Reland: Use CRYPTO_BUFFER APIs instead of X509 when building with BoringSSL.
Using CRYPTO_BUFFERs instead of legacy X509 objects offers memory and
security gains, and will provide binary size improvements as well once
the default list of built-in certificates can be removed; the code
dealing with them still depends on the X509 API.
Implemented by splitting openssl_identity and openssl_certificate
into BoringSSL and vanilla OpenSSL implementations.
No-Try: True
Bug: webrtc:11410
Change-Id: I86ddb361b94ad85b15ebb8743490de83632ca53f
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/196941
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#32818}
diff --git a/rtc_base/BUILD.gn b/rtc_base/BUILD.gn
index 8b92090..8762bfb 100644
--- a/rtc_base/BUILD.gn
+++ b/rtc_base/BUILD.gn
@@ -911,12 +911,10 @@
"openssl.h",
"openssl_adapter.cc",
"openssl_adapter.h",
- "openssl_certificate.cc",
- "openssl_certificate.h",
"openssl_digest.cc",
"openssl_digest.h",
- "openssl_identity.cc",
- "openssl_identity.h",
+ "openssl_key_pair.cc",
+ "openssl_key_pair.h",
"openssl_session_cache.cc",
"openssl_session_cache.h",
"openssl_stream_adapter.cc",
@@ -962,6 +960,22 @@
"unique_id_generator.h",
]
+ if (rtc_openssl_is_boringssl) {
+ sources += [
+ "boringssl_certificate.cc",
+ "boringssl_certificate.h",
+ "boringssl_identity.cc",
+ "boringssl_identity.h",
+ ]
+ } else {
+ sources += [
+ "openssl_certificate.cc",
+ "openssl_certificate.h",
+ "openssl_identity.cc",
+ "openssl_identity.h",
+ ]
+ }
+
if (build_with_chromium) {
include_dirs = [ "../../boringssl/src/include" ]
public_configs += [ ":rtc_base_chromium_config" ]
