From c75fbe24e67baca458c283b5985eeb3bb8b7344b Mon Sep 17 00:00:00 2001
From: Philipp Hancke <phancke@meta.com>
Date: Wed, 13 Nov 2024 13:36:44 -0800
Subject: [PATCH] Clean up legacy variant of DTLS-SRTP key exporter

BUG=webrtc:357776213

Change-Id: Id383c3a2a8627e3d0aceb80da30db14ea689ac93
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/368181
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Florent Castelli <orphis@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43467}
---
 rtc_base/openssl_stream_adapter.cc      | 14 --------------
 rtc_base/openssl_stream_adapter.h       |  7 -------
 rtc_base/ssl_stream_adapter.h           |  9 ---------
 rtc_base/ssl_stream_adapter_unittest.cc | 14 ++------------
 4 files changed, 2 insertions(+), 42 deletions(-)

diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc
index 7a6284790f..1b29435de2 100644
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc
@@ -383,20 +383,6 @@ bool OpenSSLStreamAdapter::ExportSrtpKeyingMaterial(
   return true;
 }
 
-bool OpenSSLStreamAdapter::ExportKeyingMaterial(absl::string_view label,
-                                                const uint8_t* context,
-                                                size_t context_len,
-                                                bool use_context,
-                                                uint8_t* result,
-                                                size_t result_len) {
-  if (SSL_export_keying_material(ssl_, result, result_len, label.data(),
-                                 label.length(), context, context_len,
-                                 use_context) != 1) {
-    return false;
-  }
-  return true;
-}
-
 uint16_t OpenSSLStreamAdapter::GetPeerSignatureAlgorithm() const {
   if (state_ != SSL_CONNECTED) {
     return 0;
diff --git a/rtc_base/openssl_stream_adapter.h b/rtc_base/openssl_stream_adapter.h
index 82e0b1b632..9ba1050734 100644
--- a/rtc_base/openssl_stream_adapter.h
+++ b/rtc_base/openssl_stream_adapter.h
@@ -109,13 +109,6 @@ class OpenSSLStreamAdapter final : public SSLStreamAdapter {
   // Key Extractor interface
   bool ExportSrtpKeyingMaterial(
       rtc::ZeroOnFreeBuffer<uint8_t>& keying_material) override;
-  [[deprecated("Use ExportSrtpKeyingMaterial instead")]] bool
-  ExportKeyingMaterial(absl::string_view label,
-                       const uint8_t* context,
-                       size_t context_len,
-                       bool use_context,
-                       uint8_t* result,
-                       size_t result_len) override;
 
   uint16_t GetPeerSignatureAlgorithm() const override;
 
diff --git a/rtc_base/ssl_stream_adapter.h b/rtc_base/ssl_stream_adapter.h
index 66617e31fb..fd2c3525ac 100644
--- a/rtc_base/ssl_stream_adapter.h
+++ b/rtc_base/ssl_stream_adapter.h
@@ -205,15 +205,6 @@ class SSLStreamAdapter : public StreamInterface {
   // Key Exporter interface from RFC 5705
   virtual bool ExportSrtpKeyingMaterial(
       rtc::ZeroOnFreeBuffer<uint8_t>& keying_material) = 0;
-  [[deprecated("Use ExportSrtpKeyingMaterial instead")]] virtual bool
-  ExportKeyingMaterial(absl::string_view label,
-                       const uint8_t* context,
-                       size_t context_len,
-                       bool use_context,
-                       uint8_t* result,
-                       size_t result_len) {
-    return false;
-  }
 
   // Returns the signature algorithm or 0 if not applicable.
   virtual uint16_t GetPeerSignatureAlgorithm() const = 0;
diff --git a/rtc_base/ssl_stream_adapter_unittest.cc b/rtc_base/ssl_stream_adapter_unittest.cc
index f474b9c074..b6579041fb 100644
--- a/rtc_base/ssl_stream_adapter_unittest.cc
+++ b/rtc_base/ssl_stream_adapter_unittest.cc
@@ -1387,10 +1387,8 @@ TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpKeyAndSaltLengths) {
   ASSERT_EQ(96 / 8, salt_len);
 }
 
-// Test an exporter
-#pragma clang diagnostic push
-#pragma clang diagnostic ignored "-Wdeprecated-declarations"
-TEST_F(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
+// Test the DTLS-SRTP key exporter
+TEST_F(SSLStreamAdapterTestDTLS, TestDTLSSrtpExporter) {
   const std::vector<int> crypto_suites = {rtc::kSrtpAes128CmSha1_80};
   SetDtlsSrtpCryptoSuites(crypto_suites, true);
   SetDtlsSrtpCryptoSuites(crypto_suites, false);
@@ -1408,15 +1406,7 @@ TEST_F(SSLStreamAdapterTestDTLS, TestDTLSExporter) {
   EXPECT_TRUE(client_ssl_->ExportSrtpKeyingMaterial(client_out));
   EXPECT_TRUE(server_ssl_->ExportSrtpKeyingMaterial(server_out));
   EXPECT_EQ(client_out, server_out);
-
-  // Legacy variant.
-  rtc::ZeroOnFreeBuffer<uint8_t> legacy_out(2 * (key_len + salt_len));
-  EXPECT_TRUE(client_ssl_->ExportKeyingMaterial("EXTRACTOR-dtls_srtp", nullptr,
-                                                0, false, legacy_out.data(),
-                                                legacy_out.size()));
-  EXPECT_EQ(client_out, legacy_out);
 }
-#pragma clang diagnostic pop
 
 // Test not yet valid certificates are not rejected.
 TEST_F(SSLStreamAdapterTestDTLS, TestCertNotYetValid) {