Skip to content

Commit a8cc8b6

Browse files
codebyteretargos
codebytere
authored and
targos
committed
crypto: trim input for NETSCAPE_SPKI_b64_decode
PR-URL: #40757 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Minwoo Jung <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Rich Trott <[email protected]>
1 parent 3a4f387 commit a8cc8b6

File tree

1 file changed

+24
-3
lines changed

1 file changed

+24
-3
lines changed

src/crypto/crypto_spkac.cc

Lines changed: 24 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,15 @@ using v8::Value;
1616
namespace crypto {
1717
namespace SPKAC {
1818
bool VerifySpkac(const ArrayBufferOrViewContents<char>& input) {
19+
size_t length = input.size();
20+
#ifdef OPENSSL_IS_BORINGSSL
21+
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
22+
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
23+
// As such, we trim those characters here for compatibility.
24+
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
25+
#endif
1926
NetscapeSPKIPointer spki(
20-
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
27+
NETSCAPE_SPKI_b64_decode(input.data(), length));
2128
if (!spki)
2229
return false;
2330

@@ -45,8 +52,15 @@ ByteSource ExportPublicKey(Environment* env,
4552
BIOPointer bio(BIO_new(BIO_s_mem()));
4653
if (!bio) return ByteSource();
4754

55+
size_t length = input.size();
56+
#ifdef OPENSSL_IS_BORINGSSL
57+
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
58+
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
59+
// As such, we trim those characters here for compatibility.
60+
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
61+
#endif
4862
NetscapeSPKIPointer spki(
49-
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
63+
NETSCAPE_SPKI_b64_decode(input.data(), length));
5064
if (!spki) return ByteSource();
5165

5266
EVPKeyPointer pkey(NETSCAPE_SPKI_get_pubkey(spki.get()));
@@ -73,8 +87,15 @@ void ExportPublicKey(const FunctionCallbackInfo<Value>& args) {
7387
}
7488

7589
ByteSource ExportChallenge(const ArrayBufferOrViewContents<char>& input) {
90+
size_t length = input.size();
91+
#ifdef OPENSSL_IS_BORINGSSL
92+
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
93+
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
94+
// As such, we trim those characters here for compatibility.
95+
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
96+
#endif
7697
NetscapeSPKIPointer sp(
77-
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
98+
NETSCAPE_SPKI_b64_decode(input.data(), length));
7899
if (!sp)
79100
return ByteSource();
80101

0 commit comments

Comments
 (0)