[Webkit-unassigned] [Bug 207176] [OpenSSL] Implement WebCrypto APIs for AES family except AES-KW

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Feb 3 22:47:26 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=207176

--- Comment #7 from Yoshiaki Jitsukawa <yoshiaki.jitsukawa at sony.com> ---
Comment on attachment 389622
  --> https://bugs.webkit.org/attachment.cgi?id=389622
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=389622&action=review

> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_CFBOpenSSL.cpp:33
> +#include <openssl/aes.h>

Probably we shouldn't include low level header "aes.h".

> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_CTROpenSSL.cpp:33
> +#include <openssl/aes.h>

Probably we shouldn't include low level header "aes.h".

> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_CTROpenSSL.cpp:75
> +    size_t blocks = inputText.size() / EVP_MAX_IV_LENGTH + 1;

It's unclear to me why EVP_MAX_IV_LENGTH should be used. Shouldn't this be replaced with the block size from EVP_CIPHER_block_size()?

Also It seems that blocks is the number of padded cipher blocks thus it will differ depends on the operation mode.

> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_CTROpenSSL.cpp:78
> +    if (counterLength < EVP_MAX_KEY_LENGTH && blocks > (int)(1 << counterLength))

counterLength may be more than 64 so the bit shift may result in an overflow. EVP_MAX_KEY_LENGTH is 64 bytes so it doesn't make sense to compare counterLength (in bits) with EVP_MAX_KEY_LENGTH (in bytes).

> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_CTROpenSSL.cpp:83
> +    size_t counts = bigIntegerToSizeT(counter);

counts may be more than 2^64.

> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_CTROpenSSL.cpp:157
> +    auto output = crypt(AES_ENCRYPT, key.key(), parameters.counterVector(), parameters.length, plainText);

According to the document, EVP_CipherInit_ex() takes 1 for encryption and 0 for decryption for the last parameter so AES_ENCRYPT/AES_DECRYPT shouldn't appear hear. Instead, how about passing crypt() to a boolean parameter and give 1 or 0 to EVP_CipherInit_ex().

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200204/e167e602/attachment.htm>

More information about the webkit-unassigned mailing list