[webkit-changes] [WebKit/WebKit] 0b4603: The ECDH and X25519 deriveBits returns an empty st...

Javier Fernandez Garcia-Boente noreply at github.com
Fri Oct 18 01:03:41 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 0b46039641c2700f55501d4121d825aa86f22b98
      https://github.com/WebKit/WebKit/commit/0b46039641c2700f55501d4121d825aa86f22b98
  Author: Javier Fernandez <jfernandez at igalia.com>
  Date:   2024-10-18 (Fri, 18 Oct 2024)

  Changed paths:
    M LayoutTests/crypto/subtle/ecdh-derive-bits-length-limits-expected.txt
    M LayoutTests/crypto/subtle/ecdh-derive-bits-length-limits.html
    M LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any.worker-expected.txt
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.cpp
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmX25519.cpp

  Log Message:
  -----------
  The ECDH and X25519 deriveBits returns an empty string when 'length' is 0
https://bugs.webkit.org/show_bug.cgi?id=276916

Reviewed by Matthew Finkel.

The WebCrypto API spec's draft states that the ECDH's deriveBits should
handle a zero length as any regular number, only throwing an exception
in case of 'null'. The same is stated in the Secure Curves specification
draft for the X25519 algorithm.

We were not supporting 'null' value before, but since r281240 the 'length'
parameter is defined as optional, with 'null' as default value. Hence
in case of a zero length the derived bits are truncated so that the
operation returns an empty string.

* LayoutTests/crypto/subtle/ecdh-derive-bits-length-limits-expected.txt:
* LayoutTests/crypto/subtle/ecdh-derive-bits-length-limits.html:
* LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any.worker-expected.txt:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.cpp:
(WebCore::CryptoAlgorithmECDH::deriveBits):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmX25519.cpp:
(WebCore::CryptoAlgorithmX25519::deriveBits):

Canonical link: https://commits.webkit.org/285383@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list