From 3542013f587f0858fb24fa8e554ec3c01a323da8 Mon Sep 17 00:00:00 2001
From: sprang <sprang@webrtc.org>
Date: Thu, 14 Jan 2016 09:14:02 -0800
Subject: [PATCH] Revert of Update with new default boringssl no-aes cipher
 suites. Re-enable tests. (patchset #3 id:40001 of
 https://codereview.webrtc.org/1550773002/ )

Reason for revert:
We're getting boringssl version conflicts. Reverting for now.

Original issue's description:
> Update with new default boringssl no-aes cipher suites. Re-enable tests.
>
> This undoes https://codereview.webrtc.org/1533253002 (except the DEPS part).
>
> BUG=webrtc:5381
> R=davidben@webrtc.org, henrika@webrtc.org
>
> Committed: https://crrev.com/31c8d2eac5aec977f584ab0ae5a1d457d674f101
> Cr-Commit-Position: refs/heads/master@{#11250}

TBR=davidben@webrtc.org,henrika@webrtc.org,torbjorng@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:5381

Review URL: https://codereview.webrtc.org/1586183002

Cr-Commit-Position: refs/heads/master@{#11253}
---
 talk/app/webrtc/peerconnection_unittest.cc       | 9 ++++++++-
 webrtc/base/opensslstreamadapter.cc              | 8 +++++---
 webrtc/base/sslstreamadapter_unittest.cc         | 5 +++++
 webrtc/p2p/base/dtlstransportchannel_unittest.cc | 9 ++++++++-
 4 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/talk/app/webrtc/peerconnection_unittest.cc b/talk/app/webrtc/peerconnection_unittest.cc
index cf53c44f11..8d0793e25f 100644
--- a/talk/app/webrtc/peerconnection_unittest.cc
+++ b/talk/app/webrtc/peerconnection_unittest.cc
@@ -1485,8 +1485,15 @@ TEST_F(P2PTestConductor, GetDtls12None) {
                                           kDefaultSrtpCryptoSuite));
 }
 
+#if defined(MEMORY_SANITIZER)
+// Fails under MemorySanitizer:
+// See https://code.google.com/p/webrtc/issues/detail?id=5381.
+#define MAYBE_GetDtls12Both DISABLED_GetDtls12Both
+#else
+#define MAYBE_GetDtls12Both GetDtls12Both
+#endif
 // Test that DTLS 1.2 is used if both ends support it.
-TEST_F(P2PTestConductor, GetDtls12Both) {
+TEST_F(P2PTestConductor, MAYBE_GetDtls12Both) {
   PeerConnectionFactory::Options init_options;
   init_options.ssl_max_version = rtc::SSL_PROTOCOL_DTLS_12;
   PeerConnectionFactory::Options recv_options;
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index 4b0fe02702..7563f17c56 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -160,10 +160,12 @@ static int kDefaultSslCipher12 =
 static int kDefaultSslEcCipher12 =
     static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable.
+// TODO(davidben): Switch to the standardized CHACHA20_POLY1305 variant when
+// available.
 static int kDefaultSslCipher12NoAesGcm =
-    static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256);
+    static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305_OLD);
 static int kDefaultSslEcCipher12NoAesGcm =
-    static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256);
+    static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305_OLD);
 #else  // !OPENSSL_IS_BORINGSSL
 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't
 // change between TLS 1.0 and TLS 1.2 with the current setup.
@@ -171,7 +173,7 @@ static int kDefaultSslCipher12 =
     static_cast<uint16_t>(TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA);
 static int kDefaultSslEcCipher12 =
     static_cast<uint16_t>(TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA);
-#endif  // OPENSSL_IS_BORINGSSL
+#endif
 
 #if defined(_MSC_VER)
 #pragma warning(pop)
diff --git a/webrtc/base/sslstreamadapter_unittest.cc b/webrtc/base/sslstreamadapter_unittest.cc
index a041c25211..1ed06c3154 100644
--- a/webrtc/base/sslstreamadapter_unittest.cc
+++ b/webrtc/base/sslstreamadapter_unittest.cc
@@ -1150,6 +1150,10 @@ INSTANTIATE_TEST_CASE_P(
             Values(rtc::KeyParams::RSA(1024, 65537),
                    rtc::KeyParams::RSA(1152, 65537),
                    rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
+
+#if !defined(MEMORY_SANITIZER)
+// Fails under MemorySanitizer:
+// See https://code.google.com/p/webrtc/issues/detail?id=5381.
 INSTANTIATE_TEST_CASE_P(
     SSLStreamAdapterTestsDTLS,
     SSLStreamAdapterTestDTLS,
@@ -1159,3 +1163,4 @@ INSTANTIATE_TEST_CASE_P(
             Values(rtc::KeyParams::RSA(1024, 65537),
                    rtc::KeyParams::RSA(1152, 65537),
                    rtc::KeyParams::ECDSA(rtc::EC_NIST_P256))));
+#endif
diff --git a/webrtc/p2p/base/dtlstransportchannel_unittest.cc b/webrtc/p2p/base/dtlstransportchannel_unittest.cc
index 3791893442..f5d42f3c6e 100644
--- a/webrtc/p2p/base/dtlstransportchannel_unittest.cc
+++ b/webrtc/p2p/base/dtlstransportchannel_unittest.cc
@@ -655,8 +655,15 @@ TEST_F(DtlsTransportChannelTest, TestDtls12None) {
   ASSERT_TRUE(Connect());
 }
 
+#if defined(MEMORY_SANITIZER)
+// Fails under MemorySanitizer:
+// See https://code.google.com/p/webrtc/issues/detail?id=5381.
+#define MAYBE_TestDtls12Both DISABLED_TestDtls12Both
+#else
+#define MAYBE_TestDtls12Both TestDtls12Both
+#endif
 // Create two channels with DTLS 1.2 and check ciphers.
-TEST_F(DtlsTransportChannelTest, TestDtls12Both) {
+TEST_F(DtlsTransportChannelTest, MAYBE_TestDtls12Both) {
   MAYBE_SKIP_TEST(HaveDtls);
   SetChannelCount(2);
   PrepareDtls(true, true, rtc::KT_DEFAULT);