Chromium Code Reviews Chromium Code Reviews
Issue 1589493004:
Update with new default boringssl no-aes cipher suites and re-enable many tests. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 153 static int kDefaultSslCipher10 = | 153 static int kDefaultSslCipher10 = |
| 154 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); | 154 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); |
| 155 static int kDefaultSslEcCipher10 = | 155 static int kDefaultSslEcCipher10 = |
| 156 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); | 156 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); |
| 157 #ifdef OPENSSL_IS_BORINGSSL | 157 #ifdef OPENSSL_IS_BORINGSSL |
| 158 static int kDefaultSslCipher12 = | 158 static int kDefaultSslCipher12 = |
| 159 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256); | 159 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256); |
| 160 static int kDefaultSslEcCipher12 = | 160 static int kDefaultSslEcCipher12 = |
| 161 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256); | 161 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256); |
| 162 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. | 162 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. |
| 163 // TODO(davidben): Switch to the standardized CHACHA20_POLY1305 variant when | 163 |
| 164 // available. | 164 #ifdef TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
| 165 // This ciphersuite was added in boringssl 13414b3a..., changing the fallback | |
| 166 // ciphersuite. For compatibility during a transitional period, support old | |
| 167 // boringssl versions. TODO(torbjorng): Remove this. | |
|
tommi
2016/01/15 14:39:19
nit: Move the todo to a separate line. (same below
| |
| 168 static int kDefaultSslCipher12NoAesGcm = | |
| 169 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256); | |
| 170 #else | |
| 165 static int kDefaultSslCipher12NoAesGcm = | 171 static int kDefaultSslCipher12NoAesGcm = |
| 166 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD); | 172 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD); |
| 173 #endif | |
| 174 | |
| 175 #ifdef TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 | |
| 176 // This ciphersuite was added in boringssl 13414b3a..., changing the fallback | |
| 177 // ciphersuite. For compatibility during a transitional period, support old | |
| 178 // boringssl versions. TODO(torbjorng): Remove this. | |
| 179 static int kDefaultSslEcCipher12NoAesGcm = | |
| 180 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256); | |
| 181 #else | |
| 167 static int kDefaultSslEcCipher12NoAesGcm = | 182 static int kDefaultSslEcCipher12NoAesGcm = |
| 168 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD); | 183 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD); |
| 184 #endif | |
| 185 | |
| 169 #else // !OPENSSL_IS_BORINGSSL | 186 #else // !OPENSSL_IS_BORINGSSL |
| 170 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't | 187 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't |
| 171 // change between TLS 1.0 and TLS 1.2 with the current setup. | 188 // change between TLS 1.0 and TLS 1.2 with the current setup. |
| 172 static int kDefaultSslCipher12 = | 189 static int kDefaultSslCipher12 = |
| 173 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); | 190 static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA); |
| 174 static int kDefaultSslEcCipher12 = | 191 static int kDefaultSslEcCipher12 = |
| 175 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); | 192 static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA); |
| 176 #endif | 193 #endif // OPENSSL_IS_BORINGSSL |
| 177 | 194 |
| 178 #if defined(_MSC_VER) | 195 #if defined(_MSC_VER) |
| 179 #pragma warning(pop) | 196 #pragma warning(pop) |
| 180 #endif // defined(_MSC_VER) | 197 #endif // defined(_MSC_VER) |
| 181 | 198 |
| 182 ////////////////////////////////////////////////////////////////////// | 199 ////////////////////////////////////////////////////////////////////// |
| 183 // StreamBIO | 200 // StreamBIO |
| 184 ////////////////////////////////////////////////////////////////////// | 201 ////////////////////////////////////////////////////////////////////// |
| 185 | 202 |
| 186 static int stream_write(BIO* h, const char* buf, int num); | 203 static int stream_write(BIO* h, const char* buf, int num); |
| (...skipping 977 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1164 } | 1181 } |
| 1165 } else { | 1182 } else { |
| 1166 RTC_NOTREACHED(); | 1183 RTC_NOTREACHED(); |
| 1167 return kDefaultSslEcCipher12; | 1184 return kDefaultSslEcCipher12; |
| 1168 } | 1185 } |
| 1169 } | 1186 } |
| 1170 | 1187 |
| 1171 } // namespace rtc | 1188 } // namespace rtc |
| 1172 | 1189 |
| 1173 #endif // HAVE_OPENSSL_SSL_H | 1190 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
