fix(crypto): improve handling of length option
#5505
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #5505 +/- ##
==========================================
- Coverage 96.51% 96.48% -0.03%
==========================================
Files 465 465
Lines 37714 37770 +56
Branches 5576 5580 +4
==========================================
+ Hits 36400 36443 +43
- Misses 1272 1285 +13
Partials 42 42 ☔ View full report in Codecov by Sentry. |
|
PTAL, @kt3k |
| @@ -33,7 +36,7 @@ | |||
| * - `BLAKE2B-256` | |||
| * - `BLAKE2B-384` | |||
| * - `BLAKE2S` | |||
| * - `BLAKE3` | |||
| * - `BLAKE3` (length-adjustable) | |||
There was a problem hiding this comment.
What's the difference of (length-adjustable) and (length-extendable)?
There was a problem hiding this comment.
"length-extendable" refers to a specific vulnerability in some hash functions, while "length-adjustable" is not a standard term in cryptography but could refer to the general capability of hash functions to process inputs of different lengths.
-- ChatGPT
crypto/crypto.ts
Outdated
| @@ -215,6 +218,11 @@ const stdCrypto: StdCrypto = ((x) => x)({ | |||
| // and the data is a single buffer, | |||
| isBufferSource(data) | |||
| ) { | |||
| if (length !== undefined) { | |||
| throw new TypeError( | |||
There was a problem hiding this comment.
The native crypto.subtle.digest seems ignoring length for the case where length is irrelevant. Throwing here feels inconsistent with it.
There was a problem hiding this comment.
Good point. I've reverted and instead added a note saying that length will be ignored in some cases.
Closes #1429