jcs.org
jcs's openbsd hax
openbsd
1.\" $OpenBSD: EVP_EncodeInit.3,v 1.8 2025/06/08 22:40:29 schwarze Exp $
2.\" full merge up to: OpenSSL f430ba31 Jun 19 19:39:01 2016 +0200
3.\" selective merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
4.\"
5.\" This file was written by Matt Caswell <matt@openssl.org>.
6.\" Copyright (c) 2016 The OpenSSL Project. All rights reserved.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\"
12.\" 1. Redistributions of source code must retain the above copyright
13.\" notice, this list of conditions and the following disclaimer.
14.\"
15.\" 2. Redistributions in binary form must reproduce the above copyright
16.\" notice, this list of conditions and the following disclaimer in
17.\" the documentation and/or other materials provided with the
18.\" distribution.
19.\"
20.\" 3. All advertising materials mentioning features or use of this
21.\" software must display the following acknowledgment:
22.\" "This product includes software developed by the OpenSSL Project
23.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24.\"
25.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26.\" endorse or promote products derived from this software without
27.\" prior written permission. For written permission, please contact
28.\" openssl-core@openssl.org.
29.\"
30.\" 5. Products derived from this software may not be called "OpenSSL"
31.\" nor may "OpenSSL" appear in their names without prior written
32.\" permission of the OpenSSL Project.
33.\"
34.\" 6. Redistributions of any form whatsoever must retain the following
35.\" acknowledgment:
36.\" "This product includes software developed by the OpenSSL Project
37.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38.\"
39.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51.\"
52.Dd $Mdocdate: June 8 2025 $
53.Dt EVP_ENCODEINIT 3
54.Os
55.Sh NAME
56.Nm EVP_ENCODE_CTX_new ,
57.Nm EVP_ENCODE_CTX_free ,
58.Nm EVP_EncodeInit ,
59.Nm EVP_EncodeUpdate ,
60.Nm EVP_EncodeFinal ,
61.Nm EVP_EncodeBlock ,
62.Nm EVP_DecodeInit ,
63.Nm EVP_DecodeUpdate ,
64.Nm EVP_DecodeFinal ,
65.Nm EVP_DecodeBlock
66.Nd EVP base64 encode/decode routines
67.Sh SYNOPSIS
68.Lb libcrypto
69.In openssl/evp.h
70.Ft EVP_ENCODE_CTX *
71.Fn EVP_ENCODE_CTX_new void
72.Ft void
73.Fo EVP_ENCODE_CTX_free
74.Fa "EVP_ENCODE_CTX *ctx"
75.Fc
76.Ft void
77.Fo EVP_EncodeInit
78.Fa "EVP_ENCODE_CTX *ctx"
79.Fc
80.Ft int
81.Fo EVP_EncodeUpdate
82.Fa "EVP_ENCODE_CTX *ctx"
83.Fa "unsigned char *out"
84.Fa "int *outl"
85.Fa "const unsigned char *in"
86.Fa "int inl"
87.Fc
88.Ft void
89.Fo EVP_EncodeFinal
90.Fa "EVP_ENCODE_CTX *ctx"
91.Fa "unsigned char *out"
92.Fa "int *outl"
93.Fc
94.Ft int
95.Fo EVP_EncodeBlock
96.Fa "unsigned char *t"
97.Fa "const unsigned char *f"
98.Fa "int n"
99.Fc
100.Ft void
101.Fo EVP_DecodeInit
102.Fa "EVP_ENCODE_CTX *ctx"
103.Fc
104.Ft int
105.Fo EVP_DecodeUpdate
106.Fa "EVP_ENCODE_CTX *ctx"
107.Fa "unsigned char *out"
108.Fa "int *outl"
109.Fa "const unsigned char *in"
110.Fa "int inl"
111.Fc
112.Ft int
113.Fo EVP_DecodeFinal
114.Fa "EVP_ENCODE_CTX *ctx"
115.Fa "unsigned char *out"
116.Fa "int *outl"
117.Fc
118.Ft int
119.Fo EVP_DecodeBlock
120.Fa "unsigned char *t"
121.Fa "const unsigned char *f"
122.Fa "int n"
123.Fc
124.Sh DESCRIPTION
125The EVP encode routines provide a high level interface to base64
126encoding and decoding.
127Base64 encoding converts binary data into a printable form that uses
128the characters A-Z, a-z, 0-9, "+" and "/" to represent the data.
129For every 3 bytes of binary data provided, 4 bytes of base64-encoded
130data will be produced, plus some occasional newlines.
131If the input data length is not a multiple of 3, then the output data
132will be padded at the end using the "=" character.
133.Pp
134.Fn EVP_ENCODE_CTX_new
135allocates, initializes and returns a context to be used for the encode
136and decode functions.
137.Pp
138.Fn EVP_ENCODE_CTX_free
139frees
140.Fa ctx .
141.Pp
142Encoding of binary data is performed in blocks of 48 input bytes (or
143less for the final block).
144For each 48-byte input block encoded, 64 bytes of base64 data is output,
145plus an additional newline character, i.e. 65 bytes in total.
146The final block, which may be less than 48 bytes, will output 4 bytes
147for every 3 bytes of input.
148If the data length is not divisible by 3, then a full 4 bytes is still
149output for the final 1 or 2 bytes of input.
150Similarly a newline character will also be output.
151.Pp
152.Fn EVP_EncodeInit
153initialises
154.Fa ctx
155for the start of a new encoding operation.
156.Pp
157.Fn EVP_EncodeUpdate
158encodes
159.Fa inl
160bytes of data found in the buffer pointed to by
161.Fa in .
162The output is stored in the buffer
163.Fa out
164and the number of bytes output is stored in
165.Pf * Fa outl .
166It is the caller's responsibility to ensure that the buffer at
167.Fa out
168is sufficiently large to accommodate the output data.
169Only full blocks of data (48 bytes) will be immediately processed and
170output by this function.
171Any remainder is held in the
172.Fa ctx
173object and will be processed by a subsequent call to
174.Fn EVP_EncodeUpdate
175or
176.Fn EVP_EncodeFinal .
177To calculate the required size of the output buffer, add together the
178value of
179.Fa inl
180with the amount of unprocessed data held in
181.Fa ctx
182and divide the result by 48 (ignore any remainder).
183This gives the number of blocks of data that will be processed.
184Ensure the output buffer contains 65 bytes of storage for each block,
185plus an additional byte for a NUL terminator.
186.Fn EVP_EncodeUpdate
187may be called repeatedly to process large amounts of input data.
188In the event of an error ,
189.Fn EVP_EncodeUpdate
190will set
191.Pf * Fa outl
192to 0 and return 0.
193On success 1 will be returned.
194.Pp
195.Fn EVP_EncodeFinal
196must be called at the end of an encoding operation.
197It will process any partial block of data remaining in the
198.Fa ctx
199object.
200The output data will be stored in
201.Fa out
202and the length of the data written will be stored in
203.Pf * Fa outl .
204It is the caller's responsibility to ensure that
205.Fa out
206is sufficiently large to accommodate the output data, which will
207never be more than 65 bytes plus an additional NUL terminator, i.e.
20866 bytes in total.
209.Pp
210.Fn EVP_EncodeBlock
211encodes a full block of input data in
212.Fa f
213and of length
214.Fa n
215and stores it in
216.Fa t .
217For every 3 bytes of input provided, 4 bytes of output data will be
218produced.
219If
220.Sy n
221is not divisible by 3, then the block is encoded as a final block
222of data and the output is padded such that it is always divisible
223by 4.
224Additionally a NUL terminator character will be added.
225For example, if 16 bytes of input data are provided, then 24 bytes
226of encoded data is created plus 1 byte for a NUL terminator,
227i.e. 25 bytes in total.
228The length of the data generated
229.Em without
230the NUL terminator is returned from the function.
231.Pp
232.Fn EVP_DecodeInit
233initialises
234.Fa ctx
235for the start of a new decoding operation.
236.Pp
237.Fn EVP_DecodeUpdate
238decodes
239.Fa inl
240characters of data found in the buffer pointed to by
241.Fa in .
242The output is stored in the buffer
243.Fa out
244and the number of bytes output is stored in
245.Pf * Fa outl .
246It is the caller's responsibility to ensure that the buffer at
247.Fa out
248is sufficiently large to accommodate the output data.
249This function will attempt to decode as much data as possible in 4-byte
250chunks.
251Any whitespace, newline or carriage return characters are ignored.
252Any partial chunk of unprocessed data (1, 2 or 3 bytes) that remains at
253the end will be held in the
254.Fa ctx
255object and processed by a subsequent call to
256.Fn EVP_DecodeUpdate .
257If any illegal base64 characters are encountered or if the base64
258padding character "=" is encountered in the middle of the data,
259then the function returns -1 to indicate an error.
260A return value of 0 or 1 indicates successful processing of the data.
261A return value of 0 additionally indicates that the last input data
262characters processed included the base64 padding character "=" and
263therefore no more non-padding character data is expected to be
264processed.
265For every 4 valid base64 bytes processed \(em ignoring whitespace,
266carriage returns and line feeds \(em 3 bytes of binary output data
267will be produced, or less at the end of the data where the padding
268character "=" has been used.
269.Pp
270.Fn EVP_DecodeFinal
271must be called at the end of a decoding operation.
272If there is any unprocessed data still in
273.Fa ctx ,
274then the input data must not have been a multiple of 4 and therefore an
275error has occurred.
276The function will return -1 in this case.
277Otherwise the function returns 1 on success.
278.Pp
279.Fn EVP_DecodeBlock
280will decode the block of
281.Fa n
282characters of base64 data contained in
283.Fa f
284and store the result in
285.Fa t .
286Any leading whitespace will be trimmed as will any trailing whitespace,
287newlines, carriage returns or EOF characters.
288After such trimming the length of the data in
289.Fa f
290must be divisible by 4.
291For every 4 input bytes, exactly 3 output bytes will be produced.
292The output will be padded with 0 bits if necessary to ensure that the
293output is always 3 bytes for every 4 input bytes.
294This function will return the length of the data decoded or -1 on error.
295.Sh RETURN VALUES
296.Fn EVP_ENCODE_CTX_new
297returns a pointer to the newly allocated
298.Vt EVP_ENCODE_CTX
299object or
300.Dv NULL
301on error.
302.Pp
303.Fn EVP_EncodeUpdate
304returns 0 on error or 1 on success.
305.Pp
306.Fn EVP_EncodeBlock
307returns the number of bytes encoded excluding the NUL terminator.
308.Pp
309.Fn EVP_DecodeUpdate
310returns -1 on error and 0 or 1 on success.
311If 0 is returned, then no more non-padding base64 characters are
312expected.
313.Pp
314.Fn EVP_DecodeFinal
315returns -1 on error or 1 on success.
316.Pp
317.Fn EVP_DecodeBlock
318returns the length of the data decoded or -1 on error.
319.Sh SEE ALSO
320.Xr BIO_f_base64 3 ,
321.Xr evp 3
322.Sh HISTORY
323The
324.Fn EVP_Encode*
325and
326.Fn EVP_Decode*
327functions first appeared in SSLeay 0.5.1
328and have been available since
329.Ox 2.4 .
330.Pp
331.Fn EVP_ENCODE_CTX_new
332and
333.Fn EVP_ENCODE_CTX_free
334first appeared in OpenSSL 1.1.0 and have been available since
335.Ox 6.5 .