125114 – WebCrypto HMAC doesn't check key algorithm's hash

RESOLVED FIXED 125114

WebCrypto HMAC doesn't check key algorithm's hash

https://bugs.webkit.org/show_bug.cgi?id=125114

Summary WebCrypto HMAC doesn't check key algorithm's hash

Alexey Proskuryakov

Reported 2013-12-02 15:26:12 PST

Seems unlikely that there are any cryptographic consequences here, but for consistency with other operations, HMAC should fail if key and operation algorithms don't match precisely.

Attachments
proposed fix (5.10 KB, patch) 2013-12-02 15:28 PST, Alexey Proskuryakov	andersca: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2013-12-02 15:28:38 PST

Created attachment 218227 [details] proposed fix

Alexey Proskuryakov

Comment 2 2013-12-02 15:40:36 PST

Committed <http://trac.webkit.org/r159975>.

Alexey Proskuryakov

Comment 3 2013-12-03 12:03:13 PST

Corrected test result in <http://trac.webkit.org/r160027>.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Alexey Proskuryakov

Reported

2013-12-02 15:26 PST

Modified

2013-12-03 12:03 PST History

CC List

0 users

URL

Keywords

Depends on

Blocks

122679

Dependencies

tree graph