From 11dd5a0ae73b4d3612de6422893a25232f930b84 Mon Sep 17 00:00:00 2001
From: Levente Kurusa <lkurusa@kernelstuff.org>
Date: Mon, 5 Jun 2023 14:52:02 +0200
Subject: fix(ext/crypto): fix JWK import of Ed25519 (#19279)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: #18049

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
---
 ext/crypto/00_crypto.js | 14 ++++++++++++--
 ext/crypto/lib.rs       |  9 +++++----
 2 files changed, 17 insertions(+), 6 deletions(-)

(limited to 'ext/crypto')

diff --git a/ext/crypto/00_crypto.js b/ext/crypto/00_crypto.js
index 19e669acd..d88aef219 100644
--- a/ext/crypto/00_crypto.js
+++ b/ext/crypto/00_crypto.js
@@ -2319,7 +2319,12 @@ function importKeyEd25519(
       // 9.
       if (jwk.d !== undefined) {
         // https://www.rfc-editor.org/rfc/rfc8037#section-2
-        const privateKeyData = ops.op_crypto_base64url_decode(jwk.d);
+        let privateKeyData;
+        try {
+          privateKeyData = ops.op_crypto_base64url_decode(jwk.d);
+        } catch (_) {
+          throw new DOMException("invalid private key data", "DataError");
+        }
 
         const handle = {};
         WeakMapPrototypeSet(KEY_STORE, handle, privateKeyData);
@@ -2337,7 +2342,12 @@ function importKeyEd25519(
         );
       } else {
         // https://www.rfc-editor.org/rfc/rfc8037#section-2
-        const publicKeyData = ops.op_crypto_base64url_decode(jwk.x);
+        let publicKeyData;
+        try {
+          publicKeyData = ops.op_crypto_base64url_decode(jwk.x);
+        } catch (_) {
+          throw new DOMException("invalid public key data", "DataError");
+        }
 
         const handle = {};
         WeakMapPrototypeSet(KEY_STORE, handle, publicKeyData);
diff --git a/ext/crypto/lib.rs b/ext/crypto/lib.rs
index 05349bf68..dc5faf5e7 100644
--- a/ext/crypto/lib.rs
+++ b/ext/crypto/lib.rs
@@ -116,10 +116,11 @@ deno_core::extension!(deno_crypto,
 );
 
 #[op]
-pub fn op_crypto_base64url_decode(data: String) -> ZeroCopyBuf {
-  let data: Vec<u8> =
-    base64::decode_config(data, base64::URL_SAFE_NO_PAD).unwrap();
-  data.into()
+pub fn op_crypto_base64url_decode(
+  data: String,
+) -> Result<ZeroCopyBuf, AnyError> {
+  let data: Vec<u8> = base64::decode_config(data, base64::URL_SAFE_NO_PAD)?;
+  Ok(data.into())
 }
 
 #[op]
-- 
cgit v1.2.3