Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(75)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/base/opensslstreamadapter.cc

Issue 1851303002: Protect some cipher suites with ifdefs for legacy openssl compatibility. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Include openssl specific header for DTLS Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
11 #if HAVE_OPENSSL_SSL_H 11 #if HAVE_OPENSSL_SSL_H
12 12
13 #include "webrtc/base/opensslstreamadapter.h" 13 #include "webrtc/base/opensslstreamadapter.h"
14 14
15 #include <openssl/bio.h> 15 #include <openssl/bio.h>
16 #include <openssl/crypto.h> 16 #include <openssl/crypto.h>
17 #include <openssl/err.h> 17 #include <openssl/err.h>
18 #include <openssl/rand.h> 18 #include <openssl/rand.h>
19 #include <openssl/tls1.h> 19 #include <openssl/tls1.h>
20 #include <openssl/x509v3.h> 20 #include <openssl/x509v3.h>
21 #ifndef OPENSSL_IS_BORINGSSL
22 #include <openssl/dtls1.h>
23 #endif
21 24
22 #include <vector> 25 #include <vector>
23 26
24 #include "webrtc/base/common.h" 27 #include "webrtc/base/common.h"
25 #include "webrtc/base/logging.h" 28 #include "webrtc/base/logging.h"
26 #include "webrtc/base/safe_conversions.h" 29 #include "webrtc/base/safe_conversions.h"
27 #include "webrtc/base/stream.h" 30 #include "webrtc/base/stream.h"
28 #include "webrtc/base/openssl.h" 31 #include "webrtc/base/openssl.h"
29 #include "webrtc/base/openssladapter.h" 32 #include "webrtc/base/openssladapter.h"
30 #include "webrtc/base/openssldigest.h" 33 #include "webrtc/base/openssldigest.h"
(...skipping 1100 matching lines...) Expand 10 before | Expand all | Expand 10 after
1131 }; 1134 };
1132 1135
1133 // TODO(torbjorng): Perhaps add more cipher suites to these lists. 1136 // TODO(torbjorng): Perhaps add more cipher suites to these lists.
1134 static const cipher_list OK_RSA_ciphers[] = { 1137 static const cipher_list OK_RSA_ciphers[] = {
1135 CDEF(ECDHE_RSA_WITH_AES_128_CBC_SHA), 1138 CDEF(ECDHE_RSA_WITH_AES_128_CBC_SHA),
1136 CDEF(ECDHE_RSA_WITH_AES_256_CBC_SHA), 1139 CDEF(ECDHE_RSA_WITH_AES_256_CBC_SHA),
1137 CDEF(ECDHE_RSA_WITH_AES_128_GCM_SHA256), 1140 CDEF(ECDHE_RSA_WITH_AES_128_GCM_SHA256),
1138 #ifdef TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA256 1141 #ifdef TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA256
1139 CDEF(ECDHE_RSA_WITH_AES_256_GCM_SHA256), 1142 CDEF(ECDHE_RSA_WITH_AES_256_GCM_SHA256),
1140 #endif 1143 #endif
1144 #ifdef TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
1141 CDEF(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), 1145 CDEF(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256),
1146 #endif
1142 }; 1147 };
1143 1148
1144 static const cipher_list OK_ECDSA_ciphers[] = { 1149 static const cipher_list OK_ECDSA_ciphers[] = {
1145 CDEF(ECDHE_ECDSA_WITH_AES_128_CBC_SHA), 1150 CDEF(ECDHE_ECDSA_WITH_AES_128_CBC_SHA),
1146 CDEF(ECDHE_ECDSA_WITH_AES_256_CBC_SHA), 1151 CDEF(ECDHE_ECDSA_WITH_AES_256_CBC_SHA),
1147 CDEF(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), 1152 CDEF(ECDHE_ECDSA_WITH_AES_128_GCM_SHA256),
1148 #ifdef TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256 1153 #ifdef TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256
1149 CDEF(ECDHE_ECDSA_WITH_AES_256_GCM_SHA256), 1154 CDEF(ECDHE_ECDSA_WITH_AES_256_GCM_SHA256),
1150 #endif 1155 #endif
1156 #ifdef TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
1151 CDEF(ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), 1157 CDEF(ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256),
1158 #endif
1152 }; 1159 };
1153 #undef CDEF 1160 #undef CDEF
1154 1161
1155 bool OpenSSLStreamAdapter::IsAcceptableCipher(int cipher, KeyType key_type) { 1162 bool OpenSSLStreamAdapter::IsAcceptableCipher(int cipher, KeyType key_type) {
1156 if (key_type == KT_RSA) { 1163 if (key_type == KT_RSA) {
1157 for (const cipher_list& c : OK_RSA_ciphers) { 1164 for (const cipher_list& c : OK_RSA_ciphers) {
1158 if (cipher == c.cipher) 1165 if (cipher == c.cipher)
1159 return true; 1166 return true;
1160 } 1167 }
1161 } 1168 }
(...skipping 23 matching lines...) Expand all
1185 return true; 1192 return true;
1186 } 1193 }
1187 } 1194 }
1188 1195
1189 return false; 1196 return false;
1190 } 1197 }
1191 1198
1192 } // namespace rtc 1199 } // namespace rtc
1193 1200
1194 #endif // HAVE_OPENSSL_SSL_H 1201 #endif // HAVE_OPENSSL_SSL_H
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698