[webkit-changes] [236820] trunk

Wed, 03 Oct 2018 18:33:24 -0700

Title: [236820] trunk
Revision
236820
Author
jiewen_...@apple.com
Date
2018-10-03 18:32:02 -0700 (Wed, 03 Oct 2018)

Log Message

[WebCrypto] ECDSA could not deal with invalid signature inputs
https://bugs.webkit.org/show_bug.cgi?id=189879
<rdar://problem/44701276>

Reviewed by Brent Fulgham.

Source/WebCore:

Add some guards over detections of the start positions of r/s.

Covered by improved existing tests.

* crypto/mac/CryptoAlgorithmECDSAMac.cpp:
(WebCore::verifyECDSA):

LayoutTests:

* crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt:
* crypto/subtle/ecdsa-verify-malformed-parameters.html:

Modified Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (236819 => 236820)


--- trunk/LayoutTests/ChangeLog	2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/LayoutTests/ChangeLog	2018-10-04 01:32:02 UTC (rev 236820)
@@ -1,3 +1,14 @@
+2018-09-28  Jiewen Tan  <jiewen_...@apple.com>
+
+        [WebCrypto] ECDSA could not deal with invalid signature inputs
+        https://bugs.webkit.org/show_bug.cgi?id=189879
+        <rdar://problem/44701276>
+
+        Reviewed by Brent Fulgham.
+
+        * crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt:
+        * crypto/subtle/ecdsa-verify-malformed-parameters.html:
+
 2018-10-03  Antoine Quint  <grao...@apple.com>
 
         [Web Animations] REGRESSION: setting 'animation-name: none' after a 'fill: forwards' animation has completed does not revert to the unanimated style

Modified: trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt (236819 => 236820)


--- trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt	2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters-expected.txt	2018-10-04 01:32:02 UTC (rev 236820)
@@ -5,6 +5,8 @@
 
 PASS verified is false
 PASS verified is false
+PASS verified is false
+PASS verified is false
 PASS successfullyParsed is true
 
 TEST COMPLETE

Modified: trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html (236819 => 236820)


--- trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html	2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/LayoutTests/crypto/subtle/ecdsa-verify-malformed-parameters.html	2018-10-04 01:32:02 UTC (rev 236820)
@@ -27,6 +27,8 @@
 var data = "" World!");
 var corruptedSignature = hexStringToUint8Array("d60737267c707deb1f3547c85d3f49b167fb3b4fd7ed7d974c2adc4f89171f9884a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b");
 var shortenSignature = hexStringToUint8Array("d60737267c707deb1f3547c85d3f49b167fb3b4fd7ed7d974c2adc4f89171f9884a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a");
+var invalidSignature1 = hexStringToUint8Array("000000000000000000000000000000000000000000000000000000000000000084a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b");
+var invalidSignature2 = hexStringToUint8Array("84a2637d5d5a7c5d475dc13d37522b958d5bf333a06e9ad445e831f220900a1b0000000000000000000000000000000000000000000000000000000000000000");
 
 crypto.subtle.importKey("jwk", jwkPublicKey, { name: "ECDSA", namedCurve: "P-256" }, extractable, ["verify"]).then(function(result) {
     key = result;
@@ -37,12 +39,24 @@
 
     shouldBeFalse("verified");
 
-    return crypto.subtle.verify(ecdsaParams, key, corruptedSignature, data);
+    return crypto.subtle.verify(ecdsaParams, key, shortenSignature, data);
 }).then(function(result) {
     verified = result;
 
     shouldBeFalse("verified");
 
+    return crypto.subtle.verify(ecdsaParams, key, invalidSignature1, data);
+}).then(function(result) {
+    verified = result;
+
+    shouldBeFalse("verified");
+
+    return crypto.subtle.verify(ecdsaParams, key, invalidSignature2, data);
+}).then(function(result) {
+    verified = result;
+
+    shouldBeFalse("verified");
+
     finishJSTest();
 }, failAndFinishJSTest);

Modified: trunk/Source/WebCore/ChangeLog (236819 => 236820)


--- trunk/Source/WebCore/ChangeLog	2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/Source/WebCore/ChangeLog	2018-10-04 01:32:02 UTC (rev 236820)
@@ -1,3 +1,18 @@
+2018-09-28  Jiewen Tan  <jiewen_...@apple.com>
+
+        [WebCrypto] ECDSA could not deal with invalid signature inputs
+        https://bugs.webkit.org/show_bug.cgi?id=189879
+        <rdar://problem/44701276>
+
+        Reviewed by Brent Fulgham.
+
+        Add some guards over detections of the start positions of r/s.
+
+        Covered by improved existing tests.
+
+        * crypto/mac/CryptoAlgorithmECDSAMac.cpp:
+        (WebCore::verifyECDSA):
+
 2018-10-03  Jer Noble  <jer.no...@apple.com>
 
         Add a quirk to disable Modern EME for sites which are broken with it enabled

Modified: trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp (236819 => 236820)


--- trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp	2018-10-04 01:17:20 UTC (rev 236819)
+++ trunk/Source/WebCore/crypto/mac/CryptoAlgorithmECDSAMac.cpp	2018-10-04 01:32:02 UTC (rev 236820)
@@ -121,8 +121,10 @@
     while (rStart < keyLengthInBytes && !signature[rStart])
         rStart++;
     size_t sStart = keyLengthInBytes;
-    while (rStart < signature.size() && !signature[sStart])
+    while (sStart < signature.size() && !signature[sStart])
         sStart++;
+    if (rStart >= keyLengthInBytes || sStart >= signature.size())
+        return false;
 
     // InitialOctet is needed when the first byte of r/s is larger than or equal to 128.
     bool rNeedsInitialOctet = signature[rStart] >= 128;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to