admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert of Removing #defines previously used for building without BoringSSL/OpenSSL. (patchset #2 id:20001 of https://codereview.webrtc.org/2640513002/ )

Browse Source 
Reason for revert:
Broke chromium build, due to a config being removed. Will add it back and remove the dependency in a chromium CL.

Original issue's description:
> Removing #defines previously used for building without BoringSSL/OpenSSL.
>
> These defines don't work any more, so they only cause confusion:
>
> FEATURE_ENABLE_SSL
> HAVE_OPENSSL_SSL_H
> SSL_USE_OPENSSL
>
> BUG=webrtc:7025
>
> Review-Url: https://codereview.webrtc.org/2640513002
> Cr-Commit-Position: refs/heads/master@{#16196}
> Committed: eaa826c2ee

TBR=kjellander@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:7025

Review-Url: https://codereview.webrtc.org/2648003003
Cr-Commit-Position: refs/heads/master@{#16197}
This commit is contained in:
deadbeef 2017-01-20 17:01:45 -08:00 committed by Commit bot
parent eaa826c2ee
commit f33491ebaf
24 changed files with 447 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
webrtc/BUILD.gn
View File

@ -30,6 +30,7 @@ config("common_inherited_config") {
defines = [
# TODO(kjellander): Cleanup unused ones and move defines closer to
# the source when webrtc:4256 is completed.
"FEATURE_ENABLE_SSL",
"FEATURE_ENABLE_VOICEMAIL",
"EXPAT_RELATIVE_PATH",
"GTEST_RELATIVE_PATH",
@ -131,10 +132,12 @@ config("common_config") {
# targets, there's no point including the defines in that config here.
# TODO(kjellander): Cleanup unused ones and move defines closer to the
# source when webrtc:4256 is completed.
"HAVE_OPENSSL_SSL_H",
"HAVE_SRTP",
"HAVE_WEBRTC_VIDEO",
"HAVE_WEBRTC_VOICE",
"LOGGING_INSIDE_WEBRTC",
"SSL_USE_OPENSSL",
"USE_WEBRTC_DEV_BRANCH",
]
} else {

22
webrtc/api/peerconnection_unittest.cc
View File

@ -46,6 +46,12 @@
#include "webrtc/p2p/client/basicportallocator.h"
#include "webrtc/pc/mediasession.h"
#define MAYBE_SKIP_TEST(feature) \
if (!(feature())) { \
LOG(LS_INFO) << "Feature disabled... skipping"; \
return; \
}
using cricket::ContentInfo;
using cricket::FakeWebRtcVideoDecoder;
using cricket::FakeWebRtcVideoDecoderFactory;
@ -217,7 +223,8 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
rtc::Thread* network_thread,
rtc::Thread* worker_thread) {
std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
new FakeRTCCertificateGenerator());
rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
new FakeRTCCertificateGenerator() : nullptr);
return CreateClientWithDtlsIdentityStore(id, constraints, options, config,
std::move(cert_generator), true,
@ -230,7 +237,8 @@ class PeerConnectionTestClient : public webrtc::PeerConnectionObserver,
rtc::Thread* network_thread,
rtc::Thread* worker_thread) {
std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
new FakeRTCCertificateGenerator());
rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
new FakeRTCCertificateGenerator() : nullptr);
return CreateClientWithDtlsIdentityStore(id, nullptr, options, nullptr,
std::move(cert_generator), false,
@ -1464,6 +1472,7 @@ class P2PTestConductor : public testing::Test {
}
void SetupAndVerifyDtlsCall() {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints setup_constraints;
setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
true);
@ -1488,7 +1497,8 @@ class P2PTestConductor : public testing::Test {
rtc_config.set_cpu_adaptation(false);
std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
new FakeRTCCertificateGenerator());
rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
new FakeRTCCertificateGenerator() : nullptr);
cert_generator->use_alternate_key();
// Make sure the new client is using a different certificate.
@ -1684,6 +1694,7 @@ TEST_F(P2PTestConductor, OneWayMediaCallWithoutConstraints) {
// This test sets up a audio call initially and then upgrades to audio/video,
// using DTLS.
TEST_F(P2PTestConductor, LocalP2PTestDtlsRenegotiate) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints setup_constraints;
setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
true);
@ -1697,6 +1708,7 @@ TEST_F(P2PTestConductor, LocalP2PTestDtlsRenegotiate) {
// This test sets up a call transfer to a new caller with a different DTLS
// fingerprint.
TEST_F(P2PTestConductor, LocalP2PTestDtlsTransferCallee) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SetupAndVerifyDtlsCall();
// Keeping the original peer around which will still send packets to the
@ -1715,6 +1727,7 @@ TEST_F(P2PTestConductor, LocalP2PTestDtlsTransferCallee) {
// bundle is in effect in the restart, the channel can successfully reset its
// DTLS-SRTP context.
TEST_F(P2PTestConductor, LocalP2PTestDtlsBundleInIceRestart) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints setup_constraints;
setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
true);
@ -1733,6 +1746,7 @@ TEST_F(P2PTestConductor, LocalP2PTestDtlsBundleInIceRestart) {
// This test sets up a call transfer to a new callee with a different DTLS
// fingerprint.
TEST_F(P2PTestConductor, LocalP2PTestDtlsTransferCaller) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SetupAndVerifyDtlsCall();
// Keeping the original peer around which will still send packets to the
@ -1766,6 +1780,7 @@ TEST_F(P2PTestConductor, LocalP2PTestReceiverDoesntSupportCVO) {
// DTLS key agreement. The offerer don't support SDES. As a result, DTLS is
// negotiated and used for transport.
TEST_F(P2PTestConductor, LocalP2PTestOfferDtlsButNotSdes) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints setup_constraints;
setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
true);
@ -2242,6 +2257,7 @@ TEST_F(P2PTestConductor, AddDataChannelAfterRenegotiation) {
// negotiation is completed without error.
#ifdef HAVE_SCTP
TEST_F(P2PTestConductor, CreateOfferWithSctpDataChannel) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints constraints;
constraints.SetMandatory(
MediaConstraintsInterface::kEnableDtlsSrtp, true);

18
webrtc/api/peerconnectionendtoend_unittest.cc
View File

@ -24,6 +24,12 @@
#include "webrtc/base/stringencode.h"
#include "webrtc/base/stringutils.h"
#define MAYBE_SKIP_TEST(feature) \
if (!(feature())) { \
LOG(LS_INFO) << "Feature disabled... skipping"; \
return; \
}
using webrtc::DataChannelInterface;
using webrtc::FakeConstraints;
using webrtc::MediaConstraintsInterface;
@ -192,6 +198,8 @@ TEST_F(PeerConnectionEndToEndTest, CallWithLegacySdp) {
// Verifies that a DataChannel created before the negotiation can transition to
// "OPEN" and transfer data.
TEST_F(PeerConnectionEndToEndTest, CreateDataChannelBeforeNegotiate) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
CreatePcs();
webrtc::DataChannelInit init;
@ -216,6 +224,8 @@ TEST_F(PeerConnectionEndToEndTest, CreateDataChannelBeforeNegotiate) {
// Verifies that a DataChannel created after the negotiation can transition to
// "OPEN" and transfer data.
TEST_F(PeerConnectionEndToEndTest, CreateDataChannelAfterNegotiate) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
CreatePcs();
webrtc::DataChannelInit init;
@ -247,6 +257,8 @@ TEST_F(PeerConnectionEndToEndTest, CreateDataChannelAfterNegotiate) {
// Verifies that DataChannel IDs are even/odd based on the DTLS roles.
TEST_F(PeerConnectionEndToEndTest, DataChannelIdAssignment) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
CreatePcs();
webrtc::DataChannelInit init;
@ -274,6 +286,8 @@ TEST_F(PeerConnectionEndToEndTest, DataChannelIdAssignment) {
// there are multiple DataChannels.
TEST_F(PeerConnectionEndToEndTest,
MessageTransferBetweenTwoPairsOfDataChannels) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
CreatePcs();
webrtc::DataChannelInit init;
@ -395,6 +409,8 @@ TEST_F(PeerConnectionEndToEndTest, MessageTransferBetweenQuicDataChannels) {
// See: https://bugs.chromium.org/p/webrtc/issues/detail?id=4453
TEST_F(PeerConnectionEndToEndTest,
DISABLED_DataChannelFromOpenWorksAfterClose) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
CreatePcs();
webrtc::DataChannelInit init;
@ -421,6 +437,8 @@ TEST_F(PeerConnectionEndToEndTest,
// reference count), no memory access violation will occur.
// See: https://code.google.com/p/chromium/issues/detail?id=565048
TEST_F(PeerConnectionEndToEndTest, CloseDataChannelRemotelyWhileNotReferenced) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
CreatePcs();
webrtc::DataChannelInit init;

7
webrtc/api/peerconnectioninterface_unittest.cc
View File

@ -293,6 +293,12 @@ static const char kSdpStringMs1Video1[] =
"a=ssrc:4 cname:stream1\r\n"
"a=ssrc:4 msid:stream1 videotrack1\r\n";
#define MAYBE_SKIP_TEST(feature) \
if (!(feature())) { \
LOG(LS_INFO) << "Feature disabled... skipping"; \
return; \
}
using ::testing::Exactly;
using cricket::StreamParams;
using webrtc::AudioSourceInterface;
@ -2036,6 +2042,7 @@ TEST_F(PeerConnectionInterfaceTest, TestRejectDataChannelInAnswer) {
// FireFox, use it as a remote session description, generate an answer and use
// the answer as a local description.
TEST_F(PeerConnectionInterfaceTest, ReceiveFireFoxOffer) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints constraints;
constraints.AddMandatory(webrtc::MediaConstraintsInterface::kEnableDtlsSrtp,
true);

3
webrtc/api/test/peerconnectiontestwrapper.cc
View File

@ -76,7 +76,8 @@ bool PeerConnectionTestWrapper::CreatePc(
}
std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator(
new FakeRTCCertificateGenerator());
rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeRTCCertificateGenerator()
: nullptr);
peer_connection_ = peer_connection_factory_->CreatePeerConnection(
config, constraints, std::move(port_allocator), std::move(cert_generator),
this);

33
webrtc/api/webrtcsession_unittest.cc
View File

@ -50,6 +50,12 @@
#include "webrtc/pc/channelmanager.h"
#include "webrtc/pc/mediasession.h"
#define MAYBE_SKIP_TEST(feature) \
if (!(feature())) { \
LOG(LS_INFO) << "Feature disabled... skipping"; \
return; \
}
using cricket::FakeVoiceMediaChannel;
using cricket::TransportInfo;
using rtc::SocketAddress;
@ -1844,6 +1850,7 @@ TEST_F(WebRtcSessionTest, TestSetRemoteNonSdesAnswerWhenSdesOn) {
// Test that we accept an offer with a DTLS fingerprint when DTLS is on
// and that we return an answer with a DTLS fingerprint.
TEST_P(WebRtcSessionTest, TestReceiveDtlsOfferCreateDtlsAnswer) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SendAudioVideoStream1();
InitWithDtls(GetParam());
SetFactoryDtlsSrtp();
@ -1872,6 +1879,7 @@ TEST_P(WebRtcSessionTest, TestReceiveDtlsOfferCreateDtlsAnswer) {
// Test that we set a local offer with a DTLS fingerprint when DTLS is on
// and then we accept a remote answer with a DTLS fingerprint successfully.
TEST_P(WebRtcSessionTest, TestCreateDtlsOfferReceiveDtlsAnswer) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SendAudioVideoStream1();
InitWithDtls(GetParam());
SetFactoryDtlsSrtp();
@ -1901,6 +1909,7 @@ TEST_P(WebRtcSessionTest, TestCreateDtlsOfferReceiveDtlsAnswer) {
// Test that if we support DTLS and the other side didn't offer a fingerprint,
// we will fail to set the remote description.
TEST_P(WebRtcSessionTest, TestReceiveNonDtlsOfferWhenDtlsOn) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
cricket::MediaSessionOptions options;
options.recv_video = true;
@ -1924,6 +1933,7 @@ TEST_P(WebRtcSessionTest, TestReceiveNonDtlsOfferWhenDtlsOn) {
// Test that we return a failure when applying a local answer that doesn't have
// a DTLS fingerprint when DTLS is required.
TEST_P(WebRtcSessionTest, TestSetLocalNonDtlsAnswerWhenDtlsOn) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SessionDescriptionInterface* offer = NULL;
SessionDescriptionInterface* answer = NULL;
@ -1939,6 +1949,7 @@ TEST_P(WebRtcSessionTest, TestSetLocalNonDtlsAnswerWhenDtlsOn) {
// Test that we return a failure when applying a remote answer that doesn't have
// a DTLS fingerprint when DTLS is required.
TEST_P(WebRtcSessionTest, TestSetRemoteNonDtlsAnswerWhenDtlsOn) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SessionDescriptionInterface* offer = CreateOffer();
cricket::MediaSessionOptions options;
@ -3915,6 +3926,8 @@ TEST_F(WebRtcSessionTest, TestRtpDataChannel) {
}
TEST_P(WebRtcSessionTest, TestRtpDataChannelConstraintTakesPrecedence) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
configuration_.enable_rtp_data_channel = true;
options_.disable_sctp_data_channels = false;
@ -3927,6 +3940,7 @@ TEST_P(WebRtcSessionTest, TestRtpDataChannelConstraintTakesPrecedence) {
// Test that sctp_content_name/sctp_transport_name (used for stats) are correct
// before and after BUNDLE is negotiated.
TEST_P(WebRtcSessionTest, SctpContentAndTransportName) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SetFactoryDtlsSrtp();
InitWithDtls(GetParam());
@ -3960,6 +3974,8 @@ TEST_P(WebRtcSessionTest, SctpContentAndTransportName) {
}
TEST_P(WebRtcSessionTest, TestCreateOfferWithSctpEnabledWithoutStreams) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
std::unique_ptr<SessionDescriptionInterface> offer(CreateOffer());
@ -3968,6 +3984,7 @@ TEST_P(WebRtcSessionTest, TestCreateOfferWithSctpEnabledWithoutStreams) {
}
TEST_P(WebRtcSessionTest, TestCreateAnswerWithSctpInOfferAndNoStreams) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SetFactoryDtlsSrtp();
InitWithDtls(GetParam());
@ -3999,6 +4016,8 @@ TEST_P(WebRtcSessionTest, TestSctpDataChannelWithoutDtls) {
// Test that if DTLS is enabled, we end up with an SctpTransport created
// (and not an RtpDataChannel).
TEST_P(WebRtcSessionTest, TestSctpDataChannelWithDtls) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SetLocalDescriptionWithDataChannel();
@ -4009,6 +4028,7 @@ TEST_P(WebRtcSessionTest, TestSctpDataChannelWithDtls) {
// Test that if SCTP is disabled, we don't end up with an SctpTransport
// created (or an RtpDataChannel).
TEST_P(WebRtcSessionTest, TestDisableSctpDataChannels) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
options_.disable_sctp_data_channels = true;
InitWithDtls(GetParam());
@ -4018,6 +4038,7 @@ TEST_P(WebRtcSessionTest, TestDisableSctpDataChannels) {
}
TEST_P(WebRtcSessionTest, TestSctpDataChannelSendPortParsing) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
const int new_send_port = 9998;
const int new_recv_port = 7775;
@ -4059,6 +4080,8 @@ TEST_P(WebRtcSessionTest, TestSctpDataChannelSendPortParsing) {
// WebRtcSession signals the SctpTransport creation request with the expected
// config.
TEST_P(WebRtcSessionTest, TestSctpDataChannelOpenMessage) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SetLocalDescriptionWithDataChannel();
@ -4098,6 +4121,7 @@ TEST_P(WebRtcSessionTest, TestUsesProvidedCertificate) {
// identity generation is finished (even if a certificate is provided this is
// an async op).
TEST_P(WebRtcSessionTest, TestCreateOfferBeforeIdentityRequestReturnSuccess) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
EXPECT_TRUE(session_->waiting_for_certificate_for_testing());
@ -4113,6 +4137,7 @@ TEST_P(WebRtcSessionTest, TestCreateOfferBeforeIdentityRequestReturnSuccess) {
// identity generation is finished (even if a certificate is provided this is
// an async op).
TEST_P(WebRtcSessionTest, TestCreateAnswerBeforeIdentityRequestReturnSuccess) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SetFactoryDtlsSrtp();
@ -4133,6 +4158,7 @@ TEST_P(WebRtcSessionTest, TestCreateAnswerBeforeIdentityRequestReturnSuccess) {
// identity generation is finished (even if a certificate is provided this is
// an async op).
TEST_P(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnSuccess) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
EXPECT_TRUE_WAIT(!session_->waiting_for_certificate_for_testing(), 1000);
@ -4144,6 +4170,7 @@ TEST_P(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnSuccess) {
// Verifies that CreateOffer fails when CreateOffer is called after async
// identity generation fails.
TEST_F(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnFailure) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtlsIdentityGenFail();
EXPECT_TRUE_WAIT(!session_->waiting_for_certificate_for_testing(), 1000);
@ -4156,6 +4183,7 @@ TEST_F(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnFailure) {
// before async identity generation is finished.
TEST_P(WebRtcSessionTest,
TestMultipleCreateOfferBeforeIdentityRequestReturnSuccess) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
VerifyMultipleAsyncCreateDescription(GetParam(),
CreateSessionDescriptionRequest::kOffer);
}
@ -4164,6 +4192,7 @@ TEST_P(WebRtcSessionTest,
// before async identity generation fails.
TEST_F(WebRtcSessionTest,
TestMultipleCreateOfferBeforeIdentityRequestReturnFailure) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
VerifyMultipleAsyncCreateDescriptionIdentityGenFailure(
CreateSessionDescriptionRequest::kOffer);
}
@ -4172,6 +4201,7 @@ TEST_F(WebRtcSessionTest,
// before async identity generation is finished.
TEST_P(WebRtcSessionTest,
TestMultipleCreateAnswerBeforeIdentityRequestReturnSuccess) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
VerifyMultipleAsyncCreateDescription(
GetParam(), CreateSessionDescriptionRequest::kAnswer);
}
@ -4180,6 +4210,7 @@ TEST_P(WebRtcSessionTest,
// before async identity generation fails.
TEST_F(WebRtcSessionTest,
TestMultipleCreateAnswerBeforeIdentityRequestReturnFailure) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
VerifyMultipleAsyncCreateDescriptionIdentityGenFailure(
CreateSessionDescriptionRequest::kAnswer);
}
@ -4223,6 +4254,7 @@ TEST_F(WebRtcSessionTest, TestCombinedAudioVideoBweConstraint) {
// Tests that we can renegotiate new media content with ICE candidates in the
// new remote SDP.
TEST_P(WebRtcSessionTest, TestRenegotiateNewMediaWithCandidatesInSdp) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SetFactoryDtlsSrtp();
@ -4252,6 +4284,7 @@ TEST_P(WebRtcSessionTest, TestRenegotiateNewMediaWithCandidatesInSdp) {
// Tests that we can renegotiate new media content with ICE candidates separated
// from the remote SDP.
TEST_P(WebRtcSessionTest, TestRenegotiateNewMediaWithCandidatesSeparated) {
MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SetFactoryDtlsSrtp();

22
webrtc/base/BUILD.gn
View File

@ -35,10 +35,21 @@ config("rtc_base_approved_all_dependent_config") {
}
}
config("rtc_base_config") {
defines = [ "FEATURE_ENABLE_SSL" ]
}
config("rtc_base_chromium_config") {
defines = [ "NO_MAIN_THREAD_WRAPPING" ]
}
config("openssl_config") {
defines = [
"SSL_USE_OPENSSL",
"HAVE_OPENSSL_SSL_H",
]
}
config("rtc_base_all_dependent_config") {
if (is_ios) {
libs = [
@ -360,6 +371,16 @@ rtc_static_library("rtc_base") {
":rtc_base_approved",
]
configs += [
":openssl_config",
":rtc_base_config",
]
public_configs = [
":openssl_config",
":rtc_base_config",
]
all_dependent_configs = [ ":rtc_base_all_dependent_config" ]
sources = [
@ -516,6 +537,7 @@ rtc_static_library("rtc_base") {
"proxyserver.h",
"rollingaccumulator.h",
"scopedptrcollection.h",
"sslconfig.h",
"sslroots.h",
"testbase64.h",
"testclient.cc",

85
webrtc/base/helpers.cc
View File

@ -13,7 +13,18 @@
#include <limits>
#include <memory>
#if defined(FEATURE_ENABLE_SSL)
#include "webrtc/base/sslconfig.h"
#if defined(SSL_USE_OPENSSL)
#include <openssl/rand.h>
#else
#if defined(WEBRTC_WIN)
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
#include <ntsecapi.h>
#endif // WEBRTC_WIN
#endif // else
#endif // FEATURE_ENABLED_SSL
#include "webrtc/base/base64.h"
#include "webrtc/base/basictypes.h"
@ -34,6 +45,7 @@ class RandomGenerator {
virtual bool Generate(void* buf, size_t len) = 0;
};
#if defined(SSL_USE_OPENSSL)
// The OpenSSL RNG.
class SecureRandomGenerator : public RandomGenerator {
public:
@ -45,6 +57,79 @@ class SecureRandomGenerator : public RandomGenerator {
}
};
#else
#if defined(WEBRTC_WIN)
class SecureRandomGenerator : public RandomGenerator {
public:
SecureRandomGenerator() : advapi32_(NULL), rtl_gen_random_(NULL) {}
~SecureRandomGenerator() {
FreeLibrary(advapi32_);
}
virtual bool Init(const void* seed, size_t seed_len) {
// We don't do any additional seeding on Win32, we just use the CryptoAPI
// RNG (which is exposed as a hidden function off of ADVAPI32 so that we
// don't need to drag in all of CryptoAPI)
if (rtl_gen_random_) {
return true;
}
advapi32_ = LoadLibrary(L"advapi32.dll");
if (!advapi32_) {
return false;
}
rtl_gen_random_ = reinterpret_cast<RtlGenRandomProc>(
GetProcAddress(advapi32_, "SystemFunction036"));
if (!rtl_gen_random_) {
FreeLibrary(advapi32_);
return false;
}
return true;
}
virtual bool Generate(void* buf, size_t len) {
if (!rtl_gen_random_ && !Init(NULL, 0)) {
return false;
}
return (rtl_gen_random_(buf, static_cast<int>(len)) != FALSE);
}
private:
typedef BOOL (WINAPI *RtlGenRandomProc)(PVOID, ULONG);
HINSTANCE advapi32_;
RtlGenRandomProc rtl_gen_random_;
};
#elif !defined(FEATURE_ENABLE_SSL)
// No SSL implementation -- use rand()
class SecureRandomGenerator : public RandomGenerator {
public:
virtual bool Init(const void* seed, size_t len) {
if (len >= 4) {
srand(*reinterpret_cast<const int*>(seed));
} else {
srand(*reinterpret_cast<const char*>(seed));
}
return true;
}
virtual bool Generate(void* buf, size_t len) {
char* bytes = reinterpret_cast<char*>(buf);
for (size_t i = 0; i < len; ++i) {
bytes[i] = static_cast<char>(rand());
}
return true;
}
};
#else
#error No SSL implementation has been selected!
#endif // WEBRTC_WIN
#endif
// A test random generator, for predictable output.
class TestRandomGenerator : public RandomGenerator {
public:

16
webrtc/base/messagedigest.cc
View File

@ -15,7 +15,13 @@
#include <string.h>
#include "webrtc/base/basictypes.h"
#include "webrtc/base/sslconfig.h"
#if SSL_USE_OPENSSL
#include "webrtc/base/openssldigest.h"
#else
#include "webrtc/base/md5digest.h"
#include "webrtc/base/sha1digest.h"
#endif
#include "webrtc/base/stringencode.h"
namespace rtc {
@ -31,12 +37,22 @@ const char DIGEST_SHA_512[] = "sha-512";
static const size_t kBlockSize = 64; // valid for SHA-256 and down
MessageDigest* MessageDigestFactory::Create(const std::string& alg) {
#if SSL_USE_OPENSSL
MessageDigest* digest = new OpenSSLDigest(alg);
if (digest->Size() == 0) { // invalid algorithm
delete digest;
digest = NULL;
}
return digest;
#else
MessageDigest* digest = NULL;
if (alg == DIGEST_MD5) {
digest = new Md5Digest();
} else if (alg == DIGEST_SHA_1) {
digest = new Sha1Digest();
}
return digest;
#endif
}
bool IsFips180DigestAlgorithm(const std::string& alg) {

4
webrtc/base/openssladapter.cc
View File

@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
#if HAVE_OPENSSL_SSL_H
#include "webrtc/base/openssladapter.h"
#if defined(WEBRTC_POSIX)
@ -963,3 +965,5 @@ OpenSSLAdapter::SetupSSLContext() {
}
} // namespace rtc
#endif // HAVE_OPENSSL_SSL_H

4
webrtc/base/openssldigest.cc
View File

@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
#if HAVE_OPENSSL_SSL_H
#include "webrtc/base/openssldigest.h"
#include "webrtc/base/checks.h"
@ -116,3 +118,5 @@ bool OpenSSLDigest::GetDigestSize(const std::string& algorithm,
}
} // namespace rtc
#endif // HAVE_OPENSSL_SSL_H

4
webrtc/base/opensslidentity.cc
View File

@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
#if HAVE_OPENSSL_SSL_H
#include "webrtc/base/opensslidentity.h"
#include <memory>
@ -574,3 +576,5 @@ bool OpenSSLIdentity::operator!=(const OpenSSLIdentity& other) const {
}
} // namespace rtc
#endif // HAVE_OPENSSL_SSL_H

44
webrtc/base/opensslstreamadapter.cc
View File

@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
#if HAVE_OPENSSL_SSL_H
#include "webrtc/base/opensslstreamadapter.h"
#include <openssl/bio.h>
@ -43,10 +45,11 @@ namespace {
namespace rtc {
#if (OPENSSL_VERSION_NUMBER < 0x10001000L)
#error "webrtc requires at least OpenSSL version 1.0.1, to support DTLS-SRTP"
#if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
#define HAVE_DTLS_SRTP
#endif
#ifdef HAVE_DTLS_SRTP
// SRTP cipher suite table. |internal_name| is used to construct a
// colon-separated profile strings which is needed by
// SSL_CTX_set_tlsext_use_srtp().
@ -62,6 +65,7 @@ static SrtpCipherMapEntry SrtpCipherMap[] = {
{"SRTP_AEAD_AES_128_GCM", SRTP_AEAD_AES_128_GCM},
{"SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM},
{nullptr, 0}};
#endif
#ifdef OPENSSL_IS_BORINGSSL
// Not used in production code. Actual time should be relative to Jan 1, 1970.
@ -428,6 +432,7 @@ bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
bool use_context,
uint8_t* result,
size_t result_len) {
#ifdef HAVE_DTLS_SRTP
int i;
i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(),
@ -438,10 +443,14 @@ bool OpenSSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
return false;
return true;
#else
return false;
#endif
}
bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
const std::vector<int>& ciphers) {
#ifdef HAVE_DTLS_SRTP
std::string internal_ciphers;
if (state_ != SSL_NONE)
@ -472,9 +481,13 @@ bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
srtp_ciphers_ = internal_ciphers;
return true;
#else
return false;
#endif
}
bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
#ifdef HAVE_DTLS_SRTP
RTC_DCHECK(state_ == SSL_CONNECTED);
if (state_ != SSL_CONNECTED)
return false;
@ -488,6 +501,9 @@ bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
*crypto_suite = srtp_profile->id;
RTC_DCHECK(!SrtpCryptoSuiteToName(*crypto_suite).empty());
return true;
#else
return false;
#endif
}
bool OpenSSLStreamAdapter::IsTlsConnected() {
@ -1080,12 +1096,14 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
SSL_CTX_set_cipher_list(ctx,
"DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK");
#ifdef HAVE_DTLS_SRTP
if (!srtp_ciphers_.empty()) {
if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {
SSL_CTX_free(ctx);
return NULL;
}
}
#endif
return ctx;
}
@ -1151,6 +1169,26 @@ int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
return stream->VerifyPeerCertificate();
}
bool OpenSSLStreamAdapter::HaveDtls() {
return true;
}
bool OpenSSLStreamAdapter::HaveDtlsSrtp() {
#ifdef HAVE_DTLS_SRTP
return true;
#else
return false;
#endif
}
bool OpenSSLStreamAdapter::HaveExporter() {
#ifdef HAVE_DTLS_SRTP
return true;
#else
return false;
#endif
}
bool OpenSSLStreamAdapter::IsBoringSsl() {
#ifdef OPENSSL_IS_BORINGSSL
return true;
@ -1235,3 +1273,5 @@ void OpenSSLStreamAdapter::enable_time_callback_for_testing() {
}
} // namespace rtc
#endif // HAVE_OPENSSL_SSL_H

5
webrtc/base/opensslstreamadapter.h
View File

@ -109,7 +109,10 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter {
bool IsTlsConnected() override;
// Capabilities interfaces.
// Capabilities interfaces
static bool HaveDtls();
static bool HaveDtlsSrtp();
static bool HaveExporter();
static bool IsBoringSsl();
static bool IsAcceptableCipher(int cipher, KeyType key_type);

31
webrtc/base/ssladapter.cc
View File

@ -10,7 +10,13 @@
#include "webrtc/base/ssladapter.h"
#include "webrtc/base/openssladapter.h"
#include "webrtc/base/sslconfig.h"
#if SSL_USE_OPENSSL
#include "openssladapter.h"
#endif
///////////////////////////////////////////////////////////////////////////////
@ -18,11 +24,18 @@ namespace rtc {
SSLAdapter*
SSLAdapter::Create(AsyncSocket* socket) {
#if SSL_USE_OPENSSL
return new OpenSSLAdapter(socket);
#else // !SSL_USE_OPENSSL
delete socket;
return NULL;
#endif // SSL_USE_OPENSSL
}
///////////////////////////////////////////////////////////////////////////////
#if SSL_USE_OPENSSL
bool InitializeSSL(VerificationCallback callback) {
return OpenSSLAdapter::InitializeSSL(callback);
}
@ -35,6 +48,22 @@ bool CleanupSSL() {
return OpenSSLAdapter::CleanupSSL();
}
#else // !SSL_USE_OPENSSL
bool InitializeSSL(VerificationCallback callback) {
return true;
}
bool InitializeSSLThread() {
return true;
}
bool CleanupSSL() {
return true;
}
#endif // SSL_USE_OPENSSL
///////////////////////////////////////////////////////////////////////////////
} // namespace rtc

4
webrtc/base/ssladapter_unittest.cc
View File

@ -370,6 +370,8 @@ class SSLAdapterTestDTLS_ECDSA : public SSLAdapterTestBase {
: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {}
};
#if SSL_USE_OPENSSL
// Basic tests: TLS
// Test that handshake works, using RSA
@ -417,3 +419,5 @@ TEST_F(SSLAdapterTestDTLS_ECDSA, TestDTLSTransfer) {
TestHandshake(true);
TestTransfer("Hello, world!");
}
#endif // SSL_USE_OPENSSL

30
webrtc/base/sslconfig.h Normal file
View File

@ -0,0 +1,30 @@
/*
* Copyright 2012 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef WEBRTC_BASE_SSLCONFIG_H_
#define WEBRTC_BASE_SSLCONFIG_H_
// If no preference has been indicated, default to SChannel on Windows and
// OpenSSL everywhere else, if it is available.
#if !defined(SSL_USE_SCHANNEL) && !defined(SSL_USE_OPENSSL)
#if defined(WEBRTC_WIN)
#define SSL_USE_SCHANNEL 1
#else // defined(WEBRTC_WIN)
#if defined(HAVE_OPENSSL_SSL_H)
#define SSL_USE_OPENSSL 1
#endif
#endif // !defined(WEBRTC_WIN)
#endif
#endif // WEBRTC_BASE_SSLCONFIG_H_

16
webrtc/base/sslidentity.cc
View File

@ -17,9 +17,15 @@
#include "webrtc/base/base64.h"
#include "webrtc/base/checks.h"
#include "webrtc/base/logging.h"
#include "webrtc/base/opensslidentity.h"
#include "webrtc/base/sslconfig.h"
#include "webrtc/base/sslfingerprint.h"
#if SSL_USE_OPENSSL
#include "webrtc/base/opensslidentity.h"
#endif // SSL_USE_OPENSSL
namespace rtc {
const char kPemTypeCertificate[] = "CERTIFICATE";
@ -207,6 +213,8 @@ SSLCertChain::~SSLCertChain() {
std::for_each(certs_.begin(), certs_.end(), DeleteCert);
}
#if SSL_USE_OPENSSL
// static
SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) {
return OpenSSLCertificate::FromPEMString(pem_string);
@ -252,6 +260,12 @@ bool operator!=(const SSLIdentity& a, const SSLIdentity& b) {
return !(a == b);
}
#else // !SSL_USE_OPENSSL
#error "No SSL implementation"
#endif // SSL_USE_OPENSSL
// Read |n| bytes from ASN1 number string at *|pp| and return the numeric value.
// Update *|pp| and *|np| to reflect number of read bytes.
static inline int ASN1ReadInt(const unsigned char** pp, size_t* np, size_t n) {

20
webrtc/base/sslstreamadapter.cc
View File

@ -9,9 +9,14 @@
*/
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/base/sslconfig.h"
#if SSL_USE_OPENSSL
#include "webrtc/base/opensslstreamadapter.h"
#endif // SSL_USE_OPENSSL
///////////////////////////////////////////////////////////////////////////////
namespace rtc {
@ -96,7 +101,11 @@ CryptoOptions CryptoOptions::NoGcm() {
}
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
#if SSL_USE_OPENSSL
return new OpenSSLStreamAdapter(stream);
#else // !SSL_USE_OPENSSL
return NULL;
#endif // SSL_USE_OPENSSL
}
SSLStreamAdapter::SSLStreamAdapter(StreamInterface* stream)
@ -128,6 +137,16 @@ bool SSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
return false;
}
#if SSL_USE_OPENSSL
bool SSLStreamAdapter::HaveDtls() {
return OpenSSLStreamAdapter::HaveDtls();
}
bool SSLStreamAdapter::HaveDtlsSrtp() {
return OpenSSLStreamAdapter::HaveDtlsSrtp();
}
bool SSLStreamAdapter::HaveExporter() {
return OpenSSLStreamAdapter::HaveExporter();
}
bool SSLStreamAdapter::IsBoringSsl() {
return OpenSSLStreamAdapter::IsBoringSsl();
}
@ -144,6 +163,7 @@ std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
void SSLStreamAdapter::enable_time_callback_for_testing() {
OpenSSLStreamAdapter::enable_time_callback_for_testing();
}
#endif // SSL_USE_OPENSSL
///////////////////////////////////////////////////////////////////////////////

7
webrtc/base/sslstreamadapter.h
View File

@ -228,9 +228,10 @@ class SSLStreamAdapter : public StreamAdapterInterface {
// SS_OPENING but IsTlsConnected should return true.
virtual bool IsTlsConnected() = 0;
// Capabilities testing.
// Used to have "DTLS supported", "DTLS-SRTP supported" etc. methods, but now
// that's assumed.
// Capabilities testing
static bool HaveDtls();
static bool HaveDtlsSrtp();
static bool HaveExporter();
static bool IsBoringSsl();
// Returns true iff the supplied cipher is deemed to be strong.

32
webrtc/base/sslstreamadapter_unittest.cc
View File

@ -19,6 +19,7 @@
#include "webrtc/base/gunit.h"
#include "webrtc/base/helpers.h"
#include "webrtc/base/ssladapter.h"
#include "webrtc/base/sslconfig.h"
#include "webrtc/base/sslidentity.h"
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/base/stream.h"
@ -64,6 +65,12 @@ static const char kCERT_PEM[] =
"UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
"-----END CERTIFICATE-----\n";
#define MAYBE_SKIP_TEST(feature) \
if (!(rtc::SSLStreamAdapter::feature())) { \
LOG(LS_INFO) << "Feature disabled... skipping"; \
return; \
}
class SSLStreamAdapterTestBase;
class SSLDummyStreamBase : public rtc::StreamInterface,
@ -956,6 +963,7 @@ TEST_P(SSLStreamAdapterTestTLS, TestSetPeerCertificateDigestWithInvalidLength) {
// Basic tests: DTLS
// Test that we can make a handshake work
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
};
@ -963,12 +971,14 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
// each direction is lost. This gives us predictable loss
// rather than having to tune random
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
MAYBE_SKIP_TEST(HaveDtls);
SetLoseFirstPacket(true);
TestHandshake();
};
// Test a handshake with loss and delay
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
MAYBE_SKIP_TEST(HaveDtls);
SetLoseFirstPacket(true);
SetDelay(2000);
SetHandshakeWait(20000);
@ -978,6 +988,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
// Test a handshake with small MTU
// Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
MAYBE_SKIP_TEST(HaveDtls);
SetMtu(700);
SetHandshakeWait(20000);
TestHandshake();
@ -985,17 +996,20 @@ TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
// Test transfer -- trivial
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
TestTransfer(100);
};
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
SetLoss(10);
TestTransfer(100);
};
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
MAYBE_SKIP_TEST(HaveDtls);
SetDamage(); // Must be called first because first packet
// write happens at end of handshake.
TestHandshake();
@ -1012,6 +1026,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSDelayedIdentityWithBogusDigest) {
// Test DTLS-SRTP with all high ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
SetDtlsSrtpCryptoSuites(high, true);
@ -1029,6 +1044,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
// Test DTLS-SRTP with all low ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> low;
low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
SetDtlsSrtpCryptoSuites(low, true);
@ -1046,6 +1062,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
// Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
std::vector<int> low;
@ -1062,6 +1079,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
// Test DTLS-SRTP with each side being mixed -- should select high
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> mixed;
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
@ -1080,6 +1098,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
// Test DTLS-SRTP with all GCM-128 ciphers.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm128;
gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
SetDtlsSrtpCryptoSuites(gcm128, true);
@ -1097,6 +1116,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
// Test DTLS-SRTP with all GCM-256 ciphers.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm256;
gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
SetDtlsSrtpCryptoSuites(gcm256, true);
@ -1114,6 +1134,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
// Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm128;
gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
std::vector<int> gcm256;
@ -1130,6 +1151,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
// Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcmBoth;
gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM);
gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM);
@ -1177,6 +1199,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) {
// Test an exporter
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
MAYBE_SKIP_TEST(HaveExporter);
TestHandshake();
unsigned char client_out[20];
unsigned char server_out[20];
@ -1199,6 +1222,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
// Test not yet valid certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
MAYBE_SKIP_TEST(HaveDtls);
long one_day = 60 * 60 * 24;
// Make the certificates not valid until one day later.
ResetIdentitiesWithValidity(one_day, one_day);
@ -1207,6 +1231,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
// Test expired certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
MAYBE_SKIP_TEST(HaveDtls);
long one_day = 60 * 60 * 24;
// Make the certificates already expired.
ResetIdentitiesWithValidity(-one_day, -one_day);
@ -1215,12 +1240,15 @@ TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
// Test data transfer using certs created from strings.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
TestTransfer(100);
}
// Test getting the remote certificate.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
MAYBE_SKIP_TEST(HaveDtls);
// Peer certificates haven't been received yet.
ASSERT_FALSE(GetPeerCertificate(true));
ASSERT_FALSE(GetPeerCertificate(false));
@ -1254,6 +1282,7 @@ TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
// Test getting the used DTLS ciphers.
// DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
TestHandshake();
@ -1273,6 +1302,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
// Test getting the used DTLS 1.2 ciphers.
// DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
TestHandshake();
@ -1291,6 +1321,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
// DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {
MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
TestHandshake();
@ -1309,6 +1340,7 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {
// DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) {
MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
TestHandshake();

2
webrtc/p2p/BUILD.gn
View File

@ -79,7 +79,7 @@ rtc_static_library("rtc_p2p") {
"client/socketmonitor.h",
]
defines = []
defines = [ "FEATURE_ENABLE_SSL" ]
deps = [
"../base:rtc_base",

24
webrtc/p2p/base/dtlstransportchannel_unittest.cc
View File

@ -693,6 +693,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferSrtpTwoChannels) {
// Connect with DTLS, and transfer some data.
TEST_F(DtlsTransportChannelTest, TestTransferDtls) {
MAYBE_SKIP_TEST(HaveDtls);
PrepareDtls(true, true, rtc::KT_DEFAULT);
ASSERT_TRUE(Connect());
TestTransfer(0, 1000, 100, false);
@ -700,6 +701,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtls) {
// Create two channels with DTLS, and transfer some data.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsTwoChannels) {
MAYBE_SKIP_TEST(HaveDtls);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
ASSERT_TRUE(Connect());
@ -723,6 +725,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsNotOffered) {
// Create two channels with DTLS 1.0 and check ciphers.
TEST_F(DtlsTransportChannelTest, TestDtls12None) {
MAYBE_SKIP_TEST(HaveDtls);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
@ -731,6 +734,7 @@ TEST_F(DtlsTransportChannelTest, TestDtls12None) {
// Create two channels with DTLS 1.2 and check ciphers.
TEST_F(DtlsTransportChannelTest, TestDtls12Both) {
MAYBE_SKIP_TEST(HaveDtls);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
@ -739,6 +743,7 @@ TEST_F(DtlsTransportChannelTest, TestDtls12Both) {
// Create two channels with DTLS 1.0 / DTLS 1.2 and check ciphers.
TEST_F(DtlsTransportChannelTest, TestDtls12Client1) {
MAYBE_SKIP_TEST(HaveDtls);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
@ -747,6 +752,7 @@ TEST_F(DtlsTransportChannelTest, TestDtls12Client1) {
// Create two channels with DTLS 1.2 / DTLS 1.0 and check ciphers.
TEST_F(DtlsTransportChannelTest, TestDtls12Client2) {
MAYBE_SKIP_TEST(HaveDtls);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
@ -755,6 +761,7 @@ TEST_F(DtlsTransportChannelTest, TestDtls12Client2) {
// Connect with DTLS, negotiate DTLS-SRTP, and transfer SRTP using bypass.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtp) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
ASSERT_TRUE(Connect());
@ -764,6 +771,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtp) {
// Connect with DTLS-SRTP, transfer an invalid SRTP packet, and expects -1
// returned.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsInvalidSrtpPacket) {
MAYBE_SKIP_TEST(HaveDtls);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
ASSERT_TRUE(Connect());
@ -773,6 +781,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsInvalidSrtpPacket) {
// Connect with DTLS. A does DTLS-SRTP but B does not.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpRejected) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, false);
ASSERT_TRUE(Connect());
@ -780,6 +789,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpRejected) {
// Connect with DTLS. B does DTLS-SRTP but A does not.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpNotOffered) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(false, true);
ASSERT_TRUE(Connect());
@ -787,6 +797,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpNotOffered) {
// Create two channels with DTLS, negotiate DTLS-SRTP, and transfer bypass SRTP.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpTwoChannels) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@ -797,6 +808,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpTwoChannels) {
// Create a single channel with DTLS, and send normal data and SRTP data on it.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpDemux) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
ASSERT_TRUE(Connect());
@ -806,6 +818,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpDemux) {
// Testing when the remote is passive.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsAnswererIsPassive) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@ -818,6 +831,7 @@ TEST_F(DtlsTransportChannelTest, TestTransferDtlsAnswererIsPassive) {
// Testing with the legacy DTLS client which doesn't use setup attribute.
// In this case legacy is the answerer.
TEST_F(DtlsTransportChannelTest, TestDtlsSetupWithLegacyAsAnswerer) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
PrepareDtls(true, true, rtc::KT_DEFAULT);
NegotiateWithLegacy();
rtc::SSLRole channel1_role;
@ -831,6 +845,7 @@ TEST_F(DtlsTransportChannelTest, TestDtlsSetupWithLegacyAsAnswerer) {
// Testing re offer/answer after the session is estbalished. Roles will be
// kept same as of the previous negotiation.
TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromOfferer) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@ -847,6 +862,7 @@ TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromOfferer) {
}
TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromAnswerer) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@ -864,6 +880,7 @@ TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromAnswerer) {
// Test that any change in role after the intial setup will result in failure.
TEST_F(DtlsTransportChannelTest, TestDtlsRoleReversal) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@ -879,6 +896,7 @@ TEST_F(DtlsTransportChannelTest, TestDtlsRoleReversal) {
// Test that using different setup attributes which results in similar ssl
// role as the initial negotiation will result in success.
TEST_F(DtlsTransportChannelTest, TestDtlsReOfferWithDifferentSetupAttr) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@ -894,6 +912,7 @@ TEST_F(DtlsTransportChannelTest, TestDtlsReOfferWithDifferentSetupAttr) {
// Test that re-negotiation can be started before the clients become connected
// in the first negotiation.
TEST_F(DtlsTransportChannelTest, TestRenegotiateBeforeConnect) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@ -913,6 +932,7 @@ TEST_F(DtlsTransportChannelTest, TestRenegotiateBeforeConnect) {
// Test Certificates state after negotiation but before connection.
TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) {
MAYBE_SKIP_TEST(HaveDtls);
PrepareDtls(true, true, rtc::KT_DEFAULT);
Negotiate();
@ -933,6 +953,7 @@ TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) {
// Test Certificates state after connection.
TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) {
MAYBE_SKIP_TEST(HaveDtls);
PrepareDtls(true, true, rtc::KT_DEFAULT);
ASSERT_TRUE(Connect());
@ -963,6 +984,7 @@ TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) {
// 60 seconds. The timer defaults to 1 second, but for WebRTC we should be
// initializing it to 50ms.
TEST_F(DtlsTransportChannelTest, TestRetransmissionSchedule) {
MAYBE_SKIP_TEST(HaveDtls);
// We can only change the retransmission schedule with a recently-added
// BoringSSL API. Skip the test if not built with BoringSSL.
MAYBE_SKIP_TEST(IsBoringSsl);
@ -1003,6 +1025,7 @@ TEST_F(DtlsTransportChannelTest, TestRetransmissionSchedule) {
// Test that a DTLS connection can be made even if the underlying transport
// is connected before DTLS fingerprints/roles have been negotiated.
TEST_F(DtlsTransportChannelTest, TestConnectBeforeNegotiate) {
MAYBE_SKIP_TEST(HaveDtls);
PrepareDtls(true, true, rtc::KT_DEFAULT);
ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
cricket::CONNECTIONROLE_ACTIVE,
@ -1135,6 +1158,7 @@ class DtlsEventOrderingTest
};
TEST_P(DtlsEventOrderingTest, TestEventOrdering) {
MAYBE_SKIP_TEST(HaveDtls);
TestEventOrdering(::testing::get<0>(GetParam()),
::testing::get<1>(GetParam()));
}

24
webrtc/pc/channel_unittest.cc
View File

@ -25,6 +25,12 @@
#include "webrtc/p2p/base/faketransportcontroller.h"
#include "webrtc/pc/channel.h"
#define MAYBE_SKIP_TEST(feature) \
if (!(rtc::SSLStreamAdapter::feature())) { \
LOG(LS_INFO) << "Feature disabled... skipping"; \
return; \
}
using cricket::CA_OFFER;
using cricket::CA_PRANSWER;
using cricket::CA_ANSWER;
@ -2237,26 +2243,32 @@ TEST_F(VoiceChannelSingleThreadTest, SendSrtcpMux) {
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToSrtp) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, 0);
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtp) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS);
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpGcmBoth) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS | GCM_CIPHER);
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpGcmOne) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS);
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpGcmTwo) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS | GCM_CIPHER);
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
}
@ -2564,26 +2576,32 @@ TEST_F(VoiceChannelDoubleThreadTest, SendSrtcpMux) {
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToSrtp) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, 0);
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtp) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS);
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpGcmBoth) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS | GCM_CIPHER);
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpGcmOne) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS);
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpGcmTwo) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS | GCM_CIPHER);
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
}
@ -2883,14 +2901,17 @@ TEST_F(VideoChannelSingleThreadTest, SendSrtpToRtp) {
}
TEST_F(VideoChannelSingleThreadTest, SendDtlsSrtpToSrtp) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, 0);
}
TEST_F(VideoChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtp) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS);
}
TEST_F(VideoChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
}
@ -3112,14 +3133,17 @@ TEST_F(VideoChannelDoubleThreadTest, SendSrtpToRtp) {
}
TEST_F(VideoChannelDoubleThreadTest, SendDtlsSrtpToSrtp) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, 0);
}
TEST_F(VideoChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtp) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS);
}
TEST_F(VideoChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
}