On 2009-12-25 08:28 PST, Konstantin Andreev wrote:
> On Wen, 03 Jun 2009, Nelson B Bolyard wrote:
>> Finally, I will add that (IINM) Thunderbird 3 has support for AES.
>> I don't know about the SHA1 vs SHA2 issue.
>
> No, it hasn't, TB hardcodes SHA1. No variations:
>
> ----( begin cite )--------
> nsresult
> nsMsgComposeSecure::MimeInitMultipartSigned()
> {
> ...
> /* Now initialize the crypto library, so that we can compute a hash
> on the object which we are signing.
> */
> mHashType = nsICryptoHash::SHA1;
>
> PR_SetError(0,0);
> mDataHash = do_CreateInstance("@mozilla.org/security/hash;1", &rv);
> if (NS_FAILED(rv)) return 0;
>
> rv = mDataHash->Init(mHashType);
> ...
> ----( end cite )--------
>
> [https://mxr.mozilla.org/comm-central/source/mailnews/extensions/smime/src/nsMsgComposeSecure.cpp#496]
OK, that code is outside of NSS. I was referring to the CMS library in NSS.
But as you have noted, if the caller of the CMS library specifies SHA1,
that is what it will get.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
