Closed Bug 1088042 Opened 10 years ago Closed 10 years ago

"JWK export of a symmetric key" test uses a malformed JsonWebKey object

Categories

(Core :: DOM: Security, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla36

People

(Reporter: ggp, Assigned: ggp)

References

Details

Attachments

(1 file, 1 obsolete file)

It's missing the required kty field. This caused the binding layer to reject the object [1] when importing the key, and |mDataIsJwk| to be used uninitialized later in ImportSymmetricKeyTask::BeforeCrypto.

1- http://dxr.mozilla.org/mozilla-central/source/dom/crypto/WebCryptoTask.cpp#1282
This patch properly initializes mDataIsJwk and fixes the JsonWebKey object. However,
a proper solution to this probably involves propagating the error from the binding
layer instead of swallowing it inside SetKeyData.
This updated version will also abort early when SetKeyData fails in the constructors
for Import*KeyTask.

Since SetKeyData(const CryptoBuffer &) was already setting mEarlyRv implicitly through
SetJwkFromKeyData, I made SetKeyData(JSContext*, JSHandle<JSObject*>) also set mEarlyRv
and the ctors return early when it indicates failure.
Attachment #8510318 - Attachment is obsolete: true
Attachment #8510391 - Flags: review?(rlb)
Blocks: 762448
Attachment #8510391 - Flags: review?(rlb) → review+
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/299ebc930b9c
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: