Browse Source

tuning base64 decoding implementation

Karel Miko 8 years ago
parent
commit
ff3a03a1d0
1 changed files with 23 additions and 18 deletions
  1. 23 18
      src/misc/base64/base64_decode.c

+ 23 - 18
src/misc/base64/base64_decode.c

@@ -88,41 +88,38 @@ static int _base64_decode_internal(const unsigned char *in,  unsigned long inlen
    LTC_ARGCHK(out    != NULL);
    LTC_ARGCHK(out    != NULL);
    LTC_ARGCHK(outlen != NULL);
    LTC_ARGCHK(outlen != NULL);
 
 
-   g = 3;
+   g = 0; /* '=' counter */
    for (x = y = z = t = 0; x < inlen; x++) {
    for (x = y = z = t = 0; x < inlen; x++) {
        c = map[in[x]&0xFF];
        c = map[in[x]&0xFF];
+       if (c == 254) {
+          g++;
+          continue;
+       }
+       else if (is_strict && g > 0) {
+          /* we only allow '=' to be at the end */
+          return CRYPT_INVALID_PACKET;
+       }
        if (c == 255) {
        if (c == 255) {
           if (is_strict)
           if (is_strict)
              return CRYPT_INVALID_PACKET;
              return CRYPT_INVALID_PACKET;
           else
           else
              continue;
              continue;
        }
        }
-       /* the final = symbols are read and used to trim the remaining bytes */
-       if (c == 254) {
-          c = 0;
-          /* prevent g < 0 which would potentially allow an overflow later */
-          if (--g < 0) {
-             return CRYPT_INVALID_PACKET;
-          }
-       } else if (g != 3) {
-          /* we only allow = to be at the end */
-          return CRYPT_INVALID_PACKET;
-       }
 
 
        t = (t<<6)|c;
        t = (t<<6)|c;
 
 
        if (++y == 4) {
        if (++y == 4) {
-          if (z + g > *outlen) {
-             return CRYPT_BUFFER_OVERFLOW;
-          }
+          if (z + 3 > *outlen) return CRYPT_BUFFER_OVERFLOW;
           out[z++] = (unsigned char)((t>>16)&255);
           out[z++] = (unsigned char)((t>>16)&255);
-          if (g > 1) out[z++] = (unsigned char)((t>>8)&255);
-          if (g > 2) out[z++] = (unsigned char)(t&255);
+          out[z++] = (unsigned char)((t>>8)&255);
+          out[z++] = (unsigned char)(t&255);
           y = t = 0;
           y = t = 0;
        }
        }
    }
    }
+
    if (y != 0) {
    if (y != 0) {
-      if (y == 1 || map != map_base64url || is_strict == 1) return CRYPT_INVALID_PACKET;
+      if (y == 1) return CRYPT_INVALID_PACKET;
+      if ((y + g) != 4 && is_strict) return CRYPT_INVALID_PACKET;
       t = t << (6 * (4 - y));
       t = t << (6 * (4 - y));
       if (z + y - 1 > *outlen) return CRYPT_BUFFER_OVERFLOW;
       if (z + y - 1 > *outlen) return CRYPT_BUFFER_OVERFLOW;
       if (y >= 2) out[z++] = (unsigned char) ((t >> 16) & 255);
       if (y >= 2) out[z++] = (unsigned char) ((t >> 16) & 255);
@@ -177,6 +174,14 @@ int base64url_decode(const unsigned char *in,  unsigned long inlen,
     return _base64_decode_internal(in, inlen, out, outlen, map_base64url, relaxed);
     return _base64_decode_internal(in, inlen, out, outlen, map_base64url, relaxed);
 }
 }
 
 
+/**
+   Strict base64 (URL Safe, RFC 4648 section 5) decode a block of memory
+   @param in       The base64 data to decode
+   @param inlen    The length of the base64 data
+   @param out      [out] The destination of the binary decoded data
+   @param outlen   [in/out] The max size and resulting size of the decoded data
+   @return CRYPT_OK if successful
+*/
 int base64url_strict_decode(const unsigned char *in,  unsigned long inlen,
 int base64url_strict_decode(const unsigned char *in,  unsigned long inlen,
                            unsigned char *out, unsigned long *outlen)
                            unsigned char *out, unsigned long *outlen)
 {
 {