Add CCryptoKeyBase::BMatchesRawData

zpostfacto · zpostfacto · commit 6e8928b2af8b · 2022-06-08T10:57:07.000-07:00
Fix bug in SteamNetworkingSockets::InternalSetCertificate incorrectly assuming
that GetRawDataPtr was always available.  It only works for some crypto
implementations.

P4: 7307233
diff --git a/src/common/keypair.cpp b/src/common/keypair.cpp
@@ -364,6 +364,21 @@ bool CCryptoKeyBase::operator==( const CCryptoKeyBase &rhs ) const
 	return memcmp( bufLHS.Base(), bufRHS.Base(), cbRawData ) == 0;
 }
 
+
+//-----------------------------------------------------------------------------
+// Purpose: Return true if our raw data matches the the specified buffer
+//-----------------------------------------------------------------------------
+bool CCryptoKeyBase::BMatchesRawData( const void *pData, size_t cbData ) const
+{
+	uint32 cbMyRawData = GetRawData(nullptr);
+	if ( cbMyRawData != cbData ) return false;
+
+	CAutoWipeBuffer bufMyRawData( cbMyRawData );
+	DbgVerify( GetRawData( bufMyRawData.Base() ) == cbMyRawData );
+
+	return memcmp( bufMyRawData.Base(), pData, cbData ) == 0;
+}
+
 void CCryptoKeyBase::CopyFrom( const CCryptoKeyBase &x )
 {
 	Assert( m_eKeyType == x.m_eKeyType );
diff --git a/src/common/keypair.h b/src/common/keypair.h
@@ -83,6 +83,9 @@ class CCryptoKeyBase
 	bool operator==( const CCryptoKeyBase &rhs ) const;
 	bool operator!=( const CCryptoKeyBase &rhs ) const { return !operator==( rhs ); }
 
+	// Return true if our raw data matches the specified buffer.
+	bool BMatchesRawData( const void *pData, size_t cbData ) const;
+
 	// Make a copy of the key, by using the raw data functions
 	void CopyFrom( const CCryptoKeyBase &x );
 
diff --git a/src/steamnetworkingsockets/clientlib/csteamnetworkingsockets.cpp b/src/steamnetworkingsockets/clientlib/csteamnetworkingsockets.cpp
@@ -752,8 +752,7 @@ bool CSteamNetworkingSockets::InternalSetCertificate( const void *pCertificate,
 			// We already chose a private key, so the cert must match.
 			// For the most common use cases, we choose a private
 			// key and it never leaves the current process.
-			if ( m_keyPrivateKey.GetRawDataSize() != private_key_data.length()
-				|| memcmp( m_keyPrivateKey.GetRawDataPtr(), private_key_data.c_str(), private_key_data.length() ) != 0 )
+			if ( !m_keyPrivateKey.BMatchesRawData( private_key_data.data(), private_key_data.length() ) )
 			{
 				V_strcpy_safe( errMsg, "Private key mismatch" );
 				return false;
