Closed Bug 1021601 Opened 10 years ago Closed 10 years ago

Remove SHA-224 support from WebCrypto API

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla32

People

(Reporter: ttaubert, Assigned: ttaubert)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

0002-Bug-1021601-Remove-SHA-224-support-from-WebCrypto-AP.patch
(deleted), patch
rbarnes
: review+
Details | Diff | Splinter Review 
SHA-224 support has been removed from the spec:

https://dvcs.w3.org/hg/webcrypto-api/rev/3f7df730b2c7
I based this off of bug 1020882.
Assignee: nobody → ttaubert
Status: NEW → ASSIGNED
Attachment #8435657 - Flags: review?(rlb)
Comment on attachment 8435657 [details] [diff] [review]
0002-Bug-1021601-Remove-SHA-224-support-from-WebCrypto-AP.patch

Review of attachment 8435657 [details] [diff] [review]:
-----------------------------------------------------------------

Just to be clear: I'm OK removing this hash function, but it is not true in general that we have to be limited to the algorithms listed in the spec.  If we had some reason to support, say, RIPEMD-160, we should not feel constrained by the fact that it's not in the spec.
Attachment #8435657 - Flags: review?(rlb) → review+
Comment on attachment 8435657 [details] [diff] [review]
0002-Bug-1021601-Remove-SHA-224-support-from-WebCrypto-AP.patch

Review of attachment 8435657 [details] [diff] [review]:
-----------------------------------------------------------------

I couldn't seem to find tests for if webcrypto is given a hash algorithm it doesn't support - we should add some.
(In reply to Richard Barnes [:rbarnes] from comment #2)
> Just to be clear: I'm OK removing this hash function, but it is not true in
> general that we have to be limited to the algorithms listed in the spec.  If
> we had some reason to support, say, RIPEMD-160, we should not feel
> constrained by the fact that it's not in the spec.

Right, I'm not totally familiar with the spec yet, thanks for clarifying!

(In reply to David Keeler (:keeler) [use needinfo?] from comment #3)
> I couldn't seem to find tests for if webcrypto is given a hash algorithm it
> doesn't support - we should add some.

Yes, we should.
(In reply to David Keeler (:keeler) [use needinfo?] from comment #3)
> I couldn't seem to find tests for if webcrypto is given a hash algorithm it
> doesn't support - we should add some.

Actually, bug 1020882 that I just landed contains a test for that.
https://hg.mozilla.org/mozilla-central/rev/3efccd28317b
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Component: Security → DOM: Security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: