zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert of Removing #defines previously used for building without BoringSSL/OpenSSL. (patchset #2 id:20001 of https://codereview.webrtc.org/2640513002/ )

Browse Source 
Reason for revert:
Broke chromium build, due to a config being removed. Will add it back and remove the dependency in a chromium CL.

Original issue's description:
> Removing #defines previously used for building without BoringSSL/OpenSSL.
>
> These defines don't work any more, so they only cause confusion:
>
> FEATURE_ENABLE_SSL
> HAVE_OPENSSL_SSL_H
> SSL_USE_OPENSSL
>
> BUG=webrtc:7025
>
> Review-Url: https://codereview.webrtc.org/2640513002
> Cr-Commit-Position: refs/heads/master@{#16196}
> Committed: eaa826c2ee

TBR=kjellander@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:7025

Review-Url: https://codereview.webrtc.org/2648003003
Cr-Commit-Position: refs/heads/master@{#16197}
This commit is contained in:
deadbeef
2017-01-20 17:01:45 -08:00
committed by Commit bot
parent eaa826c2ee
commit f33491ebaf
24 changed files with 447 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
webrtc/base/BUILD.gn
View File

@ -35,10 +35,21 @@ config("rtc_base_approved_all_dependent_config") {
}
}
config("rtc_base_config") {
defines = [ "FEATURE_ENABLE_SSL" ]
}
config("rtc_base_chromium_config") {
defines = [ "NO_MAIN_THREAD_WRAPPING" ]
}
config("openssl_config") {
defines = [
"SSL_USE_OPENSSL",
"HAVE_OPENSSL_SSL_H",
]
}
config("rtc_base_all_dependent_config") {
if (is_ios) {
libs = [
@ -360,6 +371,16 @@ rtc_static_library("rtc_base") {
":rtc_base_approved",
]
configs += [
":openssl_config",
":rtc_base_config",
]
public_configs = [
":openssl_config",
":rtc_base_config",
]
all_dependent_configs = [ ":rtc_base_all_dependent_config" ]
sources = [
@ -516,6 +537,7 @@ rtc_static_library("rtc_base") {
"proxyserver.h",
"rollingaccumulator.h",
"scopedptrcollection.h",
"sslconfig.h",
"sslroots.h",
"testbase64.h",
"testclient.cc",

85
webrtc/base/helpers.cc
View File

@ -13,7 +13,18 @@
#include <limits>
#include <memory>
#if defined(FEATURE_ENABLE_SSL)
#include "webrtc/base/sslconfig.h"
#if defined(SSL_USE_OPENSSL)
#include <openssl/rand.h>
#else
#if defined(WEBRTC_WIN)
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <ntsecapi.h>
#endif // WEBRTC_WIN
#endif // else
#endif // FEATURE_ENABLED_SSL
#include "webrtc/base/base64.h"
#include "webrtc/base/basictypes.h"
@ -34,6 +45,7 @@ class RandomGenerator {
virtual bool Generate(void* buf, size_t len) = 0;
};
#if defined(SSL_USE_OPENSSL)
// The OpenSSL RNG.
class SecureRandomGenerator : public RandomGenerator {
public:
@ -45,6 +57,79 @@ class SecureRandomGenerator : public RandomGenerator {
}
};
#else
#if defined(WEBRTC_WIN)
class SecureRandomGenerator : public RandomGenerator {
public:
SecureRandomGenerator() : advapi32_(NULL), rtl_gen_random_(NULL) {}
~SecureRandomGenerator() {
FreeLibrary(advapi32_);
}
virtual bool Init(const void* seed, size_t seed_len) {
// We don't do any additional seeding on Win32, we just use the CryptoAPI
// RNG (which is exposed as a hidden function off of ADVAPI32 so that we
// don't need to drag in all of CryptoAPI)
if (rtl_gen_random_) {
return true;
}
advapi32_ = LoadLibrary(L"advapi32.dll");
if (!advapi32_) {
return false;
}
rtl_gen_random_ = reinterpret_cast<RtlGenRandomProc>(
GetProcAddress(advapi32_, "SystemFunction036"));
if (!rtl_gen_random_) {
FreeLibrary(advapi32_);
return false;
}
return true;
}
virtual bool Generate(void* buf, size_t len) {
if (!rtl_gen_random_ && !Init(NULL, 0)) {
return false;
}
return (rtl_gen_random_(buf, static_cast<int>(len)) != FALSE);
}
private:
typedef BOOL (WINAPI *RtlGenRandomProc)(PVOID, ULONG);
HINSTANCE advapi32_;
RtlGenRandomProc rtl_gen_random_;
};
#elif !defined(FEATURE_ENABLE_SSL)
// No SSL implementation -- use rand()
class SecureRandomGenerator : public RandomGenerator {
public:
virtual bool Init(const void* seed, size_t len) {
if (len >= 4) {
srand(*reinterpret_cast<const int*>(seed));
} else {
srand(*reinterpret_cast<const char*>(seed));
}
return true;
}
virtual bool Generate(void* buf, size_t len) {
char* bytes = reinterpret_cast<char*>(buf);
for (size_t i = 0; i < len; ++i) {
bytes[i] = static_cast<char>(rand());
}
return true;
}
};
#else
#error No SSL implementation has been selected!
#endif // WEBRTC_WIN
#endif
// A test random generator, for predictable output.
class TestRandomGenerator : public RandomGenerator {
public:

16
webrtc/base/messagedigest.cc
View File

@ -15,7 +15,13 @@
#include <string.h>
#include "webrtc/base/basictypes.h"
#include "webrtc/base/sslconfig.h"
#if SSL_USE_OPENSSL
#include "webrtc/base/openssldigest.h"
#else
#include "webrtc/base/md5digest.h"
#include "webrtc/base/sha1digest.h"
#endif
#include "webrtc/base/stringencode.h"
namespace rtc {
@ -31,12 +37,22 @@ const char DIGEST_SHA_512[] = "sha-512";
static const size_t kBlockSize = 64; // valid for SHA-256 and down
MessageDigest* MessageDigestFactory::Create(const std::string& alg) {
#if SSL_USE_OPENSSL
MessageDigest* digest = new OpenSSLDigest(alg);
if (digest->Size() == 0) { // invalid algorithm
delete digest;
digest = NULL;
}
return digest;
#else
MessageDigest* digest = NULL;
if (alg == DIGEST_MD5) {
digest = new Md5Digest();
} else if (alg == DIGEST_SHA_1) {
digest = new Sha1Digest();
}
return digest;
#endif
}
bool IsFips180DigestAlgorithm(const std::string& alg) {

4
webrtc/base/openssladapter.cc
View File

@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
#if HAVE_OPENSSL_SSL_H
#include "webrtc/base/openssladapter.h"
#if defined(WEBRTC_POSIX)
@ -963,3 +965,5 @@ OpenSSLAdapter::SetupSSLContext() {
}
} // namespace rtc
#endif // HAVE_OPENSSL_SSL_H

4
webrtc/base/openssldigest.cc
View File

@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
#if HAVE_OPENSSL_SSL_H
#include "webrtc/base/openssldigest.h"
#include "webrtc/base/checks.h"
@ -116,3 +118,5 @@ bool OpenSSLDigest::GetDigestSize(const std::string& algorithm,
}
} // namespace rtc
#endif // HAVE_OPENSSL_SSL_H

4
webrtc/base/opensslidentity.cc
View File

@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
#if HAVE_OPENSSL_SSL_H
#include "webrtc/base/opensslidentity.h"
#include <memory>
@ -574,3 +576,5 @@ bool OpenSSLIdentity::operator!=(const OpenSSLIdentity& other) const {
}
} // namespace rtc
#endif // HAVE_OPENSSL_SSL_H

44
webrtc/base/opensslstreamadapter.cc
View File

@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
#if HAVE_OPENSSL_SSL_H
#include "webrtc/base/opensslstreamadapter.h"
#include <openssl/bio.h>
@ -43,10 +45,11 @@ namespace {
namespace rtc {
#if (OPENSSL_VERSION_NUMBER < 0x10001000L)
#error "webrtc requires at least OpenSSL version 1.0.1, to support DTLS-SRTP"
#if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
#define HAVE_DTLS_SRTP
#endif
#ifdef HAVE_DTLS_SRTP
// SRTP cipher suite table. |internal_name| is used to construct a
// colon-separated profile strings which is needed by
// SSL_CTX_set_tlsext_use_srtp().
@ -62,6 +65,7 @@ static SrtpCipherMapEntry SrtpCipherMap[] = {
{"SRTP_AEAD_AES_128_GCM", SRTP_AEAD_AES_128_GCM},
{"SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM},
{nullptr, 0}};
#endif
#ifdef OPENSSL_IS_BORINGSSL
// Not used in production code. Actual time should be relative to Jan 1, 1970.
@ -428,6 +432,7 @@ bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
bool use_context,
uint8_t* result,
size_t result_len) {
#ifdef HAVE_DTLS_SRTP
int i;
i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(),
@ -438,10 +443,14 @@ bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
return false;
return true;
#else
return false;
#endif
}
bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
const std::vector<int>& ciphers) {
#ifdef HAVE_DTLS_SRTP
std::string internal_ciphers;
if (state_ != SSL_NONE)
@ -472,9 +481,13 @@ bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
srtp_ciphers_ = internal_ciphers;
return true;
#else
return false;
#endif
}
bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
#ifdef HAVE_DTLS_SRTP
RTC_DCHECK(state_ == SSL_CONNECTED);
if (state_ != SSL_CONNECTED)
return false;
@ -488,6 +501,9 @@ bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
*crypto_suite = srtp_profile->id;
RTC_DCHECK(!SrtpCryptoSuiteToName(*crypto_suite).empty());
return true;
#else
return false;
#endif
}
bool OpenSSLStreamAdapter::IsTlsConnected() {
@ -1080,12 +1096,14 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
SSL_CTX_set_cipher_list(ctx,
"DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK");
#ifdef HAVE_DTLS_SRTP
if (!srtp_ciphers_.empty()) {
if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {
SSL_CTX_free(ctx);
return NULL;
}
}
#endif
return ctx;
}
@ -1151,6 +1169,26 @@ int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
return stream->VerifyPeerCertificate();
}
bool OpenSSLStreamAdapter::HaveDtls() {
return true;
}
bool OpenSSLStreamAdapter::HaveDtlsSrtp() {
#ifdef HAVE_DTLS_SRTP
return true;
#else
return false;
#endif
}
bool OpenSSLStreamAdapter::HaveExporter() {
#ifdef HAVE_DTLS_SRTP
return true;
#else
return false;
#endif
}
bool OpenSSLStreamAdapter::IsBoringSsl() {
#ifdef OPENSSL_IS_BORINGSSL
return true;
@ -1235,3 +1273,5 @@ void OpenSSLStreamAdapter::enable_time_callback_for_testing() {
}
} // namespace rtc
#endif // HAVE_OPENSSL_SSL_H

5
webrtc/base/opensslstreamadapter.h
View File

@ -109,7 +109,10 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter {
bool IsTlsConnected() override;
// Capabilities interfaces.
// Capabilities interfaces
static bool HaveDtls();
static bool HaveDtlsSrtp();
static bool HaveExporter();
static bool IsBoringSsl();
static bool IsAcceptableCipher(int cipher, KeyType key_type);

31
webrtc/base/ssladapter.cc
View File

@ -10,7 +10,13 @@
#include "webrtc/base/ssladapter.h"
#include "webrtc/base/openssladapter.h"
#include "webrtc/base/sslconfig.h"
#if SSL_USE_OPENSSL
#include "openssladapter.h"
#endif
///////////////////////////////////////////////////////////////////////////////
@ -18,11 +24,18 @@ namespace rtc {
SSLAdapter*
SSLAdapter::Create(AsyncSocket* socket) {
#if SSL_USE_OPENSSL
return new OpenSSLAdapter(socket);
#else // !SSL_USE_OPENSSL
delete socket;
return NULL;
#endif // SSL_USE_OPENSSL
}
///////////////////////////////////////////////////////////////////////////////
#if SSL_USE_OPENSSL
bool InitializeSSL(VerificationCallback callback) {
return OpenSSLAdapter::InitializeSSL(callback);
}
@ -35,6 +48,22 @@ bool CleanupSSL() {
return OpenSSLAdapter::CleanupSSL();
}
#else // !SSL_USE_OPENSSL
bool InitializeSSL(VerificationCallback callback) {
return true;
}
bool InitializeSSLThread() {
return true;
}
bool CleanupSSL() {
return true;
}
#endif // SSL_USE_OPENSSL
///////////////////////////////////////////////////////////////////////////////
} // namespace rtc

4
webrtc/base/ssladapter_unittest.cc
View File

@ -370,6 +370,8 @@ class SSLAdapterTestDTLS_ECDSA : public SSLAdapterTestBase {
: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {}
};
#if SSL_USE_OPENSSL
// Basic tests: TLS
// Test that handshake works, using RSA
@ -417,3 +419,5 @@ TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransfer) {
TestHandshake(true);
TestTransfer("Hello, world!");
}
#endif // SSL_USE_OPENSSL

30
webrtc/base/sslconfig.h Normal file
View File

@ -0,0 +1,30 @@
/*
* Copyright 2012 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef WEBRTC_BASE_SSLCONFIG_H_
#define WEBRTC_BASE_SSLCONFIG_H_
// If no preference has been indicated, default to SChannel on Windows and
// OpenSSL everywhere else, if it is available.
#if !defined(SSL_USE_SCHANNEL) && !defined(SSL_USE_OPENSSL)
#if defined(WEBRTC_WIN)
#define SSL_USE_SCHANNEL 1
#else // defined(WEBRTC_WIN)
#if defined(HAVE_OPENSSL_SSL_H)
#define SSL_USE_OPENSSL 1
#endif
#endif // !defined(WEBRTC_WIN)
#endif
#endif // WEBRTC_BASE_SSLCONFIG_H_

16
webrtc/base/sslidentity.cc
View File

@ -17,9 +17,15 @@
#include "webrtc/base/base64.h"
#include "webrtc/base/checks.h"
#include "webrtc/base/logging.h"
#include "webrtc/base/opensslidentity.h"
#include "webrtc/base/sslconfig.h"
#include "webrtc/base/sslfingerprint.h"
#if SSL_USE_OPENSSL
#include "webrtc/base/opensslidentity.h"
#endif // SSL_USE_OPENSSL
namespace rtc {
const char kPemTypeCertificate[] = "CERTIFICATE";
@ -207,6 +213,8 @@ SSLCertChain::~SSLCertChain() {
std::for_each(certs_.begin(), certs_.end(), DeleteCert);
}
#if SSL_USE_OPENSSL
// static
SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) {
return OpenSSLCertificate::FromPEMString(pem_string);
@ -252,6 +260,12 @@ bool operator!=(const SSLIdentity& a, const SSLIdentity& b) {
return !(a == b);
}
#else // !SSL_USE_OPENSSL
#error "No SSL implementation"
#endif // SSL_USE_OPENSSL
// Read |n| bytes from ASN1 number string at *|pp| and return the numeric value.
// Update *|pp| and *|np| to reflect number of read bytes.
static inline int ASN1ReadInt(const unsigned char** pp, size_t* np, size_t n) {

20
webrtc/base/sslstreamadapter.cc
View File

@ -9,9 +9,14 @@
*/
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/base/sslconfig.h"
#if SSL_USE_OPENSSL
#include "webrtc/base/opensslstreamadapter.h"
#endif // SSL_USE_OPENSSL
///////////////////////////////////////////////////////////////////////////////
namespace rtc {
@ -96,7 +101,11 @@ CryptoOptions CryptoOptions::NoGcm() {
}
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
#if SSL_USE_OPENSSL
return new OpenSSLStreamAdapter(stream);
#else // !SSL_USE_OPENSSL
return NULL;
#endif // SSL_USE_OPENSSL
}
SSLStreamAdapter::SSLStreamAdapter(StreamInterface* stream)
@ -128,6 +137,16 @@ bool SSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
return false;
}
#if SSL_USE_OPENSSL
bool SSLStreamAdapter::HaveDtls() {
return OpenSSLStreamAdapter::HaveDtls();
}
bool SSLStreamAdapter::HaveDtlsSrtp() {
return OpenSSLStreamAdapter::HaveDtlsSrtp();
}
bool SSLStreamAdapter::HaveExporter() {
return OpenSSLStreamAdapter::HaveExporter();
}
bool SSLStreamAdapter::IsBoringSsl() {
return OpenSSLStreamAdapter::IsBoringSsl();
}
@ -144,6 +163,7 @@ std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
void SSLStreamAdapter::enable_time_callback_for_testing() {
OpenSSLStreamAdapter::enable_time_callback_for_testing();
}
#endif // SSL_USE_OPENSSL
///////////////////////////////////////////////////////////////////////////////

7
webrtc/base/sslstreamadapter.h
View File

@ -228,9 +228,10 @@ class SSLStreamAdapter : public StreamAdapterInterface {
// SS_OPENING but IsTlsConnected should return true.
virtual bool IsTlsConnected() = 0;
// Capabilities testing.
// Used to have "DTLS supported", "DTLS-SRTP supported" etc. methods, but now
// that's assumed.
// Capabilities testing
static bool HaveDtls();
static bool HaveDtlsSrtp();
static bool HaveExporter();
static bool IsBoringSsl();
// Returns true iff the supplied cipher is deemed to be strong.

32
webrtc/base/sslstreamadapter_unittest.cc
View File

@ -19,6 +19,7 @@
#include "webrtc/base/gunit.h"
#include "webrtc/base/helpers.h"
#include "webrtc/base/ssladapter.h"
#include "webrtc/base/sslconfig.h"
#include "webrtc/base/sslidentity.h"
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/base/stream.h"
@ -64,6 +65,12 @@ static const char kCERT_PEM[] =
"UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
"-----END CERTIFICATE-----\n";
#define MAYBE_SKIP_TEST(feature) \
if (!(rtc::SSLStreamAdapter::feature())) { \
LOG(LS_INFO) << "Feature disabled... skipping"; \
return; \
}
class SSLStreamAdapterTestBase;
class SSLDummyStreamBase : public rtc::StreamInterface,
@ -956,6 +963,7 @@ TEST_P(SSLStreamAdapterTestTLS, TestSetPeerCertificateDigestWithInvalidLength) {
// Basic tests: DTLS
// Test that we can make a handshake work
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
};
@ -963,12 +971,14 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
// each direction is lost. This gives us predictable loss
// rather than having to tune random
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
MAYBE_SKIP_TEST(HaveDtls);
SetLoseFirstPacket(true);
TestHandshake();
};
// Test a handshake with loss and delay
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
MAYBE_SKIP_TEST(HaveDtls);
SetLoseFirstPacket(true);
SetDelay(2000);
SetHandshakeWait(20000);
@ -978,6 +988,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
// Test a handshake with small MTU
// Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
MAYBE_SKIP_TEST(HaveDtls);
SetMtu(700);
SetHandshakeWait(20000);
TestHandshake();
@ -985,17 +996,20 @@ TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
// Test transfer -- trivial
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
TestTransfer(100);
};
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
SetLoss(10);
TestTransfer(100);
};
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
MAYBE_SKIP_TEST(HaveDtls);
SetDamage(); // Must be called first because first packet
// write happens at end of handshake.
TestHandshake();
@ -1012,6 +1026,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) {
// Test DTLS-SRTP with all high ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
SetDtlsSrtpCryptoSuites(high, true);
@ -1029,6 +1044,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
// Test DTLS-SRTP with all low ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> low;
low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
SetDtlsSrtpCryptoSuites(low, true);
@ -1046,6 +1062,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
// Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
std::vector<int> low;
@ -1062,6 +1079,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
// Test DTLS-SRTP with each side being mixed -- should select high
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> mixed;
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
@ -1080,6 +1098,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
// Test DTLS-SRTP with all GCM-128 ciphers.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm128;
gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
SetDtlsSrtpCryptoSuites(gcm128, true);
@ -1097,6 +1116,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
// Test DTLS-SRTP with all GCM-256 ciphers.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm256;
gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
SetDtlsSrtpCryptoSuites(gcm256, true);
@ -1114,6 +1134,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
// Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm128;
gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
std::vector<int> gcm256;
@ -1130,6 +1151,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
// Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcmBoth;
gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM);
gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM);
@ -1177,6 +1199,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) {
// Test an exporter
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
MAYBE_SKIP_TEST(HaveExporter);
TestHandshake();
unsigned char client_out[20];
unsigned char server_out[20];
@ -1199,6 +1222,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
// Test not yet valid certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
MAYBE_SKIP_TEST(HaveDtls);
long one_day = 60 * 60 * 24;
// Make the certificates not valid until one day later.
ResetIdentitiesWithValidity(one_day, one_day);
@ -1207,6 +1231,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
// Test expired certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
MAYBE_SKIP_TEST(HaveDtls);
long one_day = 60 * 60 * 24;
// Make the certificates already expired.
ResetIdentitiesWithValidity(-one_day, -one_day);
@ -1215,12 +1240,15 @@ TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
// Test data transfer using certs created from strings.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
TestTransfer(100);
}
// Test getting the remote certificate.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
MAYBE_SKIP_TEST(HaveDtls);
// Peer certificates haven't been received yet.
ASSERT_FALSE(GetPeerCertificate(true));
ASSERT_FALSE(GetPeerCertificate(false));
@ -1254,6 +1282,7 @@ TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
// Test getting the used DTLS ciphers.
// DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
TestHandshake();
@ -1273,6 +1302,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
// Test getting the used DTLS 1.2 ciphers.
// DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
TestHandshake();
@ -1291,6 +1321,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
// DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {
MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
TestHandshake();
@ -1309,6 +1340,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {
// DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) {
MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
TestHandshake();