Closed
Bug 1022343
Opened 11 years ago
Closed 10 years ago
Use the hash function's block size as the default length when generating keys
Categories
(Core :: DOM: Security, defect)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
mozilla33
People
(Reporter: ttaubert, Assigned: ttaubert)
References
Details
Attachments
(1 file)
|
(deleted),
patch
|
rbarnes
:
review+
|
Details | Diff | Splinter Review |
Bug 1020882 added default values for key lengths when generating HMAC keys. Unfortunately I got that wrong and used the hash's output size instead of its block size. Easy to fix.
|
Assignee | |
Comment 1•11 years ago
|
||
Attachment #8436480 -
Flags: review?(rlb)
|
||
Comment 2•10 years ago
|
||
Comment on attachment 8436480 [details] [diff] [review]
0001-Bug-1022343-Use-the-hash-function-s-block-size-as-th.patch
Review of attachment 8436480 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/crypto/WebCryptoTask.cpp
@@ +1038,5 @@
>
> if (params.mLength.WasPassed()) {
> mLength = params.mLength.Value();
> } else {
> KeyAlgorithm hashAlg(global, hashName);
r+ for now so that we get the lengths right. But please replace this with MapAlgorithmNameToMechanism as soon as that's available.
Attachment #8436480 -
Flags: review?(rlb) → review+
|
|
Assignee | |
Comment 3•10 years ago
|
||
|
|
Assignee | |
Comment 4•10 years ago
|
||
Richard, do you think we should request an Aurora uplift given that we ship with wrong default key lengths in Firefox 32? There probably are no consumers so it shouldn't really be a big deal yet.
Flags: needinfo?(rlb)
|
||
Comment 5•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla33
|
|
||
Comment 6•10 years ago
|
||
I don't really think this is critical enough to uplift. I'm not really seeing any usage in telemetry.
Flags: needinfo?(rlb)
You need to log in
before you can comment on or make changes to this bug.
Description
•