From ba56136b5c9c3b497dd0c4dbcf770d7e040b7bcd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jun 2015 16:30:35 +0100 Subject: [PATCH] Avoid in-out length in base64 --- include/mbedtls/base64.h | 22 ++++++++++++---------- library/base64.c | 24 +++++++++++------------- library/pem.c | 11 +++++------ programs/ssl/ssl_mail_client.c | 6 ++---- programs/util/pem2der.c | 4 ++-- tests/suites/test_suite_base64.function | 19 +++++++++---------- 6 files changed, 41 insertions(+), 45 deletions(-) diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h index 86fce79b4..b7318853d 100644 --- a/include/mbedtls/base64.h +++ b/include/mbedtls/base64.h @@ -37,37 +37,39 @@ extern "C" { * \brief Encode a buffer into base64 format * * \param dst destination buffer - * \param dlen size of the buffer + * \param dlen size of the destination buffer + * \param olen number of bytes written * \param src source buffer * \param slen amount of data to be encoded * * \return 0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL. - * *dlen is always updated to reflect the amount + * *olen is always updated to reflect the amount * of data that has (or would have) been written. * - * \note Call this function with *dlen = 0 to obtain the - * required buffer size in *dlen + * \note Call this function with dlen = 0 to obtain the + * required buffer size in *olen */ -int mbedtls_base64_encode( unsigned char *dst, size_t *dlen, +int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen ); /** * \brief Decode a base64-formatted buffer * * \param dst destination buffer (can be NULL for checking size) - * \param dlen size of the buffer + * \param dlen size of the destination buffer + * \param olen number of bytes written * \param src source buffer * \param slen amount of data to be decoded * * \return 0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or * MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is - * not correct. *dlen is always updated to reflect the amount + * not correct. *olen is always updated to reflect the amount * of data that has (or would have) been written. * - * \note Call this function with *dst = NULL or *dlen = 0 to obtain - * the required buffer size in *dlen + * \note Call this function with *dst = NULL or dlen = 0 to obtain + * the required buffer size in *olen */ -int mbedtls_base64_decode( unsigned char *dst, size_t *dlen, +int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen ); /** diff --git a/library/base64.c b/library/base64.c index e0a6f188f..3e9454844 100644 --- a/library/base64.c +++ b/library/base64.c @@ -78,7 +78,7 @@ static const unsigned char base64_dec_map[128] = /* * Encode a buffer into base64 format */ -int mbedtls_base64_encode( unsigned char *dst, size_t *dlen, +int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen ) { size_t i, n; @@ -87,7 +87,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t *dlen, if( slen == 0 ) { - *dlen = 0; + *olen = 0; return( 0 ); } @@ -100,9 +100,9 @@ int mbedtls_base64_encode( unsigned char *dst, size_t *dlen, default: break; } - if( *dlen < n + 1 ) + if( dlen < n + 1 ) { - *dlen = n + 1; + *olen = n + 1; return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); } @@ -135,7 +135,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t *dlen, *p++ = '='; } - *dlen = p - dst; + *olen = p - dst; *p = 0; return( 0 ); @@ -144,7 +144,7 @@ int mbedtls_base64_encode( unsigned char *dst, size_t *dlen, /* * Decode a base64-formatted buffer */ -int mbedtls_base64_decode( unsigned char *dst, size_t *dlen, +int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, const unsigned char *src, size_t slen ) { size_t i, n; @@ -195,9 +195,9 @@ int mbedtls_base64_decode( unsigned char *dst, size_t *dlen, n = ( ( n * 6 ) + 7 ) >> 3; n -= j; - if( dst == NULL || *dlen < n ) + if( dst == NULL || dlen < n ) { - *dlen = n; + *olen = n; return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); } @@ -218,7 +218,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t *dlen, } } - *dlen = p - dst; + *olen = p - dst; return( 0 ); } @@ -253,10 +253,9 @@ int mbedtls_base64_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " Base64 encoding test: " ); - len = sizeof( buffer ); src = base64_test_dec; - if( mbedtls_base64_encode( buffer, &len, src, 64 ) != 0 || + if( mbedtls_base64_encode( buffer, sizeof( buffer ), &len, src, 64 ) != 0 || memcmp( base64_test_enc, buffer, 88 ) != 0 ) { if( verbose != 0 ) @@ -268,10 +267,9 @@ int mbedtls_base64_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n Base64 decoding test: " ); - len = sizeof( buffer ); src = base64_test_enc; - if( mbedtls_base64_decode( buffer, &len, src, 88 ) != 0 || + if( mbedtls_base64_decode( buffer, sizeof( buffer ), &len, src, 88 ) != 0 || memcmp( base64_test_dec, buffer, 64 ) != 0 ) { if( verbose != 0 ) diff --git a/library/pem.c b/library/pem.c index c1561cb4a..13fc2df2f 100644 --- a/library/pem.c +++ b/library/pem.c @@ -315,8 +315,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */ } - len = 0; - ret = mbedtls_base64_decode( NULL, &len, s1, s2 - s1 ); + ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER ) return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); @@ -324,7 +323,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const if( ( buf = mbedtls_calloc( 1, len ) ) == NULL ) return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); - if( ( ret = mbedtls_base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 ) + if( ( ret = mbedtls_base64_decode( buf, len, &len, s1, s2 - s1 ) ) != 0 ) { mbedtls_free( buf ); return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); @@ -396,9 +395,9 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, { int ret; unsigned char *encode_buf, *c, *p = buf; - size_t len = 0, use_len = 0, add_len = 0; + size_t len = 0, use_len, add_len = 0; - mbedtls_base64_encode( NULL, &use_len, der_data, der_len ); + mbedtls_base64_encode( NULL, 0, &use_len, der_data, der_len ); add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1; if( use_len + add_len > buf_len ) @@ -410,7 +409,7 @@ int mbedtls_pem_write_buffer( const char *header, const char *footer, if( ( encode_buf = mbedtls_calloc( 1, use_len ) ) == NULL ) return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); - if( ( ret = mbedtls_base64_encode( encode_buf, &use_len, der_data, + if( ( ret = mbedtls_base64_encode( encode_buf, use_len, &use_len, der_data, der_len ) ) != 0 ) { mbedtls_free( encode_buf ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index df25435f4..9587b7a5e 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -720,8 +720,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " > Write username to server: %s", opt.user_name ); fflush( stdout ); - n = sizeof( base ); - ret = mbedtls_base64_encode( base, &n, (const unsigned char *) opt.user_name, + ret = mbedtls_base64_encode( base, sizeof( base ), &n, (const unsigned char *) opt.user_name, strlen( opt.user_name ) ); if( ret != 0 ) { @@ -741,8 +740,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " > Write password to server: %s", opt.user_pwd ); fflush( stdout ); - n = sizeof( base ); - ret = mbedtls_base64_encode( base, &n, (const unsigned char *) opt.user_pwd, + ret = mbedtls_base64_encode( base, sizeof( base ), &n, (const unsigned char *) opt.user_pwd, strlen( opt.user_pwd ) ); if( ret != 0 ) { diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c index c9b511d19..d43d44698 100644 --- a/programs/util/pem2der.c +++ b/programs/util/pem2der.c @@ -96,14 +96,14 @@ int convert_pem_to_der( const unsigned char *input, size_t ilen, if( s2 <= s1 || s2 > end ) return( -1 ); - ret = mbedtls_base64_decode( NULL, &len, (const unsigned char *) s1, s2 - s1 ); + ret = mbedtls_base64_decode( NULL, 0, &len, (const unsigned char *) s1, s2 - s1 ); if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER ) return( ret ); if( len > *olen ) return( -1 ); - if( ( ret = mbedtls_base64_decode( output, &len, (const unsigned char *) s1, + if( ( ret = mbedtls_base64_decode( output, len, &len, (const unsigned char *) s1, s2 - s1 ) ) != 0 ) { return( ret ); diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index 53f38bf50..ab6d88ca7 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -13,13 +13,13 @@ void mbedtls_base64_encode( char *src_string, char *dst_string, int dst_buf_size { unsigned char src_str[1000]; unsigned char dst_str[1000]; - size_t len = dst_buf_size; + size_t len; memset(src_str, 0x00, 1000); memset(dst_str, 0x00, 1000); strncpy( (char *) src_str, src_string, sizeof(src_str) - 1 ); - TEST_ASSERT( mbedtls_base64_encode( dst_str, &len, src_str, strlen( (char *) src_str ) ) == result ); + TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, strlen( (char *) src_str ) ) == result ); if( result == 0 ) { TEST_ASSERT( strcmp( (char *) dst_str, dst_string ) == 0 ); @@ -32,14 +32,14 @@ void mbedtls_base64_decode( char *src_string, char *dst_string, int result ) { unsigned char src_str[1000]; unsigned char dst_str[1000]; - size_t len = 1000; + size_t len; int res; memset(src_str, 0x00, 1000); memset(dst_str, 0x00, 1000); strncpy( (char *) src_str, src_string, sizeof(src_str) - 1 ); - res = mbedtls_base64_decode( dst_str, &len, src_str, strlen( (char *) src_str ) ); + res = mbedtls_base64_decode( dst_str, sizeof( dst_str ), &len, src_str, strlen( (char *) src_str ) ); TEST_ASSERT( res == result ); if( result == 0 ) { @@ -53,12 +53,12 @@ void base64_encode_hex( char *src_hex, char *dst, int dst_buf_size, int result ) { unsigned char *src = NULL, *res = NULL; - size_t len = dst_buf_size, src_len; + size_t len, src_len; src = unhexify_alloc( src_hex, &src_len ); res = zero_alloc( dst_buf_size ); - TEST_ASSERT( mbedtls_base64_encode( res, &len, src, src_len ) == result ); + TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src, src_len ) == result ); if( result == 0 ) { TEST_ASSERT( len == strlen( dst ) ); @@ -76,12 +76,12 @@ void base64_decode_hex( char *src, char *dst_hex, int dst_buf_size, int result ) { unsigned char *dst = NULL, *res = NULL; - size_t len = dst_buf_size, dst_len; + size_t len, dst_len; dst = unhexify_alloc( dst_hex, &dst_len ); res = zero_alloc( dst_buf_size ); - TEST_ASSERT( mbedtls_base64_decode( res, &len, (unsigned char *) src, + TEST_ASSERT( mbedtls_base64_decode( res, dst_buf_size, &len, (unsigned char *) src, strlen( src ) ) == result ); if( result == 0 ) { @@ -104,8 +104,7 @@ void base64_decode_hex_src( char *src_hex, char *dst_ref, int result ) src = unhexify_alloc( src_hex, &src_len ); - len = sizeof( dst ); - TEST_ASSERT( mbedtls_base64_decode( dst, &len, src, src_len ) == result ); + TEST_ASSERT( mbedtls_base64_decode( dst, sizeof( dst ), &len, src, src_len ) == result ); if( result == 0 ) { TEST_ASSERT( len == strlen( dst_ref ) );