From f7bb6e723bea160b11060c16d8a57f97eb57bb90 Mon Sep 17 00:00:00 2001 From: "pthatcher@webrtc.org" Date: Sat, 28 Feb 2015 01:41:07 +0000 Subject: [PATCH] Use new API from BoringSSL to get RFC name of cipher. This CL uses the new API "SSL_CIPHER_get_rfc_name" from BoringSSL to get the RFC-compliant cipher name instead of having a custom hardcoded list of cipher names. BUG=none R=juberti@webrtc.org, tommi@webrtc.org Review URL: https://webrtc-codereview.appspot.com/40829004 Cr-Commit-Position: refs/heads/master@{#8541} git-svn-id: http://webrtc.googlecode.com/svn/trunk@8541 4adac7df-926f-26a2-2b94-8c16560cd09d --- webrtc/base/opensslstreamadapter.cc | 20 +++++++++++--------- webrtc/base/opensslstreamadapter.h | 2 ++ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc index 0f82d281f8..619f3e1ea4 100644 --- a/webrtc/base/opensslstreamadapter.cc +++ b/webrtc/base/opensslstreamadapter.cc @@ -57,6 +57,7 @@ static SrtpCipherMapEntry SrtpCipherMap[] = { }; #endif +#ifndef OPENSSL_IS_BORINGSSL // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name. struct SslCipherMapEntry { uint32_t openssl_id; @@ -134,17 +135,9 @@ static const SslCipherMapEntry kSslCipherMap[] = { DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_128_GCM_SHA256), DEFINE_CIPHER_ENTRY_TLS1(ECDHE_RSA_WITH_AES_256_GCM_SHA384), -#ifdef OPENSSL_IS_BORINGSSL - {TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305, - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, - {TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305, - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"}, - {TLS1_CK_DHE_RSA_CHACHA20_POLY1305, - "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"}, -#endif - {0, NULL} }; +#endif // #ifndef OPENSSL_IS_BORINGSSL // Default cipher used between OpenSSL/BoringSSL stream adapters. // This needs to be updated when the default of the SSL library changes. @@ -316,6 +309,7 @@ bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string return true; } +#ifndef OPENSSL_IS_BORINGSSL const char* OpenSSLStreamAdapter::GetRfcSslCipherName( const SSL_CIPHER* cipher) { ASSERT(cipher != NULL); @@ -327,6 +321,7 @@ const char* OpenSSLStreamAdapter::GetRfcSslCipherName( } return NULL; } +#endif bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) { if (state_ != SSL_CONNECTED) @@ -337,12 +332,19 @@ bool OpenSSLStreamAdapter::GetSslCipher(std::string* cipher) { return false; } +#ifdef OPENSSL_IS_BORINGSSL + char* cipher_name = SSL_CIPHER_get_rfc_name(current_cipher); +#else const char* cipher_name = GetRfcSslCipherName(current_cipher); +#endif if (cipher_name == NULL) { return false; } *cipher = cipher_name; +#ifdef OPENSSL_IS_BORINGSSL + OPENSSL_free(cipher_name); +#endif return true; } diff --git a/webrtc/base/opensslstreamadapter.h b/webrtc/base/opensslstreamadapter.h index a9d98fd692..ea0fb59b7b 100644 --- a/webrtc/base/opensslstreamadapter.h +++ b/webrtc/base/opensslstreamadapter.h @@ -82,8 +82,10 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter { virtual void Close(); virtual StreamState GetState() const; +#ifndef OPENSSL_IS_BORINGSSL // Return the RFC (5246, 3268, etc.) cipher name for an OpenSSL cipher. static const char* GetRfcSslCipherName(const SSL_CIPHER* cipher); +#endif virtual bool GetSslCipher(std::string* cipher);