- From: Wan-Teh Chang <wtc@google.com>
- Date: Thu, 23 Aug 2012 17:09:18 -0700
- To: David Dahl <ddahl@mozilla.com>
- Cc: Ryan Sleevi <sleevi@google.com>, Web Cryptography Working Group <public-webcrypto@w3.org>
In NSS, cloning of a crypto operation is only used in the SSL/TLS protocol and only used for the handshake hashes: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/ssl3con.c&rev=1.186&mark=3695-3697,3704,3731-3732#3694 In SSL/TLS, the handshake hashes are used in the Finished message, but if client authentication is used, the handshake hashes are also used in the CertificateVerify message. A function for cloning a hash operation is also present in Windows CNG: BCryptDuplicateHash http://msdn.microsoft.com/en-us/library/windows/desktop/aa375413(v=vs.85).aspx I suspect BCryptDuplicateHash (and its predecessor CryptDuplicateHash) was also added to support SSL/TLS. This is the only use of cloning I know of. If no one else comes forward with a use case or a use of cloning in some other protocol, then it doesn't seem necessary to support cloning CryptoOperations. Wan-Teh
Received on Friday, 24 August 2012 00:10:00 UTC