gnutls_base64_decode2() succeeds decoding the empty string

This is a behavioral change of the API but it conforms to
the RFC4648 expectations.

Resolves: #834

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>

diff --git a/NEWS b/NEWS
index 56866cf24fa090ea5596f50bbb6804b801a47c95..cba38c9c43e307cc9cc5e1417adc2df580ea6d48 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,10 @@ See the end for copying conditions.
 ** libgnutls: Corrected issue with TLS 1.2 session ticket handling as client
    during resumption (#841).
 
+** libgnutls: gnutls_base64_decode2() succeeds decoding the empty string to
+   the empty string. This is a behavioral change of the API but it conforms
+   to the RFC4648 expectations (#834).
+
 ** certtool: CRL distribution points will be set in CA certificates even when
    non self-signed (#765).
 

diff --git a/lib/x509_b64.c b/lib/x509_b64.c
index 41ee7235fc87204e951205058fd7ddceefe7c516..edfbe5c1986db06ca7c618d5a638134b4dae720f 100644 (file)
--- a/lib/x509_b64.c
+++ b/lib/x509_b64.c
@@ -258,8 +258,11 @@ _gnutls_base64_decode(const uint8_t * data, size_t data_size,
        gnutls_datum_t pdata;
        struct base64_decode_ctx ctx;
 
-       if (data_size == 0)
-               return gnutls_assert_val(GNUTLS_E_BASE64_DECODING_ERROR);
+       if (data_size == 0) {
+               result->data = (unsigned char*)gnutls_strdup("");
+               result->size = 0;
+               return 0;
+       }
 
        ret = cpydata(data, data_size, &pdata);
        if (ret < 0) {

diff --git a/tests/base64-raw.c b/tests/base64-raw.c
index 8eeff237aa8b63b2b00c7e60e036556f2b61ace2..820d8744ed2a05fd4e1d6a221d9e7e608d82eac7 100644 (file)
--- a/tests/base64-raw.c
+++ b/tests/base64-raw.c
@@ -206,6 +206,12 @@ struct decode_tests_st {
 };
 
 struct decode_tests_st decode_tests[] = {
+       {
+               .name = "empty",
+               .pem = "",
+               .raw = {(void*)"", 0},
+               .res = 0
+       },
        {
                .name = "dec-rnd1",
                .pem = "9ppGioRpeiiD2lLNYC85eA==",
@@ -230,12 +236,6 @@ struct decode_tests_st decode_tests[] = {
                .raw = {(void*)"\x2c\x9f\xfb\x85\x46\x77\x4e\xd3\xc8\xcf\x67\x65\x73\x9f\x98\xbc\x42\xde\xf9", 19},
                .res = GNUTLS_E_BASE64_DECODING_ERROR
        },
-       {
-               .name = "dec-empty",
-               .pem =  "",
-               .raw = {(void*)"", 1},
-               .res = GNUTLS_E_BASE64_DECODING_ERROR
-       },
        {
                .name = "dec-invalid-suffix",
                .pem =  "LJ/7hUZ3TtPIz2dlc5+YvELe+Q==XXX",