zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reland: Use CRYPTO_BUFFER APIs instead of X509 when building with BoringSSL.

Browse Source 
Using CRYPTO_BUFFERs instead of legacy X509 objects offers memory and
security gains, and will provide binary size improvements as well once
the default list of built-in certificates can be removed; the code
dealing with them still depends on the X509 API.

Implemented by splitting openssl_identity and openssl_certificate
into BoringSSL and vanilla OpenSSL implementations.

No-Try: True
Bug: webrtc:11410
Change-Id: I86ddb361b94ad85b15ebb8743490de83632ca53f
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/196941
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#32818}
This commit is contained in:
Taylor Brandstetter
2020-12-10 16:23:03 -08:00
committed by Commit Bot
parent c1ad1ff178
commit 165c618bb9
24 changed files with 1620 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
rtc_base/ssl_identity_unittest.cc
View File

@ -65,7 +65,7 @@ const unsigned char kTestCertSha512[] = {
0x35, 0xce, 0x26, 0x58, 0x4a, 0x33, 0x6d, 0xbc, 0xb6};
// These PEM strings were created by generating an identity with
// |SSLIdentity::Generate| and invoking |identity->PrivateKeyToPEMString()|,
// |SSLIdentity::Create| and invoking |identity->PrivateKeyToPEMString()|,
// |identity->PublicKeyToPEMString()| and
// |identity->certificate().ToPEMString()|. If the crypto library is updated,
// and the update changes the string form of the keys, these will have to be
@ -406,6 +406,21 @@ TEST_F(SSLIdentityTest, FromPEMStringsEC) {
EXPECT_EQ(kECDSA_CERT_PEM, identity->certificate().ToPEMString());
}
TEST_F(SSLIdentityTest, FromPEMChainStrings) {
// This doesn't form a valid certificate chain, but that doesn't matter for
// the purposes of the test
std::string chain(kRSA_CERT_PEM);
chain.append(kTestCertificate);
std::unique_ptr<SSLIdentity> identity(
SSLIdentity::CreateFromPEMChainStrings(kRSA_PRIVATE_KEY_PEM, chain));
EXPECT_TRUE(identity);
EXPECT_EQ(kRSA_PRIVATE_KEY_PEM, identity->PrivateKeyToPEMString());
EXPECT_EQ(kRSA_PUBLIC_KEY_PEM, identity->PublicKeyToPEMString());
ASSERT_EQ(2u, identity->cert_chain().GetSize());
EXPECT_EQ(kRSA_CERT_PEM, identity->cert_chain().Get(0).ToPEMString());
EXPECT_EQ(kTestCertificate, identity->cert_chain().Get(1).ToPEMString());
}
TEST_F(SSLIdentityTest, CloneIdentityRSA) {
TestCloningIdentity(*identity_rsa1_);
TestCloningIdentity(*identity_rsa2_);