xCA, 0xAF, 0xBC,
+        0x90, 0x8F, 0xEA, 0xFA, 0xBE, 0xA0, 0xB6, 0xB3, 0x9D, 0xDA, 0x9B, 0x8B, 0xB7, 0xB8, 0xB9, 0xAB,
+        0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9E, 0x68, 0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77,
+        0xAC, 0x69, 0xED, 0xEE, 0xEB, 0xEF, 0xEC, 0xBF, 0x80, 0xFD, 0xFE, 0xFB, 0xFC, 0xBA, 0xAE, 0x59,
+        0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9C, 0x48, 0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57,
+    0x8C, 0x49, 0xCD, 0xCE, 0xCB, 0xCF, 0xCC, 0xE1, 0x70, 0xDD, 0xDE, 0xDB, 0xDC, 0x8D, 0x8E, 0xDF};
+
+    static int convert_e2a[256] = {
+        0x00, 0x01, 0x02, 0x03, 0x9C, 0x09, 0x86, 0x7F, 0x97, 0x8D, 0x8E, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+        0x10, 0x11, 0x12, 0x13, 0x9D, 0x0A, 0x08, 0x87, 0x18, 0x19, 0x92, 0x8F, 0x1C, 0x1D, 0x1E, 0x1F,
+        0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x17, 0x1B, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x05, 0x06, 0x07,
+        0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, 0x98, 0x99, 0x9A, 0x9B, 0x14, 0x15, 0x9E, 0x1A,
+        0x20, 0xA0, 0xE2, 0xE4, 0xE0, 0xE1, 0xE3, 0xE5, 0xE7, 0xF1, 0xA2, 0x2E, 0x3C, 0x28, 0x2B, 0x7C,
+        0x26, 0xE9, 0xEA, 0xEB, 0xE8, 0xED, 0xEE, 0xEF, 0xEC, 0xDF, 0x21, 0x24, 0x2A, 0x29, 0x3B, 0x5E,
+        0x2D, 0x2F, 0xC2, 0xC4, 0xC0, 0xC1, 0xC3, 0xC5, 0xC7, 0xD1, 0xA6, 0x2C, 0x25, 0x5F, 0x3E, 0x3F,
+        0xF8, 0xC9, 0xCA, 0xCB, 0xC8, 0xCD, 0xCE, 0xCF, 0xCC, 0x60, 0x3A, 0x23, 0x40, 0x27, 0x3D, 0x22,
+        0xD8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0xAB, 0xBB, 0xF0, 0xFD, 0xFE, 0xB1,
+        0xB0, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72, 0xAA, 0xBA, 0xE6, 0xB8, 0xC6, 0xA4,
+        0xB5, 0x7E, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, 0xA1, 0xBF, 0xD0, 0x5B, 0xDE, 0xAE,
+        0xAC, 0xA3, 0xA5, 0xB7, 0xA9, 0xA7, 0xB6, 0xBC, 0xBD, 0xBE, 0xDD, 0xA8, 0xAF, 0x5D, 0xB4, 0xD7,
+        0x7B, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0xAD, 0xF4, 0xF6, 0xF2, 0xF3, 0xF5,
+        0x7D, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0xB9, 0xFB, 0xFC, 0xF9, 0xFA, 0xFF,
+        0x5C, 0xF7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0xB2, 0xD4, 0xD6, 0xD2, 0xD3, 0xD5,
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0xB3, 0xDB, 0xDC, 0xD9, 0xDA, 0x9F};
+#define decode ENCODE_TO_ASCII(ch)  convert_e2a[(unsigned char)ch]
+#define decode ENCODE_TO_NATIVE(ch)  convert_a2e[(unsigned char)ch]
+#else                           /* APR_CHARSET_EBCDIC */
+#define ENCODE_TO_ASCII(ch)  (ch)
+#define ENCODE_TO_NATIVE(ch)  (ch)
+#endif                          /* !APR_CHARSET_EBCDIC */
+
+/** @} */
+#ifdef __cplusplus
+}
+#endif
+
+#endif                          /* !APR_ENCODE_PRIVATE_H */