[Webkit-unassigned] [Bug 280672] New: [GTK][WebCrypto] Browser crashes on EdDSA verification using small-order point as public key

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 1 04:06:07 PDT 2024 

https://bugs.webkit.org/show_bug.cgi?id=280672

            Bug ID: 280672
           Summary: [GTK][WebCrypto] Browser crashes on EdDSA verification
                    using small-order point as public key
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jfernandez at igalia.com

Created attachment 472748

  --> https://bugs.webkit.org/attachment.cgi?id=472748&action=review

Test case to reproduce the bug

STEPS TO REPRODUCE THE PROBLEM
1- Load the attached test case 

EXPECTED RESULT

The signature shouldn't be verified, since the Ed25519 should reject any small-order point [1], but the import and verify operations should be executed successfully. 

ACTUAL RESULT

The WebProcess crashes showing this in the console:

Ahttp://localhost:8000/eddsa-small-order-point.html:11:20: CONSOLE LOG Import Success !!
Ohhhh jeeee: mulm_25519: different sizes

** (MiniBrowser:357559): WARNING **: 12:55:26.455: WebProcess CRASHED

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20241001/11cc7487/attachment.htm>

More information about the webkit-unassigned mailing list