[webkit-changes] [WebKit/WebKit] f9e55b: The ECDH and X25519 deriveBits returns an empty st...

Javier Fernandez Garcia-Boente noreply at github.com
Mon Oct 28 14:38:09 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: f9e55bf363c165ca6e14b3ffb23e78b9fb0f696c
      https://github.com/WebKit/WebKit/commit/f9e55bf363c165ca6e14b3ffb23e78b9fb0f696c
  Author: Javier Fernandez <jfernandez at igalia.com>
  Date:   2024-10-28 (Mon, 28 Oct 2024)

  Changed paths:
    M LayoutTests/crypto/subtle/ecdh-derive-bits-length-limits-expected.txt
    M LayoutTests/crypto/subtle/ecdh-derive-bits-length-limits.html
    M LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any-expected.txt
    M LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any.worker-expected.txt
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.cpp
    M Source/WebCore/crypto/algorithms/CryptoAlgorithmX25519.cpp

  Log Message:
  -----------
  The ECDH and X25519 deriveBits returns an empty string when 'length' is 0
https://bugs.webkit.org/show_bug.cgi?id=276916
radar://132761687

Reviewed by Matthew Finkel.

The WebCrypto API spec's draft states that the ECDH's deriveBits should
handle a zero length as any regular number, only throwing an exception
in case of 'null'. The same is stated in the Secure Curves specification
draft for the X25519 algorithm.

We were not supporting 'null' value before, but since r281240 the 'length'
parameter is defined as optional, with 'null' as default value. Hence
in case of a zero length the derived bits are truncated so that the
operation returns an empty string.

* LayoutTests/crypto/subtle/ecdh-derive-bits-length-limits-expected.txt:
* LayoutTests/crypto/subtle/ecdh-derive-bits-length-limits.html:
* LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any-expected.txt:
* LayoutTests/imported/w3c/web-platform-tests/WebCryptoAPI/derive_bits_keys/derived_bits_length.https.any.worker-expected.txt:
* Source/WebCore/crypto/algorithms/CryptoAlgorithmECDH.cpp:
(WebCore::CryptoAlgorithmECDH::deriveBits):
* Source/WebCore/crypto/algorithms/CryptoAlgorithmX25519.cpp:
(WebCore::CryptoAlgorithmX25519::deriveBits):

Originally-landed-as: 285383 at main (0b46039641c2). https://bugs.webkit.org/show_bug.cgi?id=276916
Canonical link: https://commits.webkit.org/285789@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list