+2017-04-24 Jiewen Tan <jiewen_tan@apple.com>
+
+ LayoutTests crypto/subtle/ecdsa-generate-key-sign-verify-p384.html and crypto/subtle/ecdsa-generate-key-sign-verify-p256.html are flaky failures
+ https://bugs.webkit.org/show_bug.cgi?id=171059
+ <rdar://problem/31734958>
+
+ Reviewed by Brent Fulgham.
+
+ * TestExpectations:
+ Remove test expectations.
+
2017-04-24 Manuel Rego Casasnovas <rego@igalia.com>
[selectors4] :focus-within should use the flat tree
+2017-04-24 Jiewen Tan <jiewen_tan@apple.com>
+
+ LayoutTests crypto/subtle/ecdsa-generate-key-sign-verify-p384.html and crypto/subtle/ecdsa-generate-key-sign-verify-p256.html are flaky failures
+ https://bugs.webkit.org/show_bug.cgi?id=171059
+ <rdar://problem/31734958>
+
+ Reviewed by Brent Fulgham.
+
+ Covered by existing tests.
+
+ * crypto/mac/CryptoAlgorithmECDSAMac.cpp:
+ (WebCore::signECDSA):
+ Enhance ways to convert the DER signatures produced from CommonCrypto to r||s.
+
2017-04-24 Manuel Rego Casasnovas <rego@igalia.com>
[selectors4] :focus-within should use the flat tree
// convert the DER binary into r + s
Vector<uint8_t> newSignature;
newSignature.reserveCapacity(keyLengthInBytes * 2);
- size_t offset = 4;
- if (signature[offset] == InitialOctet)
- offset += 1;
- ASSERT_WITH_SECURITY_IMPLICATION(signature.size() > offset + keyLengthInBytes);
- newSignature.append(signature.data() + offset, keyLengthInBytes);
- offset += keyLengthInBytes + 2;
- if (signature[offset] == InitialOctet)
- offset += 1;
- ASSERT_WITH_SECURITY_IMPLICATION(signature.size() >= offset + keyLengthInBytes);
- newSignature.append(signature.data() + offset, keyLengthInBytes);
+ size_t offset = 3; // skip tag, length, tag
+
+ // If r < keyLengthInBytes, fill the head of r with 0s.
+ size_t bytesToCopy = keyLengthInBytes;
+ if (signature[offset] < keyLengthInBytes) {
+ newSignature.resize(keyLengthInBytes - signature[offset]);
+ memset(newSignature.data(), InitialOctet, keyLengthInBytes - signature[offset]);
+ bytesToCopy = signature[offset];
+ } else if (signature[offset] > keyLengthInBytes) // Otherwise skip the leading 0s of r.
+ offset += signature[offset] - keyLengthInBytes;
+ offset++; // skip length
+ ASSERT_WITH_SECURITY_IMPLICATION(signature.size() > offset + bytesToCopy);
+ newSignature.append(signature.data() + offset, bytesToCopy);
+ offset += bytesToCopy + 1; // skip r, tag
+
+ // If s < keyLengthInBytes, fill the head of s with 0s.
+ bytesToCopy = keyLengthInBytes;
+ if (signature[offset] < keyLengthInBytes) {
+ size_t pos = newSignature.size();
+ newSignature.resize(pos + keyLengthInBytes - signature[offset]);
+ memset(newSignature.data() + pos, InitialOctet, keyLengthInBytes - signature[offset]);
+ bytesToCopy = signature[offset];
+ } else if (signature[offset] > keyLengthInBytes) // Otherwise skip the leading 0s of s.
+ offset += signature[offset] - keyLengthInBytes;
+ offset++; // skip length
+ ASSERT_WITH_SECURITY_IMPLICATION(signature.size() >= offset + bytesToCopy);
+ newSignature.append(signature.data() + offset, bytesToCopy);
return WTFMove(newSignature);
}