Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit a8cc8b6

Browse filesBrowse files
codebyteretargos
codebytere
authored and
targos
committed
crypto: trim input for NETSCAPE_SPKI_b64_decode
PR-URL: #40757 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
1 parent 3a4f387 commit a8cc8b6
Copy full SHA for a8cc8b6

File tree

Expand file treeCollapse file tree

1 file changed

+24
-3
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+24
-3
lines changed
Open diff view settings
Collapse file

‎src/crypto/crypto_spkac.cc‎

Copy file name to clipboardExpand all lines: src/crypto/crypto_spkac.cc
+24-3Lines changed: 24 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,15 @@ using v8::Value;
1616
namespace crypto {
1717
namespace SPKAC {
1818
bool VerifySpkac(const ArrayBufferOrViewContents<char>& input) {
19+
size_t length = input.size();
20+
#ifdef OPENSSL_IS_BORINGSSL
21+
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
22+
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
23+
// As such, we trim those characters here for compatibility.
24+
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
25+
#endif
1926
NetscapeSPKIPointer spki(
20-
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
27+
NETSCAPE_SPKI_b64_decode(input.data(), length));
2128
if (!spki)
2229
return false;
2330

@@ -45,8 +52,15 @@ ByteSource ExportPublicKey(Environment* env,
4552
BIOPointer bio(BIO_new(BIO_s_mem()));
4653
if (!bio) return ByteSource();
4754

55+
size_t length = input.size();
56+
#ifdef OPENSSL_IS_BORINGSSL
57+
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
58+
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
59+
// As such, we trim those characters here for compatibility.
60+
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
61+
#endif
4862
NetscapeSPKIPointer spki(
49-
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
63+
NETSCAPE_SPKI_b64_decode(input.data(), length));
5064
if (!spki) return ByteSource();
5165

5266
EVPKeyPointer pkey(NETSCAPE_SPKI_get_pubkey(spki.get()));
@@ -73,8 +87,15 @@ void ExportPublicKey(const FunctionCallbackInfo<Value>& args) {
7387
}
7488

7589
ByteSource ExportChallenge(const ArrayBufferOrViewContents<char>& input) {
90+
size_t length = input.size();
91+
#ifdef OPENSSL_IS_BORINGSSL
92+
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
93+
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
94+
// As such, we trim those characters here for compatibility.
95+
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
96+
#endif
7697
NetscapeSPKIPointer sp(
77-
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
98+
NETSCAPE_SPKI_b64_decode(input.data(), length));
7899
if (!sp)
79100
return ByteSource();
80101

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.