diff options
| author | David Benjamin <davidben@chromium.org> | 2015-09-19 22:17:34 +0300 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2015-09-29 00:53:39 +0300 |
| commit | 97a33939a38ad5e9f0e89c39de245e3a8326b96b (patch) | |
| tree | 441206e374fab6bfc815e52682adfa368a5694b1 /include/openssl/base64.h | |
| parent | 6daa8268a63c5379a2f37ca25a1d2ead95e6cd84 (diff) | |
Deprecate basically the entire base64 implementation.
The IUF functions were added for PEM and internally are very lenient to
whitespace and include other PEM-specific behaviors (notably they treat
hyphens as EOF). They also decode a ton of invalid input (see upstream's
RT #3757).
Upstream has a rewrite with tests that resolves the latter issue which
we should review and import. But this is still a very PEM-specific
interface. As this code has basically no callers outside the PEM code
(and any such callers likely don't want a PEM-specific API), it's
probably not worth the trouble to massage this and PEM into a strict IUF
base64 API with PEM whitespace and hyphen bits outside. Just deprecate
it all and leave it in a corner.
Change-Id: I5b98111e87436e287547829daa65e9c1efc95119
Reviewed-on: https://boringssl-review.googlesource.com/5952
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'include/openssl/base64.h')
| -rw-r--r-- | include/openssl/base64.h | 57 |
1 files changed, 30 insertions, 27 deletions
diff --git a/include/openssl/base64.h b/include/openssl/base64.h index 2d27c896..f28e7ddb 100644 --- a/include/openssl/base64.h +++ b/include/openssl/base64.h @@ -70,32 +70,8 @@ extern "C" { * base64 encoding and decoding. */ -typedef struct evp_encode_ctx_st EVP_ENCODE_CTX; - - /* Encoding */ -/* EVP_EncodeInit initialises |*ctx|, which is typically stack - * allocated, for an encoding operation. - * - * NOTE: The encoding operation breaks its output with newlines every - * 64 characters of output (48 characters of input). Use - * EVP_EncodeBlock to encode raw base64. */ -OPENSSL_EXPORT void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); - -/* EVP_EncodeUpdate encodes |in_len| bytes from |in| and writes an encoded - * version of them to |out| and sets |*out_len| to the number of bytes written. - * Some state may be contained in |ctx| so |EVP_EncodeFinal| must be used to - * flush it before using the encoded data. */ -OPENSSL_EXPORT void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, - int *out_len, const uint8_t *in, - size_t in_len); - -/* EVP_EncodeFinal flushes any remaining output bytes from |ctx| to |out| and - * sets |*out_len| to the number of bytes written. */ -OPENSSL_EXPORT void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out, - int *out_len); - /* EVP_EncodeBlock encodes |src_len| bytes from |src| and writes the * result to |dst| with a trailing NUL. It returns the number of bytes * written, not including this trailing NUL. */ @@ -124,6 +100,36 @@ OPENSSL_EXPORT int EVP_DecodeBase64(uint8_t *out, size_t *out_len, size_t max_out, const uint8_t *in, size_t in_len); + +/* Deprecated functions. + * + * OpenSSL provides a streaming base64 implementation, however its behavior is + * very specific to PEM. It is also very lenient of invalid input. Use of any of + * these functions is thus deprecated. + * + * TODO(davidben): Import upstream's rewrite that rejects the invalid input. */ + +/* EVP_EncodeInit initialises |*ctx|, which is typically stack + * allocated, for an encoding operation. + * + * NOTE: The encoding operation breaks its output with newlines every + * 64 characters of output (48 characters of input). Use + * EVP_EncodeBlock to encode raw base64. */ +OPENSSL_EXPORT void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); + +/* EVP_EncodeUpdate encodes |in_len| bytes from |in| and writes an encoded + * version of them to |out| and sets |*out_len| to the number of bytes written. + * Some state may be contained in |ctx| so |EVP_EncodeFinal| must be used to + * flush it before using the encoded data. */ +OPENSSL_EXPORT void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, + int *out_len, const uint8_t *in, + size_t in_len); + +/* EVP_EncodeFinal flushes any remaining output bytes from |ctx| to |out| and + * sets |*out_len| to the number of bytes written. */ +OPENSSL_EXPORT void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out, + int *out_len); + /* EVP_DecodeInit initialises |*ctx|, which is typically stack allocated, for * a decoding operation. * @@ -148,9 +154,6 @@ OPENSSL_EXPORT int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, OPENSSL_EXPORT int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len); - -/* Deprecated functions. */ - /* EVP_DecodeBlock encodes |src_len| bytes from |src| and writes the result to * |dst|. It returns the number of bytes written or -1 on error. * |