Commit b71b45b4 authored by abarth@webkit.org's avatar abarth@webkit.org

crypto.getRandomValues should throw an exception when given a big array

https://bugs.webkit.org/show_bug.cgi?id=95269

Reviewed by Eric Seidel.

Source/WebCore:

The W3C Web Cryptography Working Group has taken up specifying
window.crypto. The latest draft calls for getRandomValues to throw an
exception when given an array that's large.

Test: security/crypto-random-values-limits.html

* page/Crypto.cpp:
(WebCore::Crypto::getRandomValues):

LayoutTests:

* security/crypto-random-values-limits-expected.txt: Added.
* security/crypto-random-values-limits.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@126953 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 62a8781b
2012-08-28 Adam Barth <abarth@webkit.org>
crypto.getRandomValues should throw an exception when given a big array
https://bugs.webkit.org/show_bug.cgi?id=95269
Reviewed by Eric Seidel.
* security/crypto-random-values-limits-expected.txt: Added.
* security/crypto-random-values-limits.html: Added.
2012-08-28 Tom Sepez <tsepez@chromium.org>
CSP doesn't turn off eval, etc. in Web Workers
Tests the limits of crypto.randomValues.
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
PASS 'crypto' in window is true
PASS 'getRandomValues' in window.crypto is true
PASS crypto.getRandomValues(largeArray) threw exception Error: QUOTA_EXCEEDED_ERR: DOM Exception 22.
PASS successfullyParsed is true
TEST COMPLETE
<!DOCTYPE html>
<html>
<head>
<script src="../fast/js/resources/js-test-pre.js"></script>
<script src="resources/utilities.js"></script>
</head>
<body>
<p id="description"></p>
<div id="console"></div>
<script>
description("Tests the limits of crypto.randomValues.");
if (!window.ArrayBuffer)
debug("This test requres ArrayBuffers to run!");
shouldBe("'crypto' in window", "true");
shouldBe("'getRandomValues' in window.crypto", "true");
try {
var largeArray = new Uint8Array(66000);
shouldThrow("crypto.getRandomValues(largeArray)");
} catch(ex) {
debug(ex);
}
</script>
<script src="../fast/js/resources/js-test-post.js"></script>
</body>
</html>
2012-08-28 Adam Barth <abarth@webkit.org>
crypto.getRandomValues should throw an exception when given a big array
https://bugs.webkit.org/show_bug.cgi?id=95269
Reviewed by Eric Seidel.
The W3C Web Cryptography Working Group has taken up specifying
window.crypto. The latest draft calls for getRandomValues to throw an
exception when given an array that's large.
Test: security/crypto-random-values-limits.html
* page/Crypto.cpp:
(WebCore::Crypto::getRandomValues):
2012-08-28 Tom Sepez <tsepez@chromium.org>
CSP doesn't turn off eval, etc. in Web Workers
......@@ -63,6 +63,10 @@ void Crypto::getRandomValues(ArrayBufferView* array, ExceptionCode& ec)
ec = TYPE_MISMATCH_ERR;
return;
}
if (array->byteLength() > 65536) {
ec = QUOTA_EXCEEDED_ERR;
return;
}
cryptographicallyRandomValues(array->baseAddress(), array->byteLength());
#else
ASSERT_UNUSED(array, array);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment