[Webkit-unassigned] [Bug 207176] [OpenSSL] Implement WebCrypto APIs for AES family except AES-KW

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 4 03:43:38 PST 2020 

https://bugs.webkit.org/show_bug.cgi?id=207176

--- Comment #9 from Tomoki Imai <tomoki.imai at sony.com> ---
Comment on attachment 389617
  --> https://bugs.webkit.org/attachment.cgi?id=389617
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=389617&action=review

>> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_CBCOpenSSL.cpp:59
>> +        return WTF::nullopt;
> 
> In this case we can return early before creating a cipher context.

Thanks, we moved the aesAlgorithm and make an early return if we cannot obtain algorithm.

>> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_CBCOpenSSL.cpp:67
>> +        return WTF::nullopt;
> 
> Shouldn't we clean up "ctx" before leaving the function? We may want to introduce a wrapper class like CairoUniquePtr or something like that.

We definitely should clean up. We introduced OpenSSLCryptoUniquePtr to make sure that we call EVP_CIPHER_CTX_free every branch.

>> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_CFBOpenSSL.cpp:53
>> +    Vector<uint8_t> cipher(plainText.size());
> 
> "cipher" should be renamed to "cipherText" for better consistency?

Thanks, we renamed all "cipher" to "cipherText", and "plain" to "plainText".

>> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_GCMOpenSSL.cpp:50
>> +    if (iv.size() != EVP_MAX_IV_LENGTH)
> 
> Is this intended to be "if (iv.size() > EVP_MAX_IV_LENGTH)" ?

Thanks, good point.
Actually I believe we don't need this check because AES-GCM accepts the initialization vectors of arbitrary length, and EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, ivlen, NULL) doesn't have ivlen limitation for GCM mode.
- https://www.w3.org/TR/WebCryptoAPI/#aes-gcm-params
- https://www.openssl.org/docs/manmaster/man3/EVP_CIPHER_block_size.html

We may want to have LayoutTests to make sure that it works with the arbitrary length IV.

>> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_GCMOpenSSL.cpp:111
>> +    if (iv.size() != EVP_MAX_IV_LENGTH)
> 
> Is this intended to be "if (iv.size() > EVP_MAX_IV_LENGTH)" ?

As described in cryptEncrypt, we believe we don't need this check.

>> Source/WebCore/crypto/openssl/CryptoAlgorithmAES_GCMOpenSSL.cpp:114
>> +    if (cipherText.size() <= tagLength)
> 
> This is already checked in CryptoAlgorithmAES_GCM::decrypt().

Thanks, removed.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200204/cb1c8b08/attachment.htm>

More information about the webkit-unassigned mailing list