Support generation of EC keys using P256 curve and support ECDSA certs.

webrtc/base/opensslstreamadapter.cc

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 125 matching lines @@
   DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384),
 
   {0, NULL}
 };
 #endif  // #ifndef OPENSSL_IS_BORINGSSL
 
 // Default cipher used between OpenSSL/BoringSSL stream adapters.
 // This needs to be updated when the default of the SSL library changes.
 static const char kDefaultSslCipher10[] =
     "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
+static const char kDefaultSslEcCipher10[] =
+    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
 
 #ifdef OPENSSL_IS_BORINGSSL
 static const char kDefaultSslCipher12[] =
     "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
+static const char kDefaultSslEcCipher12[] =
+    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable.
 static const char kDefaultSslCipher12NoAesGcm[] =
     "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
+static const char kDefaultSslEcCipher12NoAesGcm[] =
+    "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
 #else  // !OPENSSL_IS_BORINGSSL
 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't
 // change between TLS 1.0 and TLS 1.2 with the current setup.
 static const char kDefaultSslCipher12[] =
     "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
+static const char kDefaultSslEcCipher12[] =
+    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
 #endif
 
 //////////////////////////////////////////////////////////////////////
 // StreamBIO
 //////////////////////////////////////////////////////////////////////
 
 static int stream_write(BIO* h, const char* buf, int num);
 static int stream_read(BIO* h, char* buf, int size);
 static int stream_puts(BIO* h, const char* str);
 static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2);
@@ skipping 943 matching lines @@
 
 bool OpenSSLStreamAdapter::HaveExporter() {
 #ifdef HAVE_DTLS_SRTP
   return true;
 #else
   return false;
 #endif
 }
 
 std::string OpenSSLStreamAdapter::GetDefaultSslCipher(
-    SSLProtocolVersion version) {
-  switch (version) {
-    case SSL_PROTOCOL_TLS_10:
-    case SSL_PROTOCOL_TLS_11:
-      return kDefaultSslCipher10;
-    case SSL_PROTOCOL_TLS_12:
-    default:
+    SSLProtocolVersion version,
+    KeyType key_type) {
+  if (key_type == KT_RSA) {
+    switch (version) {
+      case SSL_PROTOCOL_TLS_10:
+      case SSL_PROTOCOL_TLS_11:
+        return kDefaultSslCipher10;
+      case SSL_PROTOCOL_TLS_12:
+      default:
 #ifdef OPENSSL_IS_BORINGSSL
-      if (EVP_has_aes_hardware()) {
+        if (EVP_has_aes_hardware()) {
+          return kDefaultSslCipher12;
+        } else {
+          return kDefaultSslCipher12NoAesGcm;
+        }
+#else  // !OPENSSL_IS_BORINGSSL
         return kDefaultSslCipher12;
-      } else {
-        return kDefaultSslCipher12NoAesGcm;
-      }
+#endif
+    }
+  } else if (key_type == KT_ECDSA) {
+    switch (version) {
+      case SSL_PROTOCOL_TLS_10:
+      case SSL_PROTOCOL_TLS_11:
+        return kDefaultSslEcCipher10;
+      case SSL_PROTOCOL_TLS_12:
+      default:
+#ifdef OPENSSL_IS_BORINGSSL
+        if (EVP_has_aes_hardware()) {
+          return kDefaultSslEcCipher12;
+        } else {
+          return kDefaultSslEcCipher12NoAesGcm;
+        }
 #else  // !OPENSSL_IS_BORINGSSL
-      return kDefaultSslCipher12;
+        return kDefaultSslEcCipher12;
 #endif
+    }
+  } else {
+    return std::string();
   }
 }
 
 }  // namespace rtc
 
 #endif  // HAVE_OPENSSL_SSL_H