Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(406)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/ssl_cipher_suite_names.cc

Issue 2418113002: Revert "Roll src/third_party/boringssl/src 0d81373f9..1991af690" (https://codereview.chromium.org/2… (Closed)
Patch Set: Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/ssl/ssl_cipher_suite_names.h ('k') | net/ssl/ssl_cipher_suite_names_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/ssl_cipher_suite_names.cc
diff --git a/net/ssl/ssl_cipher_suite_names.cc b/net/ssl/ssl_cipher_suite_names.cc
index 24f54fc0da146a99a14088ae7dddf88b64c8a5ce..ba2129aa067c3aa07e785808001fdc1cb2994ac2 100644
--- a/net/ssl/ssl_cipher_suite_names.cc
+++ b/net/ssl/ssl_cipher_suite_names.cc
@@ -129,9 +129,6 @@ const struct CipherSuite kCipherSuites[] = {
{0xc3, 0x85b}, // TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
{0xc4, 0xa5b}, // TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
{0xc5, 0xc5b}, // TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256
- {0x1301, 0x1f6f}, // TLS_AES_128_GCM_SHA256
- {0x1302, 0x1f77}, // TLS_AES_256_GCM_SHA384
- {0x1303, 0x1f8f}, // TLS_CHACHA20_POLY1305_SHA256
{0x16b7, 0x128f}, // TLS_CECPQ1_RSA_WITH_CHACHA20_POLY1305_SHA256 (exper)
{0x16b8, 0x138f}, // TLS_CECPQ1_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (exper)
{0x16b9, 0x1277}, // TLS_CECPQ1_RSA_WITH_AES_256_GCM_SHA384 (exper)
@@ -209,36 +206,37 @@ const struct CipherSuite kCipherSuites[] = {
{0xcc14, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 (non-standard)
{0xcca8, 0x108f}, // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
{0xcca9, 0x0e8f}, // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+ {0xccab, 0x148f}, // TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
+ {0xd001, 0x146f}, // TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256
+ {0xd002, 0x1477}, // TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384
};
const struct {
char name[15];
-} kKeyExchangeNames[20] = {
- {"NULL"}, // 0
- {"RSA"}, // 1
- {"RSA_EXPORT"}, // 2
- {"DH_DSS_EXPORT"}, // 3
- {"DH_DSS"}, // 4
- {"DH_RSA_EXPORT"}, // 5
- {"DH_RSA"}, // 6
- {"DHE_DSS_EXPORT"}, // 7
- {"DHE_DSS"}, // 8
- {"DHE_RSA_EXPORT"}, // 9
- {"DHE_RSA"}, // 10
- {"DH_anon_EXPORT"}, // 11
- {"DH_anon"}, // 12
- {"ECDH_ECDSA"}, // 13
- {"ECDHE_ECDSA"}, // 14
- {"ECDH_RSA"}, // 15
- {"ECDHE_RSA"}, // 16
- {"ECDH_anon"}, // 17
- {"CECPQ1_RSA"}, // 18
- {"CECPQ1_ECDSA"}, // 19
- // 31 is reserved to indicate a TLS 1.3 AEAD-only suite.
+} kKeyExchangeNames[21] = {
+ {"NULL"}, // 0
+ {"RSA"}, // 1
+ {"RSA_EXPORT"}, // 2
+ {"DH_DSS_EXPORT"}, // 3
+ {"DH_DSS"}, // 4
+ {"DH_RSA_EXPORT"}, // 5
+ {"DH_RSA"}, // 6
+ {"DHE_DSS_EXPORT"}, // 7
+ {"DHE_DSS"}, // 8
+ {"DHE_RSA_EXPORT"}, // 9
+ {"DHE_RSA"}, // 10
+ {"DH_anon_EXPORT"}, // 11
+ {"DH_anon"}, // 12
+ {"ECDH_ECDSA"}, // 13
+ {"ECDHE_ECDSA"}, // 14
+ {"ECDH_RSA"}, // 15
+ {"ECDHE_RSA"}, // 16
+ {"ECDH_anon"}, // 17
+ {"CECPQ1_RSA"}, // 18
+ {"CECPQ1_ECDSA"}, // 19
+ {"ECDHE_PSK"}, // 20
};
-constexpr int kTLS13KeyExchangeValue = 31;
-
const struct {
char name[18];
} kCipherNames[18] = {
@@ -325,12 +323,13 @@ int ObsoleteSSLStatusForCipherSuite(uint16_t cipher_suite) {
return obsolete_ssl;
}
+ // Only allow ECDHE key exchanges.
switch (key_exchange) {
case 14: // ECDHE_ECDSA
case 16: // ECDHE_RSA
case 18: // CECPQ1_RSA
case 19: // CECPQ1_ECDSA
- case kTLS13KeyExchangeValue: // TLS 1.3
+ case 20: // ECDHE_PSK
break;
default:
obsolete_ssl |= net::OBSOLETE_SSL_MASK_KEY_EXCHANGE;
@@ -360,26 +359,19 @@ void SSLCipherSuiteToStrings(const char** key_exchange_str,
const char** cipher_str,
const char** mac_str,
bool* is_aead,
- bool* is_tls13,
uint16_t cipher_suite) {
*key_exchange_str = *cipher_str = *mac_str = "???";
*is_aead = false;
- *is_tls13 = false;
int key_exchange, cipher, mac;
if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
return;
- if (key_exchange == kTLS13KeyExchangeValue) {
- *key_exchange_str = nullptr;
- *is_tls13 = true;
- } else {
- *key_exchange_str = kKeyExchangeNames[key_exchange].name;
- }
+ *key_exchange_str = kKeyExchangeNames[key_exchange].name;
*cipher_str = kCipherNames[cipher].name;
if (mac == kAEADMACValue) {
*is_aead = true;
- *mac_str = nullptr;
+ *mac_str = NULL;
} else {
*mac_str = kMacNames[mac].name;
}
@@ -452,7 +444,7 @@ bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite) {
case 16: // ECDHE_RSA
case 18: // CECPQ1_RSA
case 19: // CECPQ1_ECDSA
- case kTLS13KeyExchangeValue: // TLS 1.3
+ case 20: // ECDHE_PSK
break;
default:
return false;
« no previous file with comments | « net/ssl/ssl_cipher_suite_names.h ('k') | net/ssl/ssl_cipher_suite_names_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698