| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 765 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 776 if (ssl_mode_ == SSL_MODE_DTLS) { | 776 if (ssl_mode_ == SSL_MODE_DTLS) { |
| 777 // Enable read-ahead for DTLS so whole packets are read from internal BIO | 777 // Enable read-ahead for DTLS so whole packets are read from internal BIO |
| 778 // before parsing. This is done internally by BoringSSL for DTLS. | 778 // before parsing. This is done internally by BoringSSL for DTLS. |
| 779 SSL_set_read_ahead(ssl_, 1); | 779 SSL_set_read_ahead(ssl_, 1); |
| 780 } | 780 } |
| 781 #endif | 781 #endif |
| 782 | 782 |
| 783 SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE | | 783 SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE | |
| 784 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); | 784 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER); |
| 785 | 785 |
| 786 // Specify an ECDH group for ECDHE ciphers, otherwise they cannot be | 786 #if !defined(OPENSSL_IS_BORINGSSL) |
| 787 // negotiated when acting as the server. Use NIST's P-256 which is commonly | 787 // Specify an ECDH group for ECDHE ciphers, otherwise OpenSSL cannot |
| 788 // supported. | 788 // negotiate them when acting as the server. Use NIST's P-256 which is |
| 789 // commonly supported. BoringSSL doesn't need explicit configuration and has |
| 790 // a reasonable default set. |
| 789 EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); | 791 EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
| 790 if (ecdh == NULL) | 792 if (ecdh == NULL) |
| 791 return -1; | 793 return -1; |
| 792 SSL_set_options(ssl_, SSL_OP_SINGLE_ECDH_USE); | 794 SSL_set_options(ssl_, SSL_OP_SINGLE_ECDH_USE); |
| 793 SSL_set_tmp_ecdh(ssl_, ecdh); | 795 SSL_set_tmp_ecdh(ssl_, ecdh); |
| 794 EC_KEY_free(ecdh); | 796 EC_KEY_free(ecdh); |
| 797 #endif |
| 795 | 798 |
| 796 // Do the connect | 799 // Do the connect |
| 797 return ContinueSSL(); | 800 return ContinueSSL(); |
| 798 } | 801 } |
| 799 | 802 |
| 800 int OpenSSLStreamAdapter::ContinueSSL() { | 803 int OpenSSLStreamAdapter::ContinueSSL() { |
| 801 LOG(LS_VERBOSE) << "ContinueSSL"; | 804 LOG(LS_VERBOSE) << "ContinueSSL"; |
| 802 ASSERT(state_ == SSL_CONNECTING); | 805 ASSERT(state_ == SSL_CONNECTING); |
| 803 | 806 |
| 804 // Clear the DTLS timer | 807 // Clear the DTLS timer |
| (...skipping 382 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1187 return true; | 1190 return true; |
| 1188 } | 1191 } |
| 1189 } | 1192 } |
| 1190 | 1193 |
| 1191 return false; | 1194 return false; |
| 1192 } | 1195 } |
| 1193 | 1196 |
| 1194 } // namespace rtc | 1197 } // namespace rtc |
| 1195 | 1198 |
| 1196 #endif // HAVE_OPENSSL_SSL_H | 1199 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1823213002:
Don't override curve preferences in BoringSSL. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc@master