eliott/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2026-05-14 10:56:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

LibWeb: Fix crash when importing malformed RSAOAEP key

Browse Source 
This fixes a crash in WPT:
WebCryptoAPI/import_export/rsa_importKey.https.any

This allows us to pass 240 tests!

(cherry picked from commit 124bd115a1342d9b4a7536fa62acedee279a12c9)
This commit is contained in:
Ben Wiederhake
2024-10-25 05:38:46 +02:00
committed by Nico Weber
parent b57e502d21
commit 806f30d1d2
3 changed files with 33 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Userland/Libraries/LibWeb/Crypto/CryptoAlgorithms.cpp
View File

@@ -653,9 +653,11 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<CryptoKey>> RSAOAEP::import_key(Web::Crypto
// 6. If the key_ops field of jwk is present, and is invalid according to the requirements of JSON Web Key [JWK]
// or does not contain all of the specified usages values, then throw a DataError.
for (auto const& usage : usages) {
if (!jwk.key_ops->contains_slow(Bindings::idl_enum_to_string(usage)))
return WebIDL::DataError::create(m_realm, MUST(String::formatted("Missing key_ops field: {}", Bindings::idl_enum_to_string(usage))));
if (jwk.key_ops.has_value()) {
for (auto const& usage : usages) {
if (!jwk.key_ops->contains_slow(Bindings::idl_enum_to_string(usage)))
return WebIDL::DataError::create(m_realm, MUST(String::formatted("Missing key_ops field: {}", Bindings::idl_enum_to_string(usage))));
}
}
// FIXME: Validate jwk.key_ops against requirements in https://www.rfc-editor.org/rfc/rfc7517#section-4.3
@@ -669,7 +671,7 @@ WebIDL::ExceptionOr<JS::NonnullGCPtr<CryptoKey>> RSAOAEP::import_key(Web::Crypto
// Let hash be undefined.
}
// -> If the alg field of jwk is equal to "RSA-OAEP":
if (jwk.alg == "RSA-OAEP"sv) {
else if (jwk.alg == "RSA-OAEP"sv) {
// Let hash be the string "SHA-1".
hash = "SHA-1"_string;
}