[webkit-reviews] review granted: [Bug 192061] [WebAuthN] Change the nonce in the CTAP kInit command to weak random values : [Attachment 358844] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 10 15:43:16 PST 2019
Chris Dumez <cdumez at apple.com> has granted Jiewen Tan <jiewen_tan at apple.com>'s
request for review:
Bug 192061: [WebAuthN] Change the nonce in the CTAP kInit command to weak
random values
https://bugs.webkit.org/show_bug.cgi?id=192061
Attachment 358844: Patch
https://bugs.webkit.org/attachment.cgi?id=358844&action=review
--- Comment #41 from Chris Dumez <cdumez at apple.com> ---
Comment on attachment 358844
--> https://bugs.webkit.org/attachment.cgi?id=358844
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=358844&action=review
> Source/WebKit/UIProcess/WebAuthentication/fido/CtapHidDriver.cpp:152
> + ASSERT(!(kHidInitNonceLength % sizeof(uint32_t)));
To be safe, I'd do:
ASSERT(steps >= 1);
More information about the webkit-reviews
mailing list