229443 – WebCrypto uses deprecated CCKeyDerivationHMac

Bug 229443 - WebCrypto uses deprecated CCKeyDerivationHMac

Summary: WebCrypto uses deprecated CCKeyDerivationHMac

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Kate Cheney

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2021-08-24 08:06 PDT by Kate Cheney
Modified:	2021-08-25 06:50 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (6.32 KB, patch) 2021-08-24 08:08 PDT, Kate Cheney	ews-feeder: commit-queue-	Details \| Formatted Diff \| Diff
Patch (6.74 KB, patch) 2021-08-24 08:51 PDT, Kate Cheney	no flags	Details \| Formatted Diff \| Diff
Patch (6.75 KB, patch) 2021-08-24 11:46 PDT, Kate Cheney	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kate Cheney 2021-08-24 08:06:59 PDT

WebCrypto uses deprecated CCKeyDerivationHMac

Comment 1 Kate Cheney 2021-08-24 08:08:53 PDT

Created attachment 436287 [details]
Patch

Comment 2 Kate Cheney 2021-08-24 08:09:26 PDT

rdar://48896021

Comment 3 Kate Cheney 2021-08-24 08:51:38 PDT

Created attachment 436291 [details]
Patch

Comment 4 Brent Fulgham 2021-08-24 11:21:04 PDT

Comment on attachment 436291 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=436291&action=review

r=me

> Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp:119
> +        return rv;

Does an unsuccessful call to CCKDFParametersCreateHkdf guarantee that the params are properly cleaned up?

> Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp:133
> +    if (keyDerivationHMAC(digestAlgorithm, key, keySize, info, infoSize, salt, saltSize, result.data(), result.size()))

Should this be a check for != kCCSuccess?

Comment 5 Kate Cheney 2021-08-24 11:39:25 PDT

(In reply to Brent Fulgham from comment #4)
> Comment on attachment 436291 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=436291&action=review
> 
> r=me
> 
> > Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp:119
> > +        return rv;
> 
> Does an unsuccessful call to CCKDFParametersCreateHkdf guarantee that the
> params are properly cleaned up?
> 

Yes, params are not set in CCKDFParametersCreateHkdf unless it is returning kCCSuccess.

> > Source/WebCore/crypto/mac/CryptoUtilitiesCocoa.cpp:133
> > +    if (keyDerivationHMAC(digestAlgorithm, key, keySize, info, infoSize, salt, saltSize, result.data(), result.size()))
> 
> Should this be a check for != kCCSuccess?

Yes, probably easier to read that way. I'll fix before landing.

Thanks for the review!

Comment 6 Kate Cheney 2021-08-24 11:46:08 PDT

Created attachment 436314 [details]
Patch

Comment 7 EWS 2021-08-25 06:50:12 PDT

Committed r281554 (240921@main): <https://commits.webkit.org/240921@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 436314 [details].