Change DTLS default from 1.0 to 1.2 for webrtc.

webrtc/base/opensslstreamadapter.cc

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
 #if HAVE_CONFIG_H
 #include "config.h"
 #endif  // HAVE_CONFIG_H
 
 #if HAVE_OPENSSL_SSL_H
 
 #include "webrtc/base/opensslstreamadapter.h"
 
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/tls1.h>
 #include <openssl/x509v3.h>
 
 #include <vector>
 
+#include "webrtc/base/checks.h"
 #include "webrtc/base/common.h"
 #include "webrtc/base/logging.h"
 #include "webrtc/base/safe_conversions.h"
 #include "webrtc/base/stream.h"
 #include "webrtc/base/openssl.h"
 #include "webrtc/base/openssladapter.h"
 #include "webrtc/base/openssldigest.h"
 #include "webrtc/base/opensslidentity.h"
 #include "webrtc/base/stringutils.h"
 #include "webrtc/base/thread.h"
@@ skipping 117 matching lines @@
 static int kDefaultSslEcCipher10 =
     static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
 #ifdef OPENSSL_IS_BORINGSSL
 static int kDefaultSslCipher12 =
     static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
 static int kDefaultSslEcCipher12 =
     static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable.
 // TODO(davidben): Switch to the standardized CHACHA20_POLY1305 variant when
 // available.
+static int kDefaultSslCipher12NoAesGcmNonStandard =
+    static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD);
+static int kDefaultSslEcCipher12NoAesGcmNonStandard =
+    static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD);
 static int kDefaultSslCipher12NoAesGcm =
-    static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD);
+    static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
 static int kDefaultSslEcCipher12NoAesGcm =
-    static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD);
+    static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
 #else  // !OPENSSL_IS_BORINGSSL
 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't
 // change between TLS 1.0 and TLS 1.2 with the current setup.
 static int kDefaultSslCipher12 =
     static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA);
 static int kDefaultSslEcCipher12 =
     static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
 #endif
 
 #if defined(_MSC_VER)
@@ skipping 115 matching lines @@
 }
 
 /////////////////////////////////////////////////////////////////////////////
 // OpenSSLStreamAdapter
 /////////////////////////////////////////////////////////////////////////////
 
 OpenSSLStreamAdapter::OpenSSLStreamAdapter(StreamInterface* stream)
     : SSLStreamAdapter(stream),
       state_(SSL_NONE),
       role_(SSL_CLIENT),
-      ssl_read_needs_write_(false), ssl_write_needs_read_(false),
-      ssl_(NULL), ssl_ctx_(NULL),
+      ssl_read_needs_write_(false),
+      ssl_write_needs_read_(false),
+      ssl_(NULL),
+      ssl_ctx_(NULL),
       custom_verification_succeeded_(false),
       ssl_mode_(SSL_MODE_TLS),
-      ssl_max_version_(SSL_PROTOCOL_TLS_11) {
-}
+      ssl_max_version_(SSL_PROTOCOL_TLS_12) {}
 
 OpenSSLStreamAdapter::~OpenSSLStreamAdapter() {
   Cleanup();
 }
 
 void OpenSSLStreamAdapter::SetIdentity(SSLIdentity* identity) {
   ASSERT(!identity_);
   identity_.reset(static_cast<OpenSSLIdentity*>(identity));
 }
 
@@ skipping 811 matching lines @@
     switch (version) {
       case SSL_PROTOCOL_TLS_10:
       case SSL_PROTOCOL_TLS_11:
         return kDefaultSslCipher10;
       case SSL_PROTOCOL_TLS_12:
       default:
 #ifdef OPENSSL_IS_BORINGSSL
         if (EVP_has_aes_hardware()) {
           return kDefaultSslCipher12;
         } else {
-          return kDefaultSslCipher12NoAesGcm;
+          if (EVP_aead_chacha20_poly1305()) {
+            return kDefaultSslCipher12NoAesGcm;
+          } else {
+            RTC_CHECK(EVP_aead_chacha20_poly1305_old());
+            return kDefaultSslCipher12NoAesGcmNonStandard;
+          }

[davidben_webrtc, 2016/01/11 21:10:55]

Eh? Both of these functions will only ever return non-null or be a compile
error. That's not how this works. They morally should be constants but OpenSSL
historically had some problems exporting constants out of shared libraries on
some platforms.

As I said on https://codereview.webrtc.org/1550773002/, you should get rid of
these tests as they're really not helpful. They only serve to make things harder
for everyone when I make BoringSSL changes.

         }
 #else  // !OPENSSL_IS_BORINGSSL
         return kDefaultSslCipher12;
 #endif
     }
   } else if (key_type == KT_ECDSA) {
     switch (version) {
       case SSL_PROTOCOL_TLS_10:
       case SSL_PROTOCOL_TLS_11:
         return kDefaultSslEcCipher10;
       case SSL_PROTOCOL_TLS_12:
       default:
 #ifdef OPENSSL_IS_BORINGSSL
         if (EVP_has_aes_hardware()) {
           return kDefaultSslEcCipher12;
         } else {
-          return kDefaultSslEcCipher12NoAesGcm;
+          if (EVP_aead_chacha20_poly1305()) {
+            return kDefaultSslEcCipher12NoAesGcm;
+          } else {
+            RTC_CHECK(EVP_aead_chacha20_poly1305_old());
+            return kDefaultSslEcCipher12NoAesGcmNonStandard;
+          }
         }
 #else  // !OPENSSL_IS_BORINGSSL
         return kDefaultSslEcCipher12;
 #endif
     }
   } else {
     RTC_NOTREACHED();
     return kDefaultSslEcCipher12;
   }
 }
 
 }  // namespace rtc
 
 #endif  // HAVE_OPENSSL_SSL_H