| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 44 | 44 |
| 45 #ifdef HAVE_DTLS_SRTP | 45 #ifdef HAVE_DTLS_SRTP |
| 46 // SRTP cipher suite table | 46 // SRTP cipher suite table |
| 47 struct SrtpCipherMapEntry { | 47 struct SrtpCipherMapEntry { |
| 48 const char* external_name; | 48 const char* external_name; |
| 49 const char* internal_name; | 49 const char* internal_name; |
| 50 }; | 50 }; |
| 51 | 51 |
| 52 // This isn't elegant, but it's better than an external reference | 52 // This isn't elegant, but it's better than an external reference |
| 53 static SrtpCipherMapEntry SrtpCipherMap[] = { | 53 static SrtpCipherMapEntry SrtpCipherMap[] = { |
| 54 {CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"}, | 54 {"AES_CM_128_HMAC_SHA1_80", "SRTP_AES128_CM_SHA1_80"}, |
| 55 {CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"}, | 55 {"AES_CM_128_HMAC_SHA1_32", "SRTP_AES128_CM_SHA1_32"}, |
| 56 {NULL, NULL}}; | 56 {NULL, NULL} |
| 57 }; |
| 57 #endif | 58 #endif |
| 58 | 59 |
| 59 #ifndef OPENSSL_IS_BORINGSSL | 60 #ifndef OPENSSL_IS_BORINGSSL |
| 60 | |
| 61 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. | 61 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. |
| 62 struct SslCipherMapEntry { | 62 struct SslCipherMapEntry { |
| 63 uint32_t openssl_id; | 63 uint32_t openssl_id; |
| 64 const char* rfc_name; | 64 const char* rfc_name; |
| 65 }; | 65 }; |
| 66 | 66 |
| 67 #define DEFINE_CIPHER_ENTRY_SSL3(name) {SSL3_CK_##name, "TLS_"#name} | 67 #define DEFINE_CIPHER_ENTRY_SSL3(name) {SSL3_CK_##name, "TLS_"#name} |
| 68 #define DEFINE_CIPHER_ENTRY_TLS1(name) {TLS1_CK_##name, "TLS_"#name} | 68 #define DEFINE_CIPHER_ENTRY_TLS1(name) {TLS1_CK_##name, "TLS_"#name} |
| 69 | 69 |
| 70 // There currently is no method available to get a RFC-compliant name for a | 70 // There currently is no method available to get a RFC-compliant name for a |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 132 // ECDH GCM based ciphersuites from RFC5289. | 132 // ECDH GCM based ciphersuites from RFC5289. |
| 133 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), | 133 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), |
| 134 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), | 134 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), |
| 135 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256), | 135 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256), |
| 136 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384), | 136 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384), |
| 137 | 137 |
| 138 {0, NULL} | 138 {0, NULL} |
| 139 }; | 139 }; |
| 140 #endif // #ifndef OPENSSL_IS_BORINGSSL | 140 #endif // #ifndef OPENSSL_IS_BORINGSSL |
| 141 | 141 |
| 142 #if defined(_MSC_VER) | |
| 143 #pragma warning(push) | |
| 144 #pragma warning(disable : 4309) | |
| 145 #pragma warning(disable : 4310) | |
| 146 #endif // defined(_MSC_VER) | |
| 147 | |
| 148 // Default cipher used between OpenSSL/BoringSSL stream adapters. | 142 // Default cipher used between OpenSSL/BoringSSL stream adapters. |
| 149 // This needs to be updated when the default of the SSL library changes. | 143 // This needs to be updated when the default of the SSL library changes. |
| 150 // static_cast<uint16_t> causes build warnings on windows platform. | 144 static const char kDefaultSslCipher10[] = |
| 151 static uint16_t kDefaultSslCipher10 = | 145 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; |
| 152 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); | 146 static const char kDefaultSslEcCipher10[] = |
| 153 static uint16_t kDefaultSslEcCipher10 = | 147 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; |
| 154 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); | 148 |
| 155 #ifdef OPENSSL_IS_BORINGSSL | 149 #ifdef OPENSSL_IS_BORINGSSL |
| 156 static uint16_t kDefaultSslCipher12 = | 150 static const char kDefaultSslCipher12[] = |
| 157 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256); | 151 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; |
| 158 static uint16_t kDefaultSslEcCipher12 = | 152 static const char kDefaultSslEcCipher12[] = |
| 159 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256); | 153 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; |
| 160 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. | 154 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. |
| 161 static uint16_t kDefaultSslCipher12NoAesGcm = | 155 static const char kDefaultSslCipher12NoAesGcm[] = |
| 162 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305); | 156 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; |
| 163 static uint16_t kDefaultSslEcCipher12NoAesGcm = | 157 static const char kDefaultSslEcCipher12NoAesGcm[] = |
| 164 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305); | 158 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; |
| 165 #else // !OPENSSL_IS_BORINGSSL | 159 #else // !OPENSSL_IS_BORINGSSL |
| 166 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't | 160 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't |
| 167 // change between TLS 1.0 and TLS 1.2 with the current setup. | 161 // change between TLS 1.0 and TLS 1.2 with the current setup. |
| 168 static uint16_t kDefaultSslCipher12 = | 162 static const char kDefaultSslCipher12[] = |
| 169 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); | 163 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; |
| 170 static uint16_t kDefaultSslEcCipher12 = | 164 static const char kDefaultSslEcCipher12[] = |
| 171 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); | 165 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; |
| 172 #endif | 166 #endif |
| 173 | 167 |
| 174 #if defined(_MSC_VER) | |
| 175 #pragma warning(pop) | |
| 176 #endif // defined(_MSC_VER) | |
| 177 | |
| 178 ////////////////////////////////////////////////////////////////////// | 168 ////////////////////////////////////////////////////////////////////// |
| 179 // StreamBIO | 169 // StreamBIO |
| 180 ////////////////////////////////////////////////////////////////////// | 170 ////////////////////////////////////////////////////////////////////// |
| 181 | 171 |
| 182 static int stream_write(BIO* h, const char* buf, int num); | 172 static int stream_write(BIO* h, const char* buf, int num); |
| 183 static int stream_read(BIO* h, char* buf, int size); | 173 static int stream_read(BIO* h, char* buf, int size); |
| 184 static int stream_puts(BIO* h, const char* str); | 174 static int stream_puts(BIO* h, const char* str); |
| 185 static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2); | 175 static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2); |
| 186 static int stream_new(BIO* h); | 176 static int stream_new(BIO* h); |
| 187 static int stream_free(BIO* data); | 177 static int stream_free(BIO* data); |
| (...skipping 153 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 341 } | 331 } |
| 342 if (expected_len != digest_len) | 332 if (expected_len != digest_len) |
| 343 return false; | 333 return false; |
| 344 | 334 |
| 345 peer_certificate_digest_value_.SetData(digest_val, digest_len); | 335 peer_certificate_digest_value_.SetData(digest_val, digest_len); |
| 346 peer_certificate_digest_algorithm_ = digest_alg; | 336 peer_certificate_digest_algorithm_ = digest_alg; |
| 347 | 337 |
| 348 return true; | 338 return true; |
| 349 } | 339 } |
| 350 | 340 |
| 351 std::string OpenSSLStreamAdapter::GetSslCipherSuiteName(uint16_t cipher) { | 341 #ifndef OPENSSL_IS_BORINGSSL |
| 352 #ifdef OPENSSL_IS_BORINGSSL | 342 const char* OpenSSLStreamAdapter::GetRfcSslCipherName( |
| 353 const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher); | 343 const SSL_CIPHER* cipher) { |
| 354 if (!ssl_cipher) { | |
| 355 return std::string(); | |
| 356 } | |
| 357 char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); | |
| 358 std::string rfc_name = std::string(cipher_name); | |
| 359 OPENSSL_free(cipher_name); | |
| 360 return rfc_name; | |
| 361 #else | |
| 362 ASSERT(cipher != NULL); | 344 ASSERT(cipher != NULL); |
| 363 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; | 345 for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; |
| 364 ++entry) { | 346 ++entry) { |
| 365 if (cipher->id == entry->openssl_id) { | 347 if (cipher->id == entry->openssl_id) { |
| 366 return entry->rfc_name; | 348 return entry->rfc_name; |
| 367 } | 349 } |
| 368 } | 350 } |
| 369 return std::string(); | 351 return NULL; |
| 352 } |
| 370 #endif | 353 #endif |
| 371 } | |
| 372 | 354 |
| 373 bool OpenSSLStreamAdapter::GetSslCipherSuite(uint16_t* cipher) { | 355 bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) { |
| 374 if (state_ != SSL_CONNECTED) | 356 if (state_ != SSL_CONNECTED) |
| 375 return false; | 357 return false; |
| 376 | 358 |
| 377 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); | 359 const SSL_CIPHER* current_cipher = SSL_get_current_cipher(ssl_); |
| 378 if (current_cipher == NULL) { | 360 if (current_cipher == NULL) { |
| 379 return false; | 361 return false; |
| 380 } | 362 } |
| 381 | 363 |
| 382 *cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); | 364 #ifdef OPENSSL_IS_BORINGSSL |
| 365 char* cipher_name = SSL_CIPHER_get_rfc_name(current_cipher); |
| 366 #else |
| 367 const char* cipher_name = GetRfcSslCipherName(current_cipher); |
| 368 #endif |
| 369 if (cipher_name == NULL) { |
| 370 return false; |
| 371 } |
| 372 |
| 373 *cipher = cipher_name; |
| 374 #ifdef OPENSSL_IS_BORINGSSL |
| 375 OPENSSL_free(cipher_name); |
| 376 #endif |
| 383 return true; | 377 return true; |
| 384 } | 378 } |
| 385 | 379 |
| 386 // Key Extractor interface | 380 // Key Extractor interface |
| 387 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, | 381 bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label, |
| 388 const uint8* context, | 382 const uint8* context, |
| 389 size_t context_len, | 383 size_t context_len, |
| 390 bool use_context, | 384 bool use_context, |
| 391 uint8* result, | 385 uint8* result, |
| 392 size_t result_len) { | 386 size_t result_len) { |
| (...skipping 731 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1124 } | 1118 } |
| 1125 | 1119 |
| 1126 bool OpenSSLStreamAdapter::HaveExporter() { | 1120 bool OpenSSLStreamAdapter::HaveExporter() { |
| 1127 #ifdef HAVE_DTLS_SRTP | 1121 #ifdef HAVE_DTLS_SRTP |
| 1128 return true; | 1122 return true; |
| 1129 #else | 1123 #else |
| 1130 return false; | 1124 return false; |
| 1131 #endif | 1125 #endif |
| 1132 } | 1126 } |
| 1133 | 1127 |
| 1134 uint16_t OpenSSLStreamAdapter::GetDefaultSslCipherForTest( | 1128 std::string OpenSSLStreamAdapter::GetDefaultSslCipher( |
| 1135 SSLProtocolVersion version, | 1129 SSLProtocolVersion version, |
| 1136 KeyType key_type) { | 1130 KeyType key_type) { |
| 1137 if (key_type == KT_RSA) { | 1131 if (key_type == KT_RSA) { |
| 1138 switch (version) { | 1132 switch (version) { |
| 1139 case SSL_PROTOCOL_TLS_10: | 1133 case SSL_PROTOCOL_TLS_10: |
| 1140 case SSL_PROTOCOL_TLS_11: | 1134 case SSL_PROTOCOL_TLS_11: |
| 1141 return kDefaultSslCipher10; | 1135 return kDefaultSslCipher10; |
| 1142 case SSL_PROTOCOL_TLS_12: | 1136 case SSL_PROTOCOL_TLS_12: |
| 1143 default: | 1137 default: |
| 1144 #ifdef OPENSSL_IS_BORINGSSL | 1138 #ifdef OPENSSL_IS_BORINGSSL |
| (...skipping 17 matching lines...) Expand all Loading... |
| 1162 if (EVP_has_aes_hardware()) { | 1156 if (EVP_has_aes_hardware()) { |
| 1163 return kDefaultSslEcCipher12; | 1157 return kDefaultSslEcCipher12; |
| 1164 } else { | 1158 } else { |
| 1165 return kDefaultSslEcCipher12NoAesGcm; | 1159 return kDefaultSslEcCipher12NoAesGcm; |
| 1166 } | 1160 } |
| 1167 #else // !OPENSSL_IS_BORINGSSL | 1161 #else // !OPENSSL_IS_BORINGSSL |
| 1168 return kDefaultSslEcCipher12; | 1162 return kDefaultSslEcCipher12; |
| 1169 #endif | 1163 #endif |
| 1170 } | 1164 } |
| 1171 } else { | 1165 } else { |
| 1172 RTC_NOTREACHED(); | 1166 return std::string(); |
| 1173 return kDefaultSslEcCipher12; | |
| 1174 } | 1167 } |
| 1175 } | 1168 } |
| 1176 | 1169 |
| 1177 } // namespace rtc | 1170 } // namespace rtc |
| 1178 | 1171 |
| 1179 #endif // HAVE_OPENSSL_SSL_H | 1172 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1380603005:
Revert of Change WebRTC SslCipher to be exposed as number only. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc@master