Check trailing data when parsing ASN.1.

Properly check that the entire buffer was consumed. d2i_* may process only a
prefix of its input. In addition, don't bother using a memory BIO when the
buffer can be parsed directly.

This aligns the NSS and OpenSSL port's behavior in most places:
SEC_QuickDERDecodeItem fails with SEC_ERROR_EXTRA_INPUT if there is excess data.
Add tests. Both for testing and to verify this is the NSS port's behavior.

For a PKCS #8 PrivateKeyInfo, NSS will silently accept trailing data. Fix
WebCrypto in NSS to align with the spec. RSAPrivateKey is left for a follow-up. (This includes an NSS roll to pick up a symbol export.)

BUG=430200

Review URL: https://codereview.chromium.org/685063007

Cr-Commit-Position: refs/heads/master@{#303546}

1 files changed, 4 insertions, 9 deletions

diff --git a/crypto/signature_verifier_openssl.cc b/crypto/signature_verifier_openssl.cc
index a855120..53637eb 100644
--- a/crypto/signature_verifier_openssl.cc
+++ b/crypto/signature_verifier_openssl.cc
@@ -141,19 +141,14 @@ bool SignatureVerifier::CommonInit(const EVP_MD* digest,
 
   signature_.assign(signature, signature + signature_len);
 
-  // BIO_new_mem_buf is not const aware, but it does not modify the buffer.
-  char* data = reinterpret_cast<char*>(const_cast<uint8*>(public_key_info));
-  ScopedBIO bio(BIO_new_mem_buf(data, public_key_info_len));
-  if (!bio.get())
-    return false;
-
-  ScopedEVP_PKEY public_key(d2i_PUBKEY_bio(bio.get(), NULL));
-  if (!public_key.get())
+  const uint8_t* ptr = public_key_info;
+  ScopedEVP_PKEY public_key(d2i_PUBKEY(nullptr, &ptr, public_key_info_len));
+  if (!public_key.get() || ptr != public_key_info + public_key_info_len)
     return false;
 
   verify_context_->ctx.reset(EVP_MD_CTX_create());
   int rv = EVP_DigestVerifyInit(verify_context_->ctx.get(), pkey_ctx,
-                                digest, NULL, public_key.get());
+                                digest, nullptr, public_key.get());
   return rv == 1;
 }