Change WebRTC SslCipher to be exposed as number only.

webrtc/base/opensslstreamadapter.cc

Index: webrtc/base/opensslstreamadapter.cc
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index ed2505e8b7fe28c0b14e285470e3c149462db4e0..47b37cd0c2c09bfed7d5254e8810d88ad743f5e9 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -58,11 +58,6 @@ static SrtpCipherMapEntry SrtpCipherMap[] = {
 #endif
 
 #ifndef OPENSSL_IS_BORINGSSL
-// Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.
-struct SslCipherMapEntry {
-  uint32_t openssl_id;
-  const char* rfc_name;
-};
 
 #define DEFINE_CIPHER_ENTRY_SSL3(name)  {SSL3_CK_##name, "TLS_"#name}
 #define DEFINE_CIPHER_ENTRY_TLS1(name)  {TLS1_CK_##name, "TLS_"#name}
@@ -139,30 +134,42 @@ static const SslCipherMapEntry kSslCipherMap[] = {
 };
 #endif  // #ifndef OPENSSL_IS_BORINGSSL
 
+// TLS_NULL_WITH_NULL_NULL provides no more protection than an unsecured
+// connection. Must not be negotiated.
+static const SslCipher kNullSslCipher = {0, "TLS_NULL_WITH_NULL_NULL"};
+
 // Default cipher used between OpenSSL/BoringSSL stream adapters.
 // This needs to be updated when the default of the SSL library changes.
-static const char kDefaultSslCipher10[] =
-    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
-static const char kDefaultSslEcCipher10[] =
-    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
+static const SslCipher kDefaultSslCipher10 = {
+    0xC014,

[juberti, 2015/09/24 13:41:15]

The fact we need to get the id and name right here seems overly complex to me.
The tests should be able to get by with just the name.

[guoweis_webrtc, 2015/09/24 18:27:13]

Problem is that when doing the verification of UMA, it needs ID and since there
is no name to ID mapping, we have to provide the ID together.

[juberti, 2015/09/24 21:37:31]

This still seems like a bad path. I could totally see us somehow mixing up the
wrong IDs and strings here.

+    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"};
+static const SslCipher kDefaultSslEcCipher10 = {
+    0xC00A,
+    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"};
 
 #ifdef OPENSSL_IS_BORINGSSL
-static const char kDefaultSslCipher12[] =
-    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
-static const char kDefaultSslEcCipher12[] =
-    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
+static const SslCipher kDefaultSslCipher12 = {
+    0xC02F,
+    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"};
+static const SslCipher kDefaultSslEcCipher12 = {
+    0xC02B,
+    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"};
 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable.
-static const char kDefaultSslCipher12NoAesGcm[] =
-    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
-static const char kDefaultSslEcCipher12NoAesGcm[] =
-    "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
+static const SslCipher kDefaultSslCipher12NoAesGcm = {
+    0xCC13,
+    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"};
+static const SslCipher kDefaultSslEcCipher12NoAesGcm = {
+    0xCC14,
+    "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"};
 #else  // !OPENSSL_IS_BORINGSSL
 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't
 // change between TLS 1.0 and TLS 1.2 with the current setup.
-static const char kDefaultSslCipher12[] =
-    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
-static const char kDefaultSslEcCipher12[] =
-    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
+static const SslCipher kDefaultSslCipher12 = {
+    0xC014,
+    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"};
+static const SslCipher kDefaultSslEcCipher12 = {
+    0xC00A,
+    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"};
 #endif
 
 //////////////////////////////////////////////////////////////////////
@@ -352,7 +359,7 @@ const char* OpenSSLStreamAdapter::GetRfcSslCipherName(
 }
 #endif
 
-bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) {
+bool OpenSSLStreamAdapter::GetSslCipher(SslCipher* cipher) {
   if (state_ != SSL_CONNECTED)
     return false;
 
@@ -361,6 +368,8 @@ bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) {
     return false;
   }
 
+  cipher->ssl_id = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));
+
 #ifdef OPENSSL_IS_BORINGSSL
   char* cipher_name = SSL_CIPHER_get_rfc_name(current_cipher);
 #else
@@ -370,7 +379,7 @@ bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) {
     return false;
   }
 
-  *cipher = cipher_name;
+  cipher->rfc_name = cipher_name;
 #ifdef OPENSSL_IS_BORINGSSL
   OPENSSL_free(cipher_name);
 #endif
@@ -1125,7 +1134,7 @@ bool OpenSSLStreamAdapter::HaveExporter() {
 #endif
 }
 
-std::string OpenSSLStreamAdapter::GetDefaultSslCipher(
+const SslCipher& OpenSSLStreamAdapter::GetDefaultSslCipher(
     SSLProtocolVersion version,
     KeyType key_type) {
   if (key_type == KT_RSA) {
@@ -1163,7 +1172,8 @@ std::string OpenSSLStreamAdapter::GetDefaultSslCipher(
 #endif
     }
   } else {
-    return std::string();
+    RTC_NOTREACHED();
+    return kNullSslCipher;
   }
 }