diff options
| -rw-r--r-- | ext/node/ops/crypto/mod.rs | 18 | ||||
| -rw-r--r-- | tests/unit_node/crypto/crypto_key_test.ts | 24 |
2 files changed, 38 insertions, 4 deletions
diff --git a/ext/node/ops/crypto/mod.rs b/ext/node/ops/crypto/mod.rs index 53a3ea3f0..666ce8409 100644 --- a/ext/node/ops/crypto/mod.rs +++ b/ext/node/ops/crypto/mod.rs @@ -1493,8 +1493,13 @@ fn parse_private_key( ) -> Result<pkcs8::SecretDocument, AnyError> { match format { "pem" => { - let (_, doc) = - pkcs8::SecretDocument::from_pem(std::str::from_utf8(key).unwrap())?; + let pem = std::str::from_utf8(key).map_err(|err| { + type_error(format!( + "Invalid PEM private key: not valid utf8 starting at byte {}", + err.valid_up_to() + )) + })?; + let (_, doc) = pkcs8::SecretDocument::from_pem(pem)?; Ok(doc) } "der" => { @@ -1600,8 +1605,13 @@ fn parse_public_key( ) -> Result<pkcs8::Document, AnyError> { match format { "pem" => { - let (label, doc) = - pkcs8::Document::from_pem(std::str::from_utf8(key).unwrap())?; + let pem = std::str::from_utf8(key).map_err(|err| { + type_error(format!( + "Invalid PEM private key: not valid utf8 starting at byte {}", + err.valid_up_to() + )) + })?; + let (label, doc) = pkcs8::Document::from_pem(pem)?; if label != "PUBLIC KEY" { return Err(type_error("Invalid PEM label")); } diff --git a/tests/unit_node/crypto/crypto_key_test.ts b/tests/unit_node/crypto/crypto_key_test.ts index 013601572..d3a43b3b8 100644 --- a/tests/unit_node/crypto/crypto_key_test.ts +++ b/tests/unit_node/crypto/crypto_key_test.ts @@ -415,3 +415,27 @@ Deno.test("generate rsa export public key", async function () { const der = publicKey.export({ format: "der", type: "spki" }); assert(der instanceof Uint8Array); }); + +Deno.test("create public key with invalid utf-8 string", function () { + // This is an invalid UTF-8 string because it contains a lone utf-16 surrogate. + const invalidPem = Buffer.from(new Uint8Array([0xE2, 0x28, 0xA1])); + assertThrows( + () => { + createPublicKey(invalidPem); + }, + Error, + "not valid utf8", + ); +}); + +Deno.test("create private key with invalid utf-8 string", function () { + // This is an invalid UTF-8 string because it contains a lone utf-16 surrogate. + const invalidPem = Buffer.from(new Uint8Array([0xE2, 0x28, 0xA1])); + assertThrows( + () => { + createPrivateKey(invalidPem); + }, + Error, + "not valid utf8", + ); +}); |