nephele
/
haikuwebkit
1
0
Fork 0
Code Issues Releases Activity
haikuwebkit/Source/WebCore/crypto
History
Kate Cheney 493792ee9c Add console logging to encourage the use of authenticated encryption in WebCrypto 
https://bugs.webkit.org/show_bug.cgi?id=228879
<rdar://problem/80655397>

Reviewed by Brent Fulgham.

Source/WebCore:

Warn about risks of using AES-CBC and AES-CTR modes in WebCrypto,
based on recommendations in
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/encrypt.
We should encourage authenticated encryption instead.

* crypto/SubtleCrypto.cpp:
(WebCore::SubtleCrypto::encrypt):
(WebCore::SubtleCrypto::decrypt):

LayoutTests:

Update layout tests.

* crypto/subtle/aes-cbc-cfb-decrypt-malformed-parameters-expected.txt:
* crypto/subtle/aes-cbc-cfb-encrypt-malformed-parameters-expected.txt:
* crypto/subtle/aes-cbc-generate-key-encrypt-decrypt-expected.txt:
* crypto/subtle/aes-cbc-import-key-decrypt-expected.txt:
* crypto/subtle/aes-cbc-import-key-encrypt-expected.txt:
* crypto/subtle/aes-ctr-encrypt-malformed-parameters-expected.txt:
* crypto/subtle/aes-ctr-generate-key-encrypt-decrypt-expected.txt:
* crypto/subtle/aes-ctr-import-key-decrypt-expected.txt:
* crypto/subtle/aes-ctr-import-key-encrypt-expected.txt:
* crypto/subtle/decrypt-malformed-parameters-expected.txt:
* crypto/subtle/encrypt-malformed-parameters-expected.txt:
* TestExpectations:
We should probably not change imported test expectations, this marks
those tests as having console logging go to stderr. Additionally, some
tests call encrypt/decrypt functions up to 1000 times to test for
crashing, we should probably not log console to stdout in that case.


Canonical link: https://commits.webkit.org/240369@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280790 268f45cc-cd09-0410-ab3c-d52691b4dbfc
 		2021-08-09 20:06:31 +00:00
..
algorithms [WebCrypto] deriveBits() fails if length is not a multiple of 8 for ECDH algorithm 2021-07-08 16:29:15 +00:00
gcrypt Remove <wtf/Optional.h> 2021-06-02 06:45:51 +00:00
keys CrashTracer: com.apple.WebKit.WebContent at com.apple.WebCore: WebCore::CryptoKeyRSA::exportJwk const 2021-08-07 01:16:27 +00:00
mac [WebCrypto] deriveBits() incorrectly throws for PBKDF2 algorithm when the password is empty 2021-07-09 17:32:53 +00:00
openssl [OpenSSL] Implement HKDF and PBKDF2 support 2021-07-08 19:26:52 +00:00
parameters Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
CommonCryptoUtilities.cpp
CommonCryptoUtilities.h
CryptoAlgorithm.cpp
CryptoAlgorithm.h
CryptoAlgorithmIdentifier.h
CryptoAlgorithmParameters.h
CryptoAlgorithmParameters.idl
CryptoAlgorithmRegistry.cpp Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
CryptoAlgorithmRegistry.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
CryptoKey.cpp
CryptoKey.h
CryptoKey.idl SubtleCrypto should only be exposed to secure contexts 2021-07-07 15:37:24 +00:00
CryptoKeyFormat.h
CryptoKeyPair.h
CryptoKeyPair.idl
CryptoKeyType.h
CryptoKeyUsage.h
CryptoKeyUsage.idl
JsonWebKey.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
JsonWebKey.idl
RsaOtherPrimesInfo.h
RsaOtherPrimesInfo.idl
SerializedCryptoKeyWrap.h Remove WTF::Optional synonym for std::optional, using that class template directly instead 2021-05-30 16:11:40 +00:00
SubtleCrypto.cpp Add console logging to encourage the use of authenticated encryption in WebCrypto 2021-08-09 20:06:31 +00:00
SubtleCrypto.h Add console logging to encourage the use of authenticated encryption in WebCrypto 2021-08-09 20:06:31 +00:00
SubtleCrypto.idl SubtleCrypto should only be exposed to secure contexts 2021-07-07 15:37:24 +00:00