493792ee9c
https://bugs.webkit.org/show_bug.cgi?id=228879 <rdar://problem/80655397> Reviewed by Brent Fulgham. Source/WebCore: Warn about risks of using AES-CBC and AES-CTR modes in WebCrypto, based on recommendations in https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt. We should encourage authenticated encryption instead. * crypto/SubtleCrypto.cpp: (WebCore::SubtleCrypto::encrypt): (WebCore::SubtleCrypto::decrypt): LayoutTests: Update layout tests. * crypto/subtle/aes-cbc-cfb-decrypt-malformed-parameters-expected.txt: * crypto/subtle/aes-cbc-cfb-encrypt-malformed-parameters-expected.txt: * crypto/subtle/aes-cbc-generate-key-encrypt-decrypt-expected.txt: * crypto/subtle/aes-cbc-import-key-decrypt-expected.txt: * crypto/subtle/aes-cbc-import-key-encrypt-expected.txt: * crypto/subtle/aes-ctr-encrypt-malformed-parameters-expected.txt: * crypto/subtle/aes-ctr-generate-key-encrypt-decrypt-expected.txt: * crypto/subtle/aes-ctr-import-key-decrypt-expected.txt: * crypto/subtle/aes-ctr-import-key-encrypt-expected.txt: * crypto/subtle/decrypt-malformed-parameters-expected.txt: * crypto/subtle/encrypt-malformed-parameters-expected.txt: * TestExpectations: We should probably not change imported test expectations, this marks those tests as having console logging go to stderr. Additionally, some tests call encrypt/decrypt functions up to 1000 times to test for crashing, we should probably not log console to stdout in that case. Canonical link: https://commits.webkit.org/240369@main git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280790 268f45cc-cd09-0410-ab3c-d52691b4dbfc |
||
---|---|---|
.. | ||
algorithms | ||
gcrypt | ||
keys | ||
mac | ||
openssl | ||
parameters | ||
CommonCryptoUtilities.cpp | ||
CommonCryptoUtilities.h | ||
CryptoAlgorithm.cpp | ||
CryptoAlgorithm.h | ||
CryptoAlgorithmIdentifier.h | ||
CryptoAlgorithmParameters.h | ||
CryptoAlgorithmParameters.idl | ||
CryptoAlgorithmRegistry.cpp | ||
CryptoAlgorithmRegistry.h | ||
CryptoKey.cpp | ||
CryptoKey.h | ||
CryptoKey.idl | ||
CryptoKeyFormat.h | ||
CryptoKeyPair.h | ||
CryptoKeyPair.idl | ||
CryptoKeyType.h | ||
CryptoKeyUsage.h | ||
CryptoKeyUsage.idl | ||
JsonWebKey.h | ||
JsonWebKey.idl | ||
RsaOtherPrimesInfo.h | ||
RsaOtherPrimesInfo.idl | ||
SerializedCryptoKeyWrap.h | ||
SubtleCrypto.cpp | ||
SubtleCrypto.h | ||
SubtleCrypto.idl |