Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(883)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/internal/signature_policy.cc

Issue 2349103002: Include the RSA key modulus size in error message when it is too small. (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/internal/cert_error_params.h ('K') | « net/cert/internal/cert_error_params.cc ('k') | net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/internal/signature_policy.cc
diff --git a/net/cert/internal/signature_policy.cc b/net/cert/internal/signature_policy.cc
index c8aae9aed26bf90c7fff257f980c412c2bf2aa0b..37ead1966c1f5bd4ac8502b4fd28e0d66277a295 100644
--- a/net/cert/internal/signature_policy.cc
+++ b/net/cert/internal/signature_policy.cc
@@ -5,6 +5,7 @@
#include "net/cert/internal/signature_policy.h"
#include "base/logging.h"
+#include "net/cert/internal/cert_error_params.h"
#include "net/cert/internal/cert_errors.h"
#include <openssl/obj.h>
@@ -15,10 +16,20 @@ namespace {
DEFINE_CERT_ERROR_ID(kUnacceptableCurveForEcdsa,
"Only P-256, P-384, P-521 are supported for ECDSA");
-DEFINE_CERT_ERROR_ID(kRsaModulusLessThan2048,
- "RSA modulus must be at least 2048 bits");
DEFINE_CERT_ERROR_ID(kRsaModulusTooSmall, "RSA modulus too small");
+bool IsModulusSizeGreaterOrEqual(size_t modulus_length_bits,
+ size_t min_length_bits,
+ CertErrors* errors) {
+ if (modulus_length_bits < min_length_bits) {
+ errors->AddError(kRsaModulusTooSmall,
+ CreateCertErrorParamsSizeT("actual", modulus_length_bits,
+ "minimum", min_length_bits));
+ return false;
+ }
+ return true;
+}
+
} // namespace
bool SignaturePolicy::IsAcceptableSignatureAlgorithm(
@@ -43,13 +54,7 @@ bool SignaturePolicy::IsAcceptableCurveForEcdsa(int curve_nid,
bool SignaturePolicy::IsAcceptableModulusLengthForRsa(
size_t modulus_length_bits,
CertErrors* errors) const {
- if (modulus_length_bits < 2048) {
- // TODO(crbug.com/634443): Add a parameter for actual modulus size.
- errors->AddError(kRsaModulusLessThan2048);
- return false;
- }
-
- return true;
+ return IsModulusSizeGreaterOrEqual(modulus_length_bits, 2048, errors);
}
SimpleSignaturePolicy::SimpleSignaturePolicy(size_t min_rsa_modulus_length_bits)
@@ -58,14 +63,8 @@ SimpleSignaturePolicy::SimpleSignaturePolicy(size_t min_rsa_modulus_length_bits)
bool SimpleSignaturePolicy::IsAcceptableModulusLengthForRsa(
size_t modulus_length_bits,
CertErrors* errors) const {
- if (modulus_length_bits < min_rsa_modulus_length_bits_) {
- // TODO(crbug.com/634443): Add parameters for actual and expected modulus
- // size.
- errors->AddError(kRsaModulusTooSmall);
- return false;
- }
-
- return true;
+ return IsModulusSizeGreaterOrEqual(modulus_length_bits,
+ min_rsa_modulus_length_bits_, errors);
}
} // namespace net
« net/cert/internal/cert_error_params.h ('K') | « net/cert/internal/cert_error_params.cc ('k') | net/data/verify_certificate_chain_unittest/generate-target-signed-by-512bit-rsa.py » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698