Bug 1344442 - Part 1: Remove MD2 support from nsICryptoHMAC. r=keeler
There are several reasons for doing this:
1. Nothing appears to be using MD2 with nsICryptoHMAC.
2. There don't seem to be any test vectors available.
3.
Bug 160161 suggests the MD2 case doesn't work anyways.
MozReview-Commit-ID: CW1PX7z09kB
--- a/security/manager/ssl/nsCryptoHash.cpp
+++ b/security/manager/ssl/nsCryptoHash.cpp
@@ -264,33 +264,30 @@ nsCryptoHMAC::Init(uint32_t aAlgorithm,
}
if (mHMACContext)
{
PK11_DestroyContext(mHMACContext, true);
mHMACContext = nullptr;
}
- CK_MECHANISM_TYPE HMACMechType;
- switch (aAlgorithm)
- {
- case nsCryptoHMAC::MD2:
- HMACMechType = CKM_MD2_HMAC; break;
- case nsCryptoHMAC::MD5:
- HMACMechType = CKM_MD5_HMAC; break;
- case nsCryptoHMAC::SHA1:
- HMACMechType = CKM_SHA_1_HMAC; break;
- case nsCryptoHMAC::SHA256:
- HMACMechType = CKM_SHA256_HMAC; break;
- case nsCryptoHMAC::SHA384:
- HMACMechType = CKM_SHA384_HMAC; break;
- case nsCryptoHMAC::SHA512:
- HMACMechType = CKM_SHA512_HMAC; break;
- default:
- return NS_ERROR_INVALID_ARG;
+ CK_MECHANISM_TYPE mechType;
+ switch (aAlgorithm) {
+ case nsICryptoHMAC::MD5:
+ mechType = CKM_MD5_HMAC; break;
+ case nsICryptoHMAC::SHA1:
+ mechType = CKM_SHA_1_HMAC; break;
+ case nsICryptoHMAC::SHA256:
+ mechType = CKM_SHA256_HMAC; break;
+ case nsICryptoHMAC::SHA384:
+ mechType = CKM_SHA384_HMAC; break;
+ case nsICryptoHMAC::SHA512:
+ mechType = CKM_SHA512_HMAC; break;
+ default:
+ return NS_ERROR_INVALID_ARG;
}
NS_ENSURE_ARG_POINTER(aKeyObject);
nsresult rv;
int16_t keyType;
rv = aKeyObject->GetType(&keyType);
@@ -301,18 +298,17 @@ nsCryptoHMAC::Init(uint32_t aAlgorithm,
PK11SymKey* key;
// GetKeyObj doesn't addref the key
rv = aKeyObject->GetKeyObj(&key);
NS_ENSURE_SUCCESS(rv, rv);
SECItem rawData;
rawData.data = 0;
rawData.len = 0;
- mHMACContext = PK11_CreateContextBySymKey(
- HMACMechType, CKA_SIGN, key, &rawData);
+ mHMACContext = PK11_CreateContextBySymKey(mechType, CKA_SIGN, key, &rawData);
NS_ENSURE_TRUE(mHMACContext, NS_ERROR_FAILURE);
SECStatus ss = PK11_DigestBegin(mHMACContext);
NS_ENSURE_TRUE(ss == SECSuccess, NS_ERROR_FAILURE);
return NS_OK;
}
--- a/security/manager/ssl/nsICryptoHMAC.idl
+++ b/security/manager/ssl/nsICryptoHMAC.idl
@@ -10,23 +10,22 @@ interface nsIKeyObject;
* nsICryptoHMAC
* This interface provides HMAC signature algorithms.
*/
[scriptable, uuid(8FEB4C7C-1641-4a7b-BC6D-1964E2099497)]
interface nsICryptoHMAC : nsISupports
{
/**
- * Hashing Algorithms. These values are to be used by the
- * |init| method to indicate which hashing function to
- * use. These values map onto the values defined in
- * mozilla/security/nss/lib/softoken/pkcs11t.h and are
- * switched to CKM_*_HMAC constant.
+ * Hashing Algorithms. These values are to be used by the |init| method to
+ * indicate which hashing function to use. These values map onto the values
+ * defined in mozilla/security/nss/lib/softoken/pkcs11t.h and are switched
+ * to a CKM_*_HMAC constant.
*/
- const short MD2 = 1;
+ // 1 used to mean MD2.
const short MD5 = 2;
const short SHA1 = 3;
const short SHA256 = 4;
const short SHA384 = 5;
const short SHA512 = 6;
/**
* Initialize the hashing object. This method may be