Title: [236820] trunk
- Revision
- 236820
- Author
- jiewen_...@apple.com
- Date
- 2018-10-03 18:32:02 -0700 (Wed, 03 Oct 2018)
Log Message
[WebCrypto] ECDSA could not deal with invalid signature inputs
https://bugs.webkit.org/show_bug.cgi?id=189879
<rdar://problem/44701276>
Reviewed by Brent Fulgham.
Source/WebCore:
Add some guards over detections of the start positions of r/s.
Covered by improved existing tests.
* crypto/mac/CryptoAlgorithmECDSAMac.cpp:
(WebCore::verifyECDSA):
LayoutTests:
* crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt:
* crypto/subtle/ecdsa-verify-malformed-parameters.html:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (236819 => 236820)
--- trunk/LayoutTests/ChangeLog 2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/LayoutTests/ChangeLog 2018-10-04 01:32:02 UTC (rev 236820)
@@ -1,3 +1,14 @@
+2018-09-28 Jiewen Tan <jiewen_...@apple.com>
+
+ [WebCrypto] ECDSA could not deal with invalid signature inputs
+ https://bugs.webkit.org/show_bug.cgi?id=189879
+ <rdar://problem/44701276>
+
+ Reviewed by Brent Fulgham.
+
+ * crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt:
+ * crypto/subtle/ecdsa-verify-malformed-parameters.html:
+
2018-10-03 Antoine Quint <grao...@apple.com>
[Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style
Modified: trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt (236819 => 236820)
--- trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt 2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt 2018-10-04 01:32:02 UTC (rev 236820)
@@ -5,6 +5,8 @@
PASS verified is false
PASS verified is false
+PASS verified is false
+PASS verified is false
PASS successfullyParsed is true
TEST COMPLETE
Modified: trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html (236819 => 236820)
--- trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html 2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html 2018-10-04 01:32:02 UTC (rev 236820)
@@ -27,6 +27,8 @@
var data = "" World!");
var corruptedSignature = hexStringToUint8Array("d60737267c707deb1f3547c85d3f49b167fb3b4fd7ed7d974c2adc4f89171f9884a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b");
var shortenSignature = hexStringToUint8Array("d60737267c707deb1f3547c85d3f49b167fb3b4fd7ed7d974c2adc4f89171f9884a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a");
+var invalidSignature1 = hexStringToUint8Array("000000000000000000000000000000000000000000000000000000000000000084a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b");
+var invalidSignature2 = hexStringToUint8Array("84a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b0000000000000000000000000000000000000000000000000000000000000000");
crypto.subtle.importKey("jwk", jwkPublicKey, { name: "ECDSA", namedCurve: "P-256" }, extractable, ["verify"]).then(function(result) {
key = result;
@@ -37,12 +39,24 @@
shouldBeFalse("verified");
- return crypto.subtle.verify(ecdsaParams, key, corruptedSignature, data);
+ return crypto.subtle.verify(ecdsaParams, key, shortenSignature, data);
}).then(function(result) {
verified = result;
shouldBeFalse("verified");
+ return crypto.subtle.verify(ecdsaParams, key, invalidSignature1, data);
+}).then(function(result) {
+ verified = result;
+
+ shouldBeFalse("verified");
+
+ return crypto.subtle.verify(ecdsaParams, key, invalidSignature2, data);
+}).then(function(result) {
+ verified = result;
+
+ shouldBeFalse("verified");
+
finishJSTest();
}, failAndFinishJSTest);
Modified: trunk/Source/WebCore/ChangeLog (236819 => 236820)
--- trunk/Source/WebCore/ChangeLog 2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/Source/WebCore/ChangeLog 2018-10-04 01:32:02 UTC (rev 236820)
@@ -1,3 +1,18 @@
+2018-09-28 Jiewen Tan <jiewen_...@apple.com>
+
+ [WebCrypto] ECDSA could not deal with invalid signature inputs
+ https://bugs.webkit.org/show_bug.cgi?id=189879
+ <rdar://problem/44701276>
+
+ Reviewed by Brent Fulgham.
+
+ Add some guards over detections of the start positions of r/s.
+
+ Covered by improved existing tests.
+
+ * crypto/mac/CryptoAlgorithmECDSAMac.cpp:
+ (WebCore::verifyECDSA):
+
2018-10-03 Jer Noble <jer.no...@apple.com>
Add a quirk to disable Modern EME for sites which are broken with it enabled
Modified: trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp (236819 => 236820)
--- trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp 2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp 2018-10-04 01:32:02 UTC (rev 236820)
@@ -121,8 +121,10 @@
while (rStart < keyLengthInBytes && !signature[rStart])
rStart++;
size_t sStart = keyLengthInBytes;
- while (rStart < signature.size() && !signature[sStart])
+ while (sStart < signature.size() && !signature[sStart])
sStart++;
+ if (rStart >= keyLengthInBytes || sStart >= signature.size())
+ return false;
// InitialOctet is needed when the first byte of r/s is larger than or equal to 128.
bool rNeedsInitialOctet = signature[rStart] >= 128;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes