Diff
Modified: trunk/ChangeLog (208296 => 208297)
--- trunk/ChangeLog 2016-11-02 19:47:16 UTC (rev 208296)
+++ trunk/ChangeLog 2016-11-02 20:05:41 UTC (rev 208297)
@@ -1,3 +1,14 @@
+2016-11-02 Olivier Blin <[email protected]>
+
+ [GTK] Use libgcrypt instead of GnuTLS for CryptoDigest and SubtleCrypto HMAC implementation
+ https://bugs.webkit.org/show_bug.cgi?id=163125
+
+ Reviewed by Michael Catanzaro.
+
+ * Source/cmake/OptionsGTK.cmake: Updated to use libgcrypt files instead of gnutls.
+ At least version 1.6.0 is needed for the HMAC APIs.
+ libgcrypt is now needed unconditionally for CryptoDigest, used by CSP.
+
2016-11-02 Romain Bellessort <[email protected]>
[Readable Streams API] Enable creation of ReadableByteStreamController
Modified: trunk/Source/WebCore/ChangeLog (208296 => 208297)
--- trunk/Source/WebCore/ChangeLog 2016-11-02 19:47:16 UTC (rev 208296)
+++ trunk/Source/WebCore/ChangeLog 2016-11-02 20:05:41 UTC (rev 208297)
@@ -1,3 +1,25 @@
+2016-11-02 Olivier Blin <[email protected]>
+
+ [GTK] Use libgcrypt instead of GnuTLS for CryptoDigest and SubtleCrypto HMAC implementation
+ https://bugs.webkit.org/show_bug.cgi?id=163125
+
+ Reviewed by Michael Catanzaro.
+
+ No new tests, already covered by existing SubtleCrypto tests.
+
+ * PlatformGTK.cmake: Use libgcrypt instead of gnutls.
+ * crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp: Added. Adapted from the GnuTLS backend.
+ (WebCore::getGCryptDigestAlgorithm):
+ (WebCore::calculateSignature):
+ (WebCore::CryptoAlgorithmHMAC::platformSign):
+ (WebCore::CryptoAlgorithmHMAC::platformVerify):
+ * platform/crypto/gcrypt/CryptoDigestGCrypt.cpp: Added. Adapted from the GnuTLS backend.
+ (WebCore::CryptoDigest::CryptoDigest):
+ (WebCore::CryptoDigest::~CryptoDigest):
+ (WebCore::CryptoDigest::create):
+ (WebCore::CryptoDigest::addBytes):
+ (WebCore::CryptoDigest::computeHash):
+
2016-11-02 Brent Fulgham <[email protected]>
REGRESSION(r203289):Assertion in MathOperator::stretchTo() on Wikipedia Page
Modified: trunk/Source/WebCore/PlatformGTK.cmake (208296 => 208297)
--- trunk/Source/WebCore/PlatformGTK.cmake 2016-11-02 19:47:16 UTC (rev 208296)
+++ trunk/Source/WebCore/PlatformGTK.cmake 2016-11-02 20:05:41 UTC (rev 208297)
@@ -89,7 +89,7 @@
platform/audio/glib/AudioBusGLib.cpp
- platform/crypto/gnutls/CryptoDigestGnuTLS.cpp
+ platform/crypto/gcrypt/CryptoDigestGCrypt.cpp
platform/gamepad/glib/GamepadsGlib.cpp
@@ -274,9 +274,9 @@
${GLIB_GMODULE_LIBRARIES}
${GLIB_GOBJECT_LIBRARIES}
${GLIB_LIBRARIES}
- ${GNUTLS_LIBRARIES}
${GUDEV_LIBRARIES}
${HARFBUZZ_LIBRARIES}
+ ${LIBGCRYPT_LIBRARIES}
${LIBSECRET_LIBRARIES}
${LIBSOUP_LIBRARIES}
${LIBXML2_LIBRARIES}
@@ -302,9 +302,9 @@
${GEOCLUE_INCLUDE_DIRS}
${GIO_UNIX_INCLUDE_DIRS}
${GLIB_INCLUDE_DIRS}
- ${GNUTLS_INCLUDE_DIRS}
${GUDEV_INCLUDE_DIRS}
${HARFBUZZ_INCLUDE_DIRS}
+ ${LIBGCRYPT_INCLUDE_DIRS}
${LIBSECRET_INCLUDE_DIRS}
${LIBSOUP_INCLUDE_DIRS}
${LIBXML2_INCLUDE_DIR}
@@ -420,9 +420,10 @@
crypto/algorithms/CryptoAlgorithmSHA384.cpp
crypto/algorithms/CryptoAlgorithmSHA512.cpp
+ crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp
+
crypto/gnutls/CryptoAlgorithmAES_CBCGnuTLS.cpp
crypto/gnutls/CryptoAlgorithmAES_KWGnuTLS.cpp
- crypto/gnutls/CryptoAlgorithmHMACGnuTLS.cpp
crypto/gnutls/CryptoAlgorithmRSAES_PKCS1_v1_5GnuTLS.cpp
crypto/gnutls/CryptoAlgorithmRSASSA_PKCS1_v1_5GnuTLS.cpp
crypto/gnutls/CryptoAlgorithmRSA_OAEPGnuTLS.cpp
Added: trunk/Source/WebCore/crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp (0 => 208297)
--- trunk/Source/WebCore/crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp (rev 0)
+++ trunk/Source/WebCore/crypto/gcrypt/CryptoAlgorithmHMACGCrypt.cpp 2016-11-02 20:05:41 UTC (rev 208297)
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) 2014 Igalia S.L.
+ * Copyright (C) 2016 SoftAtHome
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "CryptoAlgorithmHMAC.h"
+
+#if ENABLE(SUBTLE_CRYPTO)
+
+#include "CryptoAlgorithmHmacParamsDeprecated.h"
+#include "CryptoKeyHMAC.h"
+#include "ExceptionCode.h"
+#include <gcrypt.h>
+#include <wtf/CryptographicUtilities.h>
+
+namespace WebCore {
+
+static int getGCryptDigestAlgorithm(CryptoAlgorithmIdentifier hashFunction)
+{
+ switch (hashFunction) {
+ case CryptoAlgorithmIdentifier::SHA_1:
+ return GCRY_MAC_HMAC_SHA1;
+ case CryptoAlgorithmIdentifier::SHA_224:
+ return GCRY_MAC_HMAC_SHA224;
+ case CryptoAlgorithmIdentifier::SHA_256:
+ return GCRY_MAC_HMAC_SHA256;
+ case CryptoAlgorithmIdentifier::SHA_384:
+ return GCRY_MAC_HMAC_SHA384;
+ case CryptoAlgorithmIdentifier::SHA_512:
+ return GCRY_MAC_HMAC_SHA512;
+ default:
+ return GCRY_MAC_NONE;
+ }
+}
+
+static bool calculateSignature(int algorithm, const Vector<uint8_t>& key, const CryptoOperationData& data, Vector<uint8_t>& signature)
+{
+ size_t digestLength = gcry_mac_get_algo_maclen(algorithm);
+ const void* keyData = key.data() ? key.data() : reinterpret_cast<const uint8_t*>("");
+
+ bool result = false;
+ gcry_mac_hd_t hd;
+ gcry_error_t err;
+
+ err = gcry_mac_open(&hd, algorithm, 0, nullptr);
+ if (err)
+ goto cleanup;
+
+ err = gcry_mac_setkey(hd, keyData, key.size());
+ if (err)
+ goto cleanup;
+
+ err = gcry_mac_write(hd, data.first, data.second);
+ if (err)
+ goto cleanup;
+
+ signature.resize(digestLength);
+ err = gcry_mac_read(hd, signature.data(), &digestLength);
+ if (err)
+ goto cleanup;
+
+ signature.resize(digestLength);
+ result = true;
+
+cleanup:
+ if (hd)
+ gcry_mac_close(hd);
+
+ return result;
+}
+
+void CryptoAlgorithmHMAC::platformSign(const CryptoAlgorithmHmacParamsDeprecated& parameters, const CryptoKeyHMAC& key, const CryptoOperationData& data, VectorCallback&& callback, VoidCallback&& failureCallback, ExceptionCode& ec)
+{
+ UNUSED_PARAM(failureCallback);
+ int algorithm = getGCryptDigestAlgorithm(parameters.hash);
+ if (algorithm == GCRY_MAC_NONE) {
+ ec = NOT_SUPPORTED_ERR;
+ return;
+ }
+
+ Vector<uint8_t> signature;
+ if (calculateSignature(algorithm, key.key(), data, signature))
+ callback(signature);
+ else
+ failureCallback();
+}
+
+void CryptoAlgorithmHMAC::platformVerify(const CryptoAlgorithmHmacParamsDeprecated& parameters, const CryptoKeyHMAC& key, const CryptoOperationData& expectedSignature, const CryptoOperationData& data, BoolCallback&& callback, VoidCallback&& failureCallback, ExceptionCode& ec)
+{
+ UNUSED_PARAM(failureCallback);
+ int algorithm = getGCryptDigestAlgorithm(parameters.hash);
+ if (algorithm == GCRY_MAC_NONE) {
+ ec = NOT_SUPPORTED_ERR;
+ return;
+ }
+
+ Vector<uint8_t> signature;
+ if (!calculateSignature(algorithm, key.key(), data, signature)) {
+ failureCallback();
+ return;
+ }
+
+ // Using a constant time comparison to prevent timing attacks.
+ bool result = signature.size() == expectedSignature.second && !constantTimeMemcmp(signature.data(), expectedSignature.first, signature.size());
+
+ callback(result);
+}
+
+}
+
+#endif // ENABLE(SUBTLE_CRYPTO)
Added: trunk/Source/WebCore/platform/crypto/gcrypt/CryptoDigestGCrypt.cpp (0 => 208297)
--- trunk/Source/WebCore/platform/crypto/gcrypt/CryptoDigestGCrypt.cpp (rev 0)
+++ trunk/Source/WebCore/platform/crypto/gcrypt/CryptoDigestGCrypt.cpp 2016-11-02 20:05:41 UTC (rev 208297)
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2014 Igalia S.L.
+ * Copyright (C) 2016 SoftAtHome
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+#include "CryptoDigest.h"
+
+#include <gcrypt.h>
+
+namespace WebCore {
+
+struct CryptoDigestContext {
+ int algorithm;
+ gcry_md_hd_t md;
+};
+
+CryptoDigest::CryptoDigest()
+ : m_context(new CryptoDigestContext)
+{
+}
+
+CryptoDigest::~CryptoDigest()
+{
+}
+
+std::unique_ptr<CryptoDigest> CryptoDigest::create(CryptoDigest::Algorithm algorithm)
+{
+ int gcryptAlgorithm;
+
+ switch (algorithm) {
+ case CryptoDigest::Algorithm::SHA_1:
+ gcryptAlgorithm = GCRY_MD_SHA1;
+ break;
+ case CryptoDigest::Algorithm::SHA_224:
+ gcryptAlgorithm = GCRY_MD_SHA224;
+ break;
+ case CryptoDigest::Algorithm::SHA_256:
+ gcryptAlgorithm = GCRY_MD_SHA256;
+ break;
+ case CryptoDigest::Algorithm::SHA_384:
+ gcryptAlgorithm = GCRY_MD_SHA384;
+ break;
+ case CryptoDigest::Algorithm::SHA_512:
+ gcryptAlgorithm = GCRY_MD_SHA512;
+ break;
+ }
+
+ std::unique_ptr<CryptoDigest> digest(new CryptoDigest);
+ digest->m_context->algorithm = gcryptAlgorithm;
+
+ gcry_md_open(&digest->m_context->md, gcryptAlgorithm, 0);
+ if (!digest->m_context->md)
+ return nullptr;
+
+ return digest;
+}
+
+void CryptoDigest::addBytes(const void* input, size_t length)
+{
+ gcry_md_write(m_context->md, input, length);
+}
+
+Vector<uint8_t> CryptoDigest::computeHash()
+{
+ int digestLen = gcry_md_get_algo_dlen(m_context->algorithm);
+ Vector<uint8_t> result(digestLen);
+
+ gcry_md_final(m_context->md);
+ memcpy(result.data(), gcry_md_read(m_context->md, 0), digestLen);
+ gcry_md_close(m_context->md);
+
+ return result;
+}
+
+} // namespace WebCore
Modified: trunk/Source/cmake/OptionsGTK.cmake (208296 => 208297)
--- trunk/Source/cmake/OptionsGTK.cmake 2016-11-02 19:47:16 UTC (rev 208296)
+++ trunk/Source/cmake/OptionsGTK.cmake 2016-11-02 20:05:41 UTC (rev 208297)
@@ -32,7 +32,7 @@
find_package(Cairo 1.10.2 REQUIRED)
find_package(Fontconfig 2.8.0 REQUIRED)
find_package(Freetype2 2.4.2 REQUIRED)
-find_package(GnuTLS 3.0.0 REQUIRED)
+find_package(LibGcrypt 1.6.0 REQUIRED)
find_package(GTK3 3.6.0 REQUIRED)
find_package(GDK3 3.6.0 REQUIRED)
find_package(HarfBuzz 0.9.2 REQUIRED)
@@ -276,10 +276,6 @@
SET_AND_EXPOSE_TO_BUILD(USE_OPENWEBRTC TRUE)
endif ()
-if (ENABLE_LEGACY_ENCRYPTED_MEDIA)
- find_package(LibGcrypt REQUIRED)
-endif ()
-
SET_AND_EXPOSE_TO_BUILD(USE_TEXTURE_MAPPER TRUE)
if (ENABLE_OPENGL)
Modified: trunk/Tools/ChangeLog (208296 => 208297)
--- trunk/Tools/ChangeLog 2016-11-02 19:47:16 UTC (rev 208296)
+++ trunk/Tools/ChangeLog 2016-11-02 20:05:41 UTC (rev 208297)
@@ -1,3 +1,13 @@
+2016-11-02 Olivier Blin <[email protected]>
+
+ [GTK] Use libgcrypt instead of GnuTLS for CryptoDigest and SubtleCrypto HMAC implementation
+ https://bugs.webkit.org/show_bug.cgi?id=163125
+
+ Reviewed by Michael Catanzaro.
+
+ * gtk/install-dependencies: List libgcrypt for WebKitGTK+ build, and gnutls for jhbuild only.
+ gnutls is useful for glib-networking in jhbuild.
+
2016-11-02 Carlos Garcia Campos <[email protected]>
NetworkSession: Network process crash when converting main resource to download
Modified: trunk/Tools/gtk/install-dependencies (208296 => 208297)
--- trunk/Tools/gtk/install-dependencies 2016-11-02 19:47:16 UTC (rev 208296)
+++ trunk/Tools/gtk/install-dependencies 2016-11-02 20:05:41 UTC (rev 208297)
@@ -106,11 +106,11 @@
libedit-dev \
libenchant-dev \
libfaad-dev \
+ $(aptIfElse libgcrypt20-dev libgcrypt11-dev) \
$(aptIfElse libgeoclue-2-dev libgeoclue-dev) \
libgirepository1.0-dev \
libgl1-mesa-dev \
libgl1-mesa-glx \
- libgnutls28-dev \
libgtk2.0-dev \
libgtk-3-dev \
libgstreamer1.0-dev \
@@ -173,8 +173,8 @@
libevdev-dev \
libexpat1-dev \
libgbm-dev \
- libgcrypt11-dev \
libgles2-mesa-dev \
+ libgnutls28-dev \
libgpg-error-dev \
libjson-glib-dev \
libinput-dev \
@@ -256,7 +256,6 @@
gobject-introspection \
mesa \
mesa-libgl \
- gnutls \
gtk2 \
gtk3 \
libsystemd \
@@ -264,6 +263,7 @@
mpg123 \
opus \
pango \
+ libgcrypt \
libnotify \
libpng \
libpulse \
@@ -308,6 +308,7 @@
packages="$packages \
expat \
git \
+ gnutls \
gobject-introspection \
gsettings-desktop-schemas \
icon-naming-utils \
@@ -315,7 +316,6 @@
libdrm \
libepoxy \
libevdev \
- libgcrypt \
libgpg-error \
libinput \
p11-kit \
@@ -369,7 +369,6 @@
gcc-c++ \
geoclue2-devel \
gettext-devel \
- gnutls-devel \
gobject-introspection-devel \
gperf \
gstreamer1-devel \
@@ -384,6 +383,7 @@
libXtst-devel \
libxslt-devel \
libedit-devel \
+ libgcrypt-devel \
libgudev1-devel \
libjpeg-turbo-devel \
libnotify-devel \
@@ -435,6 +435,7 @@
docbook-utils-pdf \
git \
gobject-introspection \
+ gnutls-devel \
gsettings-desktop-schemas-devel \
icon-naming-utils \
itstool \
@@ -443,7 +444,6 @@
libdrm-devel \
libepoxy-devel \
libevdev-devel
- libgcrypt-devel \
libgpg-error-devel \
libinput-devel \
libp11-devel \
