commit 72f638a9a279e7abb5534fa66a0ade2cf18ec1a7
author Taylor Brandstetter <deadbeef@webrtc.org> Sun Nov 15 13:01:15 2020 -0800
committer Commit Bot <commit-bot@chromium.org> Thu Dec 10 02:19:47 2020 +0000
tree 8fba881676af4bfe9e609c08912e7c13d17e0564
parent 20ecd8f777e71897893b5f7fdf878fc7e3201764

Use CRYPTO_BUFFER APIs instead of X509 when building with BoringSSL.

Using CRYPTO_BUFFERs instead of legacy X509 objects offers memory and
security gains, and will provide binary size improvements as well once
the default list of built-in certificates can be removed; the code
dealing with them still depends on the X509 API.

Implemented by splitting openssl_identity and openssl_certificate
into BoringSSL and vanilla OpenSSL implementations.

Bug: webrtc:11410
Change-Id: Idc043462faac5e4ab1b75bedab2057197f80aba6
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/174120
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: David Benjamin <davidben@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Taylor <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#32811}

rtc_base/ssl_identity_unittest.cc

diff --git a/rtc_base/ssl_identity_unittest.cc b/rtc_base/ssl_identity_unittest.cc
index 0d9d0fd..a907bfc 100644
--- a/rtc_base/ssl_identity_unittest.cc
+++ b/rtc_base/ssl_identity_unittest.cc
@@ -65,7 +65,7 @@
     0x35, 0xce, 0x26, 0x58, 0x4a, 0x33, 0x6d, 0xbc, 0xb6};
 
 // These PEM strings were created by generating an identity with
-// |SSLIdentity::Generate| and invoking |identity->PrivateKeyToPEMString()|,
+// |SSLIdentity::Create| and invoking |identity->PrivateKeyToPEMString()|,
 // |identity->PublicKeyToPEMString()| and
 // |identity->certificate().ToPEMString()|. If the crypto library is updated,
 // and the update changes the string form of the keys, these will have to be
@@ -406,6 +406,21 @@
   EXPECT_EQ(kECDSA_CERT_PEM, identity->certificate().ToPEMString());
 }
 
+TEST_F(SSLIdentityTest, FromPEMChainStrings) {
+  // This doesn't form a valid certificate chain, but that doesn't matter for
+  // the purposes of the test
+  std::string chain(kRSA_CERT_PEM);
+  chain.append(kTestCertificate);
+  std::unique_ptr<SSLIdentity> identity(
+      SSLIdentity::CreateFromPEMChainStrings(kRSA_PRIVATE_KEY_PEM, chain));
+  EXPECT_TRUE(identity);
+  EXPECT_EQ(kRSA_PRIVATE_KEY_PEM, identity->PrivateKeyToPEMString());
+  EXPECT_EQ(kRSA_PUBLIC_KEY_PEM, identity->PublicKeyToPEMString());
+  ASSERT_EQ(2u, identity->cert_chain().GetSize());
+  EXPECT_EQ(kRSA_CERT_PEM, identity->cert_chain().Get(0).ToPEMString());
+  EXPECT_EQ(kTestCertificate, identity->cert_chain().Get(1).ToPEMString());
+}
+
 TEST_F(SSLIdentityTest, CloneIdentityRSA) {
   TestCloningIdentity(*identity_rsa1_);
   TestCloningIdentity(*identity_rsa2_);