Closed Bug 1074001 Opened 5 years ago Closed 5 years ago

Expose WebCrypto by default in release builds

Categories

(Core :: DOM: Security, defect)

defect
Not set

Tracking

()

RESOLVED FIXED
mozilla35
Tracking Status
firefox32 --- wontfix
firefox33 --- wontfix
firefox34 + fixed
firefox35 --- fixed
b2g-v2.1 --- fixed
b2g-v2.2 --- fixed
relnote-firefox --- 34+

People

(Reporter: rbarnes, Assigned: rbarnes)

References

(Blocks 1 open bug)

Details

(Keywords: dev-doc-needed)

Attachments

(1 file)

With Bug 1037892, our WebCrypto implementation has been brought into compliance with the latest spec.  We should expose it by default in release, without requiring users to enable it with a pref.
Blocks: web-crypto
Depends on: 1037892
Summary: Expose WebCrypto by default (remove pref dom.webcrypto.enabled) → Expose WebCrypto by default in release builds
Attachment #8496624 - Flags: review?(bzbarsky)
Is there a spec test suite?  If so, how are we doing on it?

Are we OK with shipping this before fixing bug 1001691?
Flags: needinfo?(rlb)
There is not yet a spec test suite.

Bug 1001691 I'm not super worried about.  I am adding bug 1064320 as a blocker, though.
Depends on: 1064320
Flags: needinfo?(rlb)
> There is not yet a spec test suite.

OK.  How sure are we that what we have matches the spec, then, and what are we basing that judgment on?

What's our plan with making sure we keep up with the moving target here, given that this spec is clearly not very stable?
(In reply to Boris Zbarsky [:bz] from comment #4)
> > There is not yet a spec test suite.
> 
> OK.  How sure are we that what we have matches the spec, then, and what are
> we basing that judgment on?

I did a pretty thorough review of the spec, and updated the implementation accordingly in bug 1037892.  It might be good for someone else to check my work, but I have moderate-to-high confidence that it's right.  As Tim pointed out in our intent-to-ship message, we're more in compliance than the current Chromium implementation.


> What's our plan with making sure we keep up with the moving target here,
> given that this spec is clearly not very stable?

I'm actively participating in the working group, and tracking changes.
Comment on attachment 8496624 [details] [diff] [review]
bug-1074001.patch

Alright.  r=me
Attachment #8496624 - Flags: review?(bzbarsky) → review+
Release Note Request (optional, but appreciated)
[Why is this notable]: New interesting web-facing functionality.
[Suggested wording]: Firefox now supports the Web Cryptography API.
[Links (documentation, blog post, etc)]: ???
relnote-firefox: --- → ?
Comment on attachment 8496624 [details] [diff] [review]
bug-1074001.patch

Approval Request Comment

[Feature/regressing bug #]: WebCrypto

[User impact if declined]: Users will still have to enable WebCrypto with a pref in release builds.

[Describe test coverage new/current, TBPL]: Mochitests under dom/crypto/test

[Risks and why]: Low risk.  API has been exposed since 32 (by default in Nightly/Aurora/Beta, with pref in release)

[String/UUID change made/needed]: none
Attachment #8496624 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/07c5c1a301d2
Assignee: nobody → rlb
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla35
Comment on attachment 8496624 [details] [diff] [review]
bug-1074001.patch

Aurora+

Nice to ship this in 34.
Attachment #8496624 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Richard, for the 33 release, I planned to add 
WebCrypto: RSA-OAEP, PBKDF2 and AES-KW support
&
WebCrypto: wrapKey and unwrapKey implemented

in the release notes. Are they accessible by default or are they behind a pref? Thanks
Flags: needinfo?(rlb)
bz confirmed that they are disabled by default.
Flags: needinfo?(rlb)
You need to log in before you can comment on or make changes to this bug.