Revert of Removing #defines previously used for building without BoringSSL/OpenSSL. (patchset #2 id:20001 of https://codereview.webrtc.org/2640513002/ )
Reason for revert:
Broke chromium build, due to a config being removed. Will add it back and remove the dependency in a chromium CL.
Original issue's description:
> Removing #defines previously used for building without BoringSSL/OpenSSL.
>
> These defines don't work any more, so they only cause confusion:
>
> FEATURE_ENABLE_SSL
> HAVE_OPENSSL_SSL_H
> SSL_USE_OPENSSL
>
> BUG=webrtc:7025
>
> Review-Url: https://codereview.webrtc.org/2640513002
> Cr-Commit-Position: refs/heads/master@{#16196}
> Committed: https://chromium.googlesource.com/external/webrtc/+/eaa826c2ee0668cfb4a0dfb66f8d388b65da20f5
TBR=kjellander@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:7025
Review-Url: https://codereview.webrtc.org/2648003003
Cr-Commit-Position: refs/heads/master@{#16197}
diff --git a/webrtc/BUILD.gn b/webrtc/BUILD.gn
index e88e53c..eb6c3f7 100644
--- a/webrtc/BUILD.gn
+++ b/webrtc/BUILD.gn
@@ -30,6 +30,7 @@
defines = [
# TODO(kjellander): Cleanup unused ones and move defines closer to
# the source when webrtc:4256 is completed.
+ "FEATURE_ENABLE_SSL",
"FEATURE_ENABLE_VOICEMAIL",
"EXPAT_RELATIVE_PATH",
"GTEST_RELATIVE_PATH",
@@ -131,10 +132,12 @@
# targets, there's no point including the defines in that config here.
# TODO(kjellander): Cleanup unused ones and move defines closer to the
# source when webrtc:4256 is completed.
+ "HAVE_OPENSSL_SSL_H",
"HAVE_SRTP",
"HAVE_WEBRTC_VIDEO",
"HAVE_WEBRTC_VOICE",
"LOGGING_INSIDE_WEBRTC",
+ "SSL_USE_OPENSSL",
"USE_WEBRTC_DEV_BRANCH",
]
} else {
diff --git a/webrtc/api/peerconnection_unittest.cc b/webrtc/api/peerconnection_unittest.cc
index c8a1eb6..c27e53f 100644
--- a/webrtc/api/peerconnection_unittest.cc
+++ b/webrtc/api/peerconnection_unittest.cc
@@ -46,6 +46,12 @@
#include "webrtc/p2p/client/basicportallocator.h"
#include "webrtc/pc/mediasession.h"
+#define MAYBE_SKIP_TEST(feature) \
+ if (!(feature())) { \
+ LOG(LS_INFO) << "Feature disabled... skipping"; \
+ return; \
+ }
+
using cricket::ContentInfo;
using cricket::FakeWebRtcVideoDecoder;
using cricket::FakeWebRtcVideoDecoderFactory;
@@ -217,7 +223,8 @@
rtc::Thread* network_thread,
rtc::Thread* worker_thread) {
std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
- new FakeRTCCertificateGenerator());
+ rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+ new FakeRTCCertificateGenerator() : nullptr);
return CreateClientWithDtlsIdentityStore(id, constraints, options, config,
std::move(cert_generator), true,
@@ -230,7 +237,8 @@
rtc::Thread* network_thread,
rtc::Thread* worker_thread) {
std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
- new FakeRTCCertificateGenerator());
+ rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+ new FakeRTCCertificateGenerator() : nullptr);
return CreateClientWithDtlsIdentityStore(id, nullptr, options, nullptr,
std::move(cert_generator), false,
@@ -1464,6 +1472,7 @@
}
void SetupAndVerifyDtlsCall() {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints setup_constraints;
setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
true);
@@ -1488,7 +1497,8 @@
rtc_config.set_cpu_adaptation(false);
std::unique_ptr<FakeRTCCertificateGenerator> cert_generator(
- new FakeRTCCertificateGenerator());
+ rtc::SSLStreamAdapter::HaveDtlsSrtp() ?
+ new FakeRTCCertificateGenerator() : nullptr);
cert_generator->use_alternate_key();
// Make sure the new client is using a different certificate.
@@ -1684,6 +1694,7 @@
// This test sets up a audio call initially and then upgrades to audio/video,
// using DTLS.
TEST_F(P2PTestConductor, LocalP2PTestDtlsRenegotiate) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints setup_constraints;
setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
true);
@@ -1697,6 +1708,7 @@
// This test sets up a call transfer to a new caller with a different DTLS
// fingerprint.
TEST_F(P2PTestConductor, LocalP2PTestDtlsTransferCallee) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SetupAndVerifyDtlsCall();
// Keeping the original peer around which will still send packets to the
@@ -1715,6 +1727,7 @@
// bundle is in effect in the restart, the channel can successfully reset its
// DTLS-SRTP context.
TEST_F(P2PTestConductor, LocalP2PTestDtlsBundleInIceRestart) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints setup_constraints;
setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
true);
@@ -1733,6 +1746,7 @@
// This test sets up a call transfer to a new callee with a different DTLS
// fingerprint.
TEST_F(P2PTestConductor, LocalP2PTestDtlsTransferCaller) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SetupAndVerifyDtlsCall();
// Keeping the original peer around which will still send packets to the
@@ -1766,6 +1780,7 @@
// DTLS key agreement. The offerer don't support SDES. As a result, DTLS is
// negotiated and used for transport.
TEST_F(P2PTestConductor, LocalP2PTestOfferDtlsButNotSdes) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints setup_constraints;
setup_constraints.AddMandatory(MediaConstraintsInterface::kEnableDtlsSrtp,
true);
@@ -2242,6 +2257,7 @@
// negotiation is completed without error.
#ifdef HAVE_SCTP
TEST_F(P2PTestConductor, CreateOfferWithSctpDataChannel) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints constraints;
constraints.SetMandatory(
MediaConstraintsInterface::kEnableDtlsSrtp, true);
diff --git a/webrtc/api/peerconnectionendtoend_unittest.cc b/webrtc/api/peerconnectionendtoend_unittest.cc
index 436e7bf..4110db0 100644
--- a/webrtc/api/peerconnectionendtoend_unittest.cc
+++ b/webrtc/api/peerconnectionendtoend_unittest.cc
@@ -24,6 +24,12 @@
#include "webrtc/base/stringencode.h"
#include "webrtc/base/stringutils.h"
+#define MAYBE_SKIP_TEST(feature) \
+ if (!(feature())) { \
+ LOG(LS_INFO) << "Feature disabled... skipping"; \
+ return; \
+ }
+
using webrtc::DataChannelInterface;
using webrtc::FakeConstraints;
using webrtc::MediaConstraintsInterface;
@@ -192,6 +198,8 @@
// Verifies that a DataChannel created before the negotiation can transition to
// "OPEN" and transfer data.
TEST_F(PeerConnectionEndToEndTest, CreateDataChannelBeforeNegotiate) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
CreatePcs();
webrtc::DataChannelInit init;
@@ -216,6 +224,8 @@
// Verifies that a DataChannel created after the negotiation can transition to
// "OPEN" and transfer data.
TEST_F(PeerConnectionEndToEndTest, CreateDataChannelAfterNegotiate) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
CreatePcs();
webrtc::DataChannelInit init;
@@ -247,6 +257,8 @@
// Verifies that DataChannel IDs are even/odd based on the DTLS roles.
TEST_F(PeerConnectionEndToEndTest, DataChannelIdAssignment) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
CreatePcs();
webrtc::DataChannelInit init;
@@ -274,6 +286,8 @@
// there are multiple DataChannels.
TEST_F(PeerConnectionEndToEndTest,
MessageTransferBetweenTwoPairsOfDataChannels) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
CreatePcs();
webrtc::DataChannelInit init;
@@ -395,6 +409,8 @@
// See: https://bugs.chromium.org/p/webrtc/issues/detail?id=4453
TEST_F(PeerConnectionEndToEndTest,
DISABLED_DataChannelFromOpenWorksAfterClose) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
CreatePcs();
webrtc::DataChannelInit init;
@@ -421,6 +437,8 @@
// reference count), no memory access violation will occur.
// See: https://code.google.com/p/chromium/issues/detail?id=565048
TEST_F(PeerConnectionEndToEndTest, CloseDataChannelRemotelyWhileNotReferenced) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
CreatePcs();
webrtc::DataChannelInit init;
diff --git a/webrtc/api/peerconnectioninterface_unittest.cc b/webrtc/api/peerconnectioninterface_unittest.cc
index e70cbb6..2da3755 100644
--- a/webrtc/api/peerconnectioninterface_unittest.cc
+++ b/webrtc/api/peerconnectioninterface_unittest.cc
@@ -293,6 +293,12 @@
"a=ssrc:4 cname:stream1\r\n"
"a=ssrc:4 msid:stream1 videotrack1\r\n";
+#define MAYBE_SKIP_TEST(feature) \
+ if (!(feature())) { \
+ LOG(LS_INFO) << "Feature disabled... skipping"; \
+ return; \
+ }
+
using ::testing::Exactly;
using cricket::StreamParams;
using webrtc::AudioSourceInterface;
@@ -2036,6 +2042,7 @@
// FireFox, use it as a remote session description, generate an answer and use
// the answer as a local description.
TEST_F(PeerConnectionInterfaceTest, ReceiveFireFoxOffer) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
FakeConstraints constraints;
constraints.AddMandatory(webrtc::MediaConstraintsInterface::kEnableDtlsSrtp,
true);
diff --git a/webrtc/api/test/peerconnectiontestwrapper.cc b/webrtc/api/test/peerconnectiontestwrapper.cc
index 3254480..b1eb586 100644
--- a/webrtc/api/test/peerconnectiontestwrapper.cc
+++ b/webrtc/api/test/peerconnectiontestwrapper.cc
@@ -76,7 +76,8 @@
}
std::unique_ptr<rtc::RTCCertificateGeneratorInterface> cert_generator(
- new FakeRTCCertificateGenerator());
+ rtc::SSLStreamAdapter::HaveDtlsSrtp() ? new FakeRTCCertificateGenerator()
+ : nullptr);
peer_connection_ = peer_connection_factory_->CreatePeerConnection(
config, constraints, std::move(port_allocator), std::move(cert_generator),
this);
diff --git a/webrtc/api/webrtcsession_unittest.cc b/webrtc/api/webrtcsession_unittest.cc
index c8ae058..1a7a026 100644
--- a/webrtc/api/webrtcsession_unittest.cc
+++ b/webrtc/api/webrtcsession_unittest.cc
@@ -50,6 +50,12 @@
#include "webrtc/pc/channelmanager.h"
#include "webrtc/pc/mediasession.h"
+#define MAYBE_SKIP_TEST(feature) \
+ if (!(feature())) { \
+ LOG(LS_INFO) << "Feature disabled... skipping"; \
+ return; \
+ }
+
using cricket::FakeVoiceMediaChannel;
using cricket::TransportInfo;
using rtc::SocketAddress;
@@ -1844,6 +1850,7 @@
// Test that we accept an offer with a DTLS fingerprint when DTLS is on
// and that we return an answer with a DTLS fingerprint.
TEST_P(WebRtcSessionTest, TestReceiveDtlsOfferCreateDtlsAnswer) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SendAudioVideoStream1();
InitWithDtls(GetParam());
SetFactoryDtlsSrtp();
@@ -1872,6 +1879,7 @@
// Test that we set a local offer with a DTLS fingerprint when DTLS is on
// and then we accept a remote answer with a DTLS fingerprint successfully.
TEST_P(WebRtcSessionTest, TestCreateDtlsOfferReceiveDtlsAnswer) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SendAudioVideoStream1();
InitWithDtls(GetParam());
SetFactoryDtlsSrtp();
@@ -1901,6 +1909,7 @@
// Test that if we support DTLS and the other side didn't offer a fingerprint,
// we will fail to set the remote description.
TEST_P(WebRtcSessionTest, TestReceiveNonDtlsOfferWhenDtlsOn) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
cricket::MediaSessionOptions options;
options.recv_video = true;
@@ -1924,6 +1933,7 @@
// Test that we return a failure when applying a local answer that doesn't have
// a DTLS fingerprint when DTLS is required.
TEST_P(WebRtcSessionTest, TestSetLocalNonDtlsAnswerWhenDtlsOn) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SessionDescriptionInterface* offer = NULL;
SessionDescriptionInterface* answer = NULL;
@@ -1939,6 +1949,7 @@
// Test that we return a failure when applying a remote answer that doesn't have
// a DTLS fingerprint when DTLS is required.
TEST_P(WebRtcSessionTest, TestSetRemoteNonDtlsAnswerWhenDtlsOn) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SessionDescriptionInterface* offer = CreateOffer();
cricket::MediaSessionOptions options;
@@ -3915,6 +3926,8 @@
}
TEST_P(WebRtcSessionTest, TestRtpDataChannelConstraintTakesPrecedence) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
configuration_.enable_rtp_data_channel = true;
options_.disable_sctp_data_channels = false;
@@ -3927,6 +3940,7 @@
// Test that sctp_content_name/sctp_transport_name (used for stats) are correct
// before and after BUNDLE is negotiated.
TEST_P(WebRtcSessionTest, SctpContentAndTransportName) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SetFactoryDtlsSrtp();
InitWithDtls(GetParam());
@@ -3960,6 +3974,8 @@
}
TEST_P(WebRtcSessionTest, TestCreateOfferWithSctpEnabledWithoutStreams) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
InitWithDtls(GetParam());
std::unique_ptr<SessionDescriptionInterface> offer(CreateOffer());
@@ -3968,6 +3984,7 @@
}
TEST_P(WebRtcSessionTest, TestCreateAnswerWithSctpInOfferAndNoStreams) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
SetFactoryDtlsSrtp();
InitWithDtls(GetParam());
@@ -3999,6 +4016,8 @@
// Test that if DTLS is enabled, we end up with an SctpTransport created
// (and not an RtpDataChannel).
TEST_P(WebRtcSessionTest, TestSctpDataChannelWithDtls) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
InitWithDtls(GetParam());
SetLocalDescriptionWithDataChannel();
@@ -4009,6 +4028,7 @@
// Test that if SCTP is disabled, we don't end up with an SctpTransport
// created (or an RtpDataChannel).
TEST_P(WebRtcSessionTest, TestDisableSctpDataChannels) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
options_.disable_sctp_data_channels = true;
InitWithDtls(GetParam());
@@ -4018,6 +4038,7 @@
}
TEST_P(WebRtcSessionTest, TestSctpDataChannelSendPortParsing) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
const int new_send_port = 9998;
const int new_recv_port = 7775;
@@ -4059,6 +4080,8 @@
// WebRtcSession signals the SctpTransport creation request with the expected
// config.
TEST_P(WebRtcSessionTest, TestSctpDataChannelOpenMessage) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
+
InitWithDtls(GetParam());
SetLocalDescriptionWithDataChannel();
@@ -4098,6 +4121,7 @@
// identity generation is finished (even if a certificate is provided this is
// an async op).
TEST_P(WebRtcSessionTest, TestCreateOfferBeforeIdentityRequestReturnSuccess) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
EXPECT_TRUE(session_->waiting_for_certificate_for_testing());
@@ -4113,6 +4137,7 @@
// identity generation is finished (even if a certificate is provided this is
// an async op).
TEST_P(WebRtcSessionTest, TestCreateAnswerBeforeIdentityRequestReturnSuccess) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SetFactoryDtlsSrtp();
@@ -4133,6 +4158,7 @@
// identity generation is finished (even if a certificate is provided this is
// an async op).
TEST_P(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnSuccess) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
EXPECT_TRUE_WAIT(!session_->waiting_for_certificate_for_testing(), 1000);
@@ -4144,6 +4170,7 @@
// Verifies that CreateOffer fails when CreateOffer is called after async
// identity generation fails.
TEST_F(WebRtcSessionTest, TestCreateOfferAfterIdentityRequestReturnFailure) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtlsIdentityGenFail();
EXPECT_TRUE_WAIT(!session_->waiting_for_certificate_for_testing(), 1000);
@@ -4156,6 +4183,7 @@
// before async identity generation is finished.
TEST_P(WebRtcSessionTest,
TestMultipleCreateOfferBeforeIdentityRequestReturnSuccess) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
VerifyMultipleAsyncCreateDescription(GetParam(),
CreateSessionDescriptionRequest::kOffer);
}
@@ -4164,6 +4192,7 @@
// before async identity generation fails.
TEST_F(WebRtcSessionTest,
TestMultipleCreateOfferBeforeIdentityRequestReturnFailure) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
VerifyMultipleAsyncCreateDescriptionIdentityGenFailure(
CreateSessionDescriptionRequest::kOffer);
}
@@ -4172,6 +4201,7 @@
// before async identity generation is finished.
TEST_P(WebRtcSessionTest,
TestMultipleCreateAnswerBeforeIdentityRequestReturnSuccess) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
VerifyMultipleAsyncCreateDescription(
GetParam(), CreateSessionDescriptionRequest::kAnswer);
}
@@ -4180,6 +4210,7 @@
// before async identity generation fails.
TEST_F(WebRtcSessionTest,
TestMultipleCreateAnswerBeforeIdentityRequestReturnFailure) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
VerifyMultipleAsyncCreateDescriptionIdentityGenFailure(
CreateSessionDescriptionRequest::kAnswer);
}
@@ -4223,6 +4254,7 @@
// Tests that we can renegotiate new media content with ICE candidates in the
// new remote SDP.
TEST_P(WebRtcSessionTest, TestRenegotiateNewMediaWithCandidatesInSdp) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SetFactoryDtlsSrtp();
@@ -4252,6 +4284,7 @@
// Tests that we can renegotiate new media content with ICE candidates separated
// from the remote SDP.
TEST_P(WebRtcSessionTest, TestRenegotiateNewMediaWithCandidatesSeparated) {
+ MAYBE_SKIP_TEST(rtc::SSLStreamAdapter::HaveDtlsSrtp);
InitWithDtls(GetParam());
SetFactoryDtlsSrtp();
diff --git a/webrtc/base/BUILD.gn b/webrtc/base/BUILD.gn
index 1a68b3a..51882da 100644
--- a/webrtc/base/BUILD.gn
+++ b/webrtc/base/BUILD.gn
@@ -35,10 +35,21 @@
}
}
+config("rtc_base_config") {
+ defines = [ "FEATURE_ENABLE_SSL" ]
+}
+
config("rtc_base_chromium_config") {
defines = [ "NO_MAIN_THREAD_WRAPPING" ]
}
+config("openssl_config") {
+ defines = [
+ "SSL_USE_OPENSSL",
+ "HAVE_OPENSSL_SSL_H",
+ ]
+}
+
config("rtc_base_all_dependent_config") {
if (is_ios) {
libs = [
@@ -360,6 +371,16 @@
":rtc_base_approved",
]
+ configs += [
+ ":openssl_config",
+ ":rtc_base_config",
+ ]
+
+ public_configs = [
+ ":openssl_config",
+ ":rtc_base_config",
+ ]
+
all_dependent_configs = [ ":rtc_base_all_dependent_config" ]
sources = [
@@ -516,6 +537,7 @@
"proxyserver.h",
"rollingaccumulator.h",
"scopedptrcollection.h",
+ "sslconfig.h",
"sslroots.h",
"testbase64.h",
"testclient.cc",
diff --git a/webrtc/base/helpers.cc b/webrtc/base/helpers.cc
index aa6a6ae..a8389d4 100644
--- a/webrtc/base/helpers.cc
+++ b/webrtc/base/helpers.cc
@@ -13,7 +13,18 @@
#include <limits>
#include <memory>
+#if defined(FEATURE_ENABLE_SSL)
+#include "webrtc/base/sslconfig.h"
+#if defined(SSL_USE_OPENSSL)
#include <openssl/rand.h>
+#else
+#if defined(WEBRTC_WIN)
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#include <ntsecapi.h>
+#endif // WEBRTC_WIN
+#endif // else
+#endif // FEATURE_ENABLED_SSL
#include "webrtc/base/base64.h"
#include "webrtc/base/basictypes.h"
@@ -34,6 +45,7 @@
virtual bool Generate(void* buf, size_t len) = 0;
};
+#if defined(SSL_USE_OPENSSL)
// The OpenSSL RNG.
class SecureRandomGenerator : public RandomGenerator {
public:
@@ -45,6 +57,79 @@
}
};
+#else
+#if defined(WEBRTC_WIN)
+class SecureRandomGenerator : public RandomGenerator {
+ public:
+ SecureRandomGenerator() : advapi32_(NULL), rtl_gen_random_(NULL) {}
+ ~SecureRandomGenerator() {
+ FreeLibrary(advapi32_);
+ }
+
+ virtual bool Init(const void* seed, size_t seed_len) {
+ // We don't do any additional seeding on Win32, we just use the CryptoAPI
+ // RNG (which is exposed as a hidden function off of ADVAPI32 so that we
+ // don't need to drag in all of CryptoAPI)
+ if (rtl_gen_random_) {
+ return true;
+ }
+
+ advapi32_ = LoadLibrary(L"advapi32.dll");
+ if (!advapi32_) {
+ return false;
+ }
+
+ rtl_gen_random_ = reinterpret_cast<RtlGenRandomProc>(
+ GetProcAddress(advapi32_, "SystemFunction036"));
+ if (!rtl_gen_random_) {
+ FreeLibrary(advapi32_);
+ return false;
+ }
+
+ return true;
+ }
+ virtual bool Generate(void* buf, size_t len) {
+ if (!rtl_gen_random_ && !Init(NULL, 0)) {
+ return false;
+ }
+ return (rtl_gen_random_(buf, static_cast<int>(len)) != FALSE);
+ }
+
+ private:
+ typedef BOOL (WINAPI *RtlGenRandomProc)(PVOID, ULONG);
+ HINSTANCE advapi32_;
+ RtlGenRandomProc rtl_gen_random_;
+};
+
+#elif !defined(FEATURE_ENABLE_SSL)
+
+// No SSL implementation -- use rand()
+class SecureRandomGenerator : public RandomGenerator {
+ public:
+ virtual bool Init(const void* seed, size_t len) {
+ if (len >= 4) {
+ srand(*reinterpret_cast<const int*>(seed));
+ } else {
+ srand(*reinterpret_cast<const char*>(seed));
+ }
+ return true;
+ }
+ virtual bool Generate(void* buf, size_t len) {
+ char* bytes = reinterpret_cast<char*>(buf);
+ for (size_t i = 0; i < len; ++i) {
+ bytes[i] = static_cast<char>(rand());
+ }
+ return true;
+ }
+};
+
+#else
+
+#error No SSL implementation has been selected!
+
+#endif // WEBRTC_WIN
+#endif
+
// A test random generator, for predictable output.
class TestRandomGenerator : public RandomGenerator {
public:
diff --git a/webrtc/base/messagedigest.cc b/webrtc/base/messagedigest.cc
index 5e8621c..c08cab4 100644
--- a/webrtc/base/messagedigest.cc
+++ b/webrtc/base/messagedigest.cc
@@ -15,7 +15,13 @@
#include <string.h>
#include "webrtc/base/basictypes.h"
+#include "webrtc/base/sslconfig.h"
+#if SSL_USE_OPENSSL
#include "webrtc/base/openssldigest.h"
+#else
+#include "webrtc/base/md5digest.h"
+#include "webrtc/base/sha1digest.h"
+#endif
#include "webrtc/base/stringencode.h"
namespace rtc {
@@ -31,12 +37,22 @@
static const size_t kBlockSize = 64; // valid for SHA-256 and down
MessageDigest* MessageDigestFactory::Create(const std::string& alg) {
+#if SSL_USE_OPENSSL
MessageDigest* digest = new OpenSSLDigest(alg);
if (digest->Size() == 0) { // invalid algorithm
delete digest;
digest = NULL;
}
return digest;
+#else
+ MessageDigest* digest = NULL;
+ if (alg == DIGEST_MD5) {
+ digest = new Md5Digest();
+ } else if (alg == DIGEST_SHA_1) {
+ digest = new Sha1Digest();
+ }
+ return digest;
+#endif
}
bool IsFips180DigestAlgorithm(const std::string& alg) {
diff --git a/webrtc/base/openssladapter.cc b/webrtc/base/openssladapter.cc
index d368186..4301916 100644
--- a/webrtc/base/openssladapter.cc
+++ b/webrtc/base/openssladapter.cc
@@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
+#if HAVE_OPENSSL_SSL_H
+
#include "webrtc/base/openssladapter.h"
#if defined(WEBRTC_POSIX)
@@ -963,3 +965,5 @@
}
} // namespace rtc
+
+#endif // HAVE_OPENSSL_SSL_H
diff --git a/webrtc/base/openssldigest.cc b/webrtc/base/openssldigest.cc
index 0413f8f..2618b7f 100644
--- a/webrtc/base/openssldigest.cc
+++ b/webrtc/base/openssldigest.cc
@@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
+#if HAVE_OPENSSL_SSL_H
+
#include "webrtc/base/openssldigest.h"
#include "webrtc/base/checks.h"
@@ -116,3 +118,5 @@
}
} // namespace rtc
+
+#endif // HAVE_OPENSSL_SSL_H
diff --git a/webrtc/base/opensslidentity.cc b/webrtc/base/opensslidentity.cc
index 7b96f6a..2f1c565 100644
--- a/webrtc/base/opensslidentity.cc
+++ b/webrtc/base/opensslidentity.cc
@@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
+#if HAVE_OPENSSL_SSL_H
+
#include "webrtc/base/opensslidentity.h"
#include <memory>
@@ -574,3 +576,5 @@
}
} // namespace rtc
+
+#endif // HAVE_OPENSSL_SSL_H
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index 158315f..3b3aa5d 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
+#if HAVE_OPENSSL_SSL_H
+
#include "webrtc/base/opensslstreamadapter.h"
#include <openssl/bio.h>
@@ -43,10 +45,11 @@
namespace rtc {
-#if (OPENSSL_VERSION_NUMBER < 0x10001000L)
-#error "webrtc requires at least OpenSSL version 1.0.1, to support DTLS-SRTP"
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
+#define HAVE_DTLS_SRTP
#endif
+#ifdef HAVE_DTLS_SRTP
// SRTP cipher suite table. |internal_name| is used to construct a
// colon-separated profile strings which is needed by
// SSL_CTX_set_tlsext_use_srtp().
@@ -62,6 +65,7 @@
{"SRTP_AEAD_AES_128_GCM", SRTP_AEAD_AES_128_GCM},
{"SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM},
{nullptr, 0}};
+#endif
#ifdef OPENSSL_IS_BORINGSSL
// Not used in production code. Actual time should be relative to Jan 1, 1970.
@@ -428,6 +432,7 @@
bool use_context,
uint8_t* result,
size_t result_len) {
+#ifdef HAVE_DTLS_SRTP
int i;
i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(),
@@ -438,10 +443,14 @@
return false;
return true;
+#else
+ return false;
+#endif
}
bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
const std::vector<int>& ciphers) {
+#ifdef HAVE_DTLS_SRTP
std::string internal_ciphers;
if (state_ != SSL_NONE)
@@ -472,9 +481,13 @@
srtp_ciphers_ = internal_ciphers;
return true;
+#else
+ return false;
+#endif
}
bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
+#ifdef HAVE_DTLS_SRTP
RTC_DCHECK(state_ == SSL_CONNECTED);
if (state_ != SSL_CONNECTED)
return false;
@@ -488,6 +501,9 @@
*crypto_suite = srtp_profile->id;
RTC_DCHECK(!SrtpCryptoSuiteToName(*crypto_suite).empty());
return true;
+#else
+ return false;
+#endif
}
bool OpenSSLStreamAdapter::IsTlsConnected() {
@@ -1080,12 +1096,14 @@
SSL_CTX_set_cipher_list(ctx,
"DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK");
+#ifdef HAVE_DTLS_SRTP
if (!srtp_ciphers_.empty()) {
if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {
SSL_CTX_free(ctx);
return NULL;
}
}
+#endif
return ctx;
}
@@ -1151,6 +1169,26 @@
return stream->VerifyPeerCertificate();
}
+bool OpenSSLStreamAdapter::HaveDtls() {
+ return true;
+}
+
+bool OpenSSLStreamAdapter::HaveDtlsSrtp() {
+#ifdef HAVE_DTLS_SRTP
+ return true;
+#else
+ return false;
+#endif
+}
+
+bool OpenSSLStreamAdapter::HaveExporter() {
+#ifdef HAVE_DTLS_SRTP
+ return true;
+#else
+ return false;
+#endif
+}
+
bool OpenSSLStreamAdapter::IsBoringSsl() {
#ifdef OPENSSL_IS_BORINGSSL
return true;
@@ -1235,3 +1273,5 @@
}
} // namespace rtc
+
+#endif // HAVE_OPENSSL_SSL_H
diff --git a/webrtc/base/opensslstreamadapter.h b/webrtc/base/opensslstreamadapter.h
index d3edf3a..e7d2174 100644
--- a/webrtc/base/opensslstreamadapter.h
+++ b/webrtc/base/opensslstreamadapter.h
@@ -109,7 +109,10 @@
bool IsTlsConnected() override;
- // Capabilities interfaces.
+ // Capabilities interfaces
+ static bool HaveDtls();
+ static bool HaveDtlsSrtp();
+ static bool HaveExporter();
static bool IsBoringSsl();
static bool IsAcceptableCipher(int cipher, KeyType key_type);
diff --git a/webrtc/base/ssladapter.cc b/webrtc/base/ssladapter.cc
index 06fce54..ba24e61 100644
--- a/webrtc/base/ssladapter.cc
+++ b/webrtc/base/ssladapter.cc
@@ -10,7 +10,13 @@
#include "webrtc/base/ssladapter.h"
-#include "webrtc/base/openssladapter.h"
+#include "webrtc/base/sslconfig.h"
+
+#if SSL_USE_OPENSSL
+
+#include "openssladapter.h"
+
+#endif
///////////////////////////////////////////////////////////////////////////////
@@ -18,11 +24,18 @@
SSLAdapter*
SSLAdapter::Create(AsyncSocket* socket) {
+#if SSL_USE_OPENSSL
return new OpenSSLAdapter(socket);
+#else // !SSL_USE_OPENSSL
+ delete socket;
+ return NULL;
+#endif // SSL_USE_OPENSSL
}
///////////////////////////////////////////////////////////////////////////////
+#if SSL_USE_OPENSSL
+
bool InitializeSSL(VerificationCallback callback) {
return OpenSSLAdapter::InitializeSSL(callback);
}
@@ -35,6 +48,22 @@
return OpenSSLAdapter::CleanupSSL();
}
+#else // !SSL_USE_OPENSSL
+
+bool InitializeSSL(VerificationCallback callback) {
+ return true;
+}
+
+bool InitializeSSLThread() {
+ return true;
+}
+
+bool CleanupSSL() {
+ return true;
+}
+
+#endif // SSL_USE_OPENSSL
+
///////////////////////////////////////////////////////////////////////////////
} // namespace rtc
diff --git a/webrtc/base/ssladapter_unittest.cc b/webrtc/base/ssladapter_unittest.cc
index c591f19..a6ec56e 100644
--- a/webrtc/base/ssladapter_unittest.cc
+++ b/webrtc/base/ssladapter_unittest.cc
@@ -370,6 +370,8 @@
: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {}
};
+#if SSL_USE_OPENSSL
+
// Basic tests: TLS
// Test that handshake works, using RSA
@@ -417,3 +419,5 @@
TestHandshake(true);
TestTransfer("Hello, world!");
}
+
+#endif // SSL_USE_OPENSSL
diff --git a/webrtc/base/sslconfig.h b/webrtc/base/sslconfig.h
new file mode 100644
index 0000000..6aabad0
--- /dev/null
+++ b/webrtc/base/sslconfig.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2012 The WebRTC Project Authors. All rights reserved.
+ *
+ * Use of this source code is governed by a BSD-style license
+ * that can be found in the LICENSE file in the root of the source
+ * tree. An additional intellectual property rights grant can be found
+ * in the file PATENTS. All contributing project authors may
+ * be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef WEBRTC_BASE_SSLCONFIG_H_
+#define WEBRTC_BASE_SSLCONFIG_H_
+
+// If no preference has been indicated, default to SChannel on Windows and
+// OpenSSL everywhere else, if it is available.
+#if !defined(SSL_USE_SCHANNEL) && !defined(SSL_USE_OPENSSL)
+#if defined(WEBRTC_WIN)
+
+#define SSL_USE_SCHANNEL 1
+
+#else // defined(WEBRTC_WIN)
+
+#if defined(HAVE_OPENSSL_SSL_H)
+#define SSL_USE_OPENSSL 1
+#endif
+
+#endif // !defined(WEBRTC_WIN)
+#endif
+
+#endif // WEBRTC_BASE_SSLCONFIG_H_
diff --git a/webrtc/base/sslidentity.cc b/webrtc/base/sslidentity.cc
index a5dd7b9..645050a 100644
--- a/webrtc/base/sslidentity.cc
+++ b/webrtc/base/sslidentity.cc
@@ -17,9 +17,15 @@
#include "webrtc/base/base64.h"
#include "webrtc/base/checks.h"
#include "webrtc/base/logging.h"
-#include "webrtc/base/opensslidentity.h"
+#include "webrtc/base/sslconfig.h"
#include "webrtc/base/sslfingerprint.h"
+#if SSL_USE_OPENSSL
+
+#include "webrtc/base/opensslidentity.h"
+
+#endif // SSL_USE_OPENSSL
+
namespace rtc {
const char kPemTypeCertificate[] = "CERTIFICATE";
@@ -207,6 +213,8 @@
std::for_each(certs_.begin(), certs_.end(), DeleteCert);
}
+#if SSL_USE_OPENSSL
+
// static
SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) {
return OpenSSLCertificate::FromPEMString(pem_string);
@@ -252,6 +260,12 @@
return !(a == b);
}
+#else // !SSL_USE_OPENSSL
+
+#error "No SSL implementation"
+
+#endif // SSL_USE_OPENSSL
+
// Read |n| bytes from ASN1 number string at *|pp| and return the numeric value.
// Update *|pp| and *|np| to reflect number of read bytes.
static inline int ASN1ReadInt(const unsigned char** pp, size_t* np, size_t n) {
diff --git a/webrtc/base/sslstreamadapter.cc b/webrtc/base/sslstreamadapter.cc
index 2f601c6..c3ef3bc 100644
--- a/webrtc/base/sslstreamadapter.cc
+++ b/webrtc/base/sslstreamadapter.cc
@@ -9,9 +9,14 @@
*/
#include "webrtc/base/sslstreamadapter.h"
+#include "webrtc/base/sslconfig.h"
+
+#if SSL_USE_OPENSSL
#include "webrtc/base/opensslstreamadapter.h"
+#endif // SSL_USE_OPENSSL
+
///////////////////////////////////////////////////////////////////////////////
namespace rtc {
@@ -96,7 +101,11 @@
}
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
+#if SSL_USE_OPENSSL
return new OpenSSLStreamAdapter(stream);
+#else // !SSL_USE_OPENSSL
+ return NULL;
+#endif // SSL_USE_OPENSSL
}
SSLStreamAdapter::SSLStreamAdapter(StreamInterface* stream)
@@ -128,6 +137,16 @@
return false;
}
+#if SSL_USE_OPENSSL
+bool SSLStreamAdapter::HaveDtls() {
+ return OpenSSLStreamAdapter::HaveDtls();
+}
+bool SSLStreamAdapter::HaveDtlsSrtp() {
+ return OpenSSLStreamAdapter::HaveDtlsSrtp();
+}
+bool SSLStreamAdapter::HaveExporter() {
+ return OpenSSLStreamAdapter::HaveExporter();
+}
bool SSLStreamAdapter::IsBoringSsl() {
return OpenSSLStreamAdapter::IsBoringSsl();
}
@@ -144,6 +163,7 @@
void SSLStreamAdapter::enable_time_callback_for_testing() {
OpenSSLStreamAdapter::enable_time_callback_for_testing();
}
+#endif // SSL_USE_OPENSSL
///////////////////////////////////////////////////////////////////////////////
diff --git a/webrtc/base/sslstreamadapter.h b/webrtc/base/sslstreamadapter.h
index 4f5ee02..3910191 100644
--- a/webrtc/base/sslstreamadapter.h
+++ b/webrtc/base/sslstreamadapter.h
@@ -228,9 +228,10 @@
// SS_OPENING but IsTlsConnected should return true.
virtual bool IsTlsConnected() = 0;
- // Capabilities testing.
- // Used to have "DTLS supported", "DTLS-SRTP supported" etc. methods, but now
- // that's assumed.
+ // Capabilities testing
+ static bool HaveDtls();
+ static bool HaveDtlsSrtp();
+ static bool HaveExporter();
static bool IsBoringSsl();
// Returns true iff the supplied cipher is deemed to be strong.
diff --git a/webrtc/base/sslstreamadapter_unittest.cc b/webrtc/base/sslstreamadapter_unittest.cc
index 8203691..9d73abc 100644
--- a/webrtc/base/sslstreamadapter_unittest.cc
+++ b/webrtc/base/sslstreamadapter_unittest.cc
@@ -19,6 +19,7 @@
#include "webrtc/base/gunit.h"
#include "webrtc/base/helpers.h"
#include "webrtc/base/ssladapter.h"
+#include "webrtc/base/sslconfig.h"
#include "webrtc/base/sslidentity.h"
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/base/stream.h"
@@ -64,6 +65,12 @@
"UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
"-----END CERTIFICATE-----\n";
+#define MAYBE_SKIP_TEST(feature) \
+ if (!(rtc::SSLStreamAdapter::feature())) { \
+ LOG(LS_INFO) << "Feature disabled... skipping"; \
+ return; \
+ }
+
class SSLStreamAdapterTestBase;
class SSLDummyStreamBase : public rtc::StreamInterface,
@@ -956,6 +963,7 @@
// Basic tests: DTLS
// Test that we can make a handshake work
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
+ MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
};
@@ -963,12 +971,14 @@
// each direction is lost. This gives us predictable loss
// rather than having to tune random
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetLoseFirstPacket(true);
TestHandshake();
};
// Test a handshake with loss and delay
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetLoseFirstPacket(true);
SetDelay(2000);
SetHandshakeWait(20000);
@@ -978,6 +988,7 @@
// Test a handshake with small MTU
// Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetMtu(700);
SetHandshakeWait(20000);
TestHandshake();
@@ -985,17 +996,20 @@
// Test transfer -- trivial
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
+ MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
TestTransfer(100);
};
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
+ MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
SetLoss(10);
TestTransfer(100);
};
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetDamage(); // Must be called first because first packet
// write happens at end of handshake.
TestHandshake();
@@ -1012,6 +1026,7 @@
// Test DTLS-SRTP with all high ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
SetDtlsSrtpCryptoSuites(high, true);
@@ -1029,6 +1044,7 @@
// Test DTLS-SRTP with all low ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> low;
low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
SetDtlsSrtpCryptoSuites(low, true);
@@ -1046,6 +1062,7 @@
// Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
std::vector<int> low;
@@ -1062,6 +1079,7 @@
// Test DTLS-SRTP with each side being mixed -- should select high
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> mixed;
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
@@ -1080,6 +1098,7 @@
// Test DTLS-SRTP with all GCM-128 ciphers.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm128;
gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
SetDtlsSrtpCryptoSuites(gcm128, true);
@@ -1097,6 +1116,7 @@
// Test DTLS-SRTP with all GCM-256 ciphers.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm256;
gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
SetDtlsSrtpCryptoSuites(gcm256, true);
@@ -1114,6 +1134,7 @@
// Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm128;
gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
std::vector<int> gcm256;
@@ -1130,6 +1151,7 @@
// Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcmBoth;
gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM);
gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM);
@@ -1177,6 +1199,7 @@
// Test an exporter
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
+ MAYBE_SKIP_TEST(HaveExporter);
TestHandshake();
unsigned char client_out[20];
unsigned char server_out[20];
@@ -1199,6 +1222,7 @@
// Test not yet valid certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
+ MAYBE_SKIP_TEST(HaveDtls);
long one_day = 60 * 60 * 24;
// Make the certificates not valid until one day later.
ResetIdentitiesWithValidity(one_day, one_day);
@@ -1207,6 +1231,7 @@
// Test expired certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
+ MAYBE_SKIP_TEST(HaveDtls);
long one_day = 60 * 60 * 24;
// Make the certificates already expired.
ResetIdentitiesWithValidity(-one_day, -one_day);
@@ -1215,12 +1240,15 @@
// Test data transfer using certs created from strings.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
+ MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
TestTransfer(100);
}
// Test getting the remote certificate.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
+ MAYBE_SKIP_TEST(HaveDtls);
+
// Peer certificates haven't been received yet.
ASSERT_FALSE(GetPeerCertificate(true));
ASSERT_FALSE(GetPeerCertificate(false));
@@ -1254,6 +1282,7 @@
// Test getting the used DTLS ciphers.
// DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
TestHandshake();
@@ -1273,6 +1302,7 @@
// Test getting the used DTLS 1.2 ciphers.
// DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
TestHandshake();
@@ -1291,6 +1321,7 @@
// DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
TestHandshake();
@@ -1309,6 +1340,7 @@
// DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
TestHandshake();
diff --git a/webrtc/p2p/BUILD.gn b/webrtc/p2p/BUILD.gn
index e99440c..7a25a75 100644
--- a/webrtc/p2p/BUILD.gn
+++ b/webrtc/p2p/BUILD.gn
@@ -79,7 +79,7 @@
"client/socketmonitor.h",
]
- defines = []
+ defines = [ "FEATURE_ENABLE_SSL" ]
deps = [
"../base:rtc_base",
diff --git a/webrtc/p2p/base/dtlstransportchannel_unittest.cc b/webrtc/p2p/base/dtlstransportchannel_unittest.cc
index 7034343..2fc95d4 100644
--- a/webrtc/p2p/base/dtlstransportchannel_unittest.cc
+++ b/webrtc/p2p/base/dtlstransportchannel_unittest.cc
@@ -693,6 +693,7 @@
// Connect with DTLS, and transfer some data.
TEST_F(DtlsTransportChannelTest, TestTransferDtls) {
+ MAYBE_SKIP_TEST(HaveDtls);
PrepareDtls(true, true, rtc::KT_DEFAULT);
ASSERT_TRUE(Connect());
TestTransfer(0, 1000, 100, false);
@@ -700,6 +701,7 @@
// Create two channels with DTLS, and transfer some data.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsTwoChannels) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
ASSERT_TRUE(Connect());
@@ -723,6 +725,7 @@
// Create two channels with DTLS 1.0 and check ciphers.
TEST_F(DtlsTransportChannelTest, TestDtls12None) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
@@ -731,6 +734,7 @@
// Create two channels with DTLS 1.2 and check ciphers.
TEST_F(DtlsTransportChannelTest, TestDtls12Both) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
@@ -739,6 +743,7 @@
// Create two channels with DTLS 1.0 / DTLS 1.2 and check ciphers.
TEST_F(DtlsTransportChannelTest, TestDtls12Client1) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
@@ -747,6 +752,7 @@
// Create two channels with DTLS 1.2 / DTLS 1.0 and check ciphers.
TEST_F(DtlsTransportChannelTest, TestDtls12Client2) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
SetMaxProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
@@ -755,6 +761,7 @@
// Connect with DTLS, negotiate DTLS-SRTP, and transfer SRTP using bypass.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtp) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
ASSERT_TRUE(Connect());
@@ -764,6 +771,7 @@
// Connect with DTLS-SRTP, transfer an invalid SRTP packet, and expects -1
// returned.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsInvalidSrtpPacket) {
+ MAYBE_SKIP_TEST(HaveDtls);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
ASSERT_TRUE(Connect());
@@ -773,6 +781,7 @@
// Connect with DTLS. A does DTLS-SRTP but B does not.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpRejected) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, false);
ASSERT_TRUE(Connect());
@@ -780,6 +789,7 @@
// Connect with DTLS. B does DTLS-SRTP but A does not.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpNotOffered) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(false, true);
ASSERT_TRUE(Connect());
@@ -787,6 +797,7 @@
// Create two channels with DTLS, negotiate DTLS-SRTP, and transfer bypass SRTP.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpTwoChannels) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@@ -797,6 +808,7 @@
// Create a single channel with DTLS, and send normal data and SRTP data on it.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsSrtpDemux) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
ASSERT_TRUE(Connect());
@@ -806,6 +818,7 @@
// Testing when the remote is passive.
TEST_F(DtlsTransportChannelTest, TestTransferDtlsAnswererIsPassive) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@@ -818,6 +831,7 @@
// Testing with the legacy DTLS client which doesn't use setup attribute.
// In this case legacy is the answerer.
TEST_F(DtlsTransportChannelTest, TestDtlsSetupWithLegacyAsAnswerer) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
PrepareDtls(true, true, rtc::KT_DEFAULT);
NegotiateWithLegacy();
rtc::SSLRole channel1_role;
@@ -831,6 +845,7 @@
// Testing re offer/answer after the session is estbalished. Roles will be
// kept same as of the previous negotiation.
TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromOfferer) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@@ -847,6 +862,7 @@
}
TEST_F(DtlsTransportChannelTest, TestDtlsReOfferFromAnswerer) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@@ -864,6 +880,7 @@
// Test that any change in role after the intial setup will result in failure.
TEST_F(DtlsTransportChannelTest, TestDtlsRoleReversal) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@@ -879,6 +896,7 @@
// Test that using different setup attributes which results in similar ssl
// role as the initial negotiation will result in success.
TEST_F(DtlsTransportChannelTest, TestDtlsReOfferWithDifferentSetupAttr) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@@ -894,6 +912,7 @@
// Test that re-negotiation can be started before the clients become connected
// in the first negotiation.
TEST_F(DtlsTransportChannelTest, TestRenegotiateBeforeConnect) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
SetChannelCount(2);
PrepareDtls(true, true, rtc::KT_DEFAULT);
PrepareDtlsSrtp(true, true);
@@ -913,6 +932,7 @@
// Test Certificates state after negotiation but before connection.
TEST_F(DtlsTransportChannelTest, TestCertificatesBeforeConnect) {
+ MAYBE_SKIP_TEST(HaveDtls);
PrepareDtls(true, true, rtc::KT_DEFAULT);
Negotiate();
@@ -933,6 +953,7 @@
// Test Certificates state after connection.
TEST_F(DtlsTransportChannelTest, TestCertificatesAfterConnect) {
+ MAYBE_SKIP_TEST(HaveDtls);
PrepareDtls(true, true, rtc::KT_DEFAULT);
ASSERT_TRUE(Connect());
@@ -963,6 +984,7 @@
// 60 seconds. The timer defaults to 1 second, but for WebRTC we should be
// initializing it to 50ms.
TEST_F(DtlsTransportChannelTest, TestRetransmissionSchedule) {
+ MAYBE_SKIP_TEST(HaveDtls);
// We can only change the retransmission schedule with a recently-added
// BoringSSL API. Skip the test if not built with BoringSSL.
MAYBE_SKIP_TEST(IsBoringSsl);
@@ -1003,6 +1025,7 @@
// Test that a DTLS connection can be made even if the underlying transport
// is connected before DTLS fingerprints/roles have been negotiated.
TEST_F(DtlsTransportChannelTest, TestConnectBeforeNegotiate) {
+ MAYBE_SKIP_TEST(HaveDtls);
PrepareDtls(true, true, rtc::KT_DEFAULT);
ASSERT_TRUE(Connect(cricket::CONNECTIONROLE_ACTPASS,
cricket::CONNECTIONROLE_ACTIVE,
@@ -1135,6 +1158,7 @@
};
TEST_P(DtlsEventOrderingTest, TestEventOrdering) {
+ MAYBE_SKIP_TEST(HaveDtls);
TestEventOrdering(::testing::get<0>(GetParam()),
::testing::get<1>(GetParam()));
}
diff --git a/webrtc/pc/channel_unittest.cc b/webrtc/pc/channel_unittest.cc
index d6401a5..00ceb7d 100644
--- a/webrtc/pc/channel_unittest.cc
+++ b/webrtc/pc/channel_unittest.cc
@@ -25,6 +25,12 @@
#include "webrtc/p2p/base/faketransportcontroller.h"
#include "webrtc/pc/channel.h"
+#define MAYBE_SKIP_TEST(feature) \
+ if (!(rtc::SSLStreamAdapter::feature())) { \
+ LOG(LS_INFO) << "Feature disabled... skipping"; \
+ return; \
+ }
+
using cricket::CA_OFFER;
using cricket::CA_PRANSWER;
using cricket::CA_ANSWER;
@@ -2237,26 +2243,32 @@
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToSrtp) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, 0);
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtp) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS);
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpGcmBoth) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS | GCM_CIPHER);
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpGcmOne) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS);
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpGcmTwo) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS | GCM_CIPHER);
}
TEST_F(VoiceChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
}
@@ -2564,26 +2576,32 @@
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToSrtp) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, 0);
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtp) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS);
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpGcmBoth) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS | GCM_CIPHER);
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpGcmOne) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | GCM_CIPHER, DTLS);
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpGcmTwo) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS | GCM_CIPHER);
}
TEST_F(VoiceChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
}
@@ -2883,14 +2901,17 @@
}
TEST_F(VideoChannelSingleThreadTest, SendDtlsSrtpToSrtp) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, 0);
}
TEST_F(VideoChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtp) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS);
}
TEST_F(VideoChannelSingleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
}
@@ -3112,14 +3133,17 @@
}
TEST_F(VideoChannelDoubleThreadTest, SendDtlsSrtpToSrtp) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, 0);
}
TEST_F(VideoChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtp) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS, DTLS);
}
TEST_F(VideoChannelDoubleThreadTest, SendDtlsSrtpToDtlsSrtpRtcpMux) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
Base::SendSrtpToSrtp(DTLS | RTCP_MUX, DTLS | RTCP_MUX);
}
