Skip to content

Commit

Permalink
crypto: trim input for NETSCAPE_SPKI_b64_decode
Browse files Browse the repository at this point in the history
PR-URL: #40757
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
  • Loading branch information
codebytere authored and danielleadams committed Feb 1, 2022
1 parent f0860bc commit cf3423d
Showing 1 changed file with 24 additions and 3 deletions.
27 changes: 24 additions & 3 deletions src/crypto/crypto_spkac.cc
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,15 @@ using v8::Value;
namespace crypto {
namespace SPKAC {
bool VerifySpkac(const ArrayBufferOrViewContents<char>& input) {
size_t length = input.size();
#ifdef OPENSSL_IS_BORINGSSL
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
// As such, we trim those characters here for compatibility.
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
#endif
NetscapeSPKIPointer spki(
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
NETSCAPE_SPKI_b64_decode(input.data(), length));
if (!spki)
return false;

Expand Down Expand Up @@ -45,8 +52,15 @@ ByteSource ExportPublicKey(Environment* env,
BIOPointer bio(BIO_new(BIO_s_mem()));
if (!bio) return ByteSource();

size_t length = input.size();
#ifdef OPENSSL_IS_BORINGSSL
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
// As such, we trim those characters here for compatibility.
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
#endif
NetscapeSPKIPointer spki(
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
NETSCAPE_SPKI_b64_decode(input.data(), length));
if (!spki) return ByteSource();

EVPKeyPointer pkey(NETSCAPE_SPKI_get_pubkey(spki.get()));
Expand All @@ -73,8 +87,15 @@ void ExportPublicKey(const FunctionCallbackInfo<Value>& args) {
}

ByteSource ExportChallenge(const ArrayBufferOrViewContents<char>& input) {
size_t length = input.size();
#ifdef OPENSSL_IS_BORINGSSL
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
// As such, we trim those characters here for compatibility.
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
#endif
NetscapeSPKIPointer sp(
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
NETSCAPE_SPKI_b64_decode(input.data(), length));
if (!sp)
return ByteSource();

Expand Down

0 comments on commit cf3423d

Please sign in to comment.