Index: webrtc/base/opensslstreamadapter.cc |
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc |
index ed2505e8b7fe28c0b14e285470e3c149462db4e0..f898bd7c68ad9ba63ad37b3e3fc135f5a7f54400 100644 |
--- a/webrtc/base/opensslstreamadapter.cc |
+++ b/webrtc/base/opensslstreamadapter.cc |
@@ -33,6 +33,7 @@ |
#include "webrtc/base/openssladapter.h" |
#include "webrtc/base/openssldigest.h" |
#include "webrtc/base/opensslidentity.h" |
+#include "webrtc/base/sslstrings.h" |
#include "webrtc/base/stringutils.h" |
#include "webrtc/base/thread.h" |
@@ -51,13 +52,13 @@ struct SrtpCipherMapEntry { |
// This isn't elegant, but it's better than an external reference |
static SrtpCipherMapEntry SrtpCipherMap[] = { |
- {"AES_CM_128_HMAC_SHA1_80", "SRTP_AES128_CM_SHA1_80"}, |
- {"AES_CM_128_HMAC_SHA1_32", "SRTP_AES128_CM_SHA1_32"}, |
- {NULL, NULL} |
-}; |
+ {AES_CM_128_HMAC_SHA1_80_NAME, "SRTP_AES128_CM_SHA1_80"}, |
+ {AES_CM_128_HMAC_SHA1_32_NAME, "SRTP_AES128_CM_SHA1_32"}, |
+ {NULL, NULL}}; |
#endif |
#ifndef OPENSSL_IS_BORINGSSL |
+ |
// Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. |
struct SslCipherMapEntry { |
uint32_t openssl_id; |
@@ -139,30 +140,44 @@ static const SslCipherMapEntry kSslCipherMap[] = { |
}; |
#endif // #ifndef OPENSSL_IS_BORINGSSL |
+#if SSL_USE_SCHANNEL |
+// This is only added to allow GetDefaultSslCipherForTest compile on Windows |
+// platform. Should never be used. |
+static const SslCipher kNullSslCipher = {0, ""}; |
juberti
2015/09/24 21:37:32
Null cipher is a thing, and so this is confusing.
guoweis_webrtc
2015/09/25 18:30:32
Done.
|
+#endif |
+ |
// Default cipher used between OpenSSL/BoringSSL stream adapters. |
// This needs to be updated when the default of the SSL library changes. |
-static const char kDefaultSslCipher10[] = |
- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; |
-static const char kDefaultSslEcCipher10[] = |
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; |
+static const SslCipher kDefaultSslCipher10 = { |
Ryan Sleevi
2015/09/24 21:09:58
Each of these is a static initializer, which is fo
guoweis_webrtc
2015/09/25 18:30:32
Done.
|
+ 0xC014, |
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}; |
+static const SslCipher kDefaultSslEcCipher10 = { |
+ 0xC00A, |
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"}; |
#ifdef OPENSSL_IS_BORINGSSL |
-static const char kDefaultSslCipher12[] = |
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; |
-static const char kDefaultSslEcCipher12[] = |
- "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; |
+static const SslCipher kDefaultSslCipher12 = { |
+ 0xC02F, |
+ "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"}; |
+static const SslCipher kDefaultSslEcCipher12 = { |
+ 0xC02B, |
+ "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}; |
// Fallback cipher for DTLS 1.2 if hardware-accelerated AES-GCM is unavailable. |
-static const char kDefaultSslCipher12NoAesGcm[] = |
- "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; |
-static const char kDefaultSslEcCipher12NoAesGcm[] = |
- "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; |
+static const SslCipher kDefaultSslCipher12NoAesGcm = { |
+ 0xCC13, |
+ "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}; |
+static const SslCipher kDefaultSslEcCipher12NoAesGcm = { |
+ 0xCC14, |
+ "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}; |
#else // !OPENSSL_IS_BORINGSSL |
// OpenSSL sorts differently than BoringSSL, so the default cipher doesn't |
// change between TLS 1.0 and TLS 1.2 with the current setup. |
-static const char kDefaultSslCipher12[] = |
- "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; |
-static const char kDefaultSslEcCipher12[] = |
- "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; |
+static const SslCipher kDefaultSslCipher12 = { |
+ 0xC014, |
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"}; |
+static const SslCipher kDefaultSslEcCipher12 = { |
+ 0xC00A, |
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"}; |
#endif |
////////////////////////////////////////////////////////////////////// |
@@ -352,7 +367,7 @@ const char* OpenSSLStreamAdapter::GetRfcSslCipherName( |
} |
#endif |
-bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) { |
+bool OpenSSLStreamAdapter::GetSslCipher(SslCipher* cipher) { |
if (state_ != SSL_CONNECTED) |
return false; |
@@ -361,6 +376,8 @@ bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) { |
return false; |
} |
+ cipher->ssl_id = static_cast<uint16_t>(SSL_CIPHER_get_id(current_cipher)); |
+ |
#ifdef OPENSSL_IS_BORINGSSL |
char* cipher_name = SSL_CIPHER_get_rfc_name(current_cipher); |
#else |
@@ -370,7 +387,7 @@ bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) { |
return false; |
} |
- *cipher = cipher_name; |
+ cipher->name = cipher_name; |
#ifdef OPENSSL_IS_BORINGSSL |
OPENSSL_free(cipher_name); |
#endif |
@@ -1125,7 +1142,7 @@ bool OpenSSLStreamAdapter::HaveExporter() { |
#endif |
} |
-std::string OpenSSLStreamAdapter::GetDefaultSslCipher( |
+const SslCipher& OpenSSLStreamAdapter::GetDefaultSslCipherForTest( |
SSLProtocolVersion version, |
KeyType key_type) { |
if (key_type == KT_RSA) { |
@@ -1163,7 +1180,8 @@ std::string OpenSSLStreamAdapter::GetDefaultSslCipher( |
#endif |
} |
} else { |
- return std::string(); |
+ RTC_NOTREACHED(); |
+ return kDefaultSslEcCipher12; |
} |
} |