Revert of Removing #defines previously used for building without BoringSSL/OpenSSL. (patchset #2 id:20001 of https://codereview.webrtc.org/2640513002/ )
Reason for revert:
Broke chromium build, due to a config being removed. Will add it back and remove the dependency in a chromium CL.
Original issue's description:
> Removing #defines previously used for building without BoringSSL/OpenSSL.
>
> These defines don't work any more, so they only cause confusion:
>
> FEATURE_ENABLE_SSL
> HAVE_OPENSSL_SSL_H
> SSL_USE_OPENSSL
>
> BUG=webrtc:7025
>
> Review-Url: https://codereview.webrtc.org/2640513002
> Cr-Commit-Position: refs/heads/master@{#16196}
> Committed: https://chromium.googlesource.com/external/webrtc/+/eaa826c2ee0668cfb4a0dfb66f8d388b65da20f5
TBR=kjellander@webrtc.org
# Skipping CQ checks because original CL landed less than 1 days ago.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=webrtc:7025
Review-Url: https://codereview.webrtc.org/2648003003
Cr-Commit-Position: refs/heads/master@{#16197}
diff --git a/webrtc/base/BUILD.gn b/webrtc/base/BUILD.gn
index 1a68b3a..51882da 100644
--- a/webrtc/base/BUILD.gn
+++ b/webrtc/base/BUILD.gn
@@ -35,10 +35,21 @@
}
}
+config("rtc_base_config") {
+ defines = [ "FEATURE_ENABLE_SSL" ]
+}
+
config("rtc_base_chromium_config") {
defines = [ "NO_MAIN_THREAD_WRAPPING" ]
}
+config("openssl_config") {
+ defines = [
+ "SSL_USE_OPENSSL",
+ "HAVE_OPENSSL_SSL_H",
+ ]
+}
+
config("rtc_base_all_dependent_config") {
if (is_ios) {
libs = [
@@ -360,6 +371,16 @@
":rtc_base_approved",
]
+ configs += [
+ ":openssl_config",
+ ":rtc_base_config",
+ ]
+
+ public_configs = [
+ ":openssl_config",
+ ":rtc_base_config",
+ ]
+
all_dependent_configs = [ ":rtc_base_all_dependent_config" ]
sources = [
@@ -516,6 +537,7 @@
"proxyserver.h",
"rollingaccumulator.h",
"scopedptrcollection.h",
+ "sslconfig.h",
"sslroots.h",
"testbase64.h",
"testclient.cc",
diff --git a/webrtc/base/helpers.cc b/webrtc/base/helpers.cc
index aa6a6ae..a8389d4 100644
--- a/webrtc/base/helpers.cc
+++ b/webrtc/base/helpers.cc
@@ -13,7 +13,18 @@
#include <limits>
#include <memory>
+#if defined(FEATURE_ENABLE_SSL)
+#include "webrtc/base/sslconfig.h"
+#if defined(SSL_USE_OPENSSL)
#include <openssl/rand.h>
+#else
+#if defined(WEBRTC_WIN)
+#define WIN32_LEAN_AND_MEAN
+#include <windows.h>
+#include <ntsecapi.h>
+#endif // WEBRTC_WIN
+#endif // else
+#endif // FEATURE_ENABLED_SSL
#include "webrtc/base/base64.h"
#include "webrtc/base/basictypes.h"
@@ -34,6 +45,7 @@
virtual bool Generate(void* buf, size_t len) = 0;
};
+#if defined(SSL_USE_OPENSSL)
// The OpenSSL RNG.
class SecureRandomGenerator : public RandomGenerator {
public:
@@ -45,6 +57,79 @@
}
};
+#else
+#if defined(WEBRTC_WIN)
+class SecureRandomGenerator : public RandomGenerator {
+ public:
+ SecureRandomGenerator() : advapi32_(NULL), rtl_gen_random_(NULL) {}
+ ~SecureRandomGenerator() {
+ FreeLibrary(advapi32_);
+ }
+
+ virtual bool Init(const void* seed, size_t seed_len) {
+ // We don't do any additional seeding on Win32, we just use the CryptoAPI
+ // RNG (which is exposed as a hidden function off of ADVAPI32 so that we
+ // don't need to drag in all of CryptoAPI)
+ if (rtl_gen_random_) {
+ return true;
+ }
+
+ advapi32_ = LoadLibrary(L"advapi32.dll");
+ if (!advapi32_) {
+ return false;
+ }
+
+ rtl_gen_random_ = reinterpret_cast<RtlGenRandomProc>(
+ GetProcAddress(advapi32_, "SystemFunction036"));
+ if (!rtl_gen_random_) {
+ FreeLibrary(advapi32_);
+ return false;
+ }
+
+ return true;
+ }
+ virtual bool Generate(void* buf, size_t len) {
+ if (!rtl_gen_random_ && !Init(NULL, 0)) {
+ return false;
+ }
+ return (rtl_gen_random_(buf, static_cast<int>(len)) != FALSE);
+ }
+
+ private:
+ typedef BOOL (WINAPI *RtlGenRandomProc)(PVOID, ULONG);
+ HINSTANCE advapi32_;
+ RtlGenRandomProc rtl_gen_random_;
+};
+
+#elif !defined(FEATURE_ENABLE_SSL)
+
+// No SSL implementation -- use rand()
+class SecureRandomGenerator : public RandomGenerator {
+ public:
+ virtual bool Init(const void* seed, size_t len) {
+ if (len >= 4) {
+ srand(*reinterpret_cast<const int*>(seed));
+ } else {
+ srand(*reinterpret_cast<const char*>(seed));
+ }
+ return true;
+ }
+ virtual bool Generate(void* buf, size_t len) {
+ char* bytes = reinterpret_cast<char*>(buf);
+ for (size_t i = 0; i < len; ++i) {
+ bytes[i] = static_cast<char>(rand());
+ }
+ return true;
+ }
+};
+
+#else
+
+#error No SSL implementation has been selected!
+
+#endif // WEBRTC_WIN
+#endif
+
// A test random generator, for predictable output.
class TestRandomGenerator : public RandomGenerator {
public:
diff --git a/webrtc/base/messagedigest.cc b/webrtc/base/messagedigest.cc
index 5e8621c..c08cab4 100644
--- a/webrtc/base/messagedigest.cc
+++ b/webrtc/base/messagedigest.cc
@@ -15,7 +15,13 @@
#include <string.h>
#include "webrtc/base/basictypes.h"
+#include "webrtc/base/sslconfig.h"
+#if SSL_USE_OPENSSL
#include "webrtc/base/openssldigest.h"
+#else
+#include "webrtc/base/md5digest.h"
+#include "webrtc/base/sha1digest.h"
+#endif
#include "webrtc/base/stringencode.h"
namespace rtc {
@@ -31,12 +37,22 @@
static const size_t kBlockSize = 64; // valid for SHA-256 and down
MessageDigest* MessageDigestFactory::Create(const std::string& alg) {
+#if SSL_USE_OPENSSL
MessageDigest* digest = new OpenSSLDigest(alg);
if (digest->Size() == 0) { // invalid algorithm
delete digest;
digest = NULL;
}
return digest;
+#else
+ MessageDigest* digest = NULL;
+ if (alg == DIGEST_MD5) {
+ digest = new Md5Digest();
+ } else if (alg == DIGEST_SHA_1) {
+ digest = new Sha1Digest();
+ }
+ return digest;
+#endif
}
bool IsFips180DigestAlgorithm(const std::string& alg) {
diff --git a/webrtc/base/openssladapter.cc b/webrtc/base/openssladapter.cc
index d368186..4301916 100644
--- a/webrtc/base/openssladapter.cc
+++ b/webrtc/base/openssladapter.cc
@@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
+#if HAVE_OPENSSL_SSL_H
+
#include "webrtc/base/openssladapter.h"
#if defined(WEBRTC_POSIX)
@@ -963,3 +965,5 @@
}
} // namespace rtc
+
+#endif // HAVE_OPENSSL_SSL_H
diff --git a/webrtc/base/openssldigest.cc b/webrtc/base/openssldigest.cc
index 0413f8f..2618b7f 100644
--- a/webrtc/base/openssldigest.cc
+++ b/webrtc/base/openssldigest.cc
@@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
+#if HAVE_OPENSSL_SSL_H
+
#include "webrtc/base/openssldigest.h"
#include "webrtc/base/checks.h"
@@ -116,3 +118,5 @@
}
} // namespace rtc
+
+#endif // HAVE_OPENSSL_SSL_H
diff --git a/webrtc/base/opensslidentity.cc b/webrtc/base/opensslidentity.cc
index 7b96f6a..2f1c565 100644
--- a/webrtc/base/opensslidentity.cc
+++ b/webrtc/base/opensslidentity.cc
@@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
+#if HAVE_OPENSSL_SSL_H
+
#include "webrtc/base/opensslidentity.h"
#include <memory>
@@ -574,3 +576,5 @@
}
} // namespace rtc
+
+#endif // HAVE_OPENSSL_SSL_H
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index 158315f..3b3aa5d 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -8,6 +8,8 @@
* be found in the AUTHORS file in the root of the source tree.
*/
+#if HAVE_OPENSSL_SSL_H
+
#include "webrtc/base/opensslstreamadapter.h"
#include <openssl/bio.h>
@@ -43,10 +45,11 @@
namespace rtc {
-#if (OPENSSL_VERSION_NUMBER < 0x10001000L)
-#error "webrtc requires at least OpenSSL version 1.0.1, to support DTLS-SRTP"
+#if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
+#define HAVE_DTLS_SRTP
#endif
+#ifdef HAVE_DTLS_SRTP
// SRTP cipher suite table. |internal_name| is used to construct a
// colon-separated profile strings which is needed by
// SSL_CTX_set_tlsext_use_srtp().
@@ -62,6 +65,7 @@
{"SRTP_AEAD_AES_128_GCM", SRTP_AEAD_AES_128_GCM},
{"SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM},
{nullptr, 0}};
+#endif
#ifdef OPENSSL_IS_BORINGSSL
// Not used in production code. Actual time should be relative to Jan 1, 1970.
@@ -428,6 +432,7 @@
bool use_context,
uint8_t* result,
size_t result_len) {
+#ifdef HAVE_DTLS_SRTP
int i;
i = SSL_export_keying_material(ssl_, result, result_len, label.c_str(),
@@ -438,10 +443,14 @@
return false;
return true;
+#else
+ return false;
+#endif
}
bool OpenSSLStreamAdapter::SetDtlsSrtpCryptoSuites(
const std::vector<int>& ciphers) {
+#ifdef HAVE_DTLS_SRTP
std::string internal_ciphers;
if (state_ != SSL_NONE)
@@ -472,9 +481,13 @@
srtp_ciphers_ = internal_ciphers;
return true;
+#else
+ return false;
+#endif
}
bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
+#ifdef HAVE_DTLS_SRTP
RTC_DCHECK(state_ == SSL_CONNECTED);
if (state_ != SSL_CONNECTED)
return false;
@@ -488,6 +501,9 @@
*crypto_suite = srtp_profile->id;
RTC_DCHECK(!SrtpCryptoSuiteToName(*crypto_suite).empty());
return true;
+#else
+ return false;
+#endif
}
bool OpenSSLStreamAdapter::IsTlsConnected() {
@@ -1080,12 +1096,14 @@
SSL_CTX_set_cipher_list(ctx,
"DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK");
+#ifdef HAVE_DTLS_SRTP
if (!srtp_ciphers_.empty()) {
if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {
SSL_CTX_free(ctx);
return NULL;
}
}
+#endif
return ctx;
}
@@ -1151,6 +1169,26 @@
return stream->VerifyPeerCertificate();
}
+bool OpenSSLStreamAdapter::HaveDtls() {
+ return true;
+}
+
+bool OpenSSLStreamAdapter::HaveDtlsSrtp() {
+#ifdef HAVE_DTLS_SRTP
+ return true;
+#else
+ return false;
+#endif
+}
+
+bool OpenSSLStreamAdapter::HaveExporter() {
+#ifdef HAVE_DTLS_SRTP
+ return true;
+#else
+ return false;
+#endif
+}
+
bool OpenSSLStreamAdapter::IsBoringSsl() {
#ifdef OPENSSL_IS_BORINGSSL
return true;
@@ -1235,3 +1273,5 @@
}
} // namespace rtc
+
+#endif // HAVE_OPENSSL_SSL_H
diff --git a/webrtc/base/opensslstreamadapter.h b/webrtc/base/opensslstreamadapter.h
index d3edf3a..e7d2174 100644
--- a/webrtc/base/opensslstreamadapter.h
+++ b/webrtc/base/opensslstreamadapter.h
@@ -109,7 +109,10 @@
bool IsTlsConnected() override;
- // Capabilities interfaces.
+ // Capabilities interfaces
+ static bool HaveDtls();
+ static bool HaveDtlsSrtp();
+ static bool HaveExporter();
static bool IsBoringSsl();
static bool IsAcceptableCipher(int cipher, KeyType key_type);
diff --git a/webrtc/base/ssladapter.cc b/webrtc/base/ssladapter.cc
index 06fce54..ba24e61 100644
--- a/webrtc/base/ssladapter.cc
+++ b/webrtc/base/ssladapter.cc
@@ -10,7 +10,13 @@
#include "webrtc/base/ssladapter.h"
-#include "webrtc/base/openssladapter.h"
+#include "webrtc/base/sslconfig.h"
+
+#if SSL_USE_OPENSSL
+
+#include "openssladapter.h"
+
+#endif
///////////////////////////////////////////////////////////////////////////////
@@ -18,11 +24,18 @@
SSLAdapter*
SSLAdapter::Create(AsyncSocket* socket) {
+#if SSL_USE_OPENSSL
return new OpenSSLAdapter(socket);
+#else // !SSL_USE_OPENSSL
+ delete socket;
+ return NULL;
+#endif // SSL_USE_OPENSSL
}
///////////////////////////////////////////////////////////////////////////////
+#if SSL_USE_OPENSSL
+
bool InitializeSSL(VerificationCallback callback) {
return OpenSSLAdapter::InitializeSSL(callback);
}
@@ -35,6 +48,22 @@
return OpenSSLAdapter::CleanupSSL();
}
+#else // !SSL_USE_OPENSSL
+
+bool InitializeSSL(VerificationCallback callback) {
+ return true;
+}
+
+bool InitializeSSLThread() {
+ return true;
+}
+
+bool CleanupSSL() {
+ return true;
+}
+
+#endif // SSL_USE_OPENSSL
+
///////////////////////////////////////////////////////////////////////////////
} // namespace rtc
diff --git a/webrtc/base/ssladapter_unittest.cc b/webrtc/base/ssladapter_unittest.cc
index c591f19..a6ec56e 100644
--- a/webrtc/base/ssladapter_unittest.cc
+++ b/webrtc/base/ssladapter_unittest.cc
@@ -370,6 +370,8 @@
: SSLAdapterTestBase(rtc::SSL_MODE_DTLS, rtc::KeyParams::ECDSA()) {}
};
+#if SSL_USE_OPENSSL
+
// Basic tests: TLS
// Test that handshake works, using RSA
@@ -417,3 +419,5 @@
TestHandshake(true);
TestTransfer("Hello, world!");
}
+
+#endif // SSL_USE_OPENSSL
diff --git a/webrtc/base/sslconfig.h b/webrtc/base/sslconfig.h
new file mode 100644
index 0000000..6aabad0
--- /dev/null
+++ b/webrtc/base/sslconfig.h
@@ -0,0 +1,30 @@
+/*
+ * Copyright 2012 The WebRTC Project Authors. All rights reserved.
+ *
+ * Use of this source code is governed by a BSD-style license
+ * that can be found in the LICENSE file in the root of the source
+ * tree. An additional intellectual property rights grant can be found
+ * in the file PATENTS. All contributing project authors may
+ * be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef WEBRTC_BASE_SSLCONFIG_H_
+#define WEBRTC_BASE_SSLCONFIG_H_
+
+// If no preference has been indicated, default to SChannel on Windows and
+// OpenSSL everywhere else, if it is available.
+#if !defined(SSL_USE_SCHANNEL) && !defined(SSL_USE_OPENSSL)
+#if defined(WEBRTC_WIN)
+
+#define SSL_USE_SCHANNEL 1
+
+#else // defined(WEBRTC_WIN)
+
+#if defined(HAVE_OPENSSL_SSL_H)
+#define SSL_USE_OPENSSL 1
+#endif
+
+#endif // !defined(WEBRTC_WIN)
+#endif
+
+#endif // WEBRTC_BASE_SSLCONFIG_H_
diff --git a/webrtc/base/sslidentity.cc b/webrtc/base/sslidentity.cc
index a5dd7b9..645050a 100644
--- a/webrtc/base/sslidentity.cc
+++ b/webrtc/base/sslidentity.cc
@@ -17,9 +17,15 @@
#include "webrtc/base/base64.h"
#include "webrtc/base/checks.h"
#include "webrtc/base/logging.h"
-#include "webrtc/base/opensslidentity.h"
+#include "webrtc/base/sslconfig.h"
#include "webrtc/base/sslfingerprint.h"
+#if SSL_USE_OPENSSL
+
+#include "webrtc/base/opensslidentity.h"
+
+#endif // SSL_USE_OPENSSL
+
namespace rtc {
const char kPemTypeCertificate[] = "CERTIFICATE";
@@ -207,6 +213,8 @@
std::for_each(certs_.begin(), certs_.end(), DeleteCert);
}
+#if SSL_USE_OPENSSL
+
// static
SSLCertificate* SSLCertificate::FromPEMString(const std::string& pem_string) {
return OpenSSLCertificate::FromPEMString(pem_string);
@@ -252,6 +260,12 @@
return !(a == b);
}
+#else // !SSL_USE_OPENSSL
+
+#error "No SSL implementation"
+
+#endif // SSL_USE_OPENSSL
+
// Read |n| bytes from ASN1 number string at *|pp| and return the numeric value.
// Update *|pp| and *|np| to reflect number of read bytes.
static inline int ASN1ReadInt(const unsigned char** pp, size_t* np, size_t n) {
diff --git a/webrtc/base/sslstreamadapter.cc b/webrtc/base/sslstreamadapter.cc
index 2f601c6..c3ef3bc 100644
--- a/webrtc/base/sslstreamadapter.cc
+++ b/webrtc/base/sslstreamadapter.cc
@@ -9,9 +9,14 @@
*/
#include "webrtc/base/sslstreamadapter.h"
+#include "webrtc/base/sslconfig.h"
+
+#if SSL_USE_OPENSSL
#include "webrtc/base/opensslstreamadapter.h"
+#endif // SSL_USE_OPENSSL
+
///////////////////////////////////////////////////////////////////////////////
namespace rtc {
@@ -96,7 +101,11 @@
}
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
+#if SSL_USE_OPENSSL
return new OpenSSLStreamAdapter(stream);
+#else // !SSL_USE_OPENSSL
+ return NULL;
+#endif // SSL_USE_OPENSSL
}
SSLStreamAdapter::SSLStreamAdapter(StreamInterface* stream)
@@ -128,6 +137,16 @@
return false;
}
+#if SSL_USE_OPENSSL
+bool SSLStreamAdapter::HaveDtls() {
+ return OpenSSLStreamAdapter::HaveDtls();
+}
+bool SSLStreamAdapter::HaveDtlsSrtp() {
+ return OpenSSLStreamAdapter::HaveDtlsSrtp();
+}
+bool SSLStreamAdapter::HaveExporter() {
+ return OpenSSLStreamAdapter::HaveExporter();
+}
bool SSLStreamAdapter::IsBoringSsl() {
return OpenSSLStreamAdapter::IsBoringSsl();
}
@@ -144,6 +163,7 @@
void SSLStreamAdapter::enable_time_callback_for_testing() {
OpenSSLStreamAdapter::enable_time_callback_for_testing();
}
+#endif // SSL_USE_OPENSSL
///////////////////////////////////////////////////////////////////////////////
diff --git a/webrtc/base/sslstreamadapter.h b/webrtc/base/sslstreamadapter.h
index 4f5ee02..3910191 100644
--- a/webrtc/base/sslstreamadapter.h
+++ b/webrtc/base/sslstreamadapter.h
@@ -228,9 +228,10 @@
// SS_OPENING but IsTlsConnected should return true.
virtual bool IsTlsConnected() = 0;
- // Capabilities testing.
- // Used to have "DTLS supported", "DTLS-SRTP supported" etc. methods, but now
- // that's assumed.
+ // Capabilities testing
+ static bool HaveDtls();
+ static bool HaveDtlsSrtp();
+ static bool HaveExporter();
static bool IsBoringSsl();
// Returns true iff the supplied cipher is deemed to be strong.
diff --git a/webrtc/base/sslstreamadapter_unittest.cc b/webrtc/base/sslstreamadapter_unittest.cc
index 8203691..9d73abc 100644
--- a/webrtc/base/sslstreamadapter_unittest.cc
+++ b/webrtc/base/sslstreamadapter_unittest.cc
@@ -19,6 +19,7 @@
#include "webrtc/base/gunit.h"
#include "webrtc/base/helpers.h"
#include "webrtc/base/ssladapter.h"
+#include "webrtc/base/sslconfig.h"
#include "webrtc/base/sslidentity.h"
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/base/stream.h"
@@ -64,6 +65,12 @@
"UD0A8qfhfDM+LK6rPAnCsVN0NRDY3jvd6rzix9M=\n"
"-----END CERTIFICATE-----\n";
+#define MAYBE_SKIP_TEST(feature) \
+ if (!(rtc::SSLStreamAdapter::feature())) { \
+ LOG(LS_INFO) << "Feature disabled... skipping"; \
+ return; \
+ }
+
class SSLStreamAdapterTestBase;
class SSLDummyStreamBase : public rtc::StreamInterface,
@@ -956,6 +963,7 @@
// Basic tests: DTLS
// Test that we can make a handshake work
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnect) {
+ MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
};
@@ -963,12 +971,14 @@
// each direction is lost. This gives us predictable loss
// rather than having to tune random
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacket) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetLoseFirstPacket(true);
TestHandshake();
};
// Test a handshake with loss and delay
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSConnectWithLostFirstPacketDelay2s) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetLoseFirstPacket(true);
SetDelay(2000);
SetHandshakeWait(20000);
@@ -978,6 +988,7 @@
// Test a handshake with small MTU
// Disabled due to https://code.google.com/p/webrtc/issues/detail?id=3910
TEST_P(SSLStreamAdapterTestDTLS, DISABLED_TestDTLSConnectWithSmallMtu) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetMtu(700);
SetHandshakeWait(20000);
TestHandshake();
@@ -985,17 +996,20 @@
// Test transfer -- trivial
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransfer) {
+ MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
TestTransfer(100);
};
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithLoss) {
+ MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
SetLoss(10);
TestTransfer(100);
};
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSTransferWithDamage) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetDamage(); // Must be called first because first packet
// write happens at end of handshake.
TestHandshake();
@@ -1012,6 +1026,7 @@
// Test DTLS-SRTP with all high ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHigh) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
SetDtlsSrtpCryptoSuites(high, true);
@@ -1029,6 +1044,7 @@
// Test DTLS-SRTP with all low ciphers
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpLow) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> low;
low.push_back(rtc::SRTP_AES128_CM_SHA1_32);
SetDtlsSrtpCryptoSuites(low, true);
@@ -1046,6 +1062,7 @@
// Test DTLS-SRTP with a mismatch -- should not converge
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpHighLow) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> high;
high.push_back(rtc::SRTP_AES128_CM_SHA1_80);
std::vector<int> low;
@@ -1062,6 +1079,7 @@
// Test DTLS-SRTP with each side being mixed -- should select high
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpMixed) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> mixed;
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_80);
mixed.push_back(rtc::SRTP_AES128_CM_SHA1_32);
@@ -1080,6 +1098,7 @@
// Test DTLS-SRTP with all GCM-128 ciphers.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM128) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm128;
gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
SetDtlsSrtpCryptoSuites(gcm128, true);
@@ -1097,6 +1116,7 @@
// Test DTLS-SRTP with all GCM-256 ciphers.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCM256) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm256;
gcm256.push_back(rtc::SRTP_AEAD_AES_256_GCM);
SetDtlsSrtpCryptoSuites(gcm256, true);
@@ -1114,6 +1134,7 @@
// Test DTLS-SRTP with mixed GCM-128/-256 ciphers -- should not converge.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMismatch) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcm128;
gcm128.push_back(rtc::SRTP_AEAD_AES_128_GCM);
std::vector<int> gcm256;
@@ -1130,6 +1151,7 @@
// Test DTLS-SRTP with both GCM-128/-256 ciphers -- should select GCM-256.
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSSrtpGCMMixed) {
+ MAYBE_SKIP_TEST(HaveDtlsSrtp);
std::vector<int> gcmBoth;
gcmBoth.push_back(rtc::SRTP_AEAD_AES_256_GCM);
gcmBoth.push_back(rtc::SRTP_AEAD_AES_128_GCM);
@@ -1177,6 +1199,7 @@
// Test an exporter
TEST_P(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
+ MAYBE_SKIP_TEST(HaveExporter);
TestHandshake();
unsigned char client_out[20];
unsigned char server_out[20];
@@ -1199,6 +1222,7 @@
// Test not yet valid certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {
+ MAYBE_SKIP_TEST(HaveDtls);
long one_day = 60 * 60 * 24;
// Make the certificates not valid until one day later.
ResetIdentitiesWithValidity(one_day, one_day);
@@ -1207,6 +1231,7 @@
// Test expired certificates are not rejected.
TEST_P(SSLStreamAdapterTestDTLS, TestCertExpired) {
+ MAYBE_SKIP_TEST(HaveDtls);
long one_day = 60 * 60 * 24;
// Make the certificates already expired.
ResetIdentitiesWithValidity(-one_day, -one_day);
@@ -1215,12 +1240,15 @@
// Test data transfer using certs created from strings.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestTransfer) {
+ MAYBE_SKIP_TEST(HaveDtls);
TestHandshake();
TestTransfer(100);
}
// Test getting the remote certificate.
TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
+ MAYBE_SKIP_TEST(HaveDtls);
+
// Peer certificates haven't been received yet.
ASSERT_FALSE(GetPeerCertificate(true));
ASSERT_FALSE(GetPeerCertificate(false));
@@ -1254,6 +1282,7 @@
// Test getting the used DTLS ciphers.
// DTLS 1.2 enabled for neither client nor server -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
TestHandshake();
@@ -1273,6 +1302,7 @@
// Test getting the used DTLS 1.2 ciphers.
// DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
TestHandshake();
@@ -1291,6 +1321,7 @@
// DTLS 1.2 enabled for client only -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Client) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_12);
TestHandshake();
@@ -1309,6 +1340,7 @@
// DTLS 1.2 enabled for server only -> DTLS 1.0 will be used.
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Server) {
+ MAYBE_SKIP_TEST(HaveDtls);
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_10);
TestHandshake();