b64_decode_cacerts: accept non-wrapped input

Ensure base64 decoding accepts data of any line length. RFC 8951 (an update to RFC 7030) clarifies that senders are not required to insert white space (such as LF) in base64-encoded payloads. Therefore libest must handle lines of any length. Set the BIO_FLAGS_BASE64_NO_NL flag to activate this behaviour. See BIO_F_BASE64(3ossl) for more details. Signed-off-by: Fraser Tweedale <[email protected]>
cisco · Jun 14, 2022 · da64fef · da64fef
1 parent f8a6e5b
commit da64fef
Showing 1 changed file with 12 additions and 1 deletion.
diff --git a/src/est/est_client.c b/src/est/est_client.c
@@ -383,7 +383,18 @@ static EST_ERROR b64_decode_cacerts (unsigned char *cacerts, int *cacerts_len,
         EST_LOG_ERR("BIO_new failed");
         ossl_dump_ssl_errors();
         return (EST_ERR_MALLOC);
-    }    
+    }
+
+    /*
+     * Ensure we can read data of any length.  RFC 8951 (an update to
+     * RFC 7030) clarifies that senders are not required to insert
+     * white space (such as LF) in base64-encoded payloads.  Therefore
+     * libest must handle lines of any length.
+     *
+     * See BIO_F_BASE64(3ossl) for more details.
+     */
+    BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+
     /*
      * Decoding will always take up less than the original buffer.
      */