From be2f68d18352b26696ae1630f257d67bb119e3db Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 2 Oct 2018 08:33:45 -0700
Subject: [PATCH 1/2] Cleanup of the base64 decode start hex 0x2b.

---
 wolfcrypt/src/coding.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index 8797d48b6..0962b79ae 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -36,7 +36,8 @@
 enum {
     BAD         = 0xFF,  /* invalid encoding */
     PAD         = '=',
-    PEM_LINE_SZ = 64
+    PEM_LINE_SZ = 64,
+    START_HEX   = 0x2B
 };
 
 
@@ -59,7 +60,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
     word32 i = 0;
     word32 j = 0;
     word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
-    const byte maxIdx = (byte)sizeof(base64Decode) + 0x2B - 1;
+    const byte maxIdx = (byte)sizeof(base64Decode) + START_HEX - 1;
 
     plainSz = (plainSz * 3 + 3) / 4;
     if (plainSz > *outLen) return BAD_FUNC_ARG;
@@ -81,7 +82,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         if (e4 == PAD)
             pad4 = 1;
 
-        if (e1 < 0x2B || e2 < 0x2B || e3 < 0x2B || e4 < 0x2B) {
+        if (e1 < START_HEX || e2 < START_HEX || e3 < START_HEX || e4 < START_HEX) {
             WOLFSSL_MSG("Bad Base64 Decode data, too small");
             return ASN_INPUT_E;
         }
@@ -91,10 +92,10 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
             return ASN_INPUT_E;
         }
 
-        e1 = base64Decode[e1 - 0x2B];
-        e2 = base64Decode[e2 - 0x2B];
-        e3 = (e3 == PAD) ? 0 : base64Decode[e3 - 0x2B];
-        e4 = (e4 == PAD) ? 0 : base64Decode[e4 - 0x2B];
+        e1 = base64Decode[e1 - START_HEX];
+        e2 = base64Decode[e2 - START_HEX];
+        e3 = (e3 == PAD) ? 0 : base64Decode[e3 - START_HEX];
+        e4 = (e4 == PAD) ? 0 : base64Decode[e4 - START_HEX];
 
         b1 = (byte)((e1 << 2) | (e2 >> 4));
         b2 = (byte)(((e2 & 0xF) << 4) | (e3 >> 2));

From cfba86d3abed642d2fd07f65b4f20bafc6efb5ca Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 2 Oct 2018 14:38:08 -0700
Subject: [PATCH 2/2] Further cleanup of the Base64 and Base16 encoding
 start/min value.

---
 wolfcrypt/src/coding.c | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c
index 0962b79ae..f3e707434 100644
--- a/wolfcrypt/src/coding.c
+++ b/wolfcrypt/src/coding.c
@@ -37,7 +37,8 @@ enum {
     BAD         = 0xFF,  /* invalid encoding */
     PAD         = '=',
     PEM_LINE_SZ = 64,
-    START_HEX   = 0x2B
+    BASE64_MIN  = 0x2B,
+    BASE16_MIN  = 0x30,
 };
 
 
@@ -60,7 +61,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
     word32 i = 0;
     word32 j = 0;
     word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
-    const byte maxIdx = (byte)sizeof(base64Decode) + START_HEX - 1;
+    const byte maxIdx = (byte)sizeof(base64Decode) + BASE64_MIN - 1;
 
     plainSz = (plainSz * 3 + 3) / 4;
     if (plainSz > *outLen) return BAD_FUNC_ARG;
@@ -82,7 +83,7 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         if (e4 == PAD)
             pad4 = 1;
 
-        if (e1 < START_HEX || e2 < START_HEX || e3 < START_HEX || e4 < START_HEX) {
+        if (e1 < BASE64_MIN || e2 < BASE64_MIN || e3 < BASE64_MIN || e4 < BASE64_MIN) {
             WOLFSSL_MSG("Bad Base64 Decode data, too small");
             return ASN_INPUT_E;
         }
@@ -92,10 +93,10 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
             return ASN_INPUT_E;
         }
 
-        e1 = base64Decode[e1 - START_HEX];
-        e2 = base64Decode[e2 - START_HEX];
-        e3 = (e3 == PAD) ? 0 : base64Decode[e3 - START_HEX];
-        e4 = (e4 == PAD) ? 0 : base64Decode[e4 - START_HEX];
+        e1 = base64Decode[e1 - BASE64_MIN];
+        e2 = base64Decode[e2 - BASE64_MIN];
+        e3 = (e3 == PAD) ? 0 : base64Decode[e3 - BASE64_MIN];
+        e4 = (e4 == PAD) ? 0 : base64Decode[e4 - BASE64_MIN];
 
         b1 = (byte)((e1 << 2) | (e2 >> 4));
         b2 = (byte)(((e2 & 0xF) << 4) | (e3 >> 2));
@@ -282,7 +283,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out,
         inLen -= 3;
 
         /* Insert newline after PEM_LINE_SZ, unless no \n requested */
-        if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen){
+        if (escaped != WC_NO_NL_ENC && (++n % (PEM_LINE_SZ/4)) == 0 && inLen) {
             ret = CEscape(escaped, '\n', out, &i, *outLen, 1, getSzOnly);
             if (ret != 0) break;
         }
@@ -370,7 +371,7 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         return BAD_FUNC_ARG;
 
     if (inLen == 1 && *outLen && in) {
-        byte b = in[inIdx++] - 0x30;  /* 0 starts at 0x30 */
+        byte b = in[inIdx++] - BASE16_MIN;  /* 0 starts at 0x30 */
 
         /* sanity check */
         if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))
@@ -394,8 +395,8 @@ int Base16_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
         return BAD_FUNC_ARG;
 
     while (inLen) {
-        byte b  = in[inIdx++] - 0x30;  /* 0 starts at 0x30 */
-        byte b2 = in[inIdx++] - 0x30;
+        byte b  = in[inIdx++] - BASE16_MIN;  /* 0 starts at 0x30 */
+        byte b2 = in[inIdx++] - BASE16_MIN;
 
         /* sanity checks */
         if (b >=  sizeof(hexDecode)/sizeof(hexDecode[0]))