Skip to content

Commit

Permalink
Roll src/third_party/boringssl/src cece32610..8e75ae488
Browse files Browse the repository at this point in the history 
https://boringssl.googlesource.com/boringssl/+log/cece32610b89549386b42b2032dd5d8a423af6c8..8e75ae488047c519f14f2c08b02a55bf7712fa1d

BUG=none

Change-Id: I36edb8ad89f019bddea940ca7b6433ea3d8ef86e
Reviewed-on: https://chromium-review.googlesource.com/1040588
Commit-Queue: Steven Valdez <svaldez@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#555812}
  • Loading branch information
Steven Valdez authored and Commit Bot committed May 3, 2018
1 parent 0dcdf8c commit 99a85a6
Show file tree
Hide file tree
Showing 5 changed files with 338 additions and 8 deletions.
2 changes: 1 addition & 1 deletion DEPS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ vars = {
# Three lines of non-changing comments so that
# the commit queue can handle CLs rolling BoringSSL
# and whatever else without interference from each other.
'boringssl_revision': 'cece32610b89549386b42b2032dd5d8a423af6c8',
'boringssl_revision': '8e75ae488047c519f14f2c08b02a55bf7712fa1d',
# Three lines of non-changing comments so that
# the commit queue can handle CLs rolling google-toolbox-for-mac
# and whatever else without interference from each other.
Expand Down
8 changes: 3 additions & 5 deletions net/socket/ssl_client_socket_impl.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -914,11 +914,9 @@ int SSLClientSocketImpl::Init() {
SSL_set_mode(ssl_.get(), mode.set_mask);
SSL_clear_mode(ssl_.get(), mode.clear_mask);

// Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers
// (note that SHA256 and SHA384 only select legacy CBC ciphers).
// Additionally disable HMAC-SHA1 ciphers in ECDSA. These are the remaining
// CBC-mode ECDSA ciphers.
std::string command("ALL:!SHA256:!SHA384:!aPSK:!ECDSA+SHA1");
// Use BoringSSL defaults, but disable HMAC-SHA1 ciphers in ECDSA. These are
// the remaining CBC-mode ECDSA ciphers.
std::string command("ALL::!aPSK:!ECDSA+SHA1");

if (ssl_config_.require_ecdhe)
command.append(":!kRSA");
Expand Down
2 changes: 1 addition & 1 deletion net/socket/ssl_server_socket_impl.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -885,7 +885,7 @@ void SSLServerContextImpl::Init() {
// disabled by default. Note that !SHA256 and !SHA384 only remove HMAC-SHA256
// and HMAC-SHA384 cipher suites, not GCM cipher suites with SHA256 or SHA384
// as the handshake hash.
std::string command("DEFAULT:!SHA256:!SHA384:!AESGCM+AES256:!aPSK");
std::string command("DEFAULT:!AESGCM+AES256:!aPSK");

// SSLPrivateKey only supports ECDHE-based ciphers because it lacks decrypt.
if (ssl_server_config_.require_ecdhe || (!key_ && private_key_))
Expand Down
2 changes: 2 additions & 0 deletions third_party/boringssl/BUILD.generated_tests.gni
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ test_support_sources = [
"src/crypto/test/malloc.cc",
"src/crypto/test/test_util.cc",
"src/crypto/test/test_util.h",
"src/crypto/test/wycheproof_util.cc",
"src/crypto/test/wycheproof_util.h",
"src/ssl/test/async_bio.h",
"src/ssl/test/fuzzer.h",
"src/ssl/test/fuzzer_tags.h",
Expand Down
332 changes: 331 additions & 1 deletion third_party/boringssl/crypto_test_data.cc
View file

Large diffs are not rendered by default.

0 comments on commit 99a85a6

Please sign in to comment.