493792ee9c
https://bugs.webkit.org/show_bug.cgi?id=228879 <rdar://problem/80655397> Reviewed by Brent Fulgham. Source/WebCore: Warn about risks of using AES-CBC and AES-CTR modes in WebCrypto, based on recommendations in https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt. We should encourage authenticated encryption instead. * crypto/SubtleCrypto.cpp: (WebCore::SubtleCrypto::encrypt): (WebCore::SubtleCrypto::decrypt): LayoutTests: Update layout tests. * crypto/subtle/aes-cbc-cfb-decrypt-malformed-parameters-expected.txt: * crypto/subtle/aes-cbc-cfb-encrypt-malformed-parameters-expected.txt: * crypto/subtle/aes-cbc-generate-key-encrypt-decrypt-expected.txt: * crypto/subtle/aes-cbc-import-key-decrypt-expected.txt: * crypto/subtle/aes-cbc-import-key-encrypt-expected.txt: * crypto/subtle/aes-ctr-encrypt-malformed-parameters-expected.txt: * crypto/subtle/aes-ctr-generate-key-encrypt-decrypt-expected.txt: * crypto/subtle/aes-ctr-import-key-decrypt-expected.txt: * crypto/subtle/aes-ctr-import-key-encrypt-expected.txt: * crypto/subtle/decrypt-malformed-parameters-expected.txt: * crypto/subtle/encrypt-malformed-parameters-expected.txt: * TestExpectations: We should probably not change imported test expectations, this marks those tests as having console logging go to stderr. Additionally, some tests call encrypt/decrypt functions up to 1000 times to test for crashing, we should probably not log console to stdout in that case. Canonical link: https://commits.webkit.org/240369@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280790 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
||
---|---|---|
.. | ||
resources | ||
subtle | ||
workers | ||
crypto-gc-expected.txt | ||
crypto-gc.html | ||
crypto-key-algorithm-gc-expected.txt | ||
crypto-key-algorithm-gc.html | ||
crypto-key-usages-gc-expected.txt | ||
crypto-key-usages-gc.html | ||
crypto-random-values-expected.txt | ||
crypto-random-values-limits-expected.txt | ||
crypto-random-values-limits.html | ||
crypto-random-values-oom-expected.txt | ||
crypto-random-values-oom.html | ||
crypto-random-values-types-expected.txt | ||
crypto-random-values-types.html | ||
crypto-random-values.html |