admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Handle HKDF key derivation when building with OpenSSL.

Browse Source 
Change-Id: I3fd503109190d6a94e15576312c9cb79906a7f61
Bug: webrtc:10160
Reviewed-on: https://webrtc-review.googlesource.com/c/122622
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#26669}
This commit is contained in:
Sergey Sablin 2019-02-12 18:30:45 -08:00 committed by Commit Bot
parent 5e2aad1c95
commit 3c119fb793
3 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rtc_base/openssl_digest.h
View File

@ -11,7 +11,7 @@
#ifndef RTC_BASE_OPENSSL_DIGEST_H_ #ifndef RTC_BASE_OPENSSL_DIGEST_H_
#define RTC_BASE_OPENSSL_DIGEST_H_ #define RTC_BASE_OPENSSL_DIGEST_H_
#include <openssl/base.h> #include <openssl/ossl_typ.h>
#include <stddef.h> #include <stddef.h>
#include <string> #include <string>

35
rtc_base/openssl_key_derivation_hkdf.cc
View File

@ -10,9 +10,42 @@
#include "rtc_base/openssl_key_derivation_hkdf.h" #include "rtc_base/openssl_key_derivation_hkdf.h"
#include <openssl/ossl_typ.h>
#ifdef OPENSSL_IS_BORINGSSL
#include <openssl/digest.h> #include <openssl/digest.h>
#include <openssl/err.h>
#include <openssl/hkdf.h> #include <openssl/hkdf.h>
#else
#include <openssl/evp.h>
#include <openssl/kdf.h>
namespace {
// the function with this interface is static within openssl and hence not
// accessible to the caller. Implementing here to match boringssl.
static int HKDF(uint8_t* out_key,
size_t out_len,
const EVP_MD* digest,
const uint8_t* secret,
size_t secret_len,
const uint8_t* salt,
size_t salt_len,
const uint8_t* info,
size_t info_len) {
EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
if (EVP_PKEY_derive_init(pctx) <= 0 ||
EVP_PKEY_CTX_set_hkdf_md(pctx, digest) <= 0 ||
EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, salt_len) <= 0 ||
EVP_PKEY_CTX_set1_hkdf_key(pctx, secret, secret_len) <= 0 ||
EVP_PKEY_CTX_add1_hkdf_info(pctx, info, info_len) <= 0 ||
EVP_PKEY_derive(pctx, out_key, &out_len) <= 0) {
EVP_PKEY_CTX_free(pctx);
return 0;
}
EVP_PKEY_CTX_free(pctx);
return 1;
}
} // namespace
#endif
#include <openssl/err.h>
#include <openssl/sha.h> #include <openssl/sha.h>
#include <algorithm> #include <algorithm>

3
rtc_base/openssl_stream_adapter.cc
View File

@ -25,6 +25,7 @@
#include <utility> #include <utility>
#include <vector> #include <vector>
#include "absl/memory/memory.h"
#include "rtc_base/checks.h" #include "rtc_base/checks.h"
#include "rtc_base/logging.h" #include "rtc_base/logging.h"
#include "rtc_base/numerics/safe_conversions.h" #include "rtc_base/numerics/safe_conversions.h"
@ -1081,7 +1082,7 @@ int OpenSSLStreamAdapter::SSLVerifyCallback(X509_STORE_CTX* store, void* arg) {
// Record the peer's certificate. // Record the peer's certificate.
X509* cert = X509_STORE_CTX_get0_cert(store); X509* cert = X509_STORE_CTX_get0_cert(store);
stream->peer_cert_chain_.reset( stream->peer_cert_chain_.reset(
new SSLCertChain(new OpenSSLCertificate(cert))); new SSLCertChain(absl::make_unique<OpenSSLCertificate>(cert)));
#endif #endif
// If the peer certificate digest isn't known yet, we'll wait to verify // If the peer certificate digest isn't known yet, we'll wait to verify