/webappsec-subresource-integrity

New issue

Bug: examples 5 and 6 have the wrong sha384 value; should match example 4 #52

Closed
manger opened this Issue Jul 28, 2016 · 0 comments

Labels

None yet

Milestone

No milestone

Assignees

No one assigned

1 participant

@manger
@manger
manger commented Jul 28, 2016

Examples 5 and 6 (in §3.2.1 Agility) show sha512 and sha384 integrity metadata. The sha384-dOTZ… value is different from the sha384-H8BR… value in example 4, but it should be the same. The sha512-Q2bF… value is the correct hash for the same content as example 4.

echo -n "alert('Hello, world.');" | openssl dgst -sha384 -binary | openssl base64 -A
H8BRh8j48O9oYatfu5AZzq6A9RINhZO5H16dQZngK7T62em8MUt1FLm52t+eX6xO
✓ Matches example 4
✗ Does NOT match examples 5 & 6

echo -n "alert('Hello, world.');" | openssl dgst -sha512 -binary | openssl base64 -A
Q2bFTOhEALkN8hOms2FKTDLy7eugP2zFZ1T8LCvX42Fp3WoNr3bjZSAHeOsHrbV1Fu9/A0EzCinRE7Af1ofPrw==
✓ Matches examples 5 & 6, same content as example 4

Change sha384-dOTZf16X8p34q2/kYyEFm0jh89uTjikhnzjeLeF0FHsEaYKb1A1cv+Lyv4Hk8vHd to sha384-H8BRh8j48O9oYatfu5AZzq6A9RINhZO5H16dQZngK7T62em8MUt1FLm52t+eX6xO in examples 5 & 6.

@mozfreddyb mozfreddyb added a commit to mozfreddyb/webappsec-subresource-integrity that referenced this issue Aug 30, 2016
@mozfreddyb mozfreddyb Change hash value in Example 5 & 6 (fixes #52) 4773d4f
@mozfreddyb mozfreddyb referenced this issue Aug 30, 2016
Merged

Change hash value in Example 5 & 6 (fixes #52) #54

@mozfreddyb mozfreddyb added a commit that closed this issue Aug 31, 2016
@mozfreddyb mozfreddyb Change hash value in Example 5 & 6 (fixes #52) 7fd4939
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment