OpenSSL Base64 En/Decode: Portable and binary safe.

Base64.md

OpenSSL Base64 Encoding: Binary Safe and Portable

Herewith is an example of encoding to and from base64 using OpenSSL's C library. Code presented here is both binary safe, and portable (i.e. it should work on any Posix compliant system e.g. FreeBSD and Linux).

License

The MIT License (MIT)

Copyright (c) 2013 Barry Steyn

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Base64Decode.c

//Decodes Base64
#include <stdio.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <stdint.h>
#include <assert.h>

size_t calcDecodeLength(const char* b64input) { //Calculates the length of a decoded string
	size_t len = strlen(b64input),
		padding = 0;

	if (b64input[len-1] == '=' && b64input[len-2] == '=') //last two chars are =
		padding = 2;
	else if (b64input[len-1] == '=') //last char is =
		padding = 1;

	return (len*3)/4 - padding;
}

int Base64Decode(char* b64message, unsigned char** buffer, size_t* length) { //Decodes a base64 encoded string
	BIO *bio, *b64;

	int decodeLen = calcDecodeLength(b64message);
	*buffer = (unsigned char*)malloc(decodeLen + 1);
	(*buffer)[decodeLen] = '\0';

	bio = BIO_new_mem_buf(b64message, -1);
	b64 = BIO_new(BIO_f_base64());
	bio = BIO_push(b64, bio);

	BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); //Do not use newlines to flush buffer
	*length = BIO_read(bio, *buffer, strlen(b64message));
	assert(*length == decodeLen); //length should equal decodeLen, else something went horribly wrong
	BIO_free_all(bio);

	return (0); //success
}

Base64Encode.c

//Encodes Base64
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/buffer.h>
#include <stdint.h>

int Base64Encode(const unsigned char* buffer, size_t length, char** b64text) { //Encodes a binary safe base 64 string
	BIO *bio, *b64;
	BUF_MEM *bufferPtr;

	b64 = BIO_new(BIO_f_base64());
	bio = BIO_new(BIO_s_mem());
	bio = BIO_push(b64, bio);

	BIO_set_flags(bio, BIO_FLAGS_BASE64_NO_NL); //Ignore newlines - write everything in one line
	BIO_write(bio, buffer, length);
	BIO_flush(bio);
	BIO_get_mem_ptr(bio, &bufferPtr);
	BIO_set_close(bio, BIO_NOCLOSE);
	BIO_free_all(bio);

	*b64text=(*bufferPtr).data;

	return (0); //success
}

Main.c

#include <stdio.h>
#include <string.h>

int main() {
  //Encode To Base64
  char* base64EncodeOutput, *text="Hello World";

  Base64Encode(text, strlen(text), &base64EncodeOutput);
  printf("Output (base64): %s\n", base64EncodeOutput);

  //Decode From Base64
  char* base64DecodeOutput;
  size_t test;
  Base64Decode("SGVsbG8gV29ybGQ=", &base64DecodeOutput, &test);
  printf("Output: %s %d\n", base64DecodeOutput, test);
  
  return(0);
}

makefile

all:
	gcc -o base64 Main.c Base64Encode.c Base64Decode.c -lcrypto -lm -w

This code is broken as it assumes that the bio routines provide null terminated buffers, which is incorrect. As the code above attempts to do, is track length. Also, the BUF_MEM size field has this information.

@yeshog

int b64_op(const unsigned char* in, int in_len,
              char *out, int out_len, int op)
{
    int ret = 0;
    BIO *b64 = BIO_new(BIO_f_base64());
    BIO *bio = BIO_new(BIO_s_mem());
    BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
    BIO_push(b64, bio);
    if (op == 0)
    {
        ret = BIO_write(b64, in, in_len);
        BIO_flush(b64);
        if (ret > 0)
        {
            ret = BIO_read(bio, out, out_len);
        }

    } else
    {
        ret = BIO_write(bio, in, in_len);
        BIO_flush(bio);
        if (ret)
        {
            ret = BIO_read(b64, out, out_len);
        }
    }
    BIO_free(b64); // MEMORY LEAK HERE? 
    return ret;
}

b64 gets freed but not bio

to be honest, it's kind of embarrassing to have to have a lib as popular as openssl designed in a way that it is literally begging for the developers to produce memory leaks. it's as if it was intentional (hinttidiy hint hint NSA)

@kvelakur

Second, after calling BIO_free_all there is no guarantee that (_bufferPtr).data will still contain the encoded string (I think)

BIO_get_mem_ptr(bio, &bufferPtr);
BIO_set_close(bio, BIO_NOCLOSE);
BIO_free_all(bio);
*b64text=(*bufferPtr).data;

return (0); //success

I think here BIO_set_close(bio, BIO_NOCLOSE) means openssl will not free memory under bufferPtr, even after BIO_free_all(bio), so (*bufferPtr).data is safe to use. But, user must free it manually, or it will cause memory leak.

@avalon1610

BUF_MEM struct should use BUF_MEM_free to free memory

Base64Decode cuts 2 characters off on this data:
eyJzdWIiOiIwMHVibHVvazVsVXloWVd3STVkNyIsIm5hbWUiOiJPbGVuYSBZYXJ1dGEiLCJ2ZXIiOjEsImlzcyI6Imh0dHBzOi8vZGV2LTY5Nzk4NzYyLm9rdGEuY29tIiwiYXVkIjoiMG9hYjF1dDkyeTRKY201MXo1ZDciLCJpYXQiOjE2OTU5MDMzNDgsImV4cCI6MTY5NTkwNjk0OCwianRpIjoiSUQudmJjeHJxOEljQW1SNkprb0E4OEdsaDE4THBvYUZTaURHZDJIT1prTUhnUSIsImFtciI6WyJwd2QiXSwiaWRwIjoiMDBvODVzdHcwY1R3bzNGYzk1ZDciLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJvbGVuYS55YXJ1dGFAYXZpZC5jb20iLCJhdXRoX3RpbWUiOjE2OTU5MDIxNjEsImF0X2hhc2giOiJfMHJZV0tzRUhwV3lRc1o4enVuMmtRIn0
The issue is in the OpenSSL library, most likely. I use OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

UPD:
It appeared that the encoded string must have '=' padding at the end which I did not receive from the external service.
Maybe it is worth adding some kind of normalization for b64message buffer to fix missing paddings.
I would add to the beginning of Base64Decode something similar to this:

    // normailze paddings
    int b64msg_length = strlen(b64message);
    auto missing_paddings = (4 - (b64msg_length % 4)) % 4; // ugh...
    if (missing_paddings)
    {
        b64message = (char*)realloc(b64message, b64msg_length + (4 - missing_paddings) + 1);
        for (int pos = b64msg_length; missing_paddings; --missing_paddings, ++pos)
            *(b64message + pos) = '=';
    }