diff options
Diffstat (limited to 'FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/coding.c')
| -rw-r--r-- | FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/coding.c | 294 |
1 files changed, 203 insertions, 91 deletions
diff --git a/FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/coding.c b/FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/coding.c index 6ead79caf..f6c814e01 100644 --- a/FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/coding.c +++ b/FreeRTOS-Plus/Source/WolfSSL/wolfcrypt/src/coding.c @@ -1,8 +1,8 @@ /* coding.c * - * Copyright (C) 2006-2015 wolfSSL Inc. + * Copyright (C) 2006-2020 wolfSSL Inc. * - * This file is part of wolfSSL. (formerly known as CyaSSL) + * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -16,9 +16,10 @@ * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifdef HAVE_CONFIG_H #include <config.h> #endif @@ -35,10 +36,14 @@ enum { BAD = 0xFF, /* invalid encoding */ PAD = '=', - PEM_LINE_SZ = 64 + PEM_LINE_SZ = 64, + BASE64_MIN = 0x2B, + BASE16_MIN = 0x30, }; +#ifdef WOLFSSL_BASE64_DECODE + static const byte base64Decode[] = { 62, BAD, BAD, BAD, 63, /* + starts at 0x2B */ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, @@ -52,27 +57,81 @@ const byte base64Decode[] = { 62, BAD, BAD, BAD, 63, /* + starts at 0x2B */ 46, 47, 48, 49, 50, 51 }; +static WC_INLINE int Base64_SkipNewline(const byte* in, word32 *inLen, word32 *outJ) +{ + word32 len = *inLen; + word32 j = *outJ; + if (len && (in[j] == ' ' || in[j] == '\r' || in[j] == '\n')) { + byte endLine = in[j++]; + len--; + while (len && endLine == ' ') { /* allow trailing whitespace */ + endLine = in[j++]; + len--; + } + if (endLine == '\r') { + if (len) { + endLine = in[j++]; + len--; + } + } + if (endLine != '\n') { + WOLFSSL_MSG("Bad end of line in Base64 Decode"); + return ASN_INPUT_E; + } + } + if (!len) { + return BUFFER_E; + } + *inLen = len; + *outJ = j; + return 0; +} int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) { word32 i = 0; word32 j = 0; word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ ); - const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1; + int ret; + const byte maxIdx = (byte)sizeof(base64Decode) + BASE64_MIN - 1; plainSz = (plainSz * 3 + 3) / 4; if (plainSz > *outLen) return BAD_FUNC_ARG; while (inLen > 3) { - byte b1, b2, b3; - byte e1 = in[j++]; - byte e2 = in[j++]; - byte e3 = in[j++]; - byte e4 = in[j++]; - int pad3 = 0; int pad4 = 0; + byte b1, b2, b3; + byte e1, e2, e3, e4; + if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) { + if (ret == BUFFER_E) { + /* Running out of buffer here is not an error */ + break; + } + return ret; + } + e1 = in[j++]; + if (e1 == '\0') { + break; + } + inLen--; + if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) { + return ret; + } + e2 = in[j++]; + inLen--; + if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) { + return ret; + } + e3 = in[j++]; + inLen--; + if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) { + return ret; + } + e4 = in[j++]; + inLen--; + if (e1 == 0) /* end file 0's */ break; if (e3 == PAD) @@ -80,7 +139,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) if (e4 == PAD) pad4 = 1; - if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) { + if (e1 < BASE64_MIN || e2 < BASE64_MIN || e3 < BASE64_MIN || e4 < BASE64_MIN) { WOLFSSL_MSG("Bad Base64 Decode data, too small"); return ASN_INPUT_E; } @@ -90,10 +149,15 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) return ASN_INPUT_E; } - e1 = base64Decode[e1 - 0x2B]; - e2 = base64Decode[e2 - 0x2B]; - e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B]; - e4 = (e4 == PAD) ? 0 : base64Decode[e4 - 0x2B]; + if (i + 1 + !pad3 + !pad4 > *outLen) { + WOLFSSL_MSG("Bad Base64 Decode out buffer, too small"); + return BAD_FUNC_ARG; + } + + e1 = base64Decode[e1 - BASE64_MIN]; + e2 = base64Decode[e2 - BASE64_MIN]; + e3 = (e3 == PAD) ? 0 : base64Decode[e3 - BASE64_MIN]; + e4 = (e4 == PAD) ? 0 : base64Decode[e4 - BASE64_MIN]; b1 = (byte)((e1 << 2) | (e2 >> 4)); b2 = (byte)(((e2 & 0xF) << 4) | (e3 >> 2)); @@ -106,32 +170,17 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) out[i++] = b3; else break; - - inLen -= 4; - if (inLen && (in[j] == ' ' || in[j] == '\r' || in[j] == '\n')) { - byte endLine = in[j++]; - inLen--; - while (inLen && endLine == ' ') { /* allow trailing whitespace */ - endLine = in[j++]; - inLen--; - } - if (endLine == '\r') { - if (inLen) { - endLine = in[j++]; - inLen--; - } - } - if (endLine != '\n') { - WOLFSSL_MSG("Bad end of line in Base64 Decode"); - return ASN_INPUT_E; - } - } } +/* If the output buffer has a room for an extra byte, add a null terminator */ + if (out && *outLen > i) + out[i]= '\0'; + *outLen = i; return 0; } +#endif /* WOLFSSL_BASE64_DECODE */ #if defined(WOLFSSL_BASE64_ENCODE) @@ -150,7 +199,7 @@ const byte base64Encode[] = { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', /* make sure *i (idx) won't exceed max, store and possibly escape to out, * raw means use e w/o decode, 0 on success */ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max, - int raw) + int raw, int getSzOnly) { int doEscape = 0; word32 needed = 1; @@ -166,8 +215,8 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max, else basic = base64Encode[e]; - /* check whether to escape */ - if (escaped) { + /* check whether to escape. Only escape for EncodeEsc */ + if (escaped == WC_ESC_NL_ENC) { switch ((char)basic) { case '+' : plus = 1; @@ -191,31 +240,37 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max, } /* check size */ - if ( (idx+needed) > max) { + if ( (idx+needed) > max && !getSzOnly) { WOLFSSL_MSG("Escape buffer max too small"); return BUFFER_E; } /* store it */ if (doEscape == 0) { - out[idx++] = basic; + if(getSzOnly) + idx++; + else + out[idx++] = basic; } else { - out[idx++] = '%'; /* start escape */ - - if (plus) { - out[idx++] = '2'; - out[idx++] = 'B'; - } - else if (equals) { - out[idx++] = '3'; - out[idx++] = 'D'; - } - else if (newline) { - out[idx++] = '0'; - out[idx++] = 'A'; + if(getSzOnly) + idx+=3; + else { + out[idx++] = '%'; /* start escape */ + + if (plus) { + out[idx++] = '2'; + out[idx++] = 'B'; + } + else if (equals) { + out[idx++] = '3'; + out[idx++] = 'D'; + } + else if (newline) { + out[idx++] = '0'; + out[idx++] = 'A'; + } } - } *i = idx; @@ -223,7 +278,8 @@ static int CEscape(int escaped, byte e, byte* out, word32* i, word32 max, } -/* internal worker, handles both escaped and normal line endings */ +/* internal worker, handles both escaped and normal line endings. + If out buffer is NULL, will return sz needed in outLen */ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen, int escaped) { @@ -232,18 +288,23 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, j = 0, n = 0; /* new line counter */ + int getSzOnly = (out == NULL); + word32 outSz = (inLen + 3 - 1) / 3 * 4; word32 addSz = (outSz + PEM_LINE_SZ - 1) / PEM_LINE_SZ; /* new lines */ - if (escaped) + if (escaped == WC_ESC_NL_ENC) addSz *= 3; /* instead of just \n, we're doing %0A triplet */ + else if (escaped == WC_NO_NL_ENC) + addSz = 0; /* encode without \n */ outSz += addSz; /* if escaped we can't predetermine size for one pass encoding, but - * make sure we have enough if no escapes are in input */ - if (outSz > *outLen) return BAD_FUNC_ARG; - + * make sure we have enough if no escapes are in input + * Also need to ensure outLen valid before dereference */ + if (!outLen || (outSz > *outLen && !getSzOnly)) return BAD_FUNC_ARG; + while (inLen > 2) { byte b1 = in[j++]; byte b2 = in[j++]; @@ -256,19 +317,20 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, byte e4 = b3 & 0x3F; /* store */ - ret = CEscape(escaped, e1, out, &i, *outLen, 0); + ret = CEscape(escaped, e1, out, &i, *outLen, 0, getSzOnly); if (ret != 0) break; - ret = CEscape(escaped, e2, out, &i, *outLen, 0); + ret = CEscape(escaped, e2, out, &i, *outLen, 0, getSzOnly); if (ret != 0) break; - ret = CEscape(escaped, e3, out, &i, *outLen, 0); + ret = CEscape(escaped, e3, out, &i, *outLen, 0, getSzOnly); if (ret != 0) break; - ret = CEscape(escaped, e4, out, &i, *outLen, 0); + ret = CEscape(escaped, e4, out, &i, *outLen, 0, getSzOnly); if (ret != 0) break; inLen -= 3; - if ((++n % (PEM_LINE_SZ / 4)) == 0 && inLen) { - ret = CEscape(escaped, '\n', out, &i, *outLen, 1); + /* Insert newline after PEM_LINE_SZ, unless no \n requested */ + if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen) { + ret = CEscape(escaped, '\n', out, &i, *outLen, 1, getSzOnly); if (ret != 0) break; } } @@ -284,50 +346,61 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, byte e2 = (byte)(((b1 & 0x3) << 4) | (b2 >> 4)); byte e3 = (byte)((b2 & 0xF) << 2); - ret = CEscape(escaped, e1, out, &i, *outLen, 0); - if (ret == 0) - ret = CEscape(escaped, e2, out, &i, *outLen, 0); + ret = CEscape(escaped, e1, out, &i, *outLen, 0, getSzOnly); + if (ret == 0) + ret = CEscape(escaped, e2, out, &i, *outLen, 0, getSzOnly); if (ret == 0) { /* third */ if (twoBytes) - ret = CEscape(escaped, e3, out, &i, *outLen, 0); - else - ret = CEscape(escaped, '=', out, &i, *outLen, 1); + ret = CEscape(escaped, e3, out, &i, *outLen, 0, getSzOnly); + else + ret = CEscape(escaped, '=', out, &i, *outLen, 1, getSzOnly); } /* fourth always pad */ if (ret == 0) - ret = CEscape(escaped, '=', out, &i, *outLen, 1); - } + ret = CEscape(escaped, '=', out, &i, *outLen, 1, getSzOnly); + } - if (ret == 0) - ret = CEscape(escaped, '\n', out, &i, *outLen, 1); + if (ret == 0 && escaped != WC_NO_NL_ENC) + ret = CEscape(escaped, '\n', out, &i, *outLen, 1, getSzOnly); - if (i != outSz && escaped == 0 && ret == 0) - return ASN_INPUT_E; + if (i != outSz && escaped != 1 && ret == 0) + return ASN_INPUT_E; +/* If the output buffer has a room for an extra byte, add a null terminator */ + if (out && *outLen > i) + out[i]= '\0'; *outLen = i; - return ret; + + if (ret == 0) + return getSzOnly ? LENGTH_ONLY_E : 0; + + return ret; } /* Base64 Encode, PEM style, with \n line endings */ int Base64_Encode(const byte* in, word32 inLen, byte* out, word32* outLen) { - return DoBase64_Encode(in, inLen, out, outLen, 0); + return DoBase64_Encode(in, inLen, out, outLen, WC_STD_ENC); } -/* Base64 Encode, with %0A esacped line endings instead of \n */ +/* Base64 Encode, with %0A escaped line endings instead of \n */ int Base64_EncodeEsc(const byte* in, word32 inLen, byte* out, word32* outLen) { - return DoBase64_Encode(in, inLen, out, outLen, 1); + return DoBase64_Encode(in, inLen, out, outLen, WC_ESC_NL_ENC); } +int Base64_Encode_NoNl(const byte* in, word32 inLen, byte* out, word32* outLen) +{ + return DoBase64_Encode(in, inLen, out, outLen, WC_NO_NL_ENC); +} -#endif /* defined(WOLFSSL_BASE64_ENCODE) */ +#endif /* WOLFSSL_BASE64_ENCODE */ -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || defined(HAVE_FIPS) +#ifdef WOLFSSL_BASE16 static const byte hexDecode[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, @@ -345,8 +418,11 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) word32 inIdx = 0; word32 outIdx = 0; + if (in == NULL || out == NULL || outLen == NULL) + return BAD_FUNC_ARG; + if (inLen == 1 && *outLen && in) { - byte b = in[inIdx++] - 0x30; /* 0 starts at 0x30 */ + byte b = in[inIdx++] - BASE16_MIN; /* 0 starts at 0x30 */ /* sanity check */ if (b >= sizeof(hexDecode)/sizeof(hexDecode[0])) @@ -356,7 +432,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) if (b == BAD) return ASN_INPUT_E; - + out[outIdx++] = b; *outLen = outIdx; @@ -370,8 +446,8 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) return BAD_FUNC_ARG; while (inLen) { - byte b = in[inIdx++] - 0x30; /* 0 starts at 0x30 */ - byte b2 = in[inIdx++] - 0x30; + byte b = in[inIdx++] - BASE16_MIN; /* 0 starts at 0x30 */ + byte b2 = in[inIdx++] - BASE16_MIN; /* sanity checks */ if (b >= sizeof(hexDecode)/sizeof(hexDecode[0])) @@ -384,7 +460,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) if (b == BAD || b2 == BAD) return ASN_INPUT_E; - + out[outIdx++] = (byte)((b << 4) | b2); inLen -= 2; } @@ -393,7 +469,43 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen) return 0; } +int Base16_Encode(const byte* in, word32 inLen, byte* out, word32* outLen) +{ + word32 outIdx = 0; + word32 i; + byte hb, lb; + + if (in == NULL || out == NULL || outLen == NULL) + return BAD_FUNC_ARG; + + if (*outLen < (2 * inLen + 1)) + return BAD_FUNC_ARG; + + for (i = 0; i < inLen; i++) { + hb = in[i] >> 4; + lb = in[i] & 0x0f; + + /* ASCII value */ + hb += '0'; + if (hb > '9') + hb += 7; + + /* ASCII value */ + lb += '0'; + if (lb>'9') + lb += 7; + + out[outIdx++] = hb; + out[outIdx++] = lb; + } + + /* force 0 at this end */ + out[outIdx++] = 0; + + *outLen = outIdx; + return 0; +} -#endif /* (OPENSSL_EXTRA) || (HAVE_WEBSERVER) || (HAVE_FIPS) */ +#endif /* WOLFSSL_BASE16 */ -#endif /* NO_CODING */ +#endif /* !NO_CODING */ |