Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(283)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: webrtc/base/nssstreamadapter.cc

Issue 1189583002: Support generation of EC keys using P256 curve and support ECDSA certs. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: rebase, glue to hbos's changes Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « webrtc/base/nssstreamadapter.h ('k') | webrtc/base/opensslidentity.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webrtc/base/nssstreamadapter.cc
diff --git a/webrtc/base/nssstreamadapter.cc b/webrtc/base/nssstreamadapter.cc
index 22f2a2e2f47e203e43a1ff9e5d0843e97bd5251a..2e78adfc0e2ae9ec994c63d6ccd9018067c5eca1 100644
--- a/webrtc/base/nssstreamadapter.cc
+++ b/webrtc/base/nssstreamadapter.cc
@@ -68,9 +68,10 @@ static const SrtpCipherMapEntry kSrtpCipherMap[] = {
// Ciphers to enable to get ECDHE encryption with endpoints that support it.
static const uint32_t kEnabledCiphers[] = {
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-};
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256};
// Default cipher used between NSS stream adapters.
// This needs to be updated when the default of the SSL library changes.
@@ -78,7 +79,10 @@ static const char kDefaultSslCipher10[] =
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
static const char kDefaultSslCipher12[] =
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
-
+static const char kDefaultSslEcCipher10[] =
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
+static const char kDefaultSslEcCipher12[] =
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
// Implementation of NSPR methods
static PRStatus StreamClose(PRFileDesc *socket) {
@@ -495,7 +499,7 @@ int NSSStreamAdapter::BeginSSL() {
}
rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(),
identity->keypair()->privkey(),
- kt_rsa);
+ identity->keypair()->ssl_kea_type());
if (rv != SECSuccess) {
Error("BeginSSL", -1, false);
return -1;
@@ -1093,14 +1097,28 @@ bool NSSStreamAdapter::HaveExporter() {
return true;
}
-std::string NSSStreamAdapter::GetDefaultSslCipher(SSLProtocolVersion version) {
- switch (version) {
- case SSL_PROTOCOL_TLS_10:
- case SSL_PROTOCOL_TLS_11:
- return kDefaultSslCipher10;
- case SSL_PROTOCOL_TLS_12:
- default:
- return kDefaultSslCipher12;
+std::string NSSStreamAdapter::GetDefaultSslCipher(SSLProtocolVersion version,
+ KeyType key_type) {
+ if (key_type == KT_RSA) {
+ switch (version) {
+ case SSL_PROTOCOL_TLS_10:
+ case SSL_PROTOCOL_TLS_11:
+ return kDefaultSslCipher10;
+ case SSL_PROTOCOL_TLS_12:
+ default:
+ return kDefaultSslCipher12;
+ }
+ } else if (key_type == KT_ECDSA) {
+ switch (version) {
+ case SSL_PROTOCOL_TLS_10:
+ case SSL_PROTOCOL_TLS_11:
+ return kDefaultSslEcCipher10;
+ case SSL_PROTOCOL_TLS_12:
+ default:
+ return kDefaultSslEcCipher12;
+ }
+ } else {
+ return std::string();
}
}
« no previous file with comments | « webrtc/base/nssstreamadapter.h ('k') | webrtc/base/opensslidentity.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698