Just a simple rename change to update these functions to be in compliance with
the WebRTC/Chromium style guide.
Bug: webrtc:9860
Change-Id: I5bc831754c80b7b00bd1e5e0b3905e55f5d22b0c
Reviewed-on: https://webrtc-review.googlesource.com/c/108204
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25402}
We have several places in the SSL APIs where we will poke holes through the API
surface with boolean flags to enable scenarios like disabling authentication.
This isn't an ideal approach because it is error prone and confusing to the
API user. Instead authentication should be dependency injected with a default
secure component and a fake can be created for testing.
For now this CL just cleans up the left over unused test flags and renames the
remaining ones with a ForTesting postfix to make it very clear they shouldn't
be used in any production code.
Bug: webrtc:9860
Change-Id: I31f55cf85097bacb9cd895c16a6fad3773cd1c2b
Reviewed-on: https://webrtc-review.googlesource.com/c/107786
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25377}
This CL is the result of running include-what-you-use tool on part
of the code base (audio target and dependencies) plus manual fixes.
bug: webrtc:8311
Change-Id: I277d281ce943c3ecc1bd45fd8d83055931743604
Reviewed-on: https://webrtc-review.googlesource.com/c/106280
Commit-Queue: Yves Gerey <yvesg@google.com>
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Patrik Höglund <phoglund@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25311}
This change is part of a long set of changes to improve the overall code quality
of the the cryptography code in WebRTC. This is a set of low risk refactorings.
More complex refactorings will be saved for a different CL.
This change updates the conditions to move away from:
if (a)
b = c;
to
if (a) {
b = c;
}
The code style guide allows for either but in security critical code this has
been known to cause issues as it is very easy to forget the braces when
adding additional code to conditionals.
Bug: webrtc:9860
Change-Id: I2ec07a4129fe4756b90f6b295d62a4cadbc1f71f
Reviewed-on: https://webrtc-review.googlesource.com/c/106140
Reviewed-by: Steve Anton <steveanton@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25186}
Running clang-format with chromium's style guide.
The goal is n-fold:
* providing consistency and readability (that's what code guidelines are for)
* preventing noise with presubmit checks and git cl format
* building on the previous point: making it easier to automatically fix format issues
* you name it
Please consider using git-hyper-blame to ignore this commit.
Bug: webrtc:9340
Change-Id: I694567c4cdf8cee2860958cfe82bfaf25848bb87
Reviewed-on: https://webrtc-review.googlesource.com/81185
Reviewed-by: Patrik Höglund <phoglund@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23660}
There was an implementation, but it relied on SSLCertificate::GetChain,
which was never implemented. Except in the fake certificate classes
used by the stats collector tests, hence the tests were passing.
Instead of implementing GetChain, we decided (in
https://webrtc-review.googlesource.com/c/src/+/6500) to add
methods that return a SSLCertChain directly, since it results in a
somewhat cleaner object model.
So this CL switches everything to use the "chain" methods, and gets
rid of the obsolete methods and member variables.
Bug: webrtc:8920
Change-Id: Ie9d7d53654ba859535462521b54c788adec7badf
Reviewed-on: https://webrtc-review.googlesource.com/56961
Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org>
Reviewed-by: Zhi Huang <zhihuang@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22177}
OpenSSL is making a lot of data structure opaque, so we can no longer directly access internal data structure. Fortunately, API methods are provided for this purpose.
BoringSSL is sharing the same API.
Bug: webrtc:8817
Change-Id: Ia5090200f0e7c352f82e8191720ac4c14fbb5a85
Reviewed-on: https://webrtc-review.googlesource.com/47321
Commit-Queue: Tommi <tommi@webrtc.org>
Reviewed-by: Justin Uberti <juberti@webrtc.org>
Reviewed-by: Emad Omara <emadomara@webrtc.org>
Reviewed-by: Tommi <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21895}
The reasons behind this change:
1. In OpenSSL 1.1.0. BIO will be an opaque object. We won't have direct access to the `num` field.
2. `num` is only used by OpenSSL provided BIOs and different types of BIOs use num differently.
WebRTC is providing its own customized BIO implementation, it probably shouldn't piggyback into
this internal field to store the stream/socket state.
4. We can access the stream/socket state directly using the underlying object anyway.
Bug: webrtc:8817
Change-Id: I41cdd2920fba378e312e8436a7b9733381555522
Reviewed-on: https://webrtc-review.googlesource.com/46360
Commit-Queue: Jiawei Ou <ouj@fb.com>
Reviewed-by: Tommi <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21814}
The comment is backwards. BoringSSL has SSL_CIPHER_standard_name, but
because it is usually not available in OpenSSL, you have to do it
manually. (The code in question is not compiled in BoringSSL.)
Bug: none
Change-Id: If294937afc75d0b0bd3107fd5c57a85c6252f188
Reviewed-on: https://webrtc-review.googlesource.com/28380
Commit-Queue: David Benjamin <davidben@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#21146}
Specifically, I'm moving
safe_compare.h
safe_conversions.h
safe_minmax.h
They shouldn't be part of the API, and moving them to an appropriate
subdirectory of rtc_base/ is a good way to keep track of that.
BUG=webrtc:8445
Change-Id: I458531aeb30bcf4291c4bec3bf22a2fffbf054ff
Reviewed-on: https://webrtc-review.googlesource.com/20860
Commit-Queue: Karl Wiberg <kwiberg@webrtc.org>
Reviewed-by: Danil Chapovalov <danilchap@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20829}
WebRTC is currently using the SSL_CTX_set_verify callback. This
configures a callback for use with X509_STORE_CTX_set_verify_cb. See
https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_set_verify_cb.html
This callback does not override certificate verification. Rather, it
allows EACH failure in OpenSSL's built-in certificate verification, as
well as the final success, to be overridden (that's why there's an ok
parameter). It still runs the usual OpenSSL certificate verification
(which will never succeed).
The upshot is that the callback is called multiple times and
OpenSSLStreamAdapter does a ton of redundant work and checks the hash at
least twice, or more for certificates with other errors.
Instead, use SSL_CTX_set_cert_verify_callback. This short-circuits the
OpenSSL behavior entirely and uses a caller-supplied one.
https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_CTX_set_cert_verify_callbackhttps://wiki.openssl.org/index.php/Manual:SSL_CTX_set_cert_verify_callback(3)
(This also removes the SSL_CTX_set_verify_depth call which is ignored
with SSL_CTX_set_cert_verify_callback. It didn't do anything before
either---it tells OpenSSL to reject chains that are too short, but the
rejection was overwritten by the callback anyway.)
(Later on, we'll need to switch this to the BoringSSL-only
SSL_CTX_set_custom_verify and CRYPTO_BUFFER APIs to fix WebRTC's
contribution to Chrome's binary size, but I've left that alone for the
time being.)
Bug: none
Change-Id: I9320a367d0961935836df63dc6f0868b069f0af0
Reviewed-on: https://webrtc-review.googlesource.com/4581
Commit-Queue: David Benjamin <davidben@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20053}
Function pointer tables require relocations, so this goes into
.data.rel.ro, not .rodata, but this will at least mark the pages
read-only after relocations are resolved.
Bug: None
Change-Id: I8625e7466b2dcadafc4e4e5f9c6eccbd87af7109
Reviewed-on: https://webrtc-review.googlesource.com/4580
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20029}
SSL_CIPHER_standard_name is a bit easier to use. BoringSSL has the
strings in the library statically these days. (Turns out that's more
size-efficient than the code to build it up anyway!)
Bug: None
Change-Id: I91ffa725fa716791cdf75d944cf8d9a3e2cb9021
Reviewed-on: https://webrtc-review.googlesource.com/4362
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20028}
In order to eliminate the WebRTC Subtree mirror in Chromium,
WebRTC is moving the content of the src/webrtc directory up
to the src/ directory.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
TBR=tommi@webrtc.org
Bug: chromium:611808
Change-Id: Iac59c5b51b950f174119565bac87955a7994bc38
Reviewed-on: https://webrtc-review.googlesource.com/1560
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Henrik Kjellander <kjellander@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#19845}
