| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 1129 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1140 } | 1140 } |
| 1141 | 1141 |
| 1142 bool OpenSSLStreamAdapter::HaveExporter() { | 1142 bool OpenSSLStreamAdapter::HaveExporter() { |
| 1143 #ifdef HAVE_DTLS_SRTP | 1143 #ifdef HAVE_DTLS_SRTP |
| 1144 return true; | 1144 return true; |
| 1145 #else | 1145 #else |
| 1146 return false; | 1146 return false; |
| 1147 #endif | 1147 #endif |
| 1148 } | 1148 } |
| 1149 | 1149 |
| 1150 // TODO(torbjorng): Remove. |
| 1150 int OpenSSLStreamAdapter::GetDefaultSslCipherForTest(SSLProtocolVersion version, | 1151 int OpenSSLStreamAdapter::GetDefaultSslCipherForTest(SSLProtocolVersion version, |
| 1151 KeyType key_type) { | 1152 KeyType key_type) { |
| 1152 if (key_type == KT_RSA) { | 1153 if (key_type == KT_RSA) { |
| 1153 switch (version) { | 1154 switch (version) { |
| 1154 case SSL_PROTOCOL_TLS_10: | 1155 case SSL_PROTOCOL_TLS_10: |
| 1155 case SSL_PROTOCOL_TLS_11: | 1156 case SSL_PROTOCOL_TLS_11: |
| 1156 return kDefaultSslCipher10; | 1157 return kDefaultSslCipher10; |
| 1157 case SSL_PROTOCOL_TLS_12: | 1158 case SSL_PROTOCOL_TLS_12: |
| 1158 default: | 1159 default: |
| 1159 #ifdef OPENSSL_IS_BORINGSSL | 1160 #ifdef OPENSSL_IS_BORINGSSL |
| (...skipping 22 matching lines...) Expand all Loading... |
| 1182 #else // !OPENSSL_IS_BORINGSSL | 1183 #else // !OPENSSL_IS_BORINGSSL |
| 1183 return kDefaultSslEcCipher12; | 1184 return kDefaultSslEcCipher12; |
| 1184 #endif | 1185 #endif |
| 1185 } | 1186 } |
| 1186 } else { | 1187 } else { |
| 1187 RTC_NOTREACHED(); | 1188 RTC_NOTREACHED(); |
| 1188 return kDefaultSslEcCipher12; | 1189 return kDefaultSslEcCipher12; |
| 1189 } | 1190 } |
| 1190 } | 1191 } |
| 1191 | 1192 |
| 1193 #define CDEF(X) \ |
| 1194 { static_cast<uint16_t>(TLS1_CK_##X & 0xffff), "TLS_" #X } |
| 1195 |
| 1196 struct cipher_list { |
| 1197 uint16_t cipher; |
| 1198 const char* cipher_str; |
| 1199 }; |
| 1200 |
| 1201 // TODO(torbjorng): Add more cipher suites to these lists. |
| 1202 static const cipher_list OK_RSA_ciphers[] = { |
| 1203 CDEF(ECDHE_RSA_WITH_AES_128_CBC_SHA), |
| 1204 CDEF(ECDHE_RSA_WITH_AES_256_CBC_SHA), |
| 1205 CDEF(ECDHE_RSA_WITH_AES_128_GCM_SHA256), |
| 1206 #ifdef TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA256 |
| 1207 CDEF(ECDHE_RSA_WITH_AES_256_GCM_SHA256), |
| 1208 #endif |
| 1209 CDEF(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), |
| 1210 }; |
| 1211 |
| 1212 static const cipher_list OK_ECDSA_ciphers[] = { |
| 1213 CDEF(ECDHE_ECDSA_WITH_AES_128_CBC_SHA), |
| 1214 CDEF(ECDHE_ECDSA_WITH_AES_256_CBC_SHA), |
| 1215 CDEF(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), |
| 1216 #ifdef TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256 |
| 1217 CDEF(ECDHE_ECDSA_WITH_AES_256_GCM_SHA256), |
| 1218 #endif |
| 1219 CDEF(ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), |
| 1220 }; |
| 1221 |
| 1222 bool OpenSSLStreamAdapter::IsAcceptableCipher(int cipher, |
| 1223 SSLProtocolVersion version, |
| 1224 KeyType key_type) { |
| 1225 if (key_type == KT_RSA) { |
| 1226 for (const cipher_list &c : OK_RSA_ciphers) { |
| 1227 if (cipher == c.cipher) |
| 1228 return true; |
| 1229 } |
| 1230 } |
| 1231 |
| 1232 if (key_type == KT_ECDSA) { |
| 1233 for (const cipher_list &c : OK_ECDSA_ciphers) { |
| 1234 if (cipher == c.cipher) |
| 1235 return true; |
| 1236 } |
| 1237 } |
| 1238 |
| 1239 // TODO(torbjorng): Remove before landing. |
| 1240 LOG(LS_ERROR) << "Attempted use of truly terrible cipher suite: " |
| 1241 << OpenSSLStreamAdapter::SslCipherSuiteToName(cipher) << "(" |
| 1242 << cipher << ")"; |
| 1243 return false; |
| 1244 } |
| 1245 |
| 1246 bool OpenSSLStreamAdapter::IsAcceptableCipher(std::string cipher, |
| 1247 SSLProtocolVersion version, |
| 1248 KeyType key_type) { |
| 1249 if (key_type == KT_RSA) { |
| 1250 for (const cipher_list &c : OK_RSA_ciphers) { |
| 1251 if (cipher == c.cipher_str) |
| 1252 return true; |
| 1253 } |
| 1254 } |
| 1255 |
| 1256 if (key_type == KT_ECDSA) { |
| 1257 for (const cipher_list &c : OK_ECDSA_ciphers) { |
| 1258 if (cipher == c.cipher_str) |
| 1259 return true; |
| 1260 } |
| 1261 } |
| 1262 |
| 1263 // TODO(torbjorng): Remove before landing. |
| 1264 LOG(LS_ERROR) << "Attempted use of truly terrible cipher suite: " << cipher; |
| 1265 return false; |
| 1266 } |
| 1267 |
| 1192 } // namespace rtc | 1268 } // namespace rtc |
| 1193 | 1269 |
| 1194 #endif // HAVE_OPENSSL_SSL_H | 1270 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1774583002:
Add IsAcceptableCipher, use instead of GetDefaultCipher. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master