Browse Source

[core] base64 encode round-up for required space

no need for extra work for precision allocation to avoid 0-3 extra chars

note: callers passing precise buffer size for without padding will need
  to be modified to pass a slightly larger buffer, e.g. mod_secdownload
master
Glenn Strauss 7 months ago
parent
commit
e7805dbf93
  1. 17
      src/base64.c
  2. 8
      src/mod_secdownload.c
  3. 18
      src/t/test_base64.c

17
src/base64.c

@ -118,10 +118,6 @@ static size_t li_base64_decode(unsigned char * const result, const size_t out_le
}
size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char* in, size_t in_length, base64_charset charset) {
const size_t full_tuples = in_length / 3;
const size_t in_tuple_remainder = in_length % 3;
const size_t out_tuple_remainder = in_tuple_remainder ? 1 + in_tuple_remainder : 0;
const size_t require_space = 4 * full_tuples + out_tuple_remainder;
size_t i;
size_t out_pos = 0;
const char* const base64_table = (charset)
@ -131,10 +127,8 @@ size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char
/* check overflows */
/* 1073741823 is max num full_tuples to avoid overflow in uint32_t;
* and (1 GB - 1) is ridiculously large for base64-encoded data */
force_assert(full_tuples <= 1073741823);
/*force_assert(full_tuples <= 4*full_tuples);*/
/*force_assert(4*full_tuples <= 4*full_tuples + out_tuple_remainder);*/
force_assert(require_space <= out_length);
force_assert(in_length <= 3221225469); /* (3221225469+2) / 3 * 4 < UINT32_MAX */
force_assert((in_length+2)/3*4 <= out_length);
for (i = 2; i < in_length; i += 3) {
unsigned int v = (in[i-2] << 16) | (in[i-1] << 8) | in[i];
@ -144,8 +138,10 @@ size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char
out[out_pos+0] = base64_table[v & 0x3f];
out_pos += 4;
}
switch (in_tuple_remainder) {
switch (in_length - (i-2)) {
case 0:
default:
break;
case 1:
{
@ -167,7 +163,6 @@ size_t li_to_base64_no_padding(char* out, size_t out_length, const unsigned char
}
break;
}
force_assert(out_pos <= out_length);
return out_pos;
}
@ -190,7 +185,7 @@ size_t li_to_base64(char* out, size_t out_length, const unsigned char* in, size_
char* buffer_append_base64_encode_opt(buffer *out, const unsigned char* in, size_t in_length, base64_charset charset, int pad) {
const size_t reserve = 4*(in_length/3) + 4;
const size_t reserve = (in_length+2)/3*4;
char * const result = buffer_string_prepare_append(out, reserve);
const size_t out_pos = (pad)
? li_to_base64(result, reserve, in, in_length, charset)

8
src/mod_secdownload.c

@ -166,7 +166,7 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
case SECDL_HMAC_SHA1:
{
unsigned char digest[20];
char base64_digest[27];
char base64_digest[28];
if (!li_hmac_sha1(digest, CONST_BUF_LEN(config->secret),
(const unsigned char *)protected_path,
@ -176,7 +176,7 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
return 0;
}
li_to_base64_no_padding(base64_digest, 27, digest, 20, BASE64_URL);
li_to_base64_no_padding(base64_digest, 28, digest, 20, BASE64_URL);
return (27 == maclen)
&& http_auth_const_time_memeq(mac, base64_digest, 27);
@ -185,7 +185,7 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
case SECDL_HMAC_SHA256:
{
unsigned char digest[32];
char base64_digest[43];
char base64_digest[44];
if (!li_hmac_sha256(digest, CONST_BUF_LEN(config->secret),
(const unsigned char *)protected_path,
@ -195,7 +195,7 @@ static int secdl_verify_mac(plugin_config *config, const char* protected_path, c
return 0;
}
li_to_base64_no_padding(base64_digest, 43, digest, 32, BASE64_URL);
li_to_base64_no_padding(base64_digest, 44, digest, 32, BASE64_URL);
return (43 == maclen)
&& http_auth_const_time_memeq(mac, base64_digest, 43);

18
src/t/test_base64.c

@ -6,24 +6,24 @@ static const base64_charset encs[] = { BASE64_STANDARD, BASE64_URL };
static buffer *check;
inline
static void check_base64 (char *out, const size_t out_sz, const char *in, const size_t in_len, const base64_charset enc) {
force_assert(out_sz == li_to_base64_no_padding(out, out_sz, (const unsigned char *)in, in_len, enc));
static void check_base64 (size_t out_exp, const char *in, const size_t in_len, const base64_charset enc) {
char out[4] = { 0, 0, 0, 0 };
force_assert(out_exp == li_to_base64_no_padding(out, sizeof(out), (const unsigned char *)in, in_len, enc));
buffer_clear(check);
force_assert(NULL != buffer_append_base64_decode(check, out, out_sz, enc));
force_assert(NULL != buffer_append_base64_decode(check, out, out_exp, enc));
force_assert(buffer_eq_slen(check, in, in_len));
}
static void check_all_len_0 (const base64_charset enc) {
check_base64(NULL, 0, "", 0, enc);
check_base64(0, "", 0, enc);
}
static void check_all_len_1 (const base64_charset enc) {
unsigned int c1;
for (c1 = 0; c1 < 256; ++c1) {
unsigned char in[] = { c1 };
char out[2] = { 0, 0 };
check_base64(out, sizeof(out), (char *)in, sizeof(in), enc);
check_base64(2, (char *)in, sizeof(in), enc);
}
}
@ -31,8 +31,7 @@ static void check_all_len_2 (const base64_charset enc) {
unsigned int c1, c2;
for (c1 = 0; c1 < 256; ++c1) for (c2 = 0; c2 < 256; ++c2) {
unsigned char in[] = { c1, c2 };
char out[3] = { 0, 0, 0 };
check_base64(out, sizeof(out), (char *)in, sizeof(in), enc);
check_base64(3, (char *)in, sizeof(in), enc);
}
}
@ -40,8 +39,7 @@ static void check_all_len_3 (const base64_charset enc) {
unsigned int c1, c2, c3;
for (c1 = 0; c1 < 256; c1+=255) for (c2 = 0; c2 < 256; ++c2) for (c3 = 0; c3 < 256; ++c3) {
unsigned char in[] = { c1, c2, c3 };
char out[4] = { 0, 0, 0, 0 };
check_base64(out, sizeof(out), (char *)in, sizeof(in), enc);
check_base64(4, (char *)in, sizeof(in), enc);
}
}

Loading…
Cancel
Save