Reland: Use CRYPTO_BUFFER APIs instead of X509 when building with BoringSSL.
Using CRYPTO_BUFFERs instead of legacy X509 objects offers memory and security gains, and will provide binary size improvements as well once the default list of built-in certificates can be removed; the code dealing with them still depends on the X509 API. Implemented by splitting openssl_identity and openssl_certificate into BoringSSL and vanilla OpenSSL implementations. No-Try: True Bug: webrtc:11410 Change-Id: I86ddb361b94ad85b15ebb8743490de83632ca53f Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/196941 Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org> Cr-Commit-Position: refs/heads/master@{#32818}
This commit is contained in:
Taylor Brandstetter
committed by
Commit Bot
Commit Bot
parent
c1ad1ff178
commit
165c618bb9
@ -17,45 +17,14 @@
|
||||
#include <memory>
|
||||
#include <string>
|
||||
|
||||
#include "rtc_base/checks.h"
|
||||
#include "rtc_base/constructor_magic.h"
|
||||
#include "rtc_base/openssl_certificate.h"
|
||||
#include "rtc_base/openssl_key_pair.h"
|
||||
#include "rtc_base/ssl_certificate.h"
|
||||
#include "rtc_base/ssl_identity.h"
|
||||
|
||||
namespace rtc {
|
||||
|
||||
// OpenSSLKeyPair encapsulates an OpenSSL EVP_PKEY* keypair object,
|
||||
// which is reference counted inside the OpenSSL library.
|
||||
class OpenSSLKeyPair final {
|
||||
public:
|
||||
explicit OpenSSLKeyPair(EVP_PKEY* pkey) : pkey_(pkey) {
|
||||
RTC_DCHECK(pkey_ != nullptr);
|
||||
}
|
||||
|
||||
static OpenSSLKeyPair* Generate(const KeyParams& key_params);
|
||||
// Constructs a key pair from the private key PEM string. This must not result
|
||||
// in missing public key parameters. Returns null on error.
|
||||
static OpenSSLKeyPair* FromPrivateKeyPEMString(const std::string& pem_string);
|
||||
|
||||
virtual ~OpenSSLKeyPair();
|
||||
|
||||
virtual OpenSSLKeyPair* GetReference();
|
||||
|
||||
EVP_PKEY* pkey() const { return pkey_; }
|
||||
std::string PrivateKeyToPEMString() const;
|
||||
std::string PublicKeyToPEMString() const;
|
||||
bool operator==(const OpenSSLKeyPair& other) const;
|
||||
bool operator!=(const OpenSSLKeyPair& other) const;
|
||||
|
||||
private:
|
||||
void AddReference();
|
||||
|
||||
EVP_PKEY* pkey_;
|
||||
|
||||
RTC_DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyPair);
|
||||
};
|
||||
|
||||
// Holds a keypair and certificate together, and a method to generate
|
||||
// them consistently.
|
||||
class OpenSSLIdentity final : public SSLIdentity {
|
||||
|
||||
Reference in New Issue
Block a user