webrtc/base/opensslstreamadapter.cc - Issue 1550773002: Update with new default boringssl no-aes cipher suites. Re-enable tests.

Side by Side Diff: webrtc/base/opensslstreamadapter.cc

Issue 1550773002: Update with new default boringssl no-aes cipher suites. Re-enable tests. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master

Patch Set: Support old boringssl versions Created 4 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.	2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.

3 *	3 *

4 * Use of this source code is governed by a BSD-style license	4 * Use of this source code is governed by a BSD-style license

5 * that can be found in the LICENSE file in the root of the source	5 * that can be found in the LICENSE file in the root of the source

6 * tree. An additional intellectual property rights grant can be found	6 * tree. An additional intellectual property rights grant can be found

7 * in the file PATENTS. All contributing project authors may	7 * in the file PATENTS. All contributing project authors may

8 * be found in the AUTHORS file in the root of the source tree.	8 * be found in the AUTHORS file in the root of the source tree.

9 */	9 */

10	10

(...skipping 142 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
153 static int kDefaultSslCipher10 =	153 static int kDefaultSslCipher10 =

154 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA);	154 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA);

155 static int kDefaultSslEcCipher10 =	155 static int kDefaultSslEcCipher10 =

156 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);	156 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);

157 #ifdef OPENSSL_IS_BORINGSSL	157 #ifdef OPENSSL_IS_BORINGSSL

158 static int kDefaultSslCipher12 =	158 static int kDefaultSslCipher12 =

159 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256);	159 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256);

160 static int kDefaultSslEcCipher12 =	160 static int kDefaultSslEcCipher12 =

161 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);	161 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);

162 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable.	162 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable.

163 // TODO(davidben): Switch to the standardized CHACHA20_POLY1305 variant when	163

164 // available.	164 #ifdef TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
	davidben_webrtc 2016/01/06 04:04:44 Do you actually need this? Surely by now DEPS roll Do you actually need this? Surely by now DEPS rolls should be such that you can assume the new one? torbjorng (webrtc) 2016/01/13 13:16:47 OK. I added this to for the benefit of third parti Show quoted text On 2016/01/06 04:04:44, davidben_webrtc wrote: > Do you actually need this? Surely by now DEPS rolls should be such that you can > assume the new one? OK. I added this to for the benefit of third parties I thought may pick up an installed version of boringssl. Reverted back now. davidben_webrtc 2016/01/13 20:42:53 Pre-installed versions of BoringSSL are explicitly Show quoted text On 2016/01/13 13:16:47, torbjorng (webrtc) wrote: > On 2016/01/06 04:04:44, davidben_webrtc wrote: > > Do you actually need this? Surely by now DEPS rolls should be such that you > can > > assume the new one? > > OK. I added this to for the benefit of third parties I thought may pick up an > installed version of boringssl. Reverted back now. Pre-installed versions of BoringSSL are explicitly not supported. The README should be pretty clear on this. It should only be used pinned at particular versions because we don't have any hard promises of ABI/API stability. Just a soft "if every consumer has to change everything all the time, that's kind of annoying" API stability. (Although that soft "stability" is, of course, contingent on consumers not going out of their way to make changing BoringSSL versions hard, as your test seems to be doing. ;-) ) torbjorng (webrtc) 2016/01/14 14:27:09 :-) I cannot take credit for those tests, unfortu Show quoted text On 2016/01/13 20:42:53, davidben_webrtc wrote: > On 2016/01/13 13:16:47, torbjorng (webrtc) wrote: > > On 2016/01/06 04:04:44, davidben_webrtc wrote: > > > Do you actually need this? Surely by now DEPS rolls should be such that you > > can > > > assume the new one? > > > > OK. I added this to for the benefit of third parties I thought may pick up an > > installed version of boringssl. Reverted back now. > > Pre-installed versions of BoringSSL are explicitly not supported. The README > should be pretty clear on this. It should only be used pinned at particular > versions because we don't have any hard promises of ABI/API stability. Just a > soft "if every consumer has to change everything all the time, that's kind of > annoying" API stability. > > (Although that soft "stability" is, of course, contingent on consumers not going > out of their way to make changing BoringSSL versions hard, as your test seems to > be doing. ;-) ) :-) I cannot take credit for those tests, unfortunately/fortunately.
	165 // This was added in boringssl 13414b3a048f17074253d23d03c0ab97c49b54e2,

	166 // changing the fallback. For now, support old boringssl versions.

	167 static int kDefaultSslCipher12NoAesGcm =

	168 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
	davidben_webrtc 2016/01/06 04:04:44 So, this is fine, but it seems poor that you'd nee So, this is fine, but it seems poor that you'd need to be so over-fit to BoringSSL's defaults. Why even have the test at all? (There's some chance we'll have a last-minute change to this too since the IETF's been mumbling about switching the PRF from SHA256 to SHA384 or something.) torbjorng (webrtc) 2016/01/13 13:16:47 We might want to clean this up at some point, as w Show quoted text On 2016/01/06 04:04:44, davidben_webrtc wrote: > So, this is fine, but it seems poor that you'd need to be so over-fit to > BoringSSL's defaults. Why even have the test at all? (There's some chance we'll > have a last-minute change to this too since the IETF's been mumbling about > switching the PRF from SHA256 to SHA384 or something.) We might want to clean this up at some point, as well as other parts of the tests. davidben_webrtc 2016/01/13 20:42:53 Yeah, I would definitely ask that you change this, Show quoted text On 2016/01/13 13:16:47, torbjorng (webrtc) wrote: > On 2016/01/06 04:04:44, davidben_webrtc wrote: > > So, this is fine, but it seems poor that you'd need to be so over-fit to > > BoringSSL's defaults. Why even have the test at all? (There's some chance > we'll > > have a last-minute change to this too since the IETF's been mumbling about > > switching the PRF from SHA256 to SHA384 or something.) > > We might want to clean this up at some point, as well as other parts of the > tests. Yeah, I would definitely ask that you change this, though I'm fine with this CL as-is and then you unravel that check as a follow-up. Otherwise we'll probably play this game again and again in the future. torbjorng (webrtc) 2016/01/14 14:27:09 I suppose somebody added these tests as a test of Show quoted text On 2016/01/13 20:42:53, davidben_webrtc wrote: > On 2016/01/13 13:16:47, torbjorng (webrtc) wrote: > > On 2016/01/06 04:04:44, davidben_webrtc wrote: > > > So, this is fine, but it seems poor that you'd need to be so over-fit to > > > BoringSSL's defaults. Why even have the test at all? (There's some chance > > we'll > > > have a last-minute change to this too since the IETF's been mumbling about > > > switching the PRF from SHA256 to SHA384 or something.) > > > > We might want to clean this up at some point, as well as other parts of the > > tests. > > Yeah, I would definitely ask that you change this, though I'm fine with this CL > as-is and then you unravel that check as a follow-up. Otherwise we'll probably > play this game again and again in the future. I suppose somebody added these tests as a test of sanity, and while it has the now observed disadvantage, sanity checks have their obvious advantages. A better test would be "did we get a reasonably strong cipher suite?" as default.
	169 #else

165 static int kDefaultSslCipher12NoAesGcm =	170 static int kDefaultSslCipher12NoAesGcm =

166 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD);	171 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD);

	172 #endif

	173

	174 #ifdef TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256

	175 // This was added in boringssl 13414b3a048f17074253d23d03c0ab97c49b54e2,

	176 // changing the fallback. For now, support old boringssl versions.

	177 static int kDefaultSslEcCipher12NoAesGcm =

	178 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);

	179 #else

167 static int kDefaultSslEcCipher12NoAesGcm =	180 static int kDefaultSslEcCipher12NoAesGcm =

168 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD);	181 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD);

	182 #endif

	183

169 #else // !OPENSSL_IS_BORINGSSL	184 #else // !OPENSSL_IS_BORINGSSL

170 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't	185 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't

171 // change between TLS 1.0 and TLS 1.2 with the current setup.	186 // change between TLS 1.0 and TLS 1.2 with the current setup.

172 static int kDefaultSslCipher12 =	187 static int kDefaultSslCipher12 =

173 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA);	188 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA);

174 static int kDefaultSslEcCipher12 =	189 static int kDefaultSslEcCipher12 =

175 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);	190 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);

176 #endif	191 #endif // OPENSSL_IS_BORINGSSL

177	192

178 #if defined(_MSC_VER)	193 #if defined(_MSC_VER)

179 #pragma warning(pop)	194 #pragma warning(pop)

180 #endif // defined(_MSC_VER)	195 #endif // defined(_MSC_VER)

181	196

182 //////////////////////////////////////////////////////////////////////	197 //////////////////////////////////////////////////////////////////////

183 // StreamBIO	198 // StreamBIO

184 //////////////////////////////////////////////////////////////////////	199 //////////////////////////////////////////////////////////////////////

185	200

186 static int stream_write(BIO* h, const char* buf, int num);	201 static int stream_write(BIO* h, const char* buf, int num);

(...skipping 976 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1163 }	1178 }

1164 } else {	1179 } else {

1165 RTC_NOTREACHED();	1180 RTC_NOTREACHED();

1166 return kDefaultSslEcCipher12;	1181 return kDefaultSslEcCipher12;

1167 }	1182 }

1168 }	1183 }

1169	1184

1170 } // namespace rtc	1185 } // namespace rtc

1171	1186

1172 #endif // HAVE_OPENSSL_SSL_H	1187 #endif // HAVE_OPENSSL_SSL_H

OLD	NEW

« no previous file with comments | « talk/app/webrtc/peerconnection_unittest.cc ('k') | webrtc/base/sslstreamadapter_unittest.cc » ('j') | no next file with comments »