On 2009-12-25 08:28 PST, Konstantin Andreev wrote: > On Wen, 03 Jun 2009, Nelson B Bolyard wrote: >> Finally, I will add that (IINM) Thunderbird 3 has support for AES. >> I don't know about the SHA1 vs SHA2 issue. > > No, it hasn't, TB hardcodes SHA1. No variations: > > ----( begin cite )-------- > nsresult > nsMsgComposeSecure::MimeInitMultipartSigned() > { > ... > /* Now initialize the crypto library, so that we can compute a hash > on the object which we are signing. > */ > mHashType = nsICryptoHash::SHA1; > > PR_SetError(0,0); > mDataHash = do_CreateInstance("@mozilla.org/security/hash;1", &rv); > if (NS_FAILED(rv)) return 0; > > rv = mDataHash->Init(mHashType); > ... > ----( end cite )-------- > > [https://mxr.mozilla.org/comm-central/source/mailnews/extensions/smime/src/nsMsgComposeSecure.cpp#496]
OK, that code is outside of NSS. I was referring to the CMS library in NSS. But as you have noted, if the caller of the CMS library specifies SHA1, that is what it will get. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto