Commit caaaf8d5 authored by ROOL's avatar ROOL 🤖
Browse files

Library update

Detail:
  Includes fix for CVE-2021-44732.
  This is release 2.16.12 direct from ARM, with customisations to ro_config.h/timing.c/entropy_poll.c/net_sockets.[c|h] to port to RISC OS.

Version 2.25. Tagged as 'mbedTLS-2_25'
parent f390b0d4
/* (2.24) /* (2.25)
* *
* This file is automatically maintained by srccommit, do not edit manually. * This file is automatically maintained by srccommit, do not edit manually.
* *
*/ */
#define Module_MajorVersion_CMHG 2.24 #define Module_MajorVersion_CMHG 2.25
#define Module_MinorVersion_CMHG #define Module_MinorVersion_CMHG
#define Module_Date_CMHG 10 Jul 2021 #define Module_Date_CMHG 20 Dec 2021
#define Module_MajorVersion "2.24" #define Module_MajorVersion "2.25"
#define Module_Version 224 #define Module_Version 225
#define Module_MinorVersion "" #define Module_MinorVersion ""
#define Module_Date "10 Jul 2021" #define Module_Date "20 Dec 2021"
#define Module_ApplicationDate "10-Jul-21" #define Module_ApplicationDate "20-Dec-21"
#define Module_ComponentName "mbedTLS" #define Module_ComponentName "mbedTLS"
#define Module_FullVersion "2.24" #define Module_FullVersion "2.25"
#define Module_HelpVersion "2.24 (10 Jul 2021)" #define Module_HelpVersion "2.25 (20 Dec 2021)"
#define Module_LibraryVersionInfo "2:24" #define Module_LibraryVersionInfo "2:25"
...@@ -1082,6 +1082,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, ...@@ -1082,6 +1082,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
unsigned char *output ) unsigned char *output )
{ {
int i; int i;
int ret;
unsigned char temp[16]; unsigned char temp[16];
AES_VALIDATE_RET( ctx != NULL ); AES_VALIDATE_RET( ctx != NULL );
...@@ -1111,7 +1112,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, ...@@ -1111,7 +1112,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
while( length > 0 ) while( length > 0 )
{ {
memcpy( temp, input, 16 ); memcpy( temp, input, 16 );
mbedtls_aes_crypt_ecb( ctx, mode, input, output ); ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output );
if( ret != 0 )
goto exit;
for( i = 0; i < 16; i++ ) for( i = 0; i < 16; i++ )
output[i] = (unsigned char)( output[i] ^ iv[i] ); output[i] = (unsigned char)( output[i] ^ iv[i] );
...@@ -1130,7 +1133,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, ...@@ -1130,7 +1133,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
for( i = 0; i < 16; i++ ) for( i = 0; i < 16; i++ )
output[i] = (unsigned char)( input[i] ^ iv[i] ); output[i] = (unsigned char)( input[i] ^ iv[i] );
mbedtls_aes_crypt_ecb( ctx, mode, output, output ); ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output );
if( ret != 0 )
goto exit;
memcpy( iv, output, 16 ); memcpy( iv, output, 16 );
input += 16; input += 16;
...@@ -1138,8 +1143,10 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx, ...@@ -1138,8 +1143,10 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
length -= 16; length -= 16;
} }
} }
ret = 0;
return( 0 ); exit:
return( ret );
} }
#endif /* MBEDTLS_CIPHER_MODE_CBC */ #endif /* MBEDTLS_CIPHER_MODE_CBC */
...@@ -1322,6 +1329,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, ...@@ -1322,6 +1329,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
unsigned char *output ) unsigned char *output )
{ {
int c; int c;
int ret;
size_t n; size_t n;
AES_VALIDATE_RET( ctx != NULL ); AES_VALIDATE_RET( ctx != NULL );
...@@ -1342,7 +1350,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, ...@@ -1342,7 +1350,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
while( length-- ) while( length-- )
{ {
if( n == 0 ) if( n == 0 )
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); {
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
if( ret != 0 )
goto exit;
}
c = *input++; c = *input++;
*output++ = (unsigned char)( c ^ iv[n] ); *output++ = (unsigned char)( c ^ iv[n] );
...@@ -1356,7 +1368,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, ...@@ -1356,7 +1368,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
while( length-- ) while( length-- )
{ {
if( n == 0 ) if( n == 0 )
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); {
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
if( ret != 0 )
goto exit;
}
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ ); iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
...@@ -1365,8 +1381,10 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx, ...@@ -1365,8 +1381,10 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
} }
*iv_off = n; *iv_off = n;
ret = 0;
return( 0 ); exit:
return( ret );
} }
/* /*
...@@ -1379,6 +1397,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, ...@@ -1379,6 +1397,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
const unsigned char *input, const unsigned char *input,
unsigned char *output ) unsigned char *output )
{ {
int ret;
unsigned char c; unsigned char c;
unsigned char ov[17]; unsigned char ov[17];
...@@ -1391,7 +1410,9 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, ...@@ -1391,7 +1410,9 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
while( length-- ) while( length-- )
{ {
memcpy( ov, iv, 16 ); memcpy( ov, iv, 16 );
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv ); ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
if( ret != 0 )
goto exit;
if( mode == MBEDTLS_AES_DECRYPT ) if( mode == MBEDTLS_AES_DECRYPT )
ov[16] = *input; ov[16] = *input;
...@@ -1403,8 +1424,10 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx, ...@@ -1403,8 +1424,10 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
memcpy( iv, ov + 1, 16 ); memcpy( iv, ov + 1, 16 );
} }
ret = 0;
return( 0 ); exit:
return( ret );
} }
#endif /* MBEDTLS_CIPHER_MODE_CFB */ #endif /* MBEDTLS_CIPHER_MODE_CFB */
...@@ -1466,6 +1489,7 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, ...@@ -1466,6 +1489,7 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
unsigned char *output ) unsigned char *output )
{ {
int c, i; int c, i;
int ret;
size_t n; size_t n;
AES_VALIDATE_RET( ctx != NULL ); AES_VALIDATE_RET( ctx != NULL );
...@@ -1483,7 +1507,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, ...@@ -1483,7 +1507,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
while( length-- ) while( length-- )
{ {
if( n == 0 ) { if( n == 0 ) {
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block ); ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
if( ret != 0 )
goto exit;
for( i = 16; i > 0; i-- ) for( i = 16; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 ) if( ++nonce_counter[i - 1] != 0 )
...@@ -1496,8 +1522,10 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx, ...@@ -1496,8 +1522,10 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
} }
*nc_off = n; *nc_off = n;
ret = 0;
return( 0 ); exit:
return( ret );
} }
#endif /* MBEDTLS_CIPHER_MODE_CTR */ #endif /* MBEDTLS_CIPHER_MODE_CTR */
......
...@@ -66,127 +66,38 @@ ...@@ -66,127 +66,38 @@
#endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_SELF_TEST */
static const unsigned char base64_enc_map[64] =
{
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', '+', '/'
};
static const unsigned char base64_dec_map[128] =
{
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
127, 127, 127, 62, 127, 127, 127, 63, 52, 53,
54, 55, 56, 57, 58, 59, 60, 61, 127, 127,
127, 64, 127, 127, 127, 0, 1, 2, 3, 4,
5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
25, 127, 127, 127, 127, 127, 127, 26, 27, 28,
29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
49, 50, 51, 127, 127, 127, 127, 127
};
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ #define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
/* /* Return 0xff if low <= c <= high, 0 otherwise.
* Constant flow conditional assignment to unsigned char *
*/ * Constant flow with respect to c.
static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src,
unsigned char condition )
{
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
#if defined(_MSC_VER)
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
/* Generate bitmask from condition, mask will either be 0xFF or 0 */
unsigned char mask = ( condition | -condition );
mask >>= 7;
mask = -mask;
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
*dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask );
}
/*
* Constant flow conditional assignment to uint_32
*/
static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src,
uint32_t condition )
{
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
#if defined(_MSC_VER)
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
/* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */
uint32_t mask = ( condition | -condition );
mask >>= 31;
mask = -mask;
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
*dest = ( src & mask ) | ( ( *dest ) & ~mask );
}
/*
* Constant flow check for equality
*/ */
static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b ) static unsigned char mask_of_range( unsigned char low, unsigned char high,
unsigned char c )
{ {
size_t difference = in_a ^ in_b; /* low_mask is: 0 if low <= c, 0x...ff if low > c */
unsigned low_mask = ( (unsigned) c - low ) >> 8;
/* MSVC has a warning about unary minus on unsigned integer types, /* high_mask is: 0 if c <= high, 0x...ff if c > high */
* but this is well-defined and precisely what we want to do here. */ unsigned high_mask = ( (unsigned) high - c ) >> 8;
#if defined(_MSC_VER) return( ~( low_mask | high_mask ) & 0xff );
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
difference |= -difference;
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
/* cope with the varying size of size_t per platform */
difference >>= ( sizeof( difference ) * 8 - 1 );
return (unsigned char) ( 1 ^ difference );
} }
/* /* Given a value in the range 0..63, return the corresponding Base64 digit.
* Constant flow lookup into table. * The implementation assumes that letters are consecutive (e.g. ASCII
* but not EBCDIC).
*/ */
static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table, static unsigned char enc_char( unsigned char val )
const size_t table_size, const size_t table_index )
{ {
size_t i; unsigned char digit = 0;
unsigned char result = 0; /* For each range of values, if val is in that range, mask digit with
* the corresponding value. Since val can only be in a single range,
for( i = 0; i < table_size; ++i ) * only at most one masking will change digit. */
{ digit |= mask_of_range( 0, 25, val ) & ( 'A' + val );
mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) ); digit |= mask_of_range( 26, 51, val ) & ( 'a' + val - 26 );
} digit |= mask_of_range( 52, 61, val ) & ( '0' + val - 52 );
digit |= mask_of_range( 62, 62, val ) & '+';
return result; digit |= mask_of_range( 63, 63, val ) & '/';
return( digit );
} }
/* /*
...@@ -229,17 +140,10 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, ...@@ -229,17 +140,10 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
C2 = *src++; C2 = *src++;
C3 = *src++; C3 = *src++;
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), *p++ = enc_char( ( C1 >> 2 ) & 0x3F );
( ( C1 >> 2 ) & 0x3F ) ); *p++ = enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F );
*p++ = enc_char( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F );
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), *p++ = enc_char( C3 & 0x3F );
( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) );
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
( C3 & 0x3F ) );
} }
if( i < slen ) if( i < slen )
...@@ -247,15 +151,11 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, ...@@ -247,15 +151,11 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
C1 = *src++; C1 = *src++;
C2 = ( ( i + 1 ) < slen ) ? *src++ : 0; C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), *p++ = enc_char( ( C1 >> 2 ) & 0x3F );
( ( C1 >> 2 ) & 0x3F ) ); *p++ = enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F );
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
if( ( i + 1 ) < slen ) if( ( i + 1 ) < slen )
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), *p++ = enc_char( ( ( C2 & 15 ) << 2 ) & 0x3F );
( ( ( C2 & 15 ) << 2 ) & 0x3F ) );
else *p++ = '='; else *p++ = '=';
*p++ = '='; *p++ = '=';
...@@ -267,26 +167,57 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, ...@@ -267,26 +167,57 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
return( 0 ); return( 0 );
} }
/* Given a Base64 digit, return its value.
* If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
* return -1.
*
* The implementation assumes that letters are consecutive (e.g. ASCII
* but not EBCDIC).
*
* The implementation is constant-flow (no branch or memory access depending
* on the value of c) unless the compiler inlines and optimizes a specific
* access.
*/
static signed char dec_value( unsigned char c )
{
unsigned char val = 0;
/* For each range of digits, if c is in that range, mask val with
* the corresponding value. Since c can only be in a single range,
* only at most one masking will change val. Set val to one plus
* the desired value so that it stays 0 if c is in none of the ranges. */
val |= mask_of_range( 'A', 'Z', c ) & ( c - 'A' + 0 + 1 );
val |= mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 );
val |= mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 );
val |= mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 );
val |= mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 );
/* At this point, val is 0 if c is an invalid digit and v+1 if c is
* a digit with the value v. */
return( val - 1 );
}
/* /*
* Decode a base64-formatted buffer * Decode a base64-formatted buffer
*/ */
int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen ) const unsigned char *src, size_t slen )
{ {
size_t i, n; size_t i; /* index in source */
uint32_t j, x; size_t n; /* number of digits or trailing = in source */
uint32_t x; /* value accumulator */
unsigned accumulated_digits = 0;
unsigned equals = 0;
int spaces_present = 0;
unsigned char *p; unsigned char *p;
unsigned char dec_map_lookup;
/* First pass: check for validity and get output length */ /* First pass: check for validity and get output length */
for( i = n = j = 0; i < slen; i++ ) for( i = n = 0; i < slen; i++ )
{ {
/* Skip spaces before checking for EOL */ /* Skip spaces before checking for EOL */
x = 0; spaces_present = 0;
while( i < slen && src[i] == ' ' ) while( i < slen && src[i] == ' ' )
{ {
++i; ++i;
++x; spaces_present = 1;
} }
/* Spaces at end of buffer are OK */ /* Spaces at end of buffer are OK */
...@@ -301,20 +232,24 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, ...@@ -301,20 +232,24 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
continue; continue;
/* Space inside a line is an error */ /* Space inside a line is an error */
if( x != 0 ) if( spaces_present )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( src[i] == '=' && ++j > 2 ) if( src[i] > 127 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] );
if( src[i] > 127 || dec_map_lookup == 127 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( dec_map_lookup < 64 && j != 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( src[i] == '=' )
{
if( ++equals > 2 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
}
else
{
if( equals != 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( dec_value( src[i] ) < 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
}
n++; n++;
} }
...@@ -329,7 +264,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, ...@@ -329,7 +264,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
* n = ( ( n * 6 ) + 7 ) >> 3; * n = ( ( n * 6 ) + 7 ) >> 3;
*/ */
n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 ); n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
n -= j; n -= equals;
if( dst == NULL || dlen < n ) if( dst == NULL || dlen < n )
{ {
...@@ -337,22 +272,24 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, ...@@ -337,22 +272,24 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL ); return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
} }
for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ ) equals = 0;
{ for( x = 0, p = dst; i > 0; i--, src++ )
{
if( *src == '\r' || *src == '\n' || *src == ' ' ) if( *src == '\r' || *src == '\n' || *src == ' ' )
continue; continue;
dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src ); x = x << 6;
if( *src == '=' )
mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) ); ++equals;
x = ( x << 6 ) | ( dec_map_lookup & 0x3F ); else
x |= dec_value( *src );
if( ++n == 4 ) if( ++accumulated_digits == 4 )
{ {
n = 0;