OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
141 | 141 |
142 #if defined(_MSC_VER) | 142 #if defined(_MSC_VER) |
143 #pragma warning(push) | 143 #pragma warning(push) |
144 #pragma warning(disable : 4309) | 144 #pragma warning(disable : 4309) |
145 #pragma warning(disable : 4310) | 145 #pragma warning(disable : 4310) |
146 #endif // defined(_MSC_VER) | 146 #endif // defined(_MSC_VER) |
147 | 147 |
148 // Default cipher used between OpenSSL/BoringSSL stream adapters. | 148 // Default cipher used between OpenSSL/BoringSSL stream adapters. |
149 // This needs to be updated when the default of the SSL library changes. | 149 // This needs to be updated when the default of the SSL library changes. |
150 // static_cast<uint16_t> causes build warnings on windows platform. | 150 // static_cast<uint16_t> causes build warnings on windows platform. |
151 static uint16_t kDefaultSslCipher10 = | 151 static int kDefaultSslCipher10 = |
152 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); | 152 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); |
153 static uint16_t kDefaultSslEcCipher10 = | 153 static int kDefaultSslEcCipher10 = |
154 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); | 154 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); |
155 #ifdef OPENSSL_IS_BORINGSSL | 155 #ifdef OPENSSL_IS_BORINGSSL |
156 static uint16_t kDefaultSslCipher12 = | 156 static int kDefaultSslCipher12 = |
157 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256); | 157 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256); |
158 static uint16_t kDefaultSslEcCipher12 = | 158 static int kDefaultSslEcCipher12 = |
159 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256); | 159 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256); |
160 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. | 160 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. |
161 static uint16_t kDefaultSslCipher12NoAesGcm = | 161 static int kDefaultSslCipher12NoAesGcm = |
162 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305); | 162 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305); |
163 static uint16_t kDefaultSslEcCipher12NoAesGcm = | 163 static int kDefaultSslEcCipher12NoAesGcm = |
164 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305); | 164 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305); |
165 #else // !OPENSSL_IS_BORINGSSL | 165 #else // !OPENSSL_IS_BORINGSSL |
166 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't | 166 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't |
167 // change between TLS 1.0 and TLS 1.2 with the current setup. | 167 // change between TLS 1.0 and TLS 1.2 with the current setup. |
168 static uint16_t kDefaultSslCipher12 = | 168 static int kDefaultSslCipher12 = |
169 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); | 169 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); |
170 static uint16_t kDefaultSslEcCipher12 = | 170 static int kDefaultSslEcCipher12 = |
171 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); | 171 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); |
172 #endif | 172 #endif |
173 | 173 |
174 #if defined(_MSC_VER) | 174 #if defined(_MSC_VER) |
175 #pragma warning(pop) | 175 #pragma warning(pop) |
176 #endif // defined(_MSC_VER) | 176 #endif // defined(_MSC_VER) |
177 | 177 |
178 ////////////////////////////////////////////////////////////////////// | 178 ////////////////////////////////////////////////////////////////////// |
179 // StreamBIO | 179 // StreamBIO |
180 ////////////////////////////////////////////////////////////////////// | 180 ////////////////////////////////////////////////////////////////////// |
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
341 } | 341 } |
342 if (expected_len != digest_len) | 342 if (expected_len != digest_len) |
343 return false; | 343 return false; |
344 | 344 |
345 peer_certificate_digest_value_.SetData(digest_val, digest_len); | 345 peer_certificate_digest_value_.SetData(digest_val, digest_len); |
346 peer_certificate_digest_algorithm_ = digest_alg; | 346 peer_certificate_digest_algorithm_ = digest_alg; |
347 | 347 |
348 return true; | 348 return true; |
349 } | 349 } |
350 | 350 |
351 std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(uint16_t cipher) { | 351 std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(int cipher) { |
352 #ifdef OPENSSL_IS_BORINGSSL | 352 #ifdef OPENSSL_IS_BORINGSSL |
353 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher); | 353 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher); |
354 if (!ssl_cipher) { | 354 if (!ssl_cipher) { |
355 return std::string(); | 355 return std::string(); |
356 } | 356 } |
357 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); | 357 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); |
358 std::string rfc_name = std::string(cipher_name); | 358 std::string rfc_name = std::string(cipher_name); |
359 OPENSSL_free(cipher_name); | 359 OPENSSL_free(cipher_name); |
360 return rfc_name; | 360 return rfc_name; |
361 #else | 361 #else |
362 ASSERT(cipher != NULL); | 362 ASSERT(cipher != NULL); |
363 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; | 363 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; |
364 ++entry) { | 364 ++entry) { |
365 if (cipher->id == entry->openssl_id) { | 365 if (cipher->id == entry->openssl_id) { |
366 return entry->rfc_name; | 366 return entry->rfc_name; |
367 } | 367 } |
368 } | 368 } |
369 return std::string(); | 369 return std::string(); |
370 #endif | 370 #endif |
371 } | 371 } |
372 | 372 |
373 bool OpenSSLStreamAdapter::GetSslCipherSuite(uint16_t* cipher) { | 373 bool OpenSSLStreamAdapter::GetSslCipherSuite(int* cipher) { |
374 if (state_ != SSL_CONNECTED) | 374 if (state_ != SSL_CONNECTED) |
375 return false; | 375 return false; |
376 | 376 |
377 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); | 377 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); |
378 if (current_cipher == NULL) { | 378 if (current_cipher == NULL) { |
379 return false; | 379 return false; |
380 } | 380 } |
381 | 381 |
382 *cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); | 382 *cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); |
383 return true; | 383 return true; |
(...skipping 740 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1124 } | 1124 } |
1125 | 1125 |
1126 bool OpenSSLStreamAdapter::HaveExporter() { | 1126 bool OpenSSLStreamAdapter::HaveExporter() { |
1127 #ifdef HAVE_DTLS_SRTP | 1127 #ifdef HAVE_DTLS_SRTP |
1128 return true; | 1128 return true; |
1129 #else | 1129 #else |
1130 return false; | 1130 return false; |
1131 #endif | 1131 #endif |
1132 } | 1132 } |
1133 | 1133 |
1134 uint16_t OpenSSLStreamAdapter::GetDefaultSslCipherForTest( | 1134 int OpenSSLStreamAdapter::GetDefaultSslCipherForTest(SSLProtocolVersion version, |
1135 SSLProtocolVersion version, | 1135 KeyType key_type) { |
1136 KeyType key_type) { | |
1137 if (key_type == KT_RSA) { | 1136 if (key_type == KT_RSA) { |
1138 switch (version) { | 1137 switch (version) { |
1139 case SSL_PROTOCOL_TLS_10: | 1138 case SSL_PROTOCOL_TLS_10: |
1140 case SSL_PROTOCOL_TLS_11: | 1139 case SSL_PROTOCOL_TLS_11: |
1141 return kDefaultSslCipher10; | 1140 return kDefaultSslCipher10; |
1142 case SSL_PROTOCOL_TLS_12: | 1141 case SSL_PROTOCOL_TLS_12: |
1143 default: | 1142 default: |
1144 #ifdef OPENSSL_IS_BORINGSSL | 1143 #ifdef OPENSSL_IS_BORINGSSL |
1145 if (EVP_has_aes_hardware()) { | 1144 if (EVP_has_aes_hardware()) { |
1146 return kDefaultSslCipher12; | 1145 return kDefaultSslCipher12; |
(...skipping 23 matching lines...) Expand all Loading... |
1170 } | 1169 } |
1171 } else { | 1170 } else { |
1172 RTC_NOTREACHED(); | 1171 RTC_NOTREACHED(); |
1173 return kDefaultSslEcCipher12; | 1172 return kDefaultSslEcCipher12; |
1174 } | 1173 } |
1175 } | 1174 } |
1176 | 1175 |
1177 } // namespace rtc | 1176 } // namespace rtc |
1178 | 1177 |
1179 #endif // HAVE_OPENSSL_SSL_H | 1178 #endif // HAVE_OPENSSL_SSL_H |
OLD | NEW |