diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index 33e4bc0..c8bc690 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -476,6 +476,11 @@ #define LTC_PKCS_1 #endif +#if (defined(LTC_BASE64) || defined(LTC_BASE64_URL)) && !defined(LTC_BASE64_STRICT) + /* By default we're doing strict decoding now */ + #define LTC_BASE64_STRICT 1 +#endif + #if defined(TFM_DESC) && defined(LTC_RSA_BLINDING) #warning RSA blinding currently not supported in combination with TFM #undef LTC_RSA_BLINDING diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h index 2f670cc..17aec20 100644 --- a/src/headers/tomcrypt_misc.h +++ b/src/headers/tomcrypt_misc.h @@ -3,16 +3,18 @@ int base64_encode(const unsigned char *in, unsigned long len, unsigned char *out, unsigned long *outlen); -int base64_decode(const unsigned char *in, unsigned long len, - unsigned char *out, unsigned long *outlen); +#define base64_decode(i, il, o, ol) base64_decode_ex(i, il, o, ol, LTC_BASE64_STRICT) +int base64_decode_ex(const unsigned char *in, unsigned long len, + unsigned char *out, unsigned long *outlen, int strict); #endif #ifdef LTC_BASE64_URL int base64url_encode(const unsigned char *in, unsigned long len, unsigned char *out, unsigned long *outlen); -int base64url_decode(const unsigned char *in, unsigned long len, - unsigned char *out, unsigned long *outlen); +#define base64url_decode(i, il, o, ol) base64_decode_ex(i, il, o, ol, LTC_BASE64_STRICT) +int base64url_decode_ex(const unsigned char *in, unsigned long len, + unsigned char *out, unsigned long *outlen, int strict); #endif /* ===> LTC_HKDF -- RFC5869 HMAC-based Key Derivation Function <=== */ diff --git a/src/misc/base64/base64_decode.c b/src/misc/base64/base64_decode.c index 423dc43..18f5aa5 100644 --- a/src/misc/base64/base64_decode.c +++ b/src/misc/base64/base64_decode.c @@ -73,7 +73,7 @@ static const unsigned char map_base64url[256] = { static int _base64_decode_internal(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, - const unsigned char *map) + const unsigned char *map, int strict) { unsigned long t, x, y, z; unsigned char c; @@ -86,7 +86,12 @@ static int _base64_decode_internal(const unsigned char *in, unsigned long inlen g = 3; for (x = y = z = t = 0; x < inlen; x++) { c = map[in[x]&0xFF]; - if (c == 255) continue; + if (c == 255) { + if (strict) + return CRYPT_INVALID_PACKET; + else + continue; + } /* the final = symbols are read and used to trim the remaining bytes */ if (c == 254) { c = 0; @@ -127,10 +132,10 @@ static int _base64_decode_internal(const unsigned char *in, unsigned long inlen @param outlen [in/out] The max size and resulting size of the decoded data @return CRYPT_OK if successful */ -int base64_decode(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) +int base64_decode_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, int strict) { - return _base64_decode_internal(in, inlen, out, outlen, map_base64); + return _base64_decode_internal(in, inlen, out, outlen, map_base64, strict); } #endif /* LTC_BASE64 */ @@ -143,10 +148,10 @@ int base64_decode(const unsigned char *in, unsigned long inlen, @param outlen [in/out] The max size and resulting size of the decoded data @return CRYPT_OK if successful */ -int base64url_decode(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) +int base64url_decode_ex(const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen, int strict) { - return _base64_decode_internal(in, inlen, out, outlen, map_base64url); + return _base64_decode_internal(in, inlen, out, outlen, map_base64url, strict); } #endif /* LTC_BASE64_URL */