[io/ssl] Better error message when security context private key is missing.

Fixes https://github.com/dart-lang/sdk/issues/54719 TEST=standalone/io/security_context_no_private_key_test.dart Change-Id: I6619b845a9cad8913efc00fc4f012bd87b27796a Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/348720 Commit-Queue: Alexander Aprelev <aam@google.com> Reviewed-by: Siva Annamalai <asiva@google.com>
2024-10-14 09:58:32 +00:00 · 2024-01-26 20:49:09 +00:00 · 2024-01-26 20:49:09 +00:00 · 34484719ca
parent 6757f8d109
commit 34484719ca
2 changed files with 39 additions and 5 deletions
--- a/runtime/bin/security_context.cc
+++ b/runtime/bin/security_context.cc
@ -800,14 +800,19 @@ void FUNCTION_NAME(SecurityContext_UsePrivateKeyBytes)(
  const char* password = SSLCertContext::GetPasswordArgument(args, 2);

  int status;
+  EVP_PKEY* key;
  {
    ScopedMemBIO bio(ThrowIfError(Dart_GetNativeArgument(args, 1)));
-    EVP_PKEY* key = GetPrivateKey(bio.bio(), password);
-    status = SSL_CTX_use_PrivateKey(context->context(), key);
-    // SSL_CTX_use_PrivateKey increments the reference count of key on success,
-    // so we have to call EVP_PKEY_free on both success and failure.
-    EVP_PKEY_free(key);
+    key = GetPrivateKey(bio.bio(), password);
  }
+  if (key == nullptr) {
+    Dart_ThrowException(DartUtils::NewDartArgumentError(
+        "Expected private key, but none was found"));
+  }
+  status = SSL_CTX_use_PrivateKey(context->context(), key);
+  // SSL_CTX_use_PrivateKey increments the reference count of key on success,
+  // so we have to call EVP_PKEY_free on both success and failure.
+  EVP_PKEY_free(key);

  // TODO(24184): Handle different expected errors here - file missing,
  // incorrect password, file not a PEM, and throw exceptions.
--- a/tests/standalone/io/security_context_no_private_key_test.dart
+++ b/tests/standalone/io/security_context_no_private_key_test.dart
@ -0,0 +1,29 @@
+// Copyright (c) 2024, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+//
+// Confirm error message when private key value is missing.
+
+import 'dart:io';
+import 'dart:typed_data';
+
+import "package:expect/expect.dart";
+
+void main() {
+  // Handcrafted private key with actual value missing(dartbug.com/54719)
+ Uint8List privateKeyBytes = Uint8List.fromList(<int>[
+      0x30, 0x53, 0x02, 0x01, 0x03, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48,
+      0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x41, 0x30, 0x31, 0x30, 0x0d,
+      0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+      0x00, 0x04, 0x20, 0xfc, 0x85, 0xd5, 0xb6, 0xc7, 0x78, 0x80, 0x96, 0x74,
+      0x5b, 0x13, 0xe4, 0x14, 0x79, 0x56, 0x39, 0xd1, 0xa3, 0x1b, 0x0e, 0xf9,
+      0x21, 0x22, 0x9a, 0xe8, 0x03, 0x91, 0x98, 0xf4, 0xb6, 0x3d, 0x3f, 0x04,
+      0x08, 0x91, 0xc1, 0x65, 0x4e, 0xe5, 0x58, 0x43, 0xf0, 0x02, 0x02, 0x08,
+      0x00]);
+
+  SecurityContext securityContext = SecurityContext();
+  Expect.throws(
+      () => securityContext.usePrivateKeyBytes(privateKeyBytes),
+      (e) =>
+          e is ArgumentError && e.toString().contains("Expected private key"));
+}