diff options
| author | David Benjamin <davidben@chromium.org> | 2014-08-24 08:49:21 +0400 |
|---|---|---|
| committer | Adam Langley <agl@google.com> | 2014-08-26 03:00:28 +0400 |
| commit | d698f322b58a50ee1acf21a734367d151c154dd1 (patch) | |
| tree | c9866e8396765708bcebbbadd62b9552543805a5 /crypto/x509 | |
| parent | 3a66e2838cbe287786bbd7db56fb99097f6d45b3 (diff) | |
Introduce EVP_DecodeBase64.
This fixes several of the problems with the old API.
- Padding was completely ignored.
- ='s in the middle of the input were accepted.
- It tries to be helpful and strips leading/trailing whitespace.
Change-Id: I99b9d5e6583f7eaf9bf0b6ee9ca39799811b58dc
Reviewed-on: https://boringssl-review.googlesource.com/1602
Reviewed-by: Adam Langley <agl@google.com>
Diffstat (limited to 'crypto/x509')
| -rw-r--r-- | crypto/x509/x509spki.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/crypto/x509/x509spki.c b/crypto/x509/x509spki.c index 0b0b4fa3..03823b76 100644 --- a/crypto/x509/x509spki.c +++ b/crypto/x509/x509spki.c @@ -77,15 +77,19 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) { unsigned char *spki_der; const unsigned char *p; - int spki_len; + size_t spki_len; NETSCAPE_SPKI *spki; - if(len <= 0) len = strlen(str); - if (!(spki_der = OPENSSL_malloc(len + 1))) { + if (len <= 0) + len = strlen(str); + if (!EVP_DecodedLength(&spki_len, len)) { + OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_decode, X509_R_BASE64_DECODE_ERROR); + return NULL; + } + if (!(spki_der = OPENSSL_malloc(spki_len))) { OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_decode, ERR_R_MALLOC_FAILURE); return NULL; } - spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len); - if(spki_len < 0) { + if (!EVP_DecodeBase64(spki_der, &spki_len, spki_len, (const uint8_t *)str, len)) { OPENSSL_PUT_ERROR(X509, NETSCAPE_SPKI_b64_decode, X509_R_BASE64_DECODE_ERROR); OPENSSL_free(spki_der); return NULL; |