OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
136 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384), | 136 DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384), |
137 | 137 |
138 {0, NULL} | 138 {0, NULL} |
139 }; | 139 }; |
140 #endif // #ifndef OPENSSL_IS_BORINGSSL | 140 #endif // #ifndef OPENSSL_IS_BORINGSSL |
141 | 141 |
142 // Default cipher used between OpenSSL/BoringSSL stream adapters. | 142 // Default cipher used between OpenSSL/BoringSSL stream adapters. |
143 // This needs to be updated when the default of the SSL library changes. | 143 // This needs to be updated when the default of the SSL library changes. |
144 static const char kDefaultSslCipher10[] = | 144 static const char kDefaultSslCipher10[] = |
145 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; | 145 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; |
| 146 static const char kDefaultSslEcCipher10[] = |
| 147 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; |
146 | 148 |
147 #ifdef OPENSSL_IS_BORINGSSL | 149 #ifdef OPENSSL_IS_BORINGSSL |
148 static const char kDefaultSslCipher12[] = | 150 static const char kDefaultSslCipher12[] = |
149 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; | 151 "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; |
| 152 static const char kDefaultSslEcCipher12[] = |
| 153 "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; |
150 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. | 154 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. |
151 static const char kDefaultSslCipher12NoAesGcm[] = | 155 static const char kDefaultSslCipher12NoAesGcm[] = |
152 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; | 156 "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; |
| 157 static const char kDefaultSslEcCipher12NoAesGcm[] = |
| 158 "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; |
153 #else // !OPENSSL_IS_BORINGSSL | 159 #else // !OPENSSL_IS_BORINGSSL |
154 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't | 160 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't |
155 // change between TLS 1.0 and TLS 1.2 with the current setup. | 161 // change between TLS 1.0 and TLS 1.2 with the current setup. |
156 static const char kDefaultSslCipher12[] = | 162 static const char kDefaultSslCipher12[] = |
157 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; | 163 "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; |
| 164 static const char kDefaultSslEcCipher12[] = |
| 165 "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; |
158 #endif | 166 #endif |
159 | 167 |
160 ////////////////////////////////////////////////////////////////////// | 168 ////////////////////////////////////////////////////////////////////// |
161 // StreamBIO | 169 // StreamBIO |
162 ////////////////////////////////////////////////////////////////////// | 170 ////////////////////////////////////////////////////////////////////// |
163 | 171 |
164 static int stream_write(BIO* h, const char* buf, int num); | 172 static int stream_write(BIO* h, const char* buf, int num); |
165 static int stream_read(BIO* h, char* buf, int size); | 173 static int stream_read(BIO* h, char* buf, int size); |
166 static int stream_puts(BIO* h, const char* str); | 174 static int stream_puts(BIO* h, const char* str); |
167 static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2); | 175 static long stream_ctrl(BIO* h, int cmd, long arg1, void* arg2); |
(...skipping 943 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1111 | 1119 |
1112 bool OpenSSLStreamAdapter::HaveExporter() { | 1120 bool OpenSSLStreamAdapter::HaveExporter() { |
1113 #ifdef HAVE_DTLS_SRTP | 1121 #ifdef HAVE_DTLS_SRTP |
1114 return true; | 1122 return true; |
1115 #else | 1123 #else |
1116 return false; | 1124 return false; |
1117 #endif | 1125 #endif |
1118 } | 1126 } |
1119 | 1127 |
1120 std::string OpenSSLStreamAdapter::GetDefaultSslCipher( | 1128 std::string OpenSSLStreamAdapter::GetDefaultSslCipher( |
1121 SSLProtocolVersion version) { | 1129 SSLProtocolVersion version, |
1122 switch (version) { | 1130 KeyType key_type) { |
1123 case SSL_PROTOCOL_TLS_10: | 1131 if (key_type == KT_RSA) { |
1124 case SSL_PROTOCOL_TLS_11: | 1132 switch (version) { |
1125 return kDefaultSslCipher10; | 1133 case SSL_PROTOCOL_TLS_10: |
1126 case SSL_PROTOCOL_TLS_12: | 1134 case SSL_PROTOCOL_TLS_11: |
1127 default: | 1135 return kDefaultSslCipher10; |
| 1136 case SSL_PROTOCOL_TLS_12: |
| 1137 default: |
1128 #ifdef OPENSSL_IS_BORINGSSL | 1138 #ifdef OPENSSL_IS_BORINGSSL |
1129 if (EVP_has_aes_hardware()) { | 1139 if (EVP_has_aes_hardware()) { |
| 1140 return kDefaultSslCipher12; |
| 1141 } else { |
| 1142 return kDefaultSslCipher12NoAesGcm; |
| 1143 } |
| 1144 #else // !OPENSSL_IS_BORINGSSL |
1130 return kDefaultSslCipher12; | 1145 return kDefaultSslCipher12; |
1131 } else { | 1146 #endif |
1132 return kDefaultSslCipher12NoAesGcm; | 1147 } |
1133 } | 1148 } else if (key_type == KT_ECDSA) { |
| 1149 switch (version) { |
| 1150 case SSL_PROTOCOL_TLS_10: |
| 1151 case SSL_PROTOCOL_TLS_11: |
| 1152 return kDefaultSslEcCipher10; |
| 1153 case SSL_PROTOCOL_TLS_12: |
| 1154 default: |
| 1155 #ifdef OPENSSL_IS_BORINGSSL |
| 1156 if (EVP_has_aes_hardware()) { |
| 1157 return kDefaultSslEcCipher12; |
| 1158 } else { |
| 1159 return kDefaultSslEcCipher12NoAesGcm; |
| 1160 } |
1134 #else // !OPENSSL_IS_BORINGSSL | 1161 #else // !OPENSSL_IS_BORINGSSL |
1135 return kDefaultSslCipher12; | 1162 return kDefaultSslEcCipher12; |
1136 #endif | 1163 #endif |
| 1164 } |
| 1165 } else { |
| 1166 return std::string(); |
1137 } | 1167 } |
1138 } | 1168 } |
1139 | 1169 |
1140 } // namespace rtc | 1170 } // namespace rtc |
1141 | 1171 |
1142 #endif // HAVE_OPENSSL_SSL_H | 1172 #endif // HAVE_OPENSSL_SSL_H |
OLD | NEW |