Chromium Code Reviews Chromium Code Reviews
Issue 1337673002:
Change WebRTC SslCipher to be exposed as number only. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc@master| Index: webrtc/base/opensslstreamadapter.cc |
| diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc |
| index ed2505e8b7fe28c0b14e285470e3c149462db4e0..8a53f2c1d13ea93c221094354185ee6a7496d2c4 100644 |
| --- a/webrtc/base/opensslstreamadapter.cc |
| +++ b/webrtc/base/opensslstreamadapter.cc |
| @@ -51,13 +51,13 @@ struct SrtpCipherMapEntry { |
| // This isn't elegant, but it's better than an external reference |
| static SrtpCipherMapEntry SrtpCipherMap[] = { |
| - {"AES_CM_128_HMAC_SHA1_80", "SRTP_AES128_CM_SHA1_80"}, |
| - {"AES_CM_128_HMAC_SHA1_32", "SRTP_AES128_CM_SHA1_32"}, |
| - {NULL, NULL} |
| -}; |
| + {CS_AES_CM_128_HMAC_SHA1_80, "SRTP_AES128_CM_SHA1_80"}, |
| + {CS_AES_CM_128_HMAC_SHA1_32, "SRTP_AES128_CM_SHA1_32"}, |
| + {NULL, NULL}}; |
| #endif |
| #ifndef OPENSSL_IS_BORINGSSL |
| + |
| // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. |
| struct SslCipherMapEntry { |
| uint32_t openssl_id; |
| @@ -141,28 +141,28 @@ static const SslCipherMapEntry kSslCipherMap[] = { |
| // Default cipher used between OpenSSL/BoringSSL stream adapters. |
| // This needs to be updated when the default of the SSL library changes. |
| -static const char kDefaultSslCipher10[] = |
| - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; |
| -static const char kDefaultSslEcCipher10[] = |
| - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; |
| +static uint16_t kDefaultSslCipher10 = |
| + 0xC014; // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| +static uint16_t kDefaultSslEcCipher10 = |
| + 0xC00A; // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| #ifdef OPENSSL_IS_BORINGSSL |
| -static const char kDefaultSslCipher12[] = |
| - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; |
| -static const char kDefaultSslEcCipher12[] = |
| - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; |
| +static uint16_t kDefaultSslCipher12 = |
| + 0xC02F; // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
| +static uint16_t kDefaultSslEcCipher12 = |
| + 0xC02B; // TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
| // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. |
| -static const char kDefaultSslCipher12NoAesGcm[] = |
| - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; |
| -static const char kDefaultSslEcCipher12NoAesGcm[] = |
| - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; |
| +static uint16_t kDefaultSslCipher12NoAesGcm = |
| + 0xCC13; // TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 |
| +static uint16_t kDefaultSslEcCipher12NoAesGcm = |
| + 0xCC14; // TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
| #else // !OPENSSL_IS_BORINGSSL |
| // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't |
| // change between TLS 1.0 and TLS 1.2 with the current setup. |
| -static const char kDefaultSslCipher12[] = |
| - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; |
| -static const char kDefaultSslEcCipher12[] = |
| - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; |
| +static uint16_t kDefaultSslCipher12 = |
| + 0xC014; // TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| +static uint16_t kDefaultSslEcCipher12 = |
| + 0xC00A; // TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| #endif |
| ////////////////////////////////////////////////////////////////////// |
| @@ -338,9 +338,17 @@ bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string |
| return true; |
| } |
| -#ifndef OPENSSL_IS_BORINGSSL |
| -const char* OpenSSLStreamAdapter::GetRfcSslCipherName( |
| - const SSL_CIPHER* cipher) { |
| +const std::string OpenSSLStreamAdapter::GetRfcSslCipherName(uint16_t cipher) { |
|
davidben_webrtc
2015/09/25 19:23:13
(Ditto on const std::string)
|
| +#ifdef OPENSSL_IS_BORINGSSL |
| + const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher); |
| + if (!ssl_cipher) { |
| + return std::string(); |
| + } |
| + char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher); |
| + std::string rfc_name = std::string(cipher_name); |
| + OPENSSL_free(cipher_name); |
| + return rfc_name; |
| +#else |
| ASSERT(cipher != NULL); |
| for (const SslCipherMapEntry* entry = kSslCipherMap; entry->rfc_name; |
| ++entry) { |
| @@ -348,11 +356,11 @@ const char* OpenSSLStreamAdapter::GetRfcSslCipherName( |
| return entry->rfc_name; |
| } |
| } |
| - return NULL; |
| -} |
| + return std::string(); |
| #endif |
| +} |
| -bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) { |
| +bool OpenSSLStreamAdapter::GetSslCipher(uint16* cipher) { |
|
davidben_webrtc
2015/09/25 19:23:13
Nit: uint16_t.
|
| if (state_ != SSL_CONNECTED) |
| return false; |
| @@ -361,19 +369,7 @@ bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) { |
| return false; |
| } |
| -#ifdef OPENSSL_IS_BORINGSSL |
| - char* cipher_name = SSL_CIPHER_get_rfc_name(current_cipher); |
| -#else |
| - const char* cipher_name = GetRfcSslCipherName(current_cipher); |
| -#endif |
| - if (cipher_name == NULL) { |
| - return false; |
| - } |
| - |
| - *cipher = cipher_name; |
| -#ifdef OPENSSL_IS_BORINGSSL |
| - OPENSSL_free(cipher_name); |
| -#endif |
| + *cipher = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); |
| return true; |
| } |
| @@ -1125,7 +1121,7 @@ bool OpenSSLStreamAdapter::HaveExporter() { |
| #endif |
| } |
| -std::string OpenSSLStreamAdapter::GetDefaultSslCipher( |
| +uint16_t OpenSSLStreamAdapter::GetDefaultSslCipherForTest( |
| SSLProtocolVersion version, |
| KeyType key_type) { |
| if (key_type == KT_RSA) { |
| @@ -1163,7 +1159,8 @@ std::string OpenSSLStreamAdapter::GetDefaultSslCipher( |
| #endif |
| } |
| } else { |
| - return std::string(); |
| + RTC_NOTREACHED(); |
| + return kDefaultSslEcCipher12; |
| } |
| } |
