Closed Bug 356713 Opened 13 years ago Closed 9 years ago

SHA224 hash / hmac algorithm not supported

Categories

(NSS :: Libraries, enhancement)

3.11.3
enhancement
Not set

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: bradh, Assigned: elio.maldonado.batiz)

Details

Attachments

(6 files, 3 obsolete files)

User-Agent:       Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.4 (like Gecko)
Build Identifier: Not applicable

The SHA224 hash algorithm is not supported by NSS.

The details for this algorithm are provided in http://www.ietf.org/rfc/rfc3874.txt

Known answer test vectors are provided for HMAC (including SHA224) in 
http://www.ietf.org/rfc/rfc4231.txt

Reproducible: Always

Steps to Reproduce:
Not applicable - wishlist.
Actual Results:  
Not applicable - wishlist.

Expected Results:  
Not applicable - wishlist
Brad, where would you have NSS use SHA224?
What standardized protocol would use it?
SSL?  TLS?  S/MIME?  Cert signatures?

What product or service would mozilla be better able to interoperate with
if this was offered?
Version: unspecified → 3.11.3
SHA224 is required for some XML security (XMLSEC) implementations (see RFC4051 and http://www.aleksey.com/xmlsec/xmldsig.html)

It is expected to be required for some emerging PKIX implementations (http://tools.ietf.org/html/draft-ietf-pkix-ecc-pkalgs-03).

It may also be used in the future version of openpgp, but I don't think that this is an important interop issue for NSS.

There are other potential uses too (e.g. DNS TSIG - http://tools.ietf.org/html/rfc4635). It is a general purpose algorithm that is likely to be required everywhere SHA256, SHA384 or SHA512 are required. 
Status: UNCONFIRMED → NEW
Ever confirmed: true
(In reply to comment #1)
> Brad, where would you have NSS use SHA224?
> What standardized protocol would use it?
> SSL?  TLS?  S/MIME?  Cert signatures?
> 
> What product or service would mozilla be better able to interoperate with
> if this was offered?

for example rpm. for signing packages is used GnuPG. GnuPG supports all SHA-2 hash algorithms including SHA224.
when you set in gpg.conf as default digest algorithm H11 (SHA224), rpm is signed, but rpm validation is not passed, as rpm relies on nss (fips certification). and because fips pub 180-3 covers SHA224 in secure hash standard, answer 'don't use SHA224 for signatures' is not correct
This adds the OID for SHA-224.
Attachment #456718 - Flags: review?
Attachment #456718 - Attachment is patch: true
Comment on attachment 456718 [details] [diff] [review]
nss-sha224-oid.diff (checked in)

r=wtc.  Thanks for the patch.  I verified that there is no other
missing SHA-224 OID.
Attachment #456718 - Flags: review? → review+
Comment on attachment 456718 [details] [diff] [review]
nss-sha224-oid.diff (checked in)

I checked in the patch on the NSS trunk (NSS 3.13).

Checking in secoid.c;
/cvsroot/mozilla/security/nss/lib/util/secoid.c,v  <--  secoid.c
new revision: 1.59; previous revision: 1.58
done
Checking in secoidt.h;
/cvsroot/mozilla/security/nss/lib/util/secoidt.h,v  <--  secoidt.h
new revision: 1.32; previous revision: 1.31
done
Attachment #456718 - Attachment description: nss-sha224-oid.diff → nss-sha224-oid.diff (checked in)
Attached patch sha-224 implementention WIP (obsolete) — Splinter Review
This is still work in progress but I thought wise to get some early feedback. Testing has been so far limited to the self tests. I may not have much time to work in it until after August.
Attachment #461432 - Flags: review?(wtc)
Assignee: nobody → emaldona
Comment on attachment 461432 [details] [diff] [review]
sha-224 implementention WIP

Elio, thanks for the patch.  I hope you can finish this
patch soon because it's not hard to implement SHA-224
when SHA-256 is already implemented.

Your patch has three serious bugs, all simple to fix.

1. You need to add an entry to the SECRawHashObjects array
in mozilla/security/nss/lib/freebl/rawhash.c.  (See
IMPORTANT NOTE below before you add this entry.)  I believe
this missing entry is why HMAC-SHA-224 and RSA-SHA-224
don't work yet.

2. In mozilla/security/nss/lib/freebl/hasht.h, you have:

>@@ -51,9 +51,10 @@ typedef enum {
>     HASH_AlgMD2    = 1,
>     HASH_AlgMD5    = 2,
>     HASH_AlgSHA1   = 3,
>-    HASH_AlgSHA256 = 4,
>-    HASH_AlgSHA384 = 5,
>-    HASH_AlgSHA512 = 6,
>+    HASH_AlgSHA224 = 4,
>+    HASH_AlgSHA256 = 5,
>+    HASH_AlgSHA384 = 6,
>+    HASH_AlgSHA512 = 7,
>     HASH_AlgTOTAL
> } HASH_HashType;

Since hasht.h is a public header (listed in EXPORTS in
the manifest.mn file):
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/freebl/manifest.mn&rev=1.59&mark=83,87#81

you cannot change the values of enum constants in it.
(We added the = 1, = 2, etc. to make it clear when you
change their values.)  So HASH_AlgSHA224 must be added
last, with value 7.

IMPORTANT NOTE: the SECRawHashObjects array in rawhash.c
and the SECHashObjects array in sechash.c must match this
order.  So you need to move your new SHA-224 array entry
in sechash.c to the end of the array.

3. SHA224_Hash is wrong.  See my comment marked with "BUG"
below.

Minor issues:

In mozilla/security/nss/lib/freebl/ldvector.c:

>-    MGF1
>+    MGF1,
> 
>     /* End of Version 3.012 */
>+
>+    SHA224_NewContext,
...
>+    SHA224_Clone,
>+
>+    /* End of Version 3.013 */
> };

Do not add "Version 3.013".  Simply move "Version 3.012"
to the end of this list, because 3.012 (version of the
FREEBL vector, not to be confused with the NSS or Softoken
version) hasn't been released yet.

Please fix a similar issue in mozilla/security/nss/lib/freebl/loader.h.

In mozilla/security/nss/lib/freebl/loader.c:

>+/* ============== New for 3.013 =============================== */

Delete this.  (See above.)

>+void
>+SHA224_DestroyContext(SHA224Context *cx, PRBool freeit)
>+{
>+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
>+      return ;
>+  (vector->p_SHA224_DestroyContext)(cx, freeit);
>+}

Delete the space in "return ;".  Please fix the same
issue in SHA224_Begin, SHA224_Update, SHA224_End, and
SHA224_TraceState below.

In mozilla/security/nss/lib/freebl/nsslowhash.c:

>+    /* SHA-224 Known Digest Message (256-bits). */

256-bits => 224-bits

In mozilla/security/nss/lib/freebl/sha512.c:

>+SECStatus 
>+SHA224_HashBuf(unsigned char *dest, const unsigned char *src,
>+               uint32 src_length)
>+{
>+    SHA256Context ctx;
>+    unsigned int outLen;
>+
>+    SHA224_Begin(&ctx);
>+    SHA256_Update(&ctx, src, src_length);
>+    SHA224_End(&ctx, dest, &outLen, SHA224_LENGTH);
>+
>+    return SECSuccess;
>+}

I believe we can use SHA256_End instead of SHA224_End.
(Saves one function call.)  This is what SHA384_HashBuf
does.

>+SECStatus
>+SHA224_Hash(unsigned char *dest, const char *src)
>+{
>+    return SHA256_Hash(dest, src);
>+}

BUG: please see how SHA384_Hash is implemented.

>+void test224(void)
>+{
>+    SHA224Context ctx = NULL;
>+    char a1000times[1001];

You can declare this array with size 1000, without
the terminating null byte.

This requires changing Test Vector 3 as follows:

>+    a1000times[1000] = 0;

Remove this line.  Can't do this any more.

>+    SHA224_Hash(outBuf, a1000times);

Remove this line, because this is NOT part of
Test Vector 3.

>+    SHA224_End(&ctx, dest, &outLen, SHA224_LENGTH);

dest => outBuf

Did you compile this code?  I think 'dest' is not declared.
Attachment #461432 - Flags: review?(wtc) → review-
Target Milestone: --- → 3.13
Addresses wtc's comments in the first review. It is not working yet. 
1. For mozilla/security/nss/lib/softoken/fipstest.c I still have to generate a known answer from a trusted implementation for hmac-sha224. For the time being the comparison against the known answer is disabled.
2. Need to find the cause of failures in the fips suite of which 175 tests pass and 5 test fail. Most test involve using modutil to enable or disable FIPS mode. Will ask for advise off-line.
Attachment #461432 - Attachment is obsolete: true
Comment on attachment 462094 [details] [diff] [review]
WIP: sha224 implemantation revision 1

This patch looks good to me.  I suggest that you check it in
as soon as you fix the FIPS test failures, and deal with
other issues in separate patches.  It's painful to review
a large patch repeatedly.

In mozilla/security/nss/lib/freebl/loader.c:

>+
>+/* ============== New for 3.012 =============================== */
>+
>+SECStatus 
>+SHA224_Hash(unsigned char *dest, const char *src)
>+{
>+  if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
>+      return SECFailure;
>+  return (vector->p_SHA224_Hash)(dest, src);
>+}

Remove the "New for 3.012" comment.  One such comment should
already be there before the MGF1 function.

In mozilla/security/nss/lib/freebl/loader.h:

>+ SHA224Context * (* p_SHA224_Resurrect)(unsigned char *space, void *arg);
>+
>+ void (* p_SHA224_Clone)(SHA224Context *dest, SHA224Context *src);

Nit: delete the blank line.

In mozilla/security/nss/lib/freebl/sha512.c:

>@@ -1107,13 +1201,12 @@ SHA512_End(SHA512Context *ctx, unsigned 
> #if defined(HAVE_LONG_LONG)
>     unsigned int inBuf  = (unsigned int)ctx->sizeLo & 0x7f;
>     unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
>-    PRUint64 lo, t1;
>+    PRUint64 lo;
>     lo = (ctx->sizeLo << 3);
> #else
>     unsigned int inBuf  = (unsigned int)ctx->sizeLo.lo & 0x7f;
>     unsigned int padLen = (inBuf < 112) ? (112 - inBuf) : (112 + 128 - inBuf);
>     PRUint64 lo = ctx->sizeLo;
>-    PRUint32 t1;
>     lo.lo <<= 3;
> #endif

This kind of "unused variable" compiler warning is very tricky
to fix because of the complex macro definitions in this file.
I strongly suggest that you fix the compiler warning about t1
in a separate patch, so that this patch stays focused on SHA-224.

>@@ -1394,6 +1518,7 @@ int main (int argc, char *argv[], char *
>     }
>     if (i < 2) {
> 	test256();
>+	test224();
> 	test512();
> 	test384();
>     } else {

Nit: list test224() before test256().
fips test pass now that I fixed a known answer for sha224. I also needed
to patch another file to enable rsa signatures with sha224.

[emaldona@localhost NSS]$ cvs diff -up mozilla/security/nss/lib/util
cvs diff: Diffing mozilla/security/nss/lib/util
Index: mozilla/security/nss/lib/util/secdig.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/util/secdig.c,v
retrieving revision 1.9
diff -u -p -r1.9 secdig.c
--- mozilla/security/nss/lib/util/secdig.c	7 Nov 2007 02:37:22 -0000	1.9
+++ mozilla/security/nss/lib/util/secdig.c	15 Aug 2010 21:52:07 -0000
@@ -74,6 +74,7 @@ SGN_CreateDigestInfo(SECOidTag algorithm
       case SEC_OID_MD2:
       case SEC_OID_MD5:
       case SEC_OID_SHA1:
+      case SEC_OID_SHA224:
       case SEC_OID_SHA256:
       case SEC_OID_SHA384:
       case SEC_OID_SHA51
all.sh is passing.
Changes commited to the trunk.
cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/cmd/bltest/blapitest.c 
Checking in ./mozilla/security/nss/cmd/bltest/blapitest.c;
/cvsroot/mozilla/security/nss/cmd/bltest/blapitest.c,v  <--  blapitest.c
new revision: 1.60; previous revision: 1.59

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/cmd/bltest/tests/sha224/ciphertext0
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/sha224/ciphertext0,v

Checking in ./mozilla/security/nss/cmd/bltest/tests/sha224/ciphertext0;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/sha224/ciphertext0,v  <--  ciphertext0
initial revision: 1.1

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/cmd/bltest/tests/sha224/ciphertext1
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/sha224/ciphertext1,v

Checking in ./mozilla/security/nss/cmd/bltest/tests/sha224/ciphertext1;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/sha224/ciphertext1,v  <--  ciphertext1
initial revision: 1.1

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/cmd/bltest/tests/sha224/numtests
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/sha224/numtests,v

Checking in ./mozilla/security/nss/cmd/bltest/tests/sha224/numtests;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/sha224/numtests,v  <--  numtests
initial revision: 1.1

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/cmd/bltest/tests/sha224/plaintext0
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/sha224/plaintext0,v

Checking in ./mozilla/security/nss/cmd/bltest/tests/sha224/plaintext0;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/sha224/plaintext0,v  <--  plaintext0
initial revision: 1.1

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/cmd/bltest/tests/sha224/plaintext1
RCS file: /cvsroot/mozilla/security/nss/cmd/bltest/tests/sha224/plaintext1,v

Checking in ./mozilla/security/nss/cmd/bltest/tests/sha224/plaintext1;
/cvsroot/mozilla/security/nss/cmd/bltest/tests/sha224/plaintext1,v  <--  plaintext1
initial revision: 1.1

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/cmd/pk11mode/pk11mode.c
Checking in ./mozilla/security/nss/cmd/pk11mode/pk11mode.c;
/cvsroot/mozilla/security/nss/cmd/pk11mode/pk11mode.c,v  <--  pk11mode.c
new revision: 1.29; previous revision: 1.28

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/cryptohi/sechash.c
Checking in ./mozilla/security/nss/lib/cryptohi/sechash.c;
/cvsroot/mozilla/security/nss/lib/cryptohi/sechash.c,v  <--  sechash.c
new revision: 1.11; previous revision: 1.10

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/cryptohi/secsign.c
Checking in ./mozilla/security/nss/lib/cryptohi/secsign.c;
/cvsroot/mozilla/security/nss/lib/cryptohi/secsign.c,v  <--  secsign.c
new revision: 1.24; previous revision: 1.23

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/freebl/blapi.h
Checking in ./mozilla/security/nss/lib/freebl/blapi.h;
/cvsroot/mozilla/security/nss/lib/freebl/blapi.h,v  <--  blapi.h
new revision: 1.38; previous revision: 1.37

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/freebl/blapit.h
Checking in ./mozilla/security/nss/lib/freebl/blapit.h;
/cvsroot/mozilla/security/nss/lib/freebl/blapit.h,v  <--  blapit.h
new revision: 1.23; previous revision: 1.22

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/freebl/hasht.h
Checking in ./mozilla/security/nss/lib/freebl/hasht.h;
/cvsroot/mozilla/security/nss/lib/freebl/hasht.h,v  <--  hasht.h
new revision: 1.8; previous revision: 1.7

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/freebl/ldvector.c
Checking in ./mozilla/security/nss/lib/freebl/ldvector.c;
/cvsroot/mozilla/security/nss/lib/freebl/ldvector.c,v  <--  ldvector.c
new revision: 1.25; previous revision: 1.24

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/freebl/loader.c
Checking in ./mozilla/security/nss/lib/freebl/loader.c;
/cvsroot/mozilla/security/nss/lib/freebl/loader.c,v  <--  loader.c
new revision: 1.49; previous revision: 1.48

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/freebl/loader.h
Checking in ./mozilla/security/nss/lib/freebl/loader.h;
/cvsroot/mozilla/security/nss/lib/freebl/loader.h,v  <--  loader.h
new revision: 1.30; previous revision: 1.29

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/freebl/nsslowhash.c
Checking in ./mozilla/security/nss/lib/freebl/nsslowhash.c;
/cvsroot/mozilla/security/nss/lib/freebl/nsslowhash.c,v  <--  nsslowhash.c
new revision: 1.5; previous revision: 1.4

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/freebl/rawhash.c
Checking in ./mozilla/security/nss/lib/freebl/rawhash.c;
/cvsroot/mozilla/security/nss/lib/freebl/rawhash.c,v  <--  rawhash.c
new revision: 1.6; previous revision: 1.5

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/freebl/sha512.c
Checking in ./mozilla/security/nss/lib/freebl/sha512.c;
/cvsroot/mozilla/security/nss/lib/freebl/sha512.c,v  <--  sha512.c
new revision: 1.15; previous revision: 1.14

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/pk11wrap/pk11mech.c
Checking in ./mozilla/security/nss/lib/pk11wrap/pk11mech.c;
/cvsroot/mozilla/security/nss/lib/pk11wrap/pk11mech.c,v  <--  pk11mech.c
new revision: 1.14; previous revision: 1.13

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/softoken/fipstest.c
Checking in ./mozilla/security/nss/lib/softoken/fipstest.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstest.c,v  <--  fipstest.c
new revision: 1.28; previous revision: 1.27

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/softoken/pkcs11.c
Checking in ./mozilla/security/nss/lib/softoken/pkcs11.c;
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11.c,v  <--  pkcs11.c
new revision: 1.171; previous revision: 1.170

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/softoken/pkcs11c.c
Checking in ./mozilla/security/nss/lib/softoken/pkcs11c.c;
/cvsroot/mozilla/security/nss/lib/softoken/pkcs11c.c,v  <--  pkcs11c.c
new revision: 1.116; previous revision: 1.115

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/lib/util/secdig.c
Checking in ./mozilla/security/nss/lib/util/secdig.c;
/cvsroot/mozilla/security/nss/lib/util/secdig.c,v  <--  secdig.c
new revision: 1.10; previous revision: 1.9

cvs commit -m "Bug 356713 - Support SHA224 has/hmac and rsa signature, r=wtc" ./mozilla/security/nss/tests/cipher/cipher.txt
Checking in ./mozilla/security/nss/tests/cipher/cipher.txt;
/cvsroot/mozilla/security/nss/tests/cipher/cipher.txt,v  <--  cipher.txt
new revision: 1.7; previous revision: 1.6
Elio: thank you for writing this patch!

In the future please attach the patch that you checked
in.  This makes it easy for others to review your work.

I recreated the patch for you.
Attachment #462094 - Attachment is obsolete: true
Elio's checkin looks good to me.  I fixed some formatting
issues in fipstest.c (to be consistent with the existing
code) and loader.h, and added back a cast (to cast away
the const) that was removed accidentally from secsign.c.

Checked in on the NSS trunk (NSS 3.13).

Checking in mozilla/security/nss/lib/softoken/fipstest.c;
/cvsroot/mozilla/security/nss/lib/softoken/fipstest.c,v  <--  fipstest.c
new revision: 1.29; previous revision: 1.28
done
Checking in mozilla/security/nss/lib/freebl/loader.h;
/cvsroot/mozilla/security/nss/lib/freebl/loader.h,v  <--  loader.h
new revision: 1.34; previous revision: 1.33
done
Checking in mozilla/security/nss/lib/cryptohi/secsign.c;
/cvsroot/mozilla/security/nss/lib/cryptohi/secsign.c,v  <--  secsign.c
new revision: 1.25; previous revision: 1.24
done
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
The patches to add SHA-224 support to NSS are not entirely complete since they do not add SHA-224 to the functions HASH_GetHashTypeByOidTag, HASH_GetHashOidTagByHMACOidTag, and HASH_GetHMACOidTagByHashOidTag.
Comment on attachment 540747 [details] [diff] [review]
Add SHA-224 support to HASH_GetHashTypeByOidTag, HASH_GetHashOidTagByHMACOidTag, and HASH_GetHMACOidTagByHashOidTag

r=wtc.  Thank you for the patch, David.

Elio, could you review the patch and check it in?
Attachment #540747 - Flags: superreview?(emaldona)
Attachment #540747 - Flags: review+
Attachment #540747 - Flags: superreview?(emaldona) → superreview+
Changes committed in the TRUNK:
Checking in sechash.c;
/cvsroot/mozilla/security/nss/lib/cryptohi/sechash.c,v  <--  sechash.c
new revision: 1.12; previous revision: 1.11
I searched for "SHA256" in the lib/cryptohi directory, and
added the missing SHA-224 support code.
Attachment #549586 - Flags: review?(emaldona)
I fixed more subdirectories under lib.
Attachment #549586 - Attachment is obsolete: true
Attachment #549586 - Flags: review?(emaldona)
This causes a compiler warning.
Attachment #560082 - Flags: review?(emaldona)
Attachment #560082 - Flags: review?(emaldona) → review+
Comment on attachment 560082 [details] [diff] [review]
Remove unused function SHA224_Compress

Patch checked in on the NSS trunk (NSS 3.13).

Checking in sha512.c;
/cvsroot/mozilla/security/nss/lib/freebl/sha512.c,v  <--  sha512.c
new revision: 1.19; previous revision: 1.18
done
The XXX_Compress functions are only called by the XXX_Update functions and since SHA224_Update is implemented on top of SHA256_Update it was unnecessary to have it.
Yes.  I verified that's the same reason there is no
SHA384_Compress function.
You need to log in before you can comment on or make changes to this bug.