Handle HKDF key derivation when building with OpenSSL.
Change-Id: I3fd503109190d6a94e15576312c9cb79906a7f61
Bug: webrtc:10160
Reviewed-on: https://webrtc-review.googlesource.com/c/122622
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#26669}diff --git a/rtc_base/openssl_digest.h b/rtc_base/openssl_digest.h
index 00f883c..ee39eb8 100644
--- a/rtc_base/openssl_digest.h
+++ b/rtc_base/openssl_digest.h
@@ -11,7 +11,7 @@
#ifndef RTC_BASE_OPENSSL_DIGEST_H_
#define RTC_BASE_OPENSSL_DIGEST_H_
-#include <openssl/base.h>
+#include <openssl/ossl_typ.h>
#include <stddef.h>
#include <string>
diff --git a/rtc_base/openssl_key_derivation_hkdf.cc b/rtc_base/openssl_key_derivation_hkdf.cc
index 52af667..10e23ec 100644
--- a/rtc_base/openssl_key_derivation_hkdf.cc
+++ b/rtc_base/openssl_key_derivation_hkdf.cc
@@ -10,9 +10,42 @@
#include "rtc_base/openssl_key_derivation_hkdf.h"
+#include <openssl/ossl_typ.h>
+#ifdef OPENSSL_IS_BORINGSSL
#include <openssl/digest.h>
-#include <openssl/err.h>
#include <openssl/hkdf.h>
+#else
+#include <openssl/evp.h>
+#include <openssl/kdf.h>
+namespace {
+// the function with this interface is static within openssl and hence not
+// accessible to the caller. Implementing here to match boringssl.
+static int HKDF(uint8_t* out_key,
+ size_t out_len,
+ const EVP_MD* digest,
+ const uint8_t* secret,
+ size_t secret_len,
+ const uint8_t* salt,
+ size_t salt_len,
+ const uint8_t* info,
+ size_t info_len) {
+ EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+
+ if (EVP_PKEY_derive_init(pctx) <= 0 ||
+ EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0 ||
+ EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0 ||
+ EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0 ||
+ EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0 ||
+ EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
+ EVP_PKEY_CTX_free(pctx);
+ return 0;
+ }
+ EVP_PKEY_CTX_free(pctx);
+ return 1;
+}
+} // namespace
+#endif
+#include <openssl/err.h>
#include <openssl/sha.h>
#include <algorithm>
diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc
index bbb2dce..5ad4e03 100644
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc
@@ -25,6 +25,7 @@
#include <utility>
#include <vector>
+#include "absl/memory/memory.h"
#include "rtc_base/checks.h"
#include "rtc_base/logging.h"
#include "rtc_base/numerics/safe_conversions.h"
@@ -1081,7 +1082,7 @@
// Record the peer's certificate.
X509* cert = X509_STORE_CTX_get0_cert(store);
stream->peer_cert_chain_.reset(
- new SSLCertChain(new OpenSSLCertificate(cert)));
+ new SSLCertChain(absl::make_unique<OpenSSLCertificate>(cert)));
#endif
// If the peer certificate digest isn't known yet, we'll wait to verify
