Revert "make base64_decode relaxed mode less relaxed"

This reverts commit e7117ea9df2a53f13a0ceaa55affa441a098c128.

doc/crypt.tex

@@ -6550,8 +6550,6 @@ int base64_decode(const unsigned char *in,
 \end{verbatim}
 
 The function \textit{base64\_decode} works in a relaxed way which allows decoding some inputs that do not strictly follow the standard.
-The relaxed mode ignores white-spaces (\textit{CR}, \textit{LF}, \textit{TAB}, \textit{space}), does not care about trailing \textit{=}
-and also ignores the last input byte in case it is \textit{NUL}.
 If you want to be strict during decoding you can use:
 \index{base64\_strict\_decode()}
 \begin{verbatim}

src/misc/base64/base64_decode.c

@@ -17,16 +17,11 @@
 
 #if defined(LTC_BASE64) || defined (LTC_BASE64_URL)
 
-/* 253 - ignored in "relaxed" mode: TAB(9), CR(13), LF(10), space(32)
- * 254 - padding character '=' (allowed only at the end)
- * 255 - invalid character (not allowed even in relaxed mode)
- */
-
 #if defined(LTC_BASE64)
 static const unsigned char map_base64[256] = {
-255, 255, 255, 255, 255, 255, 255, 255, 255, 253, 253, 255,
-255, 253, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-255, 255, 255, 255, 255, 255, 255, 255, 253, 255, 255, 255,
+255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 255, 255, 255, 255, 255, 255, 255,  62, 255, 255, 255,  63,
  52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
 255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
@@ -50,9 +45,9 @@ static const unsigned char map_base64[256] = {
 
 static const unsigned char map_base64url[] = {
 #if defined(LTC_BASE64_URL)
-255, 255, 255, 255, 255, 255, 255, 255, 255, 253, 253, 255,
-255, 253, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
-255, 255, 255, 255, 255, 255, 255, 255, 253, 255, 255, 255,
+255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
+255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
 255, 255, 255, 255, 255, 255, 255, 255, 255,  62, 255, 255,
  52,  53,  54,  55,  56,  57,  58,  59,  60,  61, 255, 255,
 255, 254, 255, 255, 255,   0,   1,   2,   3,   4,   5,   6,
@@ -94,25 +89,21 @@ static int _base64_decode_internal(const unsigned char *in,  unsigned long inlen
 
    g = 0; /* '=' counter */
    for (x = y = z = t = 0; x < inlen; x++) {
-       if (in[x] == 0 && x == (inlen - 1)) continue; /* allow the last byte to be NUL */
        c = map[in[x]&0xFF];
        if (c == 254) {
           g++;
           continue;
        }
-       if (c == 253) {
+       else if (is_strict && g > 0) {
+          /* we only allow '=' to be at the end */
+          return CRYPT_INVALID_PACKET;
+       }
+       if (c == 255) {
           if (is_strict)
              return CRYPT_INVALID_PACKET;
           else
              continue;
        }
-       if (c == 255) {
-          return CRYPT_INVALID_PACKET;
-       }
-       if (g > 0) {
-          /* we only allow '=' to be at the end */
-          return CRYPT_INVALID_PACKET;
-       }
 
        t = (t<<6)|c;
 

tests/base64_test.c

@@ -50,14 +50,14 @@ int base64_test(void)
    } url_cases[] = {
          {"vuiSPKIl8PiR5O-rC4z9_xTQKZ0", 0},
          {"vuiSPKIl8PiR5O-rC4z9_xTQKZ0=", 1},
-         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0", 0},
-         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0=", 0},
-         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0==", 0},
-         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0===", 0},
-         {"vuiS PKIl8P\niR5O-rC4\tz9_xTQKZ0====", 0},
-         {"vuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0=", 0},
-         {"vuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0= = = ", 0},
-         {"\nvuiS\rPKIl8P\niR5O-rC4\tz9_xTQKZ0=\n", 0},
+         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0", 0},
+         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0=", 0},
+         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0==", 0},
+         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0===", 0},
+         {"vuiS*PKIl8P*iR5O-rC4*z9_xTQKZ0====", 0},
+         {"vuiS*=PKIl8P*iR5O-rC4*z9_xTQKZ0=", 0},
+         {"vuiS*==PKIl8P*iR5O-rC4*z9_xTQKZ0=", 0},
+         {"vuiS*===PKIl8P*iR5O-rC4*z9_xTQKZ0=", 0},
    };
 
    for (x = 0; x < sizeof(url_cases)/sizeof(url_cases[0]); ++x) {
@@ -105,7 +105,7 @@ int base64_test(void)
 
    x--;
    memmove(&out[11], &out[10], l1 - 10);
-   out[10] = ' ';
+   out[10] = '=';
    l1++;
    l2 = sizeof(tmp);
    DO(base64_decode(out, l1, tmp, &l2));