1 #include "mupdf/fitz.h"
2
3 #include <string.h>
4
5 /* null filter */
6
7 struct null_filter
8 {
9 fz_stream *chain;
10 size_t remain;
11 int64_t offset;
12 unsigned char buffer[4096];
13 };
14
15 static int
next_null(fz_context * ctx,fz_stream * stm,size_t max)16 next_null(fz_context *ctx, fz_stream *stm, size_t max)
17 {
18 struct null_filter *state = stm->state;
19 size_t n;
20
21 if (state->remain == 0)
22 return EOF;
23
24 fz_seek(ctx, state->chain, state->offset, 0);
25 n = fz_available(ctx, state->chain, max);
26 if (n == 0)
27 return EOF;
28 if (n > state->remain)
29 n = state->remain;
30 if (n > sizeof(state->buffer))
31 n = sizeof(state->buffer);
32
33 memcpy(state->buffer, state->chain->rp, n);
34 stm->rp = state->buffer;
35 stm->wp = stm->rp + n;
36 state->chain->rp += n;
37 state->remain -= n;
38 state->offset += n;
39 stm->pos += n;
40 return *stm->rp++;
41 }
42
43 static void
close_null(fz_context * ctx,void * state_)44 close_null(fz_context *ctx, void *state_)
45 {
46 struct null_filter *state = (struct null_filter *)state_;
47 fz_drop_stream(ctx, state->chain);
48 fz_free(ctx, state);
49 }
50
51 fz_stream *
fz_open_null_filter(fz_context * ctx,fz_stream * chain,int len,int64_t offset)52 fz_open_null_filter(fz_context *ctx, fz_stream *chain, int len, int64_t offset)
53 {
54 struct null_filter *state = fz_malloc_struct(ctx, struct null_filter);
55 state->chain = fz_keep_stream(ctx, chain);
56 state->remain = len;
57 state->offset = offset;
58 return fz_new_stream(ctx, state, next_null, close_null);
59 }
60
61 /* range filter */
62
63 struct range_filter
64 {
65 fz_stream *chain;
66 fz_range *ranges;
67 int nranges;
68 int next_range;
69 size_t remain;
70 int64_t offset;
71 unsigned char buffer[4096];
72 };
73
74 static int
next_range(fz_context * ctx,fz_stream * stm,size_t max)75 next_range(fz_context *ctx, fz_stream *stm, size_t max)
76 {
77 struct range_filter *state = stm->state;
78 size_t n;
79
80 while (state->remain == 0 && state->next_range < state->nranges)
81 {
82 fz_range *range = &state->ranges[state->next_range++];
83 state->remain = range->length;
84 state->offset = range->offset;
85 }
86
87 if (state->remain == 0)
88 return EOF;
89 fz_seek(ctx, state->chain, state->offset, 0);
90 n = fz_available(ctx, state->chain, max);
91 if (n > state->remain)
92 n = state->remain;
93 if (n > sizeof(state->buffer))
94 n = sizeof(state->buffer);
95 memcpy(state->buffer, state->chain->rp, n);
96 stm->rp = state->buffer;
97 stm->wp = stm->rp + n;
98 if (n == 0)
99 return EOF;
100 state->chain->rp += n;
101 state->remain -= n;
102 state->offset += n;
103 stm->pos += n;
104 return *stm->rp++;
105 }
106
107 static void
close_range(fz_context * ctx,void * state_)108 close_range(fz_context *ctx, void *state_)
109 {
110 struct range_filter *state = (struct range_filter *)state_;
111 fz_drop_stream(ctx, state->chain);
112 fz_free(ctx, state->ranges);
113 fz_free(ctx, state);
114 }
115
116 fz_stream *
fz_open_range_filter(fz_context * ctx,fz_stream * chain,fz_range * ranges,int nranges)117 fz_open_range_filter(fz_context *ctx, fz_stream *chain, fz_range *ranges, int nranges)
118 {
119 struct range_filter *state = NULL;
120
121 state = fz_malloc_struct(ctx, struct range_filter);
122 fz_try(ctx)
123 {
124 if (nranges > 0)
125 {
126 state->ranges = fz_calloc(ctx, nranges, sizeof(*ranges));
127 memcpy(state->ranges, ranges, nranges * sizeof(*ranges));
128 state->nranges = nranges;
129 state->next_range = 1;
130 state->remain = ranges[0].length;
131 state->offset = ranges[0].offset;
132 }
133 else
134 {
135 state->ranges = NULL;
136 state->nranges = 0;
137 state->next_range = 1;
138 state->remain = 0;
139 state->offset = 0;
140 }
141 state->chain = fz_keep_stream(ctx, chain);
142 }
143 fz_catch(ctx)
144 {
145 fz_free(ctx, state->ranges);
146 fz_free(ctx, state);
147 fz_rethrow(ctx);
148 }
149
150 return fz_new_stream(ctx, state, next_range, close_range);
151 }
152
153 /* endstream filter */
154
155 #define END_CHECK_SIZE 32
156
157 struct endstream_filter
158 {
159 fz_stream *chain;
160 size_t remain, extras, size;
161 int64_t offset;
162 int warned;
163 unsigned char buffer[4096];
164 };
165
166 static int
next_endstream(fz_context * ctx,fz_stream * stm,size_t max)167 next_endstream(fz_context *ctx, fz_stream *stm, size_t max)
168 {
169 struct endstream_filter *state = stm->state;
170 size_t n, nbytes_in_buffer, size;
171 unsigned char *rp;
172
173 if (state->remain == 0)
174 goto look_for_endstream;
175
176 fz_seek(ctx, state->chain, state->offset, 0);
177 n = fz_available(ctx, state->chain, max);
178 if (n == 0)
179 return EOF;
180 if (n > state->remain)
181 n = state->remain;
182 if (n > sizeof(state->buffer))
183 n = sizeof(state->buffer);
184 memcpy(state->buffer, state->chain->rp, n);
185 stm->rp = state->buffer;
186 stm->wp = stm->rp + n;
187 state->chain->rp += n;
188 state->remain -= n;
189 state->offset += n;
190 stm->pos += n;
191 return *stm->rp++;
192
193 look_for_endstream:
194 /* We should distrust the stream length, and check for end
195 * marker before terminating the stream - this is to cope
196 * with files with duff "Length" values. */
197
198 /* Move any data left over in our buffer down to the start.
199 * Ordinarily, there won't be any, but this allows for the
200 * case where we were part way through matching a stream end
201 * marker when the buffer filled before. */
202 nbytes_in_buffer = state->extras;
203 if (nbytes_in_buffer)
204 memmove(state->buffer, stm->rp, nbytes_in_buffer);
205 stm->rp = state->buffer;
206 stm->wp = stm->rp + nbytes_in_buffer;
207
208 /* In most sane files, we'll get "\nendstream" instantly. We
209 * should only need (say) 32 bytes to be sure. For crap files
210 * where we overread regularly, don't harm performance by
211 * working in small chunks. */
212 size = state->size * 2;
213 if (size > sizeof(state->buffer))
214 size = sizeof(state->buffer);
215 state->size = size;
216
217 /* Read enough data into our buffer to start looking for the 'endstream' token. */
218 fz_seek(ctx, state->chain, state->offset, 0);
219 while (nbytes_in_buffer < size)
220 {
221 n = fz_available(ctx, state->chain, size - nbytes_in_buffer);
222 if (n == 0)
223 break;
224 if (n > size - nbytes_in_buffer)
225 n = size - nbytes_in_buffer;
226 memcpy(stm->wp, state->chain->rp, n);
227 stm->wp += n;
228 state->chain->rp += n;
229 nbytes_in_buffer += n;
230 state->offset += n;
231 }
232
233 /* Look for the 'endstream' token. */
234 rp = fz_memmem(state->buffer, nbytes_in_buffer, "endstream", 9);
235 if (rp)
236 {
237 /* Include newline (CR|LF|CRLF) before 'endstream' token */
238 if (rp > state->buffer && rp[-1] == '\n') --rp;
239 if (rp > state->buffer && rp[-1] == '\r') --rp;
240 n = rp - state->buffer;
241 stm->eof = 1; /* We're done, don't call us again! */
242 }
243 else if (nbytes_in_buffer > 11) /* 11 covers enough data to detect "\r?\n?endstream" */
244 n = nbytes_in_buffer - 11; /* no endstream, but there is more data */
245 else
246 n = nbytes_in_buffer; /* no endstream, but at the end of the file */
247
248 /* We have at least n bytes before we hit an end marker */
249 state->extras = nbytes_in_buffer - n;
250 stm->wp = stm->rp + n;
251 stm->pos += n;
252
253 if (n == 0)
254 return EOF;
255
256 if (!state->warned)
257 {
258 state->warned = 1;
259 fz_warn(ctx, "PDF stream Length incorrect");
260 }
261 return *stm->rp++;
262 }
263
264 static void
close_endstream(fz_context * ctx,void * state_)265 close_endstream(fz_context *ctx, void *state_)
266 {
267 struct endstream_filter *state = (struct endstream_filter *)state_;
268 fz_drop_stream(ctx, state->chain);
269 fz_free(ctx, state);
270 }
271
272 fz_stream *
fz_open_endstream_filter(fz_context * ctx,fz_stream * chain,int len,int64_t offset)273 fz_open_endstream_filter(fz_context *ctx, fz_stream *chain, int len, int64_t offset)
274 {
275 struct endstream_filter *state;
276
277 if (len < 0)
278 len = 0;
279
280 state = fz_malloc_struct(ctx, struct endstream_filter);
281 state->chain = fz_keep_stream(ctx, chain);
282 state->remain = len;
283 state->offset = offset;
284 state->extras = 0;
285 state->size = END_CHECK_SIZE >> 1; /* size is doubled first thing when used */
286
287 return fz_new_stream(ctx, state, next_endstream, close_endstream);
288 }
289
290 /* concat filter */
291
292 struct concat_filter
293 {
294 int max;
295 int count;
296 int current;
297 int pad; /* 1 if we should add whitespace padding between streams */
298 unsigned char ws_buf;
299 fz_stream *chain[1];
300 };
301
302 static int
next_concat(fz_context * ctx,fz_stream * stm,size_t max)303 next_concat(fz_context *ctx, fz_stream *stm, size_t max)
304 {
305 struct concat_filter *state = (struct concat_filter *)stm->state;
306 size_t n;
307
308 while (state->current < state->count)
309 {
310 /* Read the next block of underlying data. */
311 if (stm->wp == state->chain[state->current]->wp)
312 state->chain[state->current]->rp = stm->wp;
313 n = fz_available(ctx, state->chain[state->current], max);
314 if (n)
315 {
316 stm->rp = state->chain[state->current]->rp;
317 stm->wp = state->chain[state->current]->wp;
318 stm->pos += n;
319 return *stm->rp++;
320 }
321 else
322 {
323 if (state->chain[state->current]->error)
324 {
325 stm->error = 1;
326 break;
327 }
328 state->current++;
329 fz_drop_stream(ctx, state->chain[state->current-1]);
330 if (state->pad)
331 {
332 stm->wp = stm->rp = (&state->ws_buf)+1;
333 stm->pos++;
334 return 32;
335 }
336 }
337 }
338
339 stm->rp = stm->wp;
340
341 return EOF;
342 }
343
344 static void
close_concat(fz_context * ctx,void * state_)345 close_concat(fz_context *ctx, void *state_)
346 {
347 struct concat_filter *state = (struct concat_filter *)state_;
348 int i;
349
350 for (i = state->current; i < state->count; i++)
351 {
352 fz_drop_stream(ctx, state->chain[i]);
353 }
354 fz_free(ctx, state);
355 }
356
357 fz_stream *
fz_open_concat(fz_context * ctx,int len,int pad)358 fz_open_concat(fz_context *ctx, int len, int pad)
359 {
360 struct concat_filter *state;
361
362 state = fz_calloc(ctx, 1, sizeof(struct concat_filter) + (len-1)*sizeof(fz_stream *));
363 state->max = len;
364 state->count = 0;
365 state->current = 0;
366 state->pad = pad;
367 state->ws_buf = 32;
368
369 return fz_new_stream(ctx, state, next_concat, close_concat);
370 }
371
372 void
fz_concat_push_drop(fz_context * ctx,fz_stream * concat,fz_stream * chain)373 fz_concat_push_drop(fz_context *ctx, fz_stream *concat, fz_stream *chain)
374 {
375 struct concat_filter *state = (struct concat_filter *)concat->state;
376
377 if (state->count == state->max)
378 {
379 fz_drop_stream(ctx, chain);
380 fz_throw(ctx, FZ_ERROR_GENERIC, "Concat filter size exceeded");
381 }
382
383 state->chain[state->count++] = chain;
384 }
385
386 /* ASCII Hex Decode */
387
388 typedef struct
389 {
390 fz_stream *chain;
391 int eod;
392 unsigned char buffer[256];
393 } fz_ahxd;
394
iswhite(int a)395 static inline int iswhite(int a)
396 {
397 switch (a) {
398 case '\n': case '\r': case '\t': case ' ':
399 case '\0': case '\f': case '\b': case 0177:
400 return 1;
401 }
402 return 0;
403 }
404
ishex(int a)405 static inline int ishex(int a)
406 {
407 return (a >= 'A' && a <= 'F') ||
408 (a >= 'a' && a <= 'f') ||
409 (a >= '0' && a <= '9');
410 }
411
unhex(int a)412 static inline int unhex(int a)
413 {
414 if (a >= 'A' && a <= 'F') return a - 'A' + 0xA;
415 if (a >= 'a' && a <= 'f') return a - 'a' + 0xA;
416 if (a >= '0' && a <= '9') return a - '0';
417 return 0;
418 }
419
420 static int
next_ahxd(fz_context * ctx,fz_stream * stm,size_t max)421 next_ahxd(fz_context *ctx, fz_stream *stm, size_t max)
422 {
423 fz_ahxd *state = stm->state;
424 unsigned char *p = state->buffer;
425 unsigned char *ep;
426 int a, b, c, odd;
427
428 if (max > sizeof(state->buffer))
429 max = sizeof(state->buffer);
430 ep = p + max;
431
432 odd = 0;
433
434 while (p < ep)
435 {
436 if (state->eod)
437 break;
438
439 c = fz_read_byte(ctx, state->chain);
440 if (c < 0)
441 break;
442
443 if (ishex(c))
444 {
445 if (!odd)
446 {
447 a = unhex(c);
448 odd = 1;
449 }
450 else
451 {
452 b = unhex(c);
453 *p++ = (a << 4) | b;
454 odd = 0;
455 }
456 }
457 else if (c == '>')
458 {
459 if (odd)
460 *p++ = (a << 4);
461 state->eod = 1;
462 break;
463 }
464 else if (!iswhite(c))
465 {
466 fz_throw(ctx, FZ_ERROR_GENERIC, "bad data in ahxd: '%c'", c);
467 }
468 }
469 stm->rp = state->buffer;
470 stm->wp = p;
471 stm->pos += p - state->buffer;
472
473 if (stm->rp != p)
474 return *stm->rp++;
475 return EOF;
476 }
477
478 static void
close_ahxd(fz_context * ctx,void * state_)479 close_ahxd(fz_context *ctx, void *state_)
480 {
481 fz_ahxd *state = (fz_ahxd *)state_;
482 fz_drop_stream(ctx, state->chain);
483 fz_free(ctx, state);
484 }
485
486 fz_stream *
fz_open_ahxd(fz_context * ctx,fz_stream * chain)487 fz_open_ahxd(fz_context *ctx, fz_stream *chain)
488 {
489 fz_ahxd *state = fz_malloc_struct(ctx, fz_ahxd);
490 state->chain = fz_keep_stream(ctx, chain);
491 state->eod = 0;
492 return fz_new_stream(ctx, state, next_ahxd, close_ahxd);
493 }
494
495 /* ASCII 85 Decode */
496
497 typedef struct
498 {
499 fz_stream *chain;
500 unsigned char buffer[256];
501 int eod;
502 } fz_a85d;
503
504 static int
next_a85d(fz_context * ctx,fz_stream * stm,size_t max)505 next_a85d(fz_context *ctx, fz_stream *stm, size_t max)
506 {
507 fz_a85d *state = stm->state;
508 unsigned char *p = state->buffer;
509 unsigned char *ep;
510 int count = 0;
511 int word = 0;
512 int c;
513
514 if (state->eod)
515 return EOF;
516
517 if (max > sizeof(state->buffer))
518 max = sizeof(state->buffer);
519
520 ep = p + max;
521 while (p < ep)
522 {
523 c = fz_read_byte(ctx, state->chain);
524 if (c < 0)
525 break;
526
527 if (c >= '!' && c <= 'u')
528 {
529 if (count == 4)
530 {
531 word = word * 85 + (c - '!');
532
533 *p++ = (word >> 24) & 0xff;
534 *p++ = (word >> 16) & 0xff;
535 *p++ = (word >> 8) & 0xff;
536 *p++ = (word) & 0xff;
537
538 word = 0;
539 count = 0;
540 }
541 else
542 {
543 word = word * 85 + (c - '!');
544 count ++;
545 }
546 }
547
548 else if (c == 'z' && count == 0)
549 {
550 *p++ = 0;
551 *p++ = 0;
552 *p++ = 0;
553 *p++ = 0;
554 }
555
556 else if (c == '~')
557 {
558 c = fz_read_byte(ctx, state->chain);
559 if (c != '>')
560 fz_warn(ctx, "bad eod marker in a85d");
561
562 switch (count) {
563 case 0:
564 break;
565 case 1:
566 /* Specifically illegal in the spec, but adobe
567 * and gs both cope. See normal_87.pdf for a
568 * case where this matters. */
569 fz_warn(ctx, "partial final byte in a85d");
570 break;
571 case 2:
572 word = word * (85 * 85 * 85) + 0xffffff;
573 *p++ = word >> 24;
574 break;
575 case 3:
576 word = word * (85 * 85) + 0xffff;
577 *p++ = word >> 24;
578 *p++ = word >> 16;
579 break;
580 case 4:
581 word = word * 85 + 0xff;
582 *p++ = word >> 24;
583 *p++ = word >> 16;
584 *p++ = word >> 8;
585 break;
586 }
587 state->eod = 1;
588 break;
589 }
590
591 else if (!iswhite(c))
592 {
593 fz_throw(ctx, FZ_ERROR_GENERIC, "bad data in a85d: '%c'", c);
594 }
595 }
596
597 stm->rp = state->buffer;
598 stm->wp = p;
599 stm->pos += p - state->buffer;
600
601 if (p == stm->rp)
602 return EOF;
603
604 return *stm->rp++;
605 }
606
607 static void
close_a85d(fz_context * ctx,void * state_)608 close_a85d(fz_context *ctx, void *state_)
609 {
610 fz_a85d *state = (fz_a85d *)state_;
611 fz_drop_stream(ctx, state->chain);
612 fz_free(ctx, state);
613 }
614
615 fz_stream *
fz_open_a85d(fz_context * ctx,fz_stream * chain)616 fz_open_a85d(fz_context *ctx, fz_stream *chain)
617 {
618 fz_a85d *state = fz_malloc_struct(ctx, fz_a85d);
619 state->chain = fz_keep_stream(ctx, chain);
620 state->eod = 0;
621 return fz_new_stream(ctx, state, next_a85d, close_a85d);
622 }
623
624 /* Run Length Decode */
625
626 typedef struct
627 {
628 fz_stream *chain;
629 int run, n, c;
630 unsigned char buffer[256];
631 } fz_rld;
632
633 static int
next_rld(fz_context * ctx,fz_stream * stm,size_t max)634 next_rld(fz_context *ctx, fz_stream *stm, size_t max)
635 {
636 fz_rld *state = stm->state;
637 unsigned char *p = state->buffer;
638 unsigned char *ep;
639
640 if (state->run == 128)
641 return EOF;
642
643 if (max > sizeof(state->buffer))
644 max = sizeof(state->buffer);
645 ep = p + max;
646
647 while (p < ep)
648 {
649 if (state->run == 128)
650 break;
651
652 if (state->n == 0)
653 {
654 state->run = fz_read_byte(ctx, state->chain);
655 if (state->run < 0)
656 {
657 state->run = 128;
658 break;
659 }
660 if (state->run < 128)
661 state->n = state->run + 1;
662 if (state->run > 128)
663 {
664 state->n = 257 - state->run;
665 state->c = fz_read_byte(ctx, state->chain);
666 if (state->c < 0)
667 fz_throw(ctx, FZ_ERROR_GENERIC, "premature end of data in run length decode");
668 }
669 }
670
671 if (state->run < 128)
672 {
673 while (p < ep && state->n)
674 {
675 int c = fz_read_byte(ctx, state->chain);
676 if (c < 0)
677 fz_throw(ctx, FZ_ERROR_GENERIC, "premature end of data in run length decode");
678 *p++ = c;
679 state->n--;
680 }
681 }
682
683 if (state->run > 128)
684 {
685 while (p < ep && state->n)
686 {
687 *p++ = state->c;
688 state->n--;
689 }
690 }
691 }
692
693 stm->rp = state->buffer;
694 stm->wp = p;
695 stm->pos += p - state->buffer;
696
697 if (p == stm->rp)
698 return EOF;
699
700 return *stm->rp++;
701 }
702
703 static void
close_rld(fz_context * ctx,void * state_)704 close_rld(fz_context *ctx, void *state_)
705 {
706 fz_rld *state = (fz_rld *)state_;
707 fz_drop_stream(ctx, state->chain);
708 fz_free(ctx, state);
709 }
710
711 fz_stream *
fz_open_rld(fz_context * ctx,fz_stream * chain)712 fz_open_rld(fz_context *ctx, fz_stream *chain)
713 {
714 fz_rld *state = fz_malloc_struct(ctx, fz_rld);
715 state->chain = fz_keep_stream(ctx, chain);
716 state->run = 0;
717 state->n = 0;
718 state->c = 0;
719 return fz_new_stream(ctx, state, next_rld, close_rld);
720 }
721
722 /* RC4 Filter */
723
724 typedef struct
725 {
726 fz_stream *chain;
727 fz_arc4 arc4;
728 unsigned char buffer[256];
729 } fz_arc4c;
730
731 static int
next_arc4(fz_context * ctx,fz_stream * stm,size_t max)732 next_arc4(fz_context *ctx, fz_stream *stm, size_t max)
733 {
734 fz_arc4c *state = stm->state;
735 size_t n = fz_available(ctx, state->chain, max);
736
737 if (n == 0)
738 return EOF;
739 if (n > sizeof(state->buffer))
740 n = sizeof(state->buffer);
741
742 stm->rp = state->buffer;
743 stm->wp = state->buffer + n;
744 fz_arc4_encrypt(&state->arc4, stm->rp, state->chain->rp, n);
745 state->chain->rp += n;
746 stm->pos += n;
747
748 return *stm->rp++;
749 }
750
751 static void
close_arc4(fz_context * ctx,void * state_)752 close_arc4(fz_context *ctx, void *state_)
753 {
754 fz_arc4c *state = (fz_arc4c *)state_;
755 fz_drop_stream(ctx, state->chain);
756 fz_free(ctx, state);
757 }
758
759 fz_stream *
fz_open_arc4(fz_context * ctx,fz_stream * chain,unsigned char * key,unsigned keylen)760 fz_open_arc4(fz_context *ctx, fz_stream *chain, unsigned char *key, unsigned keylen)
761 {
762 fz_arc4c *state = fz_malloc_struct(ctx, fz_arc4c);
763 state->chain = fz_keep_stream(ctx, chain);
764 fz_arc4_init(&state->arc4, key, keylen);
765 return fz_new_stream(ctx, state, next_arc4, close_arc4);
766 }
767
768 /* AES Filter */
769
770 typedef struct
771 {
772 fz_stream *chain;
773 fz_aes aes;
774 unsigned char iv[16];
775 int ivcount;
776 unsigned char bp[16];
777 unsigned char *rp, *wp;
778 unsigned char buffer[256];
779 } fz_aesd;
780
781 static int
next_aesd(fz_context * ctx,fz_stream * stm,size_t max)782 next_aesd(fz_context *ctx, fz_stream *stm, size_t max)
783 {
784 fz_aesd *state = stm->state;
785 unsigned char *p = state->buffer;
786 unsigned char *ep;
787
788 if (max > sizeof(state->buffer))
789 max = sizeof(state->buffer);
790 ep = p + max;
791
792 while (state->ivcount < 16)
793 {
794 int c = fz_read_byte(ctx, state->chain);
795 if (c < 0)
796 fz_throw(ctx, FZ_ERROR_GENERIC, "premature end in aes filter");
797 state->iv[state->ivcount++] = c;
798 }
799
800 while (state->rp < state->wp && p < ep)
801 *p++ = *state->rp++;
802
803 while (p < ep)
804 {
805 size_t n = fz_read(ctx, state->chain, state->bp, 16);
806 if (n == 0)
807 break;
808 else if (n < 16)
809 fz_throw(ctx, FZ_ERROR_GENERIC, "partial block in aes filter");
810
811 fz_aes_crypt_cbc(&state->aes, FZ_AES_DECRYPT, 16, state->iv, state->bp, state->bp);
812 state->rp = state->bp;
813 state->wp = state->bp + 16;
814
815 /* strip padding at end of file */
816 if (fz_is_eof(ctx, state->chain))
817 {
818 int pad = state->bp[15];
819 if (pad < 1 || pad > 16)
820 fz_throw(ctx, FZ_ERROR_GENERIC, "aes padding out of range: %d", pad);
821 state->wp -= pad;
822 }
823
824 while (state->rp < state->wp && p < ep)
825 *p++ = *state->rp++;
826 }
827
828 stm->rp = state->buffer;
829 stm->wp = p;
830 stm->pos += p - state->buffer;
831
832 if (p == stm->rp)
833 return EOF;
834
835 return *stm->rp++;
836 }
837
838 static void
close_aesd(fz_context * ctx,void * state_)839 close_aesd(fz_context *ctx, void *state_)
840 {
841 fz_aesd *state = (fz_aesd *)state_;
842 fz_drop_stream(ctx, state->chain);
843 fz_free(ctx, state);
844 }
845
846 fz_stream *
fz_open_aesd(fz_context * ctx,fz_stream * chain,unsigned char * key,unsigned keylen)847 fz_open_aesd(fz_context *ctx, fz_stream *chain, unsigned char *key, unsigned keylen)
848 {
849 fz_aesd *state = fz_malloc_struct(ctx, fz_aesd);
850 if (fz_aes_setkey_dec(&state->aes, key, keylen * 8))
851 {
852 fz_free(ctx, state);
853 fz_throw(ctx, FZ_ERROR_GENERIC, "AES key init failed (keylen=%d)", keylen * 8);
854 }
855 state->ivcount = 0;
856 state->rp = state->bp;
857 state->wp = state->bp;
858 state->chain = fz_keep_stream(ctx, chain);
859 return fz_new_stream(ctx, state, next_aesd, close_aesd);
860 }
861