| Index: net/ssl/ssl_cipher_suite_names.cc
|
| diff --git a/net/ssl/ssl_cipher_suite_names.cc b/net/ssl/ssl_cipher_suite_names.cc
|
| index 56d75214e94a9dfbca8720896d7771a945f6c1f2..de3cff2987b70b3c4e51bf272bee29955353f860 100644
|
| --- a/net/ssl/ssl_cipher_suite_names.cc
|
| +++ b/net/ssl/ssl_cipher_suite_names.cc
|
| @@ -25,13 +25,11 @@
|
| // The following tables were generated by ssl_cipher_suite_names_generate.go,
|
| // found in the same directory as this file.
|
|
|
| -namespace {
|
| -
|
| struct CipherSuite {
|
| uint16 cipher_suite, encoded;
|
| };
|
|
|
| -const struct CipherSuite kCipherSuites[] = {
|
| +static const struct CipherSuite kCipherSuites[] = {
|
| {0x0, 0x0}, // TLS_NULL_WITH_NULL_NULL
|
| {0x1, 0x101}, // TLS_RSA_WITH_NULL_MD5
|
| {0x2, 0x102}, // TLS_RSA_WITH_NULL_SHA
|
| @@ -201,7 +199,7 @@
|
| {0xcc15, 0x0a8f}, // TLS_DHE_RSA_WITH_CHACHA20_POLY1305
|
| };
|
|
|
| -const struct {
|
| +static const struct {
|
| char name[15];
|
| } kKeyExchangeNames[18] = {
|
| {"NULL"}, // 0
|
| @@ -224,7 +222,7 @@
|
| {"ECDH_anon"}, // 17
|
| };
|
|
|
| -const struct {
|
| +static const struct {
|
| char name[18];
|
| } kCipherNames[18] = {
|
| {"NULL"}, // 0
|
| @@ -247,7 +245,7 @@
|
| {"CHACHA20_POLY1305"}, // 17
|
| };
|
|
|
| -const struct {
|
| +static const struct {
|
| char name[7];
|
| } kMacNames[5] = {
|
| {"NULL"}, // 0
|
| @@ -258,9 +256,11 @@
|
| // 7 is reserved to indicate an AEAD cipher suite.
|
| };
|
|
|
| -const int kAEADMACValue = 7;
|
| -
|
| -int CipherSuiteCmp(const void* ia, const void* ib) {
|
| +static const int kAEADMACValue = 7;
|
| +
|
| +namespace net {
|
| +
|
| +static int CipherSuiteCmp(const void* ia, const void* ib) {
|
| const CipherSuite* a = static_cast<const CipherSuite*>(ia);
|
| const CipherSuite* b = static_cast<const CipherSuite*>(ib);
|
|
|
| @@ -272,29 +272,6 @@
|
| return 1;
|
| }
|
| }
|
| -
|
| -bool GetCipherProperties(uint16 cipher_suite,
|
| - int* out_key_exchange,
|
| - int* out_cipher,
|
| - int* out_mac) {
|
| - CipherSuite desired = {0};
|
| - desired.cipher_suite = cipher_suite;
|
| - void* r = bsearch(&desired, kCipherSuites, arraysize(kCipherSuites),
|
| - sizeof(kCipherSuites[0]), CipherSuiteCmp);
|
| -
|
| - if (!r)
|
| - return false;
|
| -
|
| - const CipherSuite* cs = static_cast<const CipherSuite*>(r);
|
| - *out_key_exchange = cs->encoded >> 8;
|
| - *out_cipher = (cs->encoded >> 3) & 0x1f;
|
| - *out_mac = cs->encoded & 0x7;
|
| - return true;
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| -namespace net {
|
|
|
| void SSLCipherSuiteToStrings(const char** key_exchange_str,
|
| const char** cipher_str,
|
| @@ -304,9 +281,21 @@
|
| *key_exchange_str = *cipher_str = *mac_str = "???";
|
| *is_aead = false;
|
|
|
| - int key_exchange, cipher, mac;
|
| - if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
|
| + struct CipherSuite desired = {0};
|
| + desired.cipher_suite = cipher_suite;
|
| +
|
| + void* r = bsearch(&desired, kCipherSuites,
|
| + arraysize(kCipherSuites), sizeof(kCipherSuites[0]),
|
| + CipherSuiteCmp);
|
| +
|
| + if (!r)
|
| return;
|
| +
|
| + const CipherSuite* cs = static_cast<CipherSuite*>(r);
|
| +
|
| + const int key_exchange = cs->encoded >> 8;
|
| + const int cipher = (cs->encoded >> 3) & 0x1f;
|
| + const int mac = cs->encoded & 0x7;
|
|
|
| *key_exchange_str = kKeyExchangeNames[key_exchange].name;
|
| *cipher_str = kCipherNames[cipher].name;
|
| @@ -358,9 +347,23 @@
|
| }
|
|
|
| bool IsSecureTLSCipherSuite(uint16 cipher_suite) {
|
| - int key_exchange, cipher, mac;
|
| - if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
|
| + CipherSuite desired = {0};
|
| + desired.cipher_suite = cipher_suite;
|
| +
|
| + void* r = bsearch(&desired,
|
| + kCipherSuites,
|
| + arraysize(kCipherSuites),
|
| + sizeof(kCipherSuites[0]),
|
| + CipherSuiteCmp);
|
| +
|
| + if (!r)
|
| return false;
|
| +
|
| + const CipherSuite* cs = static_cast<const CipherSuite*>(r);
|
| +
|
| + const int key_exchange = cs->encoded >> 8;
|
| + const int cipher = (cs->encoded >> 3) & 0x1f;
|
| + const int mac = cs->encoded & 0x7;
|
|
|
| // Only allow forward secure key exchanges.
|
| switch (key_exchange) {
|
| @@ -388,34 +391,4 @@
|
| return true;
|
| }
|
|
|
| -bool IsFalseStartableTLSCipherSuite(uint16 cipher_suite) {
|
| - int key_exchange, cipher, mac;
|
| - if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
|
| - return false;
|
| -
|
| - // Only allow ECDHE key exchanges.
|
| - switch (key_exchange) {
|
| - case 14: // ECDHE_ECDSA
|
| - case 16: // ECDHE_RSA
|
| - break;
|
| - default:
|
| - return false;
|
| - }
|
| -
|
| - switch (cipher) {
|
| - case 13: // AES_128_GCM
|
| - case 14: // AES_256_GCM
|
| - case 17: // CHACHA20_POLY1305
|
| - break;
|
| - default:
|
| - return false;
|
| - }
|
| -
|
| - // Only AEADs allowed.
|
| - if (mac != kAEADMACValue)
|
| - return false;
|
| -
|
| - return true;
|
| -}
|
| -
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 1055683005:
Revert of Require ECDHE for False Start. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master