Remove SHA-224 support from WebCrypto API

RESOLVED FIXED in mozilla32

Status

()

defect
RESOLVED FIXED
5 years ago
3 years ago

People

(Reporter: ttaubert, Assigned: ttaubert)

Tracking

(Blocks 1 bug)

Trunk
mozilla32
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

SHA-224 support has been removed from the spec:

https://dvcs.w3.org/hg/webcrypto-api/rev/3f7df730b2c7
I based this off of bug 1020882.
Assignee: nobody → ttaubert
Status: NEW → ASSIGNED
Attachment #8435657 - Flags: review?(rlb)
Comment on attachment 8435657 [details] [diff] [review]
0002-Bug-1021601-Remove-SHA-224-support-from-WebCrypto-AP.patch

Review of attachment 8435657 [details] [diff] [review]:
-----------------------------------------------------------------

Just to be clear: I'm OK removing this hash function, but it is not true in general that we have to be limited to the algorithms listed in the spec.  If we had some reason to support, say, RIPEMD-160, we should not feel constrained by the fact that it's not in the spec.
Attachment #8435657 - Flags: review?(rlb) → review+
Comment on attachment 8435657 [details] [diff] [review]
0002-Bug-1021601-Remove-SHA-224-support-from-WebCrypto-AP.patch

Review of attachment 8435657 [details] [diff] [review]:
-----------------------------------------------------------------

I couldn't seem to find tests for if webcrypto is given a hash algorithm it doesn't support - we should add some.
(In reply to Richard Barnes [:rbarnes] from comment #2)
> Just to be clear: I'm OK removing this hash function, but it is not true in
> general that we have to be limited to the algorithms listed in the spec.  If
> we had some reason to support, say, RIPEMD-160, we should not feel
> constrained by the fact that it's not in the spec.

Right, I'm not totally familiar with the spec yet, thanks for clarifying!

(In reply to David Keeler (:keeler) [use needinfo?] from comment #3)
> I couldn't seem to find tests for if webcrypto is given a hash algorithm it
> doesn't support - we should add some.

Yes, we should.
(In reply to David Keeler (:keeler) [use needinfo?] from comment #3)
> I couldn't seem to find tests for if webcrypto is given a hash algorithm it
> doesn't support - we should add some.

Actually, bug 1020882 that I just landed contains a test for that.
https://hg.mozilla.org/mozilla-central/rev/3efccd28317b
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla32
Component: Security → DOM: Security
You need to log in before you can comment on or make changes to this bug.