From 6cf94a01182f366504d3343caaa6732904191bcb Mon Sep 17 00:00:00 2001
From: deadbeef <deadbeef@webrtc.org>
Date: Mon, 28 Nov 2016 17:38:34 -0800
Subject: [PATCH] Only use BoringSSL time callback in unit tests.

The actual time used in production code should honor the epoch time.

BUG=webrtc:6737

Review-Url: https://codereview.webrtc.org/2526433002
Cr-Commit-Position: refs/heads/master@{#15282}
---
 webrtc/base/opensslstreamadapter.cc | 18 +++++++++++++-----
 webrtc/base/opensslstreamadapter.h  |  4 ++++
 webrtc/base/sslstreamadapter.cc     |  3 +++
 webrtc/base/sslstreamadapter.h      |  4 ++++
 webrtc/base/unittest_main.cc        |  2 ++
 5 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index 6943cd32ff..873f7b1398 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -38,6 +38,10 @@
 #include "webrtc/base/timeutils.h"
 #include "webrtc/base/thread.h"
 
+namespace {
+  bool g_use_time_callback_for_testing = false;
+}
+
 namespace rtc {
 
 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
@@ -63,7 +67,8 @@ static SrtpCipherMapEntry SrtpCipherMap[] = {
 #endif
 
 #ifdef OPENSSL_IS_BORINGSSL
-static void TimeCallback(const SSL* ssl, struct timeval* out_clock) {
+// Not used in production code. Actual time should be relative to Jan 1, 1970.
+static void TimeCallbackForTesting(const SSL* ssl, struct timeval* out_clock) {
   int64_t time = TimeNanos();
   out_clock->tv_sec = time / kNumNanosecsPerSec;
   out_clock->tv_usec = (time % kNumNanosecsPerSec) / kNumNanosecsPerMicrosec;
@@ -1059,10 +1064,9 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
           DTLS1_2_VERSION : TLS1_2_VERSION);
       break;
   }
-  // Set a time callback for BoringSSL because:
-  // 1. Our time function is more accurate (doesn't just use gettimeofday).
-  // 2. This allows us to inject a fake clock for testing.
-  SSL_CTX_set_current_time_cb(ctx, &TimeCallback);
+  if (g_use_time_callback_for_testing) {
+    SSL_CTX_set_current_time_cb(ctx, &TimeCallbackForTesting);
+  }
 #endif
 
   if (identity_ && !identity_->ConfigureIdentity(ctx)) {
@@ -1263,6 +1267,10 @@ bool OpenSSLStreamAdapter::IsAcceptableCipher(const std::string& cipher,
   return false;
 }
 
+void OpenSSLStreamAdapter::enable_time_callback_for_testing() {
+  g_use_time_callback_for_testing = true;
+}
+
 }  // namespace rtc
 
 #endif  // HAVE_OPENSSL_SSL_H
diff --git a/webrtc/base/opensslstreamadapter.h b/webrtc/base/opensslstreamadapter.h
index 76ff2183a0..e7d2174be8 100644
--- a/webrtc/base/opensslstreamadapter.h
+++ b/webrtc/base/opensslstreamadapter.h
@@ -118,6 +118,10 @@ class OpenSSLStreamAdapter : public SSLStreamAdapter {
   static bool IsAcceptableCipher(int cipher, KeyType key_type);
   static bool IsAcceptableCipher(const std::string& cipher, KeyType key_type);
 
+  // Use our timeutils.h source of timing in BoringSSL, allowing us to test
+  // using a fake clock.
+  static void enable_time_callback_for_testing();
+
  protected:
   void OnEvent(StreamInterface* stream, int events, int err) override;
 
diff --git a/webrtc/base/sslstreamadapter.cc b/webrtc/base/sslstreamadapter.cc
index 17e758e811..c3ef3bc3ae 100644
--- a/webrtc/base/sslstreamadapter.cc
+++ b/webrtc/base/sslstreamadapter.cc
@@ -160,6 +160,9 @@ bool SSLStreamAdapter::IsAcceptableCipher(const std::string& cipher,
 std::string SSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
   return OpenSSLStreamAdapter::SslCipherSuiteToName(cipher_suite);
 }
+void SSLStreamAdapter::enable_time_callback_for_testing() {
+  OpenSSLStreamAdapter::enable_time_callback_for_testing();
+}
 #endif  // SSL_USE_OPENSSL
 
 ///////////////////////////////////////////////////////////////////////////////
diff --git a/webrtc/base/sslstreamadapter.h b/webrtc/base/sslstreamadapter.h
index 2b99f00cb3..391019165f 100644
--- a/webrtc/base/sslstreamadapter.h
+++ b/webrtc/base/sslstreamadapter.h
@@ -244,6 +244,10 @@ class SSLStreamAdapter : public StreamAdapterInterface {
   // depending on specific SSL implementation.
   static std::string SslCipherSuiteToName(int cipher_suite);
 
+  // Use our timeutils.h source of timing in BoringSSL, allowing us to test
+  // using a fake clock.
+  static void enable_time_callback_for_testing();
+
   sigslot::signal1<SSLHandshakeError> SignalSSLHandshakeError;
 
  private:
diff --git a/webrtc/base/unittest_main.cc b/webrtc/base/unittest_main.cc
index 66a9a73309..3de0528847 100644
--- a/webrtc/base/unittest_main.cc
+++ b/webrtc/base/unittest_main.cc
@@ -19,6 +19,7 @@
 #include "webrtc/base/gunit.h"
 #include "webrtc/base/logging.h"
 #include "webrtc/base/ssladapter.h"
+#include "webrtc/base/sslstreamadapter.h"
 #include "webrtc/test/field_trial.h"
 #include "webrtc/test/testsupport/fileutils.h"
 
@@ -103,6 +104,7 @@ int main(int argc, char** argv) {
 
   // Initialize SSL which are used by several tests.
   rtc::InitializeSSL();
+  rtc::SSLStreamAdapter::enable_time_callback_for_testing();
 
   int res = RUN_ALL_TESTS();