27052752106

Committed 06 Jun 2026 12:06AM UTC coverage: 89.396% (+0.002%) from 89.394%

Build # 27052752106

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5649 from randombit/jack/small-hardenings

Various small hardenings and improve input validation

Coverage Stats

110625 of 123747 relevant lines covered (89.4%)

11055225.92 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

90.91

/src/lib/codec/hex/hex.cpp

/*
* Hex Encoding and Decoding
* (C) 2010,2020 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/hex.h>

#include <botan/exceptn.h>
#include <botan/mem_ops.h>
#include <botan/internal/charset.h>
#include <botan/internal/fmt.h>
#include <botan/internal/int_utils.h>
#include <botan/internal/loadstor.h>

namespace Botan {

namespace {

uint16_t hex_encode_2nibble(uint8_t n8, bool uppercase) {
   // Offset for upper or lower case 'a' resp
   const uint16_t a_mask = uppercase ? 0x0707 : 0x2727;

   const uint16_t n = (static_cast<uint16_t>(n8 & 0xF0) << 4) | (n8 & 0x0F);
   // n >= 10? If so add offset
   const uint16_t diff = swar_lt<uint16_t>(0x0909, n) & a_mask;
   // Can't overflow between bytes, so don't need explicit SWAR addition:
   return n + 0x3030 + diff;
}

}  // namespace

void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase) {
   for(size_t i = 0; i != input_length; ++i) {
      const uint16_t h = hex_encode_2nibble(input[i], uppercase);
      output[2 * i] = get_byte<0>(h);
      output[2 * i + 1] = get_byte<1>(h);
   }
}

std::string hex_encode(const uint8_t input[], size_t input_length, bool uppercase) {
   const size_t output_length = mul_or_throw<size_t>(2, input_length, "Input too large to hex encode");
   std::string output(output_length, 0);

   if(input_length > 0) {
      hex_encode(&output.front(), input, input_length, uppercase);
   }

   return output;
}

namespace {

uint8_t hex_char_to_bin(char input) {
   // Starts of valid value ranges (v_lo) and their lengths (v_range)
   constexpr uint64_t v_lo = make_uint64(0, '0', 'a', 'A', ' ', '\n', '\t', '\r');
   constexpr uint64_t v_range = make_uint64(0, 10, 6, 6, 1, 1, 1, 1);

   const uint8_t x = static_cast<uint8_t>(input);
   const uint64_t x8 = x * 0x0101010101010101;

   const uint64_t v_mask = swar_in_range<uint64_t>(x8, v_lo, v_range) ^ 0x8000000000000000;

   // This is the offset added to x to get the value we need
   const uint64_t val_v = 0xd0a9c960767773 ^ static_cast<uint64_t>(0xFF - x) << 56;

   return x + static_cast<uint8_t>(val_v >> (8 * index_of_first_set_byte(v_mask)));
}

}  // namespace

size_t hex_decode(uint8_t output[], const char input[], size_t input_length, size_t& input_consumed, bool ignore_ws) {
   uint8_t* out_ptr = output;
   bool top_nibble = true;
   uint8_t next = 0;

   input_consumed = 0;

   clear_mem(output, input_length / 2);

   for(size_t i = 0; i != input_length; ++i) {
      const uint8_t bin = hex_char_to_bin(input[i]);

      if(bin >= 0x10) {
         if(bin == 0x80 && ignore_ws) {
            continue;
         }

         throw Invalid_Argument(fmt("hex_decode: invalid character '{}'", format_char_for_display(input[i])));
      }

      if(top_nibble) {
         next = bin << 4;
      } else {
         next |= bin;
         *out_ptr = next;
      }

      top_nibble = !top_nibble;
      if(top_nibble) {
         ++out_ptr;
         input_consumed = i + 1;
      }
   }

   /*
   * Consume trailing whitespace following the last full byte; a leftover
   * unpaired nibble (if any) stops the scan and is left unconsumed.
   */
   while(input_consumed < input_length && hex_char_to_bin(input[input_consumed]) == 0x80) {
      ++input_consumed;
   }

   return (out_ptr - output);
}

size_t hex_decode(uint8_t output[], const char input[], size_t input_length, bool ignore_ws) {
   size_t consumed = 0;
   const size_t written = hex_decode(output, input, input_length, consumed, ignore_ws);

   if(consumed != input_length) {
      throw Invalid_Argument("hex_decode: input did not have full bytes");
   }

   return written;
}

size_t hex_decode(uint8_t output[], std::string_view input, bool ignore_ws) {
   return hex_decode(output, input.data(), input.length(), ignore_ws);
}

size_t hex_decode(std::span<uint8_t> output, std::string_view input, bool ignore_ws) {
   if(output.size() < input.length() / 2) {
      throw Invalid_Argument("hex_decode: output buffer too small");
   }
   return hex_decode(output.data(), input.data(), input.length(), ignore_ws);
}

secure_vector<uint8_t> hex_decode_locked(const char input[], size_t input_length, bool ignore_ws) {
   secure_vector<uint8_t> bin(1 + input_length / 2);

   const size_t written = hex_decode(bin.data(), input, input_length, ignore_ws);

   bin.resize(written);
   return bin;
}

secure_vector<uint8_t> hex_decode_locked(std::string_view input, bool ignore_ws) {
   return hex_decode_locked(input.data(), input.size(), ignore_ws);
}

std::vector<uint8_t> hex_decode(const char input[], size_t input_length, bool ignore_ws) {
   std::vector<uint8_t> bin(1 + input_length / 2);

   const size_t written = hex_decode(bin.data(), input, input_length, ignore_ws);

   bin.resize(written);
   return bin;
}

std::vector<uint8_t> hex_decode(std::string_view input, bool ignore_ws) {
   return hex_decode(input.data(), input.size(), ignore_ws);
}

}  // namespace Botan

1	/*
2	* Hex Encoding and Decoding
3	* (C) 2010,2020 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/hex.h>
9
10	#include <botan/exceptn.h>
11	#include <botan/mem_ops.h>
12	#include <botan/internal/charset.h>
13	#include <botan/internal/fmt.h>
14	#include <botan/internal/int_utils.h>
15	#include <botan/internal/loadstor.h>
16
17	namespace Botan {
18
19	namespace {
20
21	uint16_t hex_encode_2nibble(uint8_t n8, bool uppercase) {	1,226,758✔
22	// Offset for upper or lower case 'a' resp
23	const uint16_t a_mask = uppercase ? 0x0707 : 0x2727;	2,453,516✔
24
25	const uint16_t n = (static_cast<uint16_t>(n8 & 0xF0) << 4) \| (n8 & 0x0F);	1,226,758✔
26	// n >= 10? If so add offset
27	const uint16_t diff = swar_lt<uint16_t>(0x0909, n) & a_mask;	1,226,758✔
28	// Can't overflow between bytes, so don't need explicit SWAR addition:
29	return n + 0x3030 + diff;	1,226,758✔
30	}
31
32	} // namespace
33
34	void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase) {	45,304✔
35	for(size_t i = 0; i != input_length; ++i) {	1,272,062✔
36	const uint16_t h = hex_encode_2nibble(input[i], uppercase);	1,226,758✔
37	output[2 * i] = get_byte<0>(h);	1,226,758✔
38	output[2 * i + 1] = get_byte<1>(h);	1,226,758✔
39	}
40	}	45,304✔
41
42	std::string hex_encode(const uint8_t input[], size_t input_length, bool uppercase) {	45,867✔
43	const size_t output_length = mul_or_throw<size_t>(2, input_length, "Input too large to hex encode");	45,867✔
44	std::string output(output_length, 0);	45,867✔
45
46	if(input_length > 0) {	45,867✔
47	hex_encode(&output.front(), input, input_length, uppercase);	45,264✔
48	}
49
50	return output;	45,867✔
51	}	×
52
53	namespace {
54
55	uint8_t hex_char_to_bin(char input) {	34,225,751✔
56	// Starts of valid value ranges (v_lo) and their lengths (v_range)
57	constexpr uint64_t v_lo = make_uint64(0, '0', 'a', 'A', ' ', '\n', '\t', '\r');	34,225,751✔
58	constexpr uint64_t v_range = make_uint64(0, 10, 6, 6, 1, 1, 1, 1);	34,225,751✔
59
60	const uint8_t x = static_cast<uint8_t>(input);	34,225,751✔
61	const uint64_t x8 = x * 0x0101010101010101;	34,225,751✔
62
63	const uint64_t v_mask = swar_in_range<uint64_t>(x8, v_lo, v_range) ^ 0x8000000000000000;	34,225,751✔
64
65	// This is the offset added to x to get the value we need
66	const uint64_t val_v = 0xd0a9c960767773 ^ static_cast<uint64_t>(0xFF - x) << 56;	34,225,751✔
67
68	return x + static_cast<uint8_t>(val_v >> (8 * index_of_first_set_byte(v_mask)));	34,225,751✔
69	}
70
71	} // namespace
72
73	size_t hex_decode(uint8_t output[], const char input[], size_t input_length, size_t& input_consumed, bool ignore_ws) {	233,214✔
74	uint8_t* out_ptr = output;	233,214✔
75	bool top_nibble = true;	233,214✔
76	uint8_t next = 0;	233,214✔
77
78	input_consumed = 0;	233,214✔
79
80	clear_mem(output, input_length / 2);	233,214✔
81
82	for(size_t i = 0; i != input_length; ++i) {	34,458,963✔
83	const uint8_t bin = hex_char_to_bin(input[i]);	34,225,750✔
84
85	if(bin >= 0x10) {	34,225,750✔
86	if(bin == 0x80 && ignore_ws) {	9,537✔
87	continue;	9,536✔
88	}
89
90	throw Invalid_Argument(fmt("hex_decode: invalid character '{}'", format_char_for_display(input[i])));	2✔
91	}
92
93	if(top_nibble) {	34,216,213✔
94	next = bin << 4;	17,108,107✔
95	} else {
96	next \|= bin;	17,108,106✔
97	*out_ptr = next;	17,108,106✔
98	}
99
100	top_nibble = !top_nibble;	34,216,213✔
101	if(top_nibble) {	34,216,213✔
102	++out_ptr;	17,108,106✔
103	input_consumed = i + 1;	17,108,106✔
104	}
105	}
106
107	/*
108	* Consume trailing whitespace following the last full byte; a leftover
109	* unpaired nibble (if any) stops the scan and is left unconsumed.
110	*/
111	while(input_consumed < input_length && hex_char_to_bin(input[input_consumed]) == 0x80) {	233,214✔
112	++input_consumed;	1✔
113	}
114
115	return (out_ptr - output);	233,213✔
116	}
117
118	size_t hex_decode(uint8_t output[], const char input[], size_t input_length, bool ignore_ws) {	233,168✔
119	size_t consumed = 0;	233,168✔
120	const size_t written = hex_decode(output, input, input_length, consumed, ignore_ws);	233,168✔
121
122	if(consumed != input_length) {	233,167✔
123	throw Invalid_Argument("hex_decode: input did not have full bytes");	×
124	}
125
126	return written;	233,167✔
127	}
128
129	size_t hex_decode(uint8_t output[], std::string_view input, bool ignore_ws) {	2,841✔
130	return hex_decode(output, input.data(), input.length(), ignore_ws);	2,841✔
131	}
132
133	size_t hex_decode(std::span<uint8_t> output, std::string_view input, bool ignore_ws) {	×
134	if(output.size() < input.length() / 2) {	×
135	throw Invalid_Argument("hex_decode: output buffer too small");	×
136	}
137	return hex_decode(output.data(), input.data(), input.length(), ignore_ws);	×
138	}
139
140	secure_vector<uint8_t> hex_decode_locked(const char input[], size_t input_length, bool ignore_ws) {	45,029✔
141	secure_vector<uint8_t> bin(1 + input_length / 2);	45,029✔
142
143	const size_t written = hex_decode(bin.data(), input, input_length, ignore_ws);	45,029✔
144
145	bin.resize(written);	45,028✔
146	return bin;	45,028✔
147	}	1✔
148
149	secure_vector<uint8_t> hex_decode_locked(std::string_view input, bool ignore_ws) {	39,921✔
150	return hex_decode_locked(input.data(), input.size(), ignore_ws);	39,921✔
151	}
152
153	std::vector<uint8_t> hex_decode(const char input[], size_t input_length, bool ignore_ws) {	185,298✔
154	std::vector<uint8_t> bin(1 + input_length / 2);	185,298✔
155
156	const size_t written = hex_decode(bin.data(), input, input_length, ignore_ws);	185,298✔
157
158	bin.resize(written);	185,298✔
159	return bin;	185,298✔
160	}	×
161
162	std::vector<uint8_t> hex_decode(std::string_view input, bool ignore_ws) {	185,290✔
163	return hex_decode(input.data(), input.size(), ignore_ws);	185,290✔
164	}
165
166	} // namespace Botan

randombit / botan / 27052752106

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous