9f83245880b2993256b9be223196c2bdaddb2d36 - chromium/src
1,420 views
Skip to first unread message
davi...@chromium.org
Mar 1, 2022, 6:42:13 PM3/1/22
to chromium...@chromium.org
commit 9f83245880b2993256b9be223196c2bdaddb2d36
Author: David Benjamin <davi...@chromium.org>
AuthorDate: Tue Mar 01 23:40:55 2022
Commit: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>
CommitDate: Tue Mar 01 23:40:55 2022
Rephrase some comments in crypto::SymmetricKey
The comment is out-of-date and it's unclear to me what this class really
does at this point (it's just a wrapper over a string), but update it
slightly.
Bug: none
Change-Id: I42a15eeff39d3a2a64758d0ec8fc09c0ec27375d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3497962
Commit-Queue: David Benjamin <davi...@chromium.org>
Auto-Submit: David Benjamin <davi...@chromium.org>
Reviewed-by: Matt Mueller <ma...@chromium.org>
Commit-Queue: Matt Mueller <ma...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#976466}
diff --git a/crypto/symmetric_key.cc b/crypto/symmetric_key.cc
index 63e070df..9dc71e9e 100644
--- a/crypto/symmetric_key.cc
+++ b/crypto/symmetric_key.cc
@@ -25,9 +25,8 @@
size_t key_size_in_bits) {
switch (algorithm) {
case SymmetricKey::AES:
- // Whitelist supported key sizes to avoid accidentally relying on
- // algorithms available in NSS but not BoringSSL and vice
- // versa. Note that BoringSSL does not support AES-192.
+ // Check for supported key sizes. Historically, NSS supported AES-192
+ // while BoringSSL did not and this check aligned their behavior.
return key_size_in_bits == 128 || key_size_in_bits == 256;
case SymmetricKey::HMAC_SHA1:
return key_size_in_bits % 8 == 0 && key_size_in_bits != 0;
@@ -49,9 +48,8 @@
size_t key_size_in_bits) {
DCHECK_EQ(AES, algorithm);
- // Whitelist supported key sizes to avoid accidentaly relying on
- // algorithms available in NSS but not BoringSSL and vice
- // versa. Note that BoringSSL does not support AES-192.
+ // Check for supported key sizes. Historically, NSS supported AES-192 while
+ // BoringSSL did not and this check aligned their behavior.
if (key_size_in_bits != 128 && key_size_in_bits != 256)
return nullptr;
@@ -127,9 +125,8 @@
std::unique_ptr<SymmetricKey> SymmetricKey::Import(Algorithm algorithm,
const std::string& raw_key) {
if (algorithm == AES) {
- // Whitelist supported key sizes to avoid accidentaly relying on
- // algorithms available in NSS but not BoringSSL and vice
- // versa. Note that BoringSSL does not support AES-192.
+ // Check for supported key sizes. Historically, NSS supported AES-192 while
+ // BoringSSL did not and this check aligned their behavior.
if (raw_key.size() != 128/8 && raw_key.size() != 256/8)
return nullptr;
}
Author: David Benjamin <davi...@chromium.org>
AuthorDate: Tue Mar 01 23:40:55 2022
Commit: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>
CommitDate: Tue Mar 01 23:40:55 2022
Rephrase some comments in crypto::SymmetricKey
The comment is out-of-date and it's unclear to me what this class really
does at this point (it's just a wrapper over a string), but update it
slightly.
Bug: none
Change-Id: I42a15eeff39d3a2a64758d0ec8fc09c0ec27375d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3497962
Commit-Queue: David Benjamin <davi...@chromium.org>
Auto-Submit: David Benjamin <davi...@chromium.org>
Reviewed-by: Matt Mueller <ma...@chromium.org>
Commit-Queue: Matt Mueller <ma...@chromium.org>
Cr-Commit-Position: refs/heads/main@{#976466}
diff --git a/crypto/symmetric_key.cc b/crypto/symmetric_key.cc
index 63e070df..9dc71e9e 100644
--- a/crypto/symmetric_key.cc
+++ b/crypto/symmetric_key.cc
@@ -25,9 +25,8 @@
size_t key_size_in_bits) {
switch (algorithm) {
case SymmetricKey::AES:
- // Whitelist supported key sizes to avoid accidentally relying on
- // algorithms available in NSS but not BoringSSL and vice
- // versa. Note that BoringSSL does not support AES-192.
+ // Check for supported key sizes. Historically, NSS supported AES-192
+ // while BoringSSL did not and this check aligned their behavior.
return key_size_in_bits == 128 || key_size_in_bits == 256;
case SymmetricKey::HMAC_SHA1:
return key_size_in_bits % 8 == 0 && key_size_in_bits != 0;
@@ -49,9 +48,8 @@
size_t key_size_in_bits) {
DCHECK_EQ(AES, algorithm);
- // Whitelist supported key sizes to avoid accidentaly relying on
- // algorithms available in NSS but not BoringSSL and vice
- // versa. Note that BoringSSL does not support AES-192.
+ // Check for supported key sizes. Historically, NSS supported AES-192 while
+ // BoringSSL did not and this check aligned their behavior.
if (key_size_in_bits != 128 && key_size_in_bits != 256)
return nullptr;
@@ -127,9 +125,8 @@
std::unique_ptr<SymmetricKey> SymmetricKey::Import(Algorithm algorithm,
const std::string& raw_key) {
if (algorithm == AES) {
- // Whitelist supported key sizes to avoid accidentaly relying on
- // algorithms available in NSS but not BoringSSL and vice
- // versa. Note that BoringSSL does not support AES-192.
+ // Check for supported key sizes. Historically, NSS supported AES-192 while
+ // BoringSSL did not and this check aligned their behavior.
if (raw_key.size() != 128/8 && raw_key.size() != 256/8)
return nullptr;
}
Reply all
Reply to author
Forward
0 new messages