Skip to content

Commit 7335d4f

Browse files
codebyterecodebytere
committed
crypto: trim input for NETSCAPE_SPKI_b64_decode
1 parent df2fe87 commit 7335d4f

File tree

1 file changed

+24
-3
lines changed

1 file changed

+24
-3
lines changed

src/crypto/crypto_spkac.cc

Lines changed: 24 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -17,8 +17,15 @@ using v8::Value;
1717
namespace crypto {
1818
namespace SPKAC {
1919
bool VerifySpkac(const ArrayBufferOrViewContents<char>& input) {
20+
size_t length = input.size();
21+
#ifdef OPENSSL_IS_BORINGSSL
22+
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
23+
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
24+
// As such, we trim those characters here for compatibility.
25+
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
26+
#endif
2027
NetscapeSPKIPointer spki(
21-
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
28+
NETSCAPE_SPKI_b64_decode(input.data(), length));
2229
if (!spki)
2330
return false;
2431

@@ -47,8 +54,15 @@ AllocatedBuffer ExportPublicKey(Environment* env,
4754
BIOPointer bio(BIO_new(BIO_s_mem()));
4855
if (!bio) return AllocatedBuffer();
4956

57+
size_t length = input.size();
58+
#ifdef OPENSSL_IS_BORINGSSL
59+
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
60+
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
61+
// As such, we trim those characters here for compatibility.
62+
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
63+
#endif
5064
NetscapeSPKIPointer spki(
51-
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
65+
NETSCAPE_SPKI_b64_decode(input.data(), length));
5266
if (!spki) return AllocatedBuffer();
5367

5468
EVPKeyPointer pkey(NETSCAPE_SPKI_get_pubkey(spki.get()));
@@ -86,8 +100,15 @@ void ExportPublicKey(const FunctionCallbackInfo<Value>& args) {
86100
}
87101

88102
ByteSource ExportChallenge(const ArrayBufferOrViewContents<char>& input) {
103+
size_t length = input.size();
104+
#ifdef OPENSSL_IS_BORINGSSL
105+
// OpenSSL uses EVP_DecodeBlock, which explicitly removes trailing characters,
106+
// while BoringSSL uses EVP_DecodedLength and EVP_DecodeBase64, which do not.
107+
// As such, we trim those characters here for compatibility.
108+
length = std::string(input.data()).find_last_not_of(" \n\r\t") + 1;
109+
#endif
89110
NetscapeSPKIPointer sp(
90-
NETSCAPE_SPKI_b64_decode(input.data(), input.size()));
111+
NETSCAPE_SPKI_b64_decode(input.data(), length));
91112
if (!sp)
92113
return ByteSource();
93114

0 commit comments

Comments
 (0)