OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
153 static int kDefaultSslCipher10 = | 153 static int kDefaultSslCipher10 = |
154 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); | 154 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); |
155 static int kDefaultSslEcCipher10 = | 155 static int kDefaultSslEcCipher10 = |
156 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); | 156 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); |
157 #ifdef OPENSSL_IS_BORINGSSL | 157 #ifdef OPENSSL_IS_BORINGSSL |
158 static int kDefaultSslCipher12 = | 158 static int kDefaultSslCipher12 = |
159 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256); | 159 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256); |
160 static int kDefaultSslEcCipher12 = | 160 static int kDefaultSslEcCipher12 = |
161 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256); | 161 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256); |
162 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. | 162 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. |
163 // TODO(davidben): Switch to the standardized CHACHA20_POLY1305 variant when | 163 |
164 // available. | 164 #ifdef TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
davidben_webrtc
2016/01/06 04:04:44
Do you actually need this? Surely by now DEPS roll
torbjorng (webrtc)
2016/01/13 13:16:47
OK. I added this to for the benefit of third parti
davidben_webrtc
2016/01/13 20:42:53
Pre-installed versions of BoringSSL are explicitly
torbjorng (webrtc)
2016/01/14 14:27:09
:-)
I cannot take credit for those tests, unfortu
| |
165 // This was added in boringssl 13414b3a048f17074253d23d03c0ab97c49b54e2, | |
166 // changing the fallback. For now, support old boringssl versions. | |
167 static int kDefaultSslCipher12NoAesGcm = | |
168 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256); | |
davidben_webrtc
2016/01/06 04:04:44
So, this is fine, but it seems poor that you'd nee
torbjorng (webrtc)
2016/01/13 13:16:47
We might want to clean this up at some point, as w
davidben_webrtc
2016/01/13 20:42:53
Yeah, I would definitely ask that you change this,
torbjorng (webrtc)
2016/01/14 14:27:09
I suppose somebody added these tests as a test of
| |
169 #else | |
165 static int kDefaultSslCipher12NoAesGcm = | 170 static int kDefaultSslCipher12NoAesGcm = |
166 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD); | 171 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD); |
172 #endif | |
173 | |
174 #ifdef TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | |
175 // This was added in boringssl 13414b3a048f17074253d23d03c0ab97c49b54e2, | |
176 // changing the fallback. For now, support old boringssl versions. | |
177 static int kDefaultSslEcCipher12NoAesGcm = | |
178 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256); | |
179 #else | |
167 static int kDefaultSslEcCipher12NoAesGcm = | 180 static int kDefaultSslEcCipher12NoAesGcm = |
168 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD); | 181 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD); |
182 #endif | |
183 | |
169 #else // !OPENSSL_IS_BORINGSSL | 184 #else // !OPENSSL_IS_BORINGSSL |
170 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't | 185 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't |
171 // change between TLS 1.0 and TLS 1.2 with the current setup. | 186 // change between TLS 1.0 and TLS 1.2 with the current setup. |
172 static int kDefaultSslCipher12 = | 187 static int kDefaultSslCipher12 = |
173 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); | 188 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); |
174 static int kDefaultSslEcCipher12 = | 189 static int kDefaultSslEcCipher12 = |
175 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); | 190 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); |
176 #endif | 191 #endif // OPENSSL_IS_BORINGSSL |
177 | 192 |
178 #if defined(_MSC_VER) | 193 #if defined(_MSC_VER) |
179 #pragma warning(pop) | 194 #pragma warning(pop) |
180 #endif // defined(_MSC_VER) | 195 #endif // defined(_MSC_VER) |
181 | 196 |
182 ////////////////////////////////////////////////////////////////////// | 197 ////////////////////////////////////////////////////////////////////// |
183 // StreamBIO | 198 // StreamBIO |
184 ////////////////////////////////////////////////////////////////////// | 199 ////////////////////////////////////////////////////////////////////// |
185 | 200 |
186 static int stream_write(BIO* h, const char* buf, int num); | 201 static int stream_write(BIO* h, const char* buf, int num); |
(...skipping 976 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1163 } | 1178 } |
1164 } else { | 1179 } else { |
1165 RTC_NOTREACHED(); | 1180 RTC_NOTREACHED(); |
1166 return kDefaultSslEcCipher12; | 1181 return kDefaultSslEcCipher12; |
1167 } | 1182 } |
1168 } | 1183 } |
1169 | 1184 |
1170 } // namespace rtc | 1185 } // namespace rtc |
1171 | 1186 |
1172 #endif // HAVE_OPENSSL_SSL_H | 1187 #endif // HAVE_OPENSSL_SSL_H |
OLD | NEW |