diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-04-05 14:08:31 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2017-04-11 07:46:53 +0000 |
commit | 6a4cabb866f66d4128a97cdc6d9d08ce074f1247 (patch) | |
tree | ab00f70a5e89278d6a0d16ff0c42578dc4d84a2d /chromium/components/webcrypto | |
parent | e733310db58160074f574c429d48f8308c0afe17 (diff) | |
download | qtwebengine-chromium-6a4cabb866f66d4128a97cdc6d9d08ce074f1247.tar.gz |
BASELINE: Update Chromium to 57.0.2987.144
Change-Id: I29db402ff696c71a04c4dbaec822c2e53efe0267
Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
Diffstat (limited to 'chromium/components/webcrypto')
12 files changed, 48 insertions, 6 deletions
diff --git a/chromium/components/webcrypto/algorithm_dispatch.h b/chromium/components/webcrypto/algorithm_dispatch.h index 2c2c72f97c0..815587f46f9 100644 --- a/chromium/components/webcrypto/algorithm_dispatch.h +++ b/chromium/components/webcrypto/algorithm_dispatch.h @@ -14,7 +14,6 @@ namespace webcrypto { -class AlgorithmImplementation; class CryptoData; class GenerateKeyResult; class Status; diff --git a/chromium/components/webcrypto/algorithm_implementation.h b/chromium/components/webcrypto/algorithm_implementation.h index b6461dcf4be..1489c5374d1 100644 --- a/chromium/components/webcrypto/algorithm_implementation.h +++ b/chromium/components/webcrypto/algorithm_implementation.h @@ -159,6 +159,7 @@ class AlgorithmImplementation { // * Use a stable format (a serialized key must forever be de-serializable, // and be able to survive future migrations to crypto libraries) // * Work for all keys (including ones marked as non-extractable). + // * Gracefully handle invalid inputs // // Tests to verify structured cloning are available in: // LayoutTests/crypto/clone-*.html @@ -168,6 +169,25 @@ class AlgorithmImplementation { Status SerializeKeyForClone(const blink::WebCryptoKey& key, blink::WebVector<uint8_t>* key_data) const; + // Deserializes key data from Blink (used for structured cloning). + // + // The inputs to this function originate from Blink, and may not be + // consistent or valid. Implementations must return a failure when processing + // invalid or adversarially constructed inputs. + // + // The ONLY guarantee implementations can assume is that |algorithm.id()| + // corresponds with that which the AlgorithmImplementation was registered + // under. + // + // Implementations must be prepared to handle: + // + // * |type| being invalid for this algorithm's key type(s) + // * |algorithm.params()| being inconsistent with the |algorithm.id()| + // * |usages| being inconsistent with the key type + // * |extractable| being inconsistent with the key type + // * |key_data| containing an incorrect serialized format + // * Backwards-compatibility: the inputs may have been produced by older + // versions of the code. virtual Status DeserializeKeyForClone( const blink::WebCryptoKeyAlgorithm& algorithm, blink::WebCryptoKeyType type, diff --git a/chromium/components/webcrypto/algorithms/aes.cc b/chromium/components/webcrypto/algorithms/aes.cc index f46ea15a119..1a21dc5ca1a 100644 --- a/chromium/components/webcrypto/algorithms/aes.cc +++ b/chromium/components/webcrypto/algorithms/aes.cc @@ -199,6 +199,10 @@ Status AesAlgorithm::DeserializeKeyForClone( blink::WebCryptoKeyUsageMask usages, const CryptoData& key_data, blink::WebCryptoKey* key) const { + if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeAes || + type != blink::WebCryptoKeyTypeSecret) + return Status::ErrorUnexpected(); + return ImportKeyRaw(key_data, SynthesizeImportAlgorithmForClone(algorithm), extractable, usages, key); } diff --git a/chromium/components/webcrypto/algorithms/aes_cbc.cc b/chromium/components/webcrypto/algorithms/aes_cbc.cc index c9e941aa7ee..678aa5ac2ce 100644 --- a/chromium/components/webcrypto/algorithms/aes_cbc.cc +++ b/chromium/components/webcrypto/algorithms/aes_cbc.cc @@ -1,3 +1,4 @@ + // Copyright 2014 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -55,7 +56,8 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt cipher_operation, if (!output_max_len.IsValid()) return Status::ErrorDataTooLarge(); - const unsigned remainder = output_max_len.ValueOrDie() % AES_BLOCK_SIZE; + const unsigned remainder = + base::ValueOrDieForType<unsigned>(output_max_len % AES_BLOCK_SIZE); if (remainder != 0) output_max_len += AES_BLOCK_SIZE - remainder; if (!output_max_len.IsValid()) @@ -71,7 +73,7 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt cipher_operation, return Status::OperationError(); } - buffer->resize(output_max_len.ValueOrDie()); + buffer->resize(base::ValueOrDieForType<size_t>(output_max_len)); int output_len = 0; if (!EVP_CipherUpdate(context.get(), buffer->data(), &output_len, diff --git a/chromium/components/webcrypto/algorithms/aes_ctr.cc b/chromium/components/webcrypto/algorithms/aes_ctr.cc index dd7f012f254..3525c5ff37d 100644 --- a/chromium/components/webcrypto/algorithms/aes_ctr.cc +++ b/chromium/components/webcrypto/algorithms/aes_ctr.cc @@ -166,7 +166,7 @@ Status AesCtrEncryptDecrypt(const blink::WebCryptoAlgorithm& algorithm, return Status::ErrorUnexpected(); const CryptoData counter_block(params->counter()); - buffer->resize(output_max_len.ValueOrDie()); + buffer->resize(base::ValueOrDieForType<size_t>(output_max_len)); // The total number of possible counter values is pow(2, counter_length_bits) bssl::UniquePtr<BIGNUM> num_counter_values(BN_new()); diff --git a/chromium/components/webcrypto/algorithms/ec.cc b/chromium/components/webcrypto/algorithms/ec.cc index 1436ad19b57..2a6d312de3a 100644 --- a/chromium/components/webcrypto/algorithms/ec.cc +++ b/chromium/components/webcrypto/algorithms/ec.cc @@ -656,6 +656,9 @@ Status EcAlgorithm::DeserializeKeyForClone( blink::WebCryptoKeyUsageMask usages, const CryptoData& key_data, blink::WebCryptoKey* key) const { + if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeEc) + return Status::ErrorUnexpected(); + blink::WebCryptoAlgorithm import_algorithm = SynthesizeImportAlgorithmForClone(algorithm); diff --git a/chromium/components/webcrypto/algorithms/hkdf.cc b/chromium/components/webcrypto/algorithms/hkdf.cc index 90a204513d3..f5ac563e3db 100644 --- a/chromium/components/webcrypto/algorithms/hkdf.cc +++ b/chromium/components/webcrypto/algorithms/hkdf.cc @@ -105,6 +105,10 @@ class HkdfImplementation : public AlgorithmImplementation { blink::WebCryptoKeyUsageMask usages, const CryptoData& key_data, blink::WebCryptoKey* key) const override { + if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeNone || + type != blink::WebCryptoKeyTypeSecret) + return Status::ErrorUnexpected(); + // NOTE: Unlike ImportKeyRaw(), this does not enforce extractable==false. // This is intentional. Although keys cannot currently be created with // extractable==true, earlier implementations permitted this, so diff --git a/chromium/components/webcrypto/algorithms/hmac.cc b/chromium/components/webcrypto/algorithms/hmac.cc index 05caa7c6c5c..9678654b630 100644 --- a/chromium/components/webcrypto/algorithms/hmac.cc +++ b/chromium/components/webcrypto/algorithms/hmac.cc @@ -291,6 +291,10 @@ class HmacImplementation : public AlgorithmImplementation { blink::WebCryptoKeyUsageMask usages, const CryptoData& key_data, blink::WebCryptoKey* key) const override { + if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeHmac || + type != blink::WebCryptoKeyTypeSecret) + return Status::ErrorUnexpected(); + return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages, key); } diff --git a/chromium/components/webcrypto/algorithms/pbkdf2.cc b/chromium/components/webcrypto/algorithms/pbkdf2.cc index 5e62bc567fc..53e65ce0748 100644 --- a/chromium/components/webcrypto/algorithms/pbkdf2.cc +++ b/chromium/components/webcrypto/algorithms/pbkdf2.cc @@ -110,6 +110,10 @@ class Pbkdf2Implementation : public AlgorithmImplementation { blink::WebCryptoKeyUsageMask usages, const CryptoData& key_data, blink::WebCryptoKey* key) const override { + if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeNone || + type != blink::WebCryptoKeyTypeSecret) + return Status::ErrorUnexpected(); + // NOTE: Unlike ImportKeyRaw(), this does not enforce extractable==false. // This is intentional. Although keys cannot currently be created with // extractable==true, earlier implementations permitted this, so diff --git a/chromium/components/webcrypto/algorithms/rsa.cc b/chromium/components/webcrypto/algorithms/rsa.cc index bd3be5ba159..35053d889c9 100644 --- a/chromium/components/webcrypto/algorithms/rsa.cc +++ b/chromium/components/webcrypto/algorithms/rsa.cc @@ -532,6 +532,9 @@ Status RsaHashedAlgorithm::DeserializeKeyForClone( blink::WebCryptoKeyUsageMask usages, const CryptoData& key_data, blink::WebCryptoKey* key) const { + if (algorithm.paramsType() != blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed) + return Status::ErrorUnexpected(); + blink::WebCryptoAlgorithm import_algorithm = SynthesizeImportAlgorithmForClone(algorithm); diff --git a/chromium/components/webcrypto/algorithms/test_helpers.cc b/chromium/components/webcrypto/algorithms/test_helpers.cc index 8751735496e..8138f0d5493 100644 --- a/chromium/components/webcrypto/algorithms/test_helpers.cc +++ b/chromium/components/webcrypto/algorithms/test_helpers.cc @@ -391,7 +391,7 @@ std::unique_ptr<base::DictionaryValue> GetJwkDictionary( json.size()); std::unique_ptr<base::Value> value = base::JSONReader::Read(json_string); EXPECT_TRUE(value.get()); - EXPECT_TRUE(value->IsType(base::Value::TYPE_DICTIONARY)); + EXPECT_TRUE(value->IsType(base::Value::Type::DICTIONARY)); return std::unique_ptr<base::DictionaryValue>( static_cast<base::DictionaryValue*>(value.release())); diff --git a/chromium/components/webcrypto/algorithms/util.h b/chromium/components/webcrypto/algorithms/util.h index 51ecd66079d..a0342f6fcf4 100644 --- a/chromium/components/webcrypto/algorithms/util.h +++ b/chromium/components/webcrypto/algorithms/util.h @@ -21,7 +21,6 @@ namespace webcrypto { class CryptoData; -class GenerateKeyResult; class Status; // Returns the EVP_MD that corresponds with |hash_algorithm|, or nullptr on |