generic-library/webrtc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use new API from BoringSSL to get RFC name of cipher.

Browse Source 
This CL uses the new API "SSL_CIPHER_get_rfc_name" from BoringSSL to
get the RFC-compliant cipher name instead of having a custom hardcoded
list of cipher names.

BUG=none
R=juberti@webrtc.org, tommi@webrtc.org

Review URL: https://webrtc-codereview.appspot.com/40829004

Cr-Commit-Position: refs/heads/master@{#8541}
git-svn-id: http://webrtc.googlecode.com/svn/trunk@8541 4adac7df-926f-26a2-2b94-8c16560cd09d
This commit is contained in:
pthatcher@webrtc.org 2015-02-28 01:41:07 +00:00
parent d31250518a
commit f7bb6e723b
2 changed files with 13 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
webrtc/base/opensslstreamadapter.cc
View File

@ -57,6 +57,7 @@ static SrtpCipherMapEntry SrtpCipherMap[] = {
}; };
#endif #endif
#ifndef OPENSSL_IS_BORINGSSL
// Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.
struct SslCipherMapEntry { struct SslCipherMapEntry {
uint32_t openssl_id; uint32_t openssl_id;
@ -134,17 +135,9 @@ static const SslCipherMapEntry kSslCipherMap[] = {
DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256), DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256),
DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384), DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384),
#ifdef OPENSSL_IS_BORINGSSL
{TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305,
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
{TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305,
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"},
{TLS1_CK_DHE_RSA_CHACHA20_POLY1305,
"TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"},
#endif
{0, NULL} {0, NULL}
}; };
#endif // #ifndef OPENSSL_IS_BORINGSSL
// Default cipher used between OpenSSL/BoringSSL stream adapters. // Default cipher used between OpenSSL/BoringSSL stream adapters.
// This needs to be updated when the default of the SSL library changes. // This needs to be updated when the default of the SSL library changes.
@ -316,6 +309,7 @@ bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string
return true; return true;
} }
#ifndef OPENSSL_IS_BORINGSSL
const char* OpenSSLStreamAdapter::GetRfcSslCipherName( const char* OpenSSLStreamAdapter::GetRfcSslCipherName(
const SSL_CIPHER* cipher) { const SSL_CIPHER* cipher) {
ASSERT(cipher != NULL); ASSERT(cipher != NULL);
@ -327,6 +321,7 @@ const char* OpenSSLStreamAdapter::GetRfcSslCipherName(
} }
return NULL; return NULL;
} }
#endif
bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) { bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) {
if (state_ != SSL_CONNECTED) if (state_ != SSL_CONNECTED)
@ -337,12 +332,19 @@ bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) {
return false; return false;
} }
#ifdef OPENSSL_IS_BORINGSSL
char* cipher_name = SSL_CIPHER_get_rfc_name(current_cipher);
#else
const char* cipher_name = GetRfcSslCipherName(current_cipher); const char* cipher_name = GetRfcSslCipherName(current_cipher);
#endif
if (cipher_name == NULL) { if (cipher_name == NULL) {
return false; return false;
} }
*cipher = cipher_name; *cipher = cipher_name;
#ifdef OPENSSL_IS_BORINGSSL
OPENSSL_free(cipher_name);
#endif
return true; return true;
} }

2
webrtc/base/opensslstreamadapter.h
View File

@ -82,8 +82,10 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter {
virtual void Close(); virtual void Close();
virtual StreamState GetState() const; virtual StreamState GetState() const;
#ifndef OPENSSL_IS_BORINGSSL
// Return the RFC (5246, 3268, etc.) cipher name for an OpenSSL cipher. // Return the RFC (5246, 3268, etc.) cipher name for an OpenSSL cipher.
static const char* GetRfcSslCipherName(const SSL_CIPHER* cipher); static const char* GetRfcSslCipherName(const SSL_CIPHER* cipher);
#endif
virtual bool GetSslCipher(std::string* cipher); virtual bool GetSslCipher(std::string* cipher);