Change WebRTC SslCipher to be exposed as number only.

webrtc/base/opensslstreamadapter.cc

Index: webrtc/base/opensslstreamadapter.cc
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index ed2505e8b7fe28c0b14e285470e3c149462db4e0..f898bd7c68ad9ba63ad37b3e3fc135f5a7f54400 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -33,6 +33,7 @@
 #include "webrtc/base/openssladapter.h"
 #include "webrtc/base/openssldigest.h"
 #include "webrtc/base/opensslidentity.h"
+#include "webrtc/base/sslstrings.h"
 #include "webrtc/base/stringutils.h"
 #include "webrtc/base/thread.h"
 
@@ -51,13 +52,13 @@ struct SrtpCipherMapEntry {
 
 // This isn't elegant, but it's better than an external reference
 static SrtpCipherMapEntry SrtpCipherMap[] = {
-  {"AES_CM_128_HMAC_SHA1_80", "SRTP_AES128_CM_SHA1_80"},
-  {"AES_CM_128_HMAC_SHA1_32", "SRTP_AES128_CM_SHA1_32"},
-  {NULL, NULL}
-};
+    {AES_CM_128_HMAC_SHA1_80_NAME, "SRTP_AES128_CM_SHA1_80"},
+    {AES_CM_128_HMAC_SHA1_32_NAME, "SRTP_AES128_CM_SHA1_32"},
+    {NULL, NULL}};
 #endif
 
 #ifndef OPENSSL_IS_BORINGSSL
+
 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.
 struct SslCipherMapEntry {
   uint32_t openssl_id;
@@ -139,30 +140,44 @@ static const SslCipherMapEntry kSslCipherMap[] = {
 };
 #endif  // #ifndef OPENSSL_IS_BORINGSSL
 
+#if SSL_USE_SCHANNEL
+// This is only added to allow GetDefaultSslCipherForTest compile on Windows
+// platform. Should never be used.
+static const SslCipher kNullSslCipher = {0, ""};

[juberti, 2015/09/24 21:37:32]

Null cipher is a thing, and so this is confusing. You want something like
kInvalidSslCipher.

[guoweis_webrtc, 2015/09/25 18:30:32]

Done.

+#endif
+
 // Default cipher used between OpenSSL/BoringSSL stream adapters.
 // This needs to be updated when the default of the SSL library changes.
-static const char kDefaultSslCipher10[] =
-    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
-static const char kDefaultSslEcCipher10[] =
-    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
+static const SslCipher kDefaultSslCipher10 = {

[Ryan Sleevi, 2015/09/24 21:09:58]

Each of these is a static initializer, which is forbidden

http://google-styleguide.googlecode.com/svn/trunk/cppguide.html#Static_and_Gl...

[guoweis_webrtc, 2015/09/25 18:30:32]

Done.

+    0xC014,
+    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"};
+static const SslCipher kDefaultSslEcCipher10 = {
+    0xC00A,
+    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"};
 
 #ifdef OPENSSL_IS_BORINGSSL
-static const char kDefaultSslCipher12[] =
-    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
-static const char kDefaultSslEcCipher12[] =
-    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
+static const SslCipher kDefaultSslCipher12 = {
+    0xC02F,
+    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"};
+static const SslCipher kDefaultSslEcCipher12 = {
+    0xC02B,
+    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"};
 // Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable.
-static const char kDefaultSslCipher12NoAesGcm[] =
-    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
-static const char kDefaultSslEcCipher12NoAesGcm[] =
-    "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
+static const SslCipher kDefaultSslCipher12NoAesGcm = {
+    0xCC13,
+    "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"};
+static const SslCipher kDefaultSslEcCipher12NoAesGcm = {
+    0xCC14,
+    "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"};
 #else  // !OPENSSL_IS_BORINGSSL
 // OpenSSL sorts differently than BoringSSL, so the default cipher doesn't
 // change between TLS 1.0 and TLS 1.2 with the current setup.
-static const char kDefaultSslCipher12[] =
-    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
-static const char kDefaultSslEcCipher12[] =
-    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
+static const SslCipher kDefaultSslCipher12 = {
+    0xC014,
+    "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"};
+static const SslCipher kDefaultSslEcCipher12 = {
+    0xC00A,
+    "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"};
 #endif
 
 //////////////////////////////////////////////////////////////////////
@@ -352,7 +367,7 @@ const char* OpenSSLStreamAdapter::GetRfcSslCipherName(
 }
 #endif
 
-bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) {
+bool OpenSSLStreamAdapter::GetSslCipher(SslCipher* cipher) {
   if (state_ != SSL_CONNECTED)
     return false;
 
@@ -361,6 +376,8 @@ bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) {
     return false;
   }
 
+  cipher->ssl_id = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher));
+
 #ifdef OPENSSL_IS_BORINGSSL
   char* cipher_name = SSL_CIPHER_get_rfc_name(current_cipher);
 #else
@@ -370,7 +387,7 @@ bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) {
     return false;
   }
 
-  *cipher = cipher_name;
+  cipher->name = cipher_name;
 #ifdef OPENSSL_IS_BORINGSSL
   OPENSSL_free(cipher_name);
 #endif
@@ -1125,7 +1142,7 @@ bool OpenSSLStreamAdapter::HaveExporter() {
 #endif
 }
 
-std::string OpenSSLStreamAdapter::GetDefaultSslCipher(
+const SslCipher& OpenSSLStreamAdapter::GetDefaultSslCipherForTest(
     SSLProtocolVersion version,
     KeyType key_type) {
   if (key_type == KT_RSA) {
@@ -1163,7 +1180,8 @@ std::string OpenSSLStreamAdapter::GetDefaultSslCipher(
 #endif
     }
   } else {
-    return std::string();
+    RTC_NOTREACHED();
+    return kDefaultSslEcCipher12;
   }
 }