b64_decode_cacerts: accept non-wrapped input

frasertweedale · frasertweedale · commit da64fef7603b · 2022-06-14T14:21:23.000+10:00
Ensure base64 decoding accepts data of any line length.  RFC 8951
(an update to RFC 7030) clarifies that senders are not required to
insert white space (such as LF) in base64-encoded payloads.
Therefore libest must handle lines of any length.

Set the BIO_FLAGS_BASE64_NO_NL flag to activate this behaviour.
See BIO_F_BASE64(3ossl) for more details.

Signed-off-by: Fraser Tweedale &lt;frase@frase.id.au&gt;
diff --git a/src/est/est_client.c b/src/est/est_client.c
@@ -383,7 +383,18 @@ static EST_ERROR b64_decode_cacerts (unsigned char *cacerts, int *cacerts_len,
         EST_LOG_ERR("BIO_new failed");
         ossl_dump_ssl_errors();
         return (EST_ERR_MALLOC);
-    }    
+    }
+
+    /*
+     * Ensure we can read data of any length.  RFC 8951 (an update to
+     * RFC 7030) clarifies that senders are not required to insert
+     * white space (such as LF) in base64-encoded payloads.  Therefore
+     * libest must handle lines of any length.
+     *
+     * See BIO_F_BASE64(3ossl) for more details.
+     */
+    BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+
     /*
      * Decoding will always take up less than the original buffer.
      */
