RESOLVED FIXED 229443
WebCrypto uses deprecated CCKeyDerivationHMac 
https://bugs.webkit.org/show_bug.cgi?id=229443
Summary WebCrypto uses deprecated CCKeyDerivationHMac
Kate Cheney
Reported 2021-08-24 08:06:59 PDT
WebCrypto uses deprecated CCKeyDerivationHMac
Attachments
Patch (6.32 KB, patch)
2021-08-24 08:08 PDT, Kate Cheney 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (6.74 KB, patch)
2021-08-24 08:51 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Patch (6.75 KB, patch)
2021-08-24 11:46 PDT, Kate Cheney 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Kate Cheney
Comment 1 2021-08-24 08:08:53 PDT
Created attachment 436287 [details] Patch
Kate Cheney
Comment 2 2021-08-24 08:09:26 PDT
rdar://48896021
Kate Cheney
Comment 3 2021-08-24 08:51:38 PDT
Created attachment 436291 [details] Patch
Brent Fulgham
Comment 4 2021-08-24 11:21:04 PDT
Comment on attachment 436291 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=436291&action=review r=me > Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp:119 > + return rv; Does an unsuccessful call to CCKDFParametersCreateHkdf guarantee that the params are properly cleaned up? > Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp:133 > + if (keyDerivationHMAC(digestAlgorithm, key, keySize, info, infoSize, salt, saltSize, result.data(), result.size())) Should this be a check for != kCCSuccess?
Kate Cheney
Comment 5 2021-08-24 11:39:25 PDT
(In reply to Brent Fulgham from comment #4) > Comment on attachment 436291 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=436291&action=review > > r=me > > > Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp:119 > > + return rv; > > Does an unsuccessful call to CCKDFParametersCreateHkdf guarantee that the > params are properly cleaned up? > Yes, params are not set in CCKDFParametersCreateHkdf unless it is returning kCCSuccess. > > Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp:133 > > + if (keyDerivationHMAC(digestAlgorithm, key, keySize, info, infoSize, salt, saltSize, result.data(), result.size())) > > Should this be a check for != kCCSuccess? Yes, probably easier to read that way. I'll fix before landing. Thanks for the review!
Kate Cheney
Comment 6 2021-08-24 11:46:08 PDT
Created attachment 436314 [details] Patch
EWS
Comment 7 2021-08-25 06:50:12 PDT
Committed r281554 (240921@main): <https://commits.webkit.org/240921@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 436314 [details].
Note You need to log in before you can comment on or make changes to this bug.