admin/webrtc_m130
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove more (D)TLS1.0 legacy code

Browse Source 
keeping around the DTLS 1.0 constant for unit tests.

BUG=webrtc:40644300

Change-Id: I6d0c3ba1f434bbf3ef1a1b812aeef26943dcf646
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/352530
Reviewed-by: Florent Castelli <orphis@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#42471}
This commit is contained in:
Philipp Hancke 2024-06-11 09:42:51 -07:00 committed by WebRTC LUCI CQ
parent f79120a5f8
commit ed1801492d
3 changed files with 22 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rtc_base/openssl_stream_adapter.h
View File

@ -107,8 +107,8 @@ class OpenSSLStreamAdapter final : public SSLStreamAdapter,
static std::string SslCipherSuiteToName(int crypto_suite); static std::string SslCipherSuiteToName(int crypto_suite);
bool GetSslCipherSuite(int* cipher) override; bool GetSslCipherSuite(int* cipher) override;
[[deprecated("Use GetSslVersionBytes")]] SSLProtocolVersion GetSslVersion()
SSLProtocolVersion GetSslVersion() const override; const override;
bool GetSslVersionBytes(int* version) const override; bool GetSslVersionBytes(int* version) const override;
// Key Extractor interface // Key Extractor interface
bool ExportKeyingMaterial(absl::string_view label, bool ExportKeyingMaterial(absl::string_view label,

17
rtc_base/ssl_stream_adapter.h
View File

@ -90,17 +90,13 @@ bool IsGcmCryptoSuiteName(absl::string_view crypto_suite);
enum SSLRole { SSL_CLIENT, SSL_SERVER }; enum SSLRole { SSL_CLIENT, SSL_SERVER };
enum SSLMode { SSL_MODE_TLS, SSL_MODE_DTLS }; enum SSLMode { SSL_MODE_TLS, SSL_MODE_DTLS };
// Note: TLS_10, TLS_11, and DTLS_10 will all be ignored, and only DTLS1_2 will // TODO bugs.webrtc.org/40644300 remove unused legacy constants.
// be accepted unless the trial flag WebRTC-LegacyTlsProtocols/Enabled/ is
// passed in or an explicit override is used. Support for the legacy protocol
// versions will be completely removed in the future.
// See https://bugs.webrtc.org/10261.
enum SSLProtocolVersion { enum SSLProtocolVersion {
SSL_PROTOCOL_NOT_GIVEN = -1, SSL_PROTOCOL_NOT_GIVEN = -1,
SSL_PROTOCOL_TLS_10 = 0, SSL_PROTOCOL_TLS_10 = 0, // Deprecated and no longer supported.
SSL_PROTOCOL_TLS_11, SSL_PROTOCOL_TLS_11 = 1, // Deprecated and no longer supported.
SSL_PROTOCOL_TLS_12, SSL_PROTOCOL_TLS_12 = 2,
SSL_PROTOCOL_DTLS_10 = SSL_PROTOCOL_TLS_11, SSL_PROTOCOL_DTLS_10 = 1, // Deprecated and no longer supported.
SSL_PROTOCOL_DTLS_12 = SSL_PROTOCOL_TLS_12, SSL_PROTOCOL_DTLS_12 = SSL_PROTOCOL_TLS_12,
}; };
enum class SSLPeerCertificateDigestError { enum class SSLPeerCertificateDigestError {
@ -198,7 +194,8 @@ class SSLStreamAdapter : public StreamInterface {
// Retrieves the enum value for SSL version. // Retrieves the enum value for SSL version.
// Will return -1 until the version has been negotiated. // Will return -1 until the version has been negotiated.
virtual SSLProtocolVersion GetSslVersion() const = 0; [[deprecated("Use GetSslVersionBytes")]] virtual SSLProtocolVersion
GetSslVersion() const = 0;
// Retrieves the 2-byte version from the TLS protocol. // Retrieves the 2-byte version from the TLS protocol.
// Will return false until the version has been negotiated. // Will return false until the version has been negotiated.
virtual bool GetSslVersionBytes(int* version) const = 0; virtual bool GetSslVersionBytes(int* version) const = 0;

32
rtc_base/ssl_stream_adapter_unittest.cc
View File

@ -768,11 +768,11 @@ class SSLStreamAdapterTestBase : public ::testing::Test,
return server_ssl_->GetSslCipherSuite(retval); return server_ssl_->GetSslCipherSuite(retval);
} }
int GetSslVersion(bool client) { bool GetSslVersionBytes(bool client, int* version) {
if (client) if (client)
return client_ssl_->GetSslVersion(); return client_ssl_->GetSslVersionBytes(version);
else else
return server_ssl_->GetSslVersion(); return server_ssl_->GetSslVersionBytes(version);
} }
bool ExportKeyingMaterial(absl::string_view label, bool ExportKeyingMaterial(absl::string_view label,
@ -1604,23 +1604,20 @@ TEST_F(SSLStreamAdapterTestDTLSFromPEMStrings, TestDTLSGetPeerCertificate) {
ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString()); ASSERT_EQ(kCERT_PEM, server_peer_cert->ToPEMString());
} }
// Test getting the used DTLS 1.2 ciphers. // Test getting the DTLS 1.2 version.
// DTLS 1.2 enabled for client and server -> DTLS 1.2 will be used. TEST_P(SSLStreamAdapterTestDTLS, TestGetSslVersionBytes) {
TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuiteDtls12Both) { // https://datatracker.ietf.org/doc/html/rfc9147#section-5.3
const int kDtls1_2 = 0xFEFD;
SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12); SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_12, rtc::SSL_PROTOCOL_DTLS_12);
TestHandshake(); TestHandshake();
int client_cipher; int client_version;
ASSERT_TRUE(GetSslCipherSuite(true, &client_cipher)); ASSERT_TRUE(GetSslVersionBytes(true, &client_version));
int server_cipher; EXPECT_EQ(client_version, kDtls1_2);
ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true)); int server_version;
ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false)); ASSERT_TRUE(GetSslVersionBytes(false, &server_version));
EXPECT_EQ(server_version, kDtls1_2);
ASSERT_EQ(client_cipher, server_cipher);
ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(
server_cipher, ::testing::get<1>(GetParam()).type()));
} }
// Test getting the used DTLS ciphers. // Test getting the used DTLS ciphers.
@ -1634,9 +1631,6 @@ TEST_P(SSLStreamAdapterTestDTLS, TestGetSslCipherSuite) {
int server_cipher; int server_cipher;
ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher)); ASSERT_TRUE(GetSslCipherSuite(false, &server_cipher));
ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(true));
ASSERT_EQ(rtc::SSL_PROTOCOL_DTLS_12, GetSslVersion(false));
ASSERT_EQ(client_cipher, server_cipher); ASSERT_EQ(client_cipher, server_cipher);
ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher( ASSERT_TRUE(rtc::SSLStreamAdapter::IsAcceptableCipher(
server_cipher, ::testing::get<1>(GetParam()).type())); server_cipher, ::testing::get<1>(GetParam()).type()));