125114 – WebCrypto HMAC doesn't check key algorithm's hash

Bug 125114 - WebCrypto HMAC doesn't check key algorithm's hash

Summary: WebCrypto HMAC doesn't check key algorithm's hash

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Alexey Proskuryakov

URL:
Keywords:

Depends on:
Blocks:	122679
	Show dependency tree / graph

Reported:	2013-12-02 15:26 PST by Alexey Proskuryakov
Modified:	2013-12-03 12:03 PST (History)
CC List:	0 users

See Also:

Attachments
proposed fix (5.10 KB, patch) 2013-12-02 15:28 PST, Alexey Proskuryakov	andersca: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexey Proskuryakov 2013-12-02 15:26:12 PST

Seems unlikely that there are any cryptographic consequences here, but for consistency with other operations, HMAC should fail if key and operation algorithms don't match precisely.

Comment 1 Alexey Proskuryakov 2013-12-02 15:28:38 PST

Created attachment 218227 [details]
proposed fix

Comment 2 Alexey Proskuryakov 2013-12-02 15:40:36 PST

Committed <http://trac.webkit.org/r159975>.

Comment 3 Alexey Proskuryakov 2013-12-03 12:03:13 PST

Corrected test result in <http://trac.webkit.org/r160027>.