Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(492)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 952293002: Roll BoringSSL b180ee9..09bdb2a (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: roll a little further Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « DEPS ('k') | third_party/boringssl/linux-arm/crypto/bn/armv4-mont.S » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <errno.h> 10 #include <errno.h>
(...skipping 802 matching lines...) Expand 10 before | Expand all | Expand 10 after
813 813
814 // Same as above, this time for the SSL mode. 814 // Same as above, this time for the SSL mode.
815 SslSetClearMask mode; 815 SslSetClearMask mode;
816 816
817 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); 817 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true);
818 mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true); 818 mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true);
819 819
820 mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START, 820 mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START,
821 ssl_config_.false_start_enabled); 821 ssl_config_.false_start_enabled);
822 822
823 mode.ConfigureFlag(SSL_MODE_SEND_FALLBACK_SCSV, ssl_config_.version_fallback);
824
823 SSL_set_mode(ssl_, mode.set_mask); 825 SSL_set_mode(ssl_, mode.set_mask);
824 SSL_clear_mode(ssl_, mode.clear_mask); 826 SSL_clear_mode(ssl_, mode.clear_mask);
825 827
826 // Removing ciphers by ID from OpenSSL is a bit involved as we must use the 828 // Removing ciphers by ID from OpenSSL is a bit involved as we must use the
827 // textual name with SSL_set_cipher_list because there is no public API to 829 // textual name with SSL_set_cipher_list because there is no public API to
828 // directly remove a cipher by ID. 830 // directly remove a cipher by ID.
829 STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl_); 831 STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl_);
830 DCHECK(ciphers); 832 DCHECK(ciphers);
831 // See SSLConfig::disabled_cipher_suites for description of the suites 833 // See SSLConfig::disabled_cipher_suites for description of the suites
832 // disabled by default. Note that !SHA256 and !SHA384 only remove HMAC-SHA256 834 // disabled by default. Note that !SHA256 and !SHA384 only remove HMAC-SHA256
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
866 command.append(":!ECDSA"); 868 command.append(":!ECDSA");
867 #endif 869 #endif
868 870
869 int rv = SSL_set_cipher_list(ssl_, command.c_str()); 871 int rv = SSL_set_cipher_list(ssl_, command.c_str());
870 // If this fails (rv = 0) it means there are no ciphers enabled on this SSL. 872 // If this fails (rv = 0) it means there are no ciphers enabled on this SSL.
871 // This will almost certainly result in the socket failing to complete the 873 // This will almost certainly result in the socket failing to complete the
872 // handshake at which point the appropriate error is bubbled up to the client. 874 // handshake at which point the appropriate error is bubbled up to the client.
873 LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') " 875 LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') "
874 "returned " << rv; 876 "returned " << rv;
875 877
876 if (ssl_config_.version_fallback)
877 SSL_enable_fallback_scsv(ssl_);
878
879 // TLS channel ids. 878 // TLS channel ids.
880 if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) { 879 if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) {
881 SSL_enable_tls_channel_id(ssl_); 880 SSL_enable_tls_channel_id(ssl_);
882 } 881 }
883 882
884 if (!ssl_config_.next_protos.empty()) { 883 if (!ssl_config_.next_protos.empty()) {
885 // Get list of ciphers that are enabled. 884 // Get list of ciphers that are enabled.
886 STACK_OF(SSL_CIPHER)* enabled_ciphers = SSL_get_ciphers(ssl_); 885 STACK_OF(SSL_CIPHER)* enabled_ciphers = SSL_get_ciphers(ssl_);
887 DCHECK(enabled_ciphers); 886 DCHECK(enabled_ciphers);
888 std::vector<uint16> enabled_ciphers_vector; 887 std::vector<uint16> enabled_ciphers_vector;
(...skipping 1155 matching lines...) Expand 10 before | Expand all | Expand 10 after
2044 ct::SCT_STATUS_LOG_UNKNOWN)); 2043 ct::SCT_STATUS_LOG_UNKNOWN));
2045 } 2044 }
2046 } 2045 }
2047 2046
2048 scoped_refptr<X509Certificate> 2047 scoped_refptr<X509Certificate>
2049 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { 2048 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
2050 return server_cert_; 2049 return server_cert_;
2051 } 2050 }
2052 2051
2053 } // namespace net 2052 } // namespace net
OLDNEW
« no previous file with comments | « DEPS ('k') | third_party/boringssl/linux-arm/crypto/bn/armv4-mont.S » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698