Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(227)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/ssl_cipher_suite_names.cc

Issue 2395323002: Roll src/third_party/boringssl/src 0d81373f9..1991af690 (Closed)
Patch Set: rebase, roll further Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/ssl/ssl_cipher_suite_names.h ('k') | net/ssl/ssl_cipher_suite_names_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/ssl_cipher_suite_names.cc
diff --git a/net/ssl/ssl_cipher_suite_names.cc b/net/ssl/ssl_cipher_suite_names.cc
index ba2129aa067c3aa07e785808001fdc1cb2994ac2..24f54fc0da146a99a14088ae7dddf88b64c8a5ce 100644
--- a/net/ssl/ssl_cipher_suite_names.cc
+++ b/net/ssl/ssl_cipher_suite_names.cc
@@ -129,6 +129,9 @@ const struct CipherSuite kCipherSuites[] = {
{0xc3, 0x85b}, // TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
{0xc4, 0xa5b}, // TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
{0xc5, 0xc5b}, // TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
+ {0x1301, 0x1f6f}, // TLS_AES_128_GCM_SHA256
+ {0x1302, 0x1f77}, // TLS_AES_256_GCM_SHA384
+ {0x1303, 0x1f8f}, // TLS_CHACHA20_POLY1305_SHA256
{0x16b7, 0x128f}, // TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256 (exper)
{0x16b8, 0x138f}, // TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (exper)
{0x16b9, 0x1277}, // TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384 (exper)
@@ -206,37 +209,36 @@ const struct CipherSuite kCipherSuites[] = {
{0xcc14, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 (non-standard)
{0xcca8, 0x108f}, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xcca9, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- {0xccab, 0x148f}, // TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
- {0xd001, 0x146f}, // TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
- {0xd002, 0x1477}, // TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384
};
const struct {
char name[15];
-} kKeyExchangeNames[21] = {
- {"NULL"}, // 0
- {"RSA"}, // 1
- {"RSA_EXPORT"}, // 2
- {"DH_DSS_EXPORT"}, // 3
- {"DH_DSS"}, // 4
- {"DH_RSA_EXPORT"}, // 5
- {"DH_RSA"}, // 6
- {"DHE_DSS_EXPORT"}, // 7
- {"DHE_DSS"}, // 8
- {"DHE_RSA_EXPORT"}, // 9
- {"DHE_RSA"}, // 10
- {"DH_anon_EXPORT"}, // 11
- {"DH_anon"}, // 12
- {"ECDH_ECDSA"}, // 13
- {"ECDHE_ECDSA"}, // 14
- {"ECDH_RSA"}, // 15
- {"ECDHE_RSA"}, // 16
- {"ECDH_anon"}, // 17
- {"CECPQ1_RSA"}, // 18
- {"CECPQ1_ECDSA"}, // 19
- {"ECDHE_PSK"}, // 20
+} kKeyExchangeNames[20] = {
+ {"NULL"}, // 0
+ {"RSA"}, // 1
+ {"RSA_EXPORT"}, // 2
+ {"DH_DSS_EXPORT"}, // 3
+ {"DH_DSS"}, // 4
+ {"DH_RSA_EXPORT"}, // 5
+ {"DH_RSA"}, // 6
+ {"DHE_DSS_EXPORT"}, // 7
+ {"DHE_DSS"}, // 8
+ {"DHE_RSA_EXPORT"}, // 9
+ {"DHE_RSA"}, // 10
+ {"DH_anon_EXPORT"}, // 11
+ {"DH_anon"}, // 12
+ {"ECDH_ECDSA"}, // 13
+ {"ECDHE_ECDSA"}, // 14
+ {"ECDH_RSA"}, // 15
+ {"ECDHE_RSA"}, // 16
+ {"ECDH_anon"}, // 17
+ {"CECPQ1_RSA"}, // 18
+ {"CECPQ1_ECDSA"}, // 19
+ // 31 is reserved to indicate a TLS 1.3 AEAD-only suite.
};
+constexpr int kTLS13KeyExchangeValue = 31;
+
const struct {
char name[18];
} kCipherNames[18] = {
@@ -323,13 +325,12 @@ int ObsoleteSSLStatusForCipherSuite(uint16_t cipher_suite) {
return obsolete_ssl;
}
- // Only allow ECDHE key exchanges.
switch (key_exchange) {
case 14: // ECDHE_ECDSA
case 16: // ECDHE_RSA
case 18: // CECPQ1_RSA
case 19: // CECPQ1_ECDSA
- case 20: // ECDHE_PSK
+ case kTLS13KeyExchangeValue: // TLS 1.3
break;
default:
obsolete_ssl |= net::OBSOLETE_SSL_MASK_KEY_EXCHANGE;
@@ -359,19 +360,26 @@ void SSLCipherSuiteToStrings(const char** key_exchange_str,
const char** cipher_str,
const char** mac_str,
bool* is_aead,
+ bool* is_tls13,
uint16_t cipher_suite) {
*key_exchange_str = *cipher_str = *mac_str = "???";
*is_aead = false;
+ *is_tls13 = false;
int key_exchange, cipher, mac;
if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
return;
- *key_exchange_str = kKeyExchangeNames[key_exchange].name;
+ if (key_exchange == kTLS13KeyExchangeValue) {
+ *key_exchange_str = nullptr;
+ *is_tls13 = true;
+ } else {
+ *key_exchange_str = kKeyExchangeNames[key_exchange].name;
+ }
*cipher_str = kCipherNames[cipher].name;
if (mac == kAEADMACValue) {
*is_aead = true;
- *mac_str = NULL;
+ *mac_str = nullptr;
} else {
*mac_str = kMacNames[mac].name;
}
@@ -444,7 +452,7 @@ bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite) {
case 16: // ECDHE_RSA
case 18: // CECPQ1_RSA
case 19: // CECPQ1_ECDSA
- case 20: // ECDHE_PSK
+ case kTLS13KeyExchangeValue: // TLS 1.3
break;
default:
return false;
« no previous file with comments | « net/ssl/ssl_cipher_suite_names.h ('k') | net/ssl/ssl_cipher_suite_names_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698