make base64_decode relaxed mode less relaxed

doc/crypt.tex

@@ -6550,6 +6550,8 @@ int base64_decode(const unsigned char *in,
 \end{verbatim}
 
 The function \textit{base64\_decode} works in a relaxed way which allows decoding some inputs that do not strictly follow the standard.
+The relaxed mode ignores white-spaces (\textit{CR}, \textit{LF}, \textit{TAB}, \textit{space}), does not care about trailing \textit{=}
+and also ignores the last input byte in case it is \textit{NUL}.
 If you want to be strict during decoding you can use:
 \index{base64\_strict\_decode()}
 \begin{verbatim}

src/misc/base64/base64_decode.c

@@ -17,11 +17,16 @@
 
 #if defined(LTC_BASE64) || defined (LTC_BASE64_URL)
 
+/* 253 - ignored in "relaxed" mode: TAB(9), CR(13), LF(10), space(32)
+ * 254 - padding character '=' (allowed only at the end)
+ * 255 - invalid character (not allowed even in relaxed mode)
+ */
+
 #if defined(LTC_BASE64)
 static const unsigned char map_base64[256] = {
-255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+255, 255, 255, 255, 255, 255, 255, 255, 255, 253, 253, 255,
+255, 253, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+255, 255, 255, 255, 255, 255, 255, 255, 253, 255, 255, 255,
 255, 255, 255, 255, 255, 255, 255,  62, 255, 255, 255,  63,
  52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
 255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
@@ -45,9 +50,9 @@ static const unsigned char map_base64[256] = {
 
 static const unsigned char map_base64url[] = {
 #if defined(LTC_BASE64_URL)
-255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+255, 255, 255, 255, 255, 255, 255, 255, 255, 253, 253, 255,
+255, 253, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+255, 255, 255, 255, 255, 255, 255, 255, 253, 255, 255, 255,
 255, 255, 255, 255, 255, 255, 255, 255, 255,  62, 255, 255,
  52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
 255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
@@ -89,21 +94,25 @@ static int _base64_decode_internal(const unsigned char *in,  unsigned long inlen
 
    g = 0; /* '=' counter */
    for (x = y = z = t = 0; x < inlen; x++) {
+       if (in[x] == 0 && x == (inlen - 1)) continue; /* allow the last byte to be NUL */
        c = map[in[x]&0xFF];
        if (c == 254) {
           g++;
           continue;
        }
-       else if (is_strict && g > 0) {
-          /* we only allow '=' to be at the end */
-          return CRYPT_INVALID_PACKET;
-       }
-       if (c == 255) {
+       if (c == 253) {
           if (is_strict)
              return CRYPT_INVALID_PACKET;
           else
              continue;
        }
+       if (c == 255) {
+          return CRYPT_INVALID_PACKET;
+       }
+       if (g > 0) {
+          /* we only allow '=' to be at the end */
+          return CRYPT_INVALID_PACKET;
+       }
 
        t = (t<<6)|c;
 

tests/base64_test.c

@@ -50,14 +50,14 @@ int base64_test(void)
    } url_cases[] = {
          {"vuiSPKIl8PiR5O-rC4z9_xTQKZ0", 0},
          {"vuiSPKIl8PiR5O-rC4z9_xTQKZ0=", 1},
-         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0", 0},
-         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0=", 0},
-         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0==", 0},
-         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0===", 0},
-         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0====", 0},
-         {"vuiS*=PKIl8P*iR5O-rC4*z9_xTQKZ0=", 0},
-         {"vuiS*==PKIl8P*iR5O-rC4*z9_xTQKZ0=", 0},
-         {"vuiS*===PKIl8P*iR5O-rC4*z9_xTQKZ0=", 0},
+         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0", 0},
+         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0=", 0},
+         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0==", 0},
+         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0===", 0},
+         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0====", 0},
+         {"vuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0=", 0},
+         {"vuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0= = = ", 0},
+         {"\nvuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0=\n", 0},
    };
 
    for (x = 0; x < sizeof(url_cases)/sizeof(url_cases[0]); ++x) {
@@ -105,7 +105,7 @@ int base64_test(void)
 
    x--;
    memmove(&out[11], &out[10], l1 - 10);
-   out[10] = '=';
+   out[10] = ' ';
    l1++;
    l2 = sizeof(tmp);
    DO(base64_decode(out, l1, tmp, &l2));