Status

defect
RESOLVED WONTFIX
3 years ago
2 years ago

People

(Reporter: franziskus, Assigned: franziskus)

Tracking

trunk

Firefox Tracking Flags

(firefox46 affected)

Details

Attachments

(1 attachment)

There's currently no way to decode base64 with url encoding. Not sure if we also want encoding.
patch is also here https://codereview.appspot.com/276650043

I didn't find any possibility to do this so I added it. This allows to decode url encoded base64 with the already available functions. Not sure if there are tests anywhere for this where I should add some (didn't find any)?
Attachment #8703503 - Flags: review?(martin.thomson)
Comment on attachment 8703503 [details] [diff] [review]
nssb64_url.patch

Review of attachment 8703503 [details] [diff] [review]:
-----------------------------------------------------------------

LGTM  That -1 thing threw me at first.
Attachment #8703503 - Flags: review?(martin.thomson) → review+
Comment on attachment 8703503 [details] [diff] [review]
nssb64_url.patch

Review of attachment 8703503 [details] [diff] [review]:
-----------------------------------------------------------------

Also, I don't think that this is enough.  Checkout atob.c, which checks characters before feeding them to this (thereby rejecting "-_")

Changed my mind.  This changes the behaviour of the function in a way that we can't do in NSS.  Current code expects an error if '-' or '_' are encountered.

Sadly, the best option is to add a new function for this.
Attachment #8703503 - Flags: review+ → review-
BTW, if you are looking for this in m-c, a decoder just landed.

See: https://dxr.mozilla.org/mozilla-central/source/xpcom/io/Base64.cpp#362
uh, this finally landed, hasn't been there yet last time I checked (you might want to close bug 769521 then as well).

But we might want to have this in NSS anyway. David suggested to use nsIDataSignatureVerifier[1] for Content-Signature verification, which makes sense but does the b64 decoding in NSS. So I guess adding a new function for this is the best option?

[1] https://dxr.mozilla.org/mozilla-central/source/security/manager/ssl/nsIDataSignatureVerifier.idl
Flags: needinfo?(martin.thomson)
Wasn't the plan was to remove dependencies on PSM?  It's not like this code is particularly complex or difficult. nsIDataSignatureVerifier seems like it might not be a direct fit anyway, since the signatures for content-signature are raw and nsIDataSignatureVerifier seems to depend on DER-encoded structures (CMS).
Flags: needinfo?(martin.thomson)
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.