which shipped in M131.
BUG=webrtc:367181089
Change-Id: I967bafbab99bf211b0e6a4454f6598fd52493b26
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/370080
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43674}
This patch fixes a scenario in which the ssl_ object was freed.
BUG=webrtc:383141571
Change-Id: I413b028473aff9c3078f9bbab8e1fee718623417
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/372340
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43621}
This patchs adds a field trial for enabling DTLS1.3, WebRTC-ForceDtls13
- "Enabled" set max version to DTLS1.3
- "Only" set min & max version to DTLS1.3
Wireup a FieldTrialsView so that this does not
use the global string.
Also convert the WebRTC-DisableTlsSessionTicketKillswitch
from global string to FieldTrialsView.
BUG=webrtc:383141571
Change-Id: Ia775efc1dcbffd01bfddb6030490438cb8de89d7
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/372261
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43616}
Modify openssl_stream_adapter to check/set
timer regardless of dtls state. This is needed for DTLS1.3
orelse handshake will never complete if last client
packet is lost (e.g if retransmit is not triggered after
writable) as show by TestHandshakeLoseSecondClientPacket.
TestHandshakeLoseSecondClientPacket works with/without this
patch if using DTLS1.2.
BUG=webrtc:383141571
Change-Id: I2757783c9e79686d1fbe0eff12341ab9e3863fdd
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/372201
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43610}
- add DTLS1.3 ciphers (without KeyType)
- remove code in dtls_transport.cc that tries to parse DTLS packet
- cleanup some test
- start on test for packet loss during dtls handshake (more to come!)
After this patch is submitted, it is possible
to set max version = dtls1.3 and it will active
but DON'T do it yet.
BUG=webrtc:383141571
Change-Id: I6f9a120c53415ccee7a560ea83bd0c2636702997
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/371300
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43595}
Add SSLProtocolVersion for TLS13 and DTLS13
Allow setting max version to 13 (for BoringSSL)
Don't change any defaults.
This is a NOP.
BUG=webrtc:383141571
Change-Id: I11303c14e8d79c09d9437d44e44003c67d2fc31b
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/370900
Commit-Queue: Jonas Oreland <jonaso@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43530}
and use uint8_t instead of unsigned char. Follow-up from
https://webrtc-review.googlesource.com/c/src/+/365274
BUG=webrtc:357776213
Change-Id: Ibc97e5cc85316ba69b4133b7f3c42e3afbdd7abd
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/365540
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Jeremy Leconte <jleconte@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43263}
This is a reland of commit 65ae3245f9380e46b1d755f3f452ba63ab6cdf8d
with more backward compat which also fixes the off-by-one issue which caused wrong SRTP keys to be extracted.
Original change's description:
> Spanify SRTP key export
>
> and simplify the interface used as this is only used for exporting
> SRTP keys and passing arcane OpenSSL arguments around does not make
> much sense.
>
> BUG=webrtc:357776213
>
> Change-Id: I9e5a94fe368b77975e48b6dd5ab6a2d2575d6382
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/364521
> Commit-Queue: Philipp Hancke <phancke@meta.com>
> Reviewed-by: Harald Alvestrand <hta@webrtc.org>
> Reviewed-by: Florent Castelli <orphis@webrtc.org>
> Cr-Commit-Position: refs/heads/main@{#43198}
Bug: webrtc:357776213
Change-Id: I5d43dc23f90ef630834fb400751979fcc5e18203
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/365180
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Jeremy Leconte <jleconte@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Cr-Commit-Position: refs/heads/main@{#43225}
This reverts commit 65ae3245f9380e46b1d755f3f452ba63ab6cdf8d.
Reason for revert: breaks downstream compilation
Original change's description:
> Spanify SRTP key export
>
> and simplify the interface used as this is only used for exporting
> SRTP keys and passing arcane OpenSSL arguments around does not make
> much sense.
>
> BUG=webrtc:357776213
>
> Change-Id: I9e5a94fe368b77975e48b6dd5ab6a2d2575d6382
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/364521
> Commit-Queue: Philipp Hancke <phancke@meta.com>
> Reviewed-by: Harald Alvestrand <hta@webrtc.org>
> Reviewed-by: Florent Castelli <orphis@webrtc.org>
> Cr-Commit-Position: refs/heads/main@{#43198}
Bug: webrtc:357776213
Change-Id: I03ffcda3d6821718f355b243ce78a9c54b4036f3
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/365062
Bot-Commit: rubber-stamper@appspot.gserviceaccount.com <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Jeremy Leconte <jleconte@webrtc.org>
Owners-Override: Jeremy Leconte <jleconte@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43202}
and simplify the interface used as this is only used for exporting
SRTP keys and passing arcane OpenSSL arguments around does not make
much sense.
BUG=webrtc:357776213
Change-Id: I9e5a94fe368b77975e48b6dd5ab6a2d2575d6382
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/364521
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Florent Castelli <orphis@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43198}
since 1024 is already deprecated by OpenSSL and causes "too small key"
issues on systems enforcing a minimum size. Similar issue here:
https://github.com/nodejs/node/pull/44498
The minimum key size is not yet changed from 1024, this will require more effort for deprecation.
BUG=webrtc:364338811
Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/361128
Reviewed-by: David Benjamin <davidben@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Cr-Commit-Position: refs/heads/main@{#43110}
Move it away from the "proprietary" SSL_CIPHER_get_id and looking up the cipher based on that towards SSL_CIPHER_standard_name.
SSL_CIPHER_get_id and the associated GetSslCipherSuite API is kept around for
WebRTC.PeerConnection.SslCipherSuite.*
UMA metrics and metrics compability (despite not yielding the IANA ids it promises).
BUG=None
Change-Id: Iaa357e3e31dc90abea688cf6ca10c0b40582ef38
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/363202
Reviewed-by: David Benjamin <davidben@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43097}
This is a reland of commit e77d75193f4f61cf90991569c5470ba5d1b78f2b.
No changes were required to the CL, downstream tests have been fixed.
Original change's description:
> Disable TLS session ticket for DTLS
>
> since it makes no sense for the WebRTC usage of DTLS and increases
> the size of the last handshake flight considerably
> Guarded by killswitch
> WebRTC-DisableTlsSessionTicketKillswitch
>
> BUG=webrtc:367181089
>
> Co-authored-by: Jody Ho <jodyho@meta.com>
> Change-Id: I4bb17bba8a17c65c8e0fefe2d8962974703feee7
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/362526
> Reviewed-by: Harald Alvestrand <hta@webrtc.org>
> Reviewed-by: David Benjamin <davidben@webrtc.org>
> Commit-Queue: Philipp Hancke <phancke@meta.com>
> Cr-Commit-Position: refs/heads/main@{#43046}
Bug: webrtc:367181089
Change-Id: I4b3f813e4a0dd4d0458ee14c15c51ee6f9b84461
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/363220
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43066}
This reverts commit e77d75193f4f61cf90991569c5470ba5d1b78f2b.
Reason for revert: Speculative rollback (breaks downstream test).
Original change's description:
> Disable TLS session ticket for DTLS
>
> since it makes no sense for the WebRTC usage of DTLS and increases
> the size of the last handshake flight considerably
> Guarded by killswitch
> WebRTC-DisableTlsSessionTicketKillswitch
>
> BUG=webrtc:367181089
>
> Co-authored-by: Jody Ho <jodyho@meta.com>
> Change-Id: I4bb17bba8a17c65c8e0fefe2d8962974703feee7
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/362526
> Reviewed-by: Harald Alvestrand <hta@webrtc.org>
> Reviewed-by: David Benjamin <davidben@webrtc.org>
> Commit-Queue: Philipp Hancke <phancke@meta.com>
> Cr-Commit-Position: refs/heads/main@{#43046}
Bug: webrtc:367181089
Change-Id: I02b59232fae9f729341811042a02f7cf346d4bbe
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/362982
Bot-Commit: rubber-stamper@appspot.gserviceaccount.com <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#43052}
since it makes no sense for the WebRTC usage of DTLS and increases
the size of the last handshake flight considerably
Guarded by killswitch
WebRTC-DisableTlsSessionTicketKillswitch
BUG=webrtc:367181089
Co-authored-by: Jody Ho <jodyho@meta.com>
Change-Id: I4bb17bba8a17c65c8e0fefe2d8962974703feee7
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/362526
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: David Benjamin <davidben@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Cr-Commit-Position: refs/heads/main@{#43046}
BoringSSL includes cannot be included in an OpenSSL build.
Links the SSL related target against the crypto and ssl libs
the proper way.
Bug: None
Change-Id: I4252e6207815d7d7e35bb8d4d966e3d1b83e659d
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/358941
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Commit-Queue: Florent Castelli <orphis@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#42754}
since we do not need two adapters with TLS and DTLS modes.
SSLAdapter is the TLS adapter,
SSLStreamAdapter is the DTLS adapter.
BUG=webrtc:353750117
Change-Id: I223917c71c88437339380e1f196dcf3c0e2021c8
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/354940
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#42713}
this is flipping
WebRTC-PermuteTlsClientHello
to a killswitch in the SSLStreamAdapter used for DTLS.
BUG=webrtc:42225803
Change-Id: I942851c474ec5e723c5b6c9f6206e7eafbe80ea4
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/357901
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Reviewed-by: Danil Chapovalov <danilchap@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#42676}
In its stead, there's now a SetEventCallback() method.
Bug: webrtc:11943
Change-Id: If936d6e1e23e8a584f06feb123ecf2d450ea4145
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/319040
Commit-Queue: Tomas Gunnarsson <tommi@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#42187}
This is a step towards removing StreamInterface::SignalEvent.
Downstream dependency will need to be updated to call FireEvent()
before further changes can land in webrtc.
Bug: webrtc:11943
Change-Id: Ia7d3f1c43fda52b7cf5bfa082aef3f462553cd67
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/347884
Commit-Queue: Tomas Gunnarsson <tommi@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#42143}
This is a follow-up to:
https://webrtc-review.googlesource.com/c/src/+/318640
The problem was that the scoped field trials in the tests only
applied to the construction of the streams, not the handshake.
Note, although the changes are in OpenSSLStreamAdapter, this CL
actually fixes the SSLStreamAdapterTestDTLSExtensionPermutation tests
in rtc_base/ssl_stream_adapter_unittest.cc.
Bug: webrtc:15467
Change-Id: I25cdd758aab1bc67fd7a6a61c956c6d52f82e3d1
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/344762
Commit-Queue: Tomas Gunnarsson <tommi@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#41976}
which has been enabled by default since M84. This was still available
under an enterprise policy which is gone since M121:
https://chromiumdash.appspot.com/commit/39d28bb7657b482f1fdcab81ca88371d8914809b
BUG=webrtc:10261,chromium:1132854
Change-Id: Icd534342b60799b7862bc3e7edda6825de7ae976
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/317360
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Guido Urdaneta <guidou@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@microsoft.com>
Cr-Commit-Position: refs/heads/main@{#41145}
Also removing has_slots depdency from OpenSSLStreamAdapter and moving
it to the OpenSSLStreamAdapter subclass where it's still needed.
Bug: webrtc:11943
Change-Id: Ibcae5ea1efff146d78b32bb0eca63d7f44ed08c1
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/318885
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Tomas Gunnarsson <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#40702}
Remove internal use of SignalSSLHandshakeError and prepare removal of
sigslot dependency from SSLStreamAdapter.
Bug: webrtc:11943
Change-Id: I9768e2e31529945620bdd8d0d285042bb2388b7b
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/318881
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Tomas Gunnarsson <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#40695}
This cleans up the last vestiges of the old interface for rtc::StreamInterface
and will cause builds to refer to the old functions to fail.
Bug: webrtc:14632
Change-Id: I569b16677754d7f9e08449e273672a59a86e6498
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/283844
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Tomas Gunnarsson <tommi@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#38784}
After changing base functions to a CHECK instead of an =0, these
are no longer needed.
Bug: webrtc:14632
Change-Id: If3f1a62905cf433486f4974b2153c9210d1e045b
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/283542
Reviewed-by: Tomas Gunnarsson <tommi@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#38643}
Updates the code to use the new interfaces
Bug: webrtc:14632
Change-Id: I33b2a25b5968de0251e3cbc84076afc013ecef6e
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/282680
Reviewed-by: Tomas Gunnarsson <tommi@webrtc.org>
Reviewed-by: Danil Chapovalov <danilchap@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#38601}
A bug in the id being searched for inside OpenSSLStreamAdapter::SslCipherSuiteToName prevented the lookup from ever succeeding.
This resulted in this stat being unavailable when calling PeerConnection::GetStats(). To fix the problem, look for (0x03000000L | cipher_suite) which matches what the BoringSSL codepath is doing.
Bug: webrtc:14596
Change-Id: Ic36d77dbc4c2378fbde1e2f21a9f5bd735b36741
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/280100
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Henrik Boström <hbos@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#38460}
which signals a permanent connection failure to the application
BUG=webrtc:13999
Change-Id: I7ba25db4aa9035583558a613db97561c48796c76
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/260100
Reviewed-by: Jonas Oreland <jonaso@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Philipp Hancke <philipp.hancke@googlemail.com>
Cr-Commit-Position: refs/heads/main@{#36700}
This is part of a large-scale effort to increase adoption of
absl::string_view across the WebRTC code base.
This CL converts the majority of "const std::string&"s in function
parameters under rtc_base/ to absl::string_view.
Bug: webrtc:13579
Change-Id: I2b1e3776aa42326aa405f76bb324a2d233b21dca
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/254081
Reviewed-by: Niels Moller <nisse@webrtc.org>
Reviewed-by: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Xavier Lepaul <xalep@webrtc.org>
Reviewed-by: Anders Lilienthal <andersc@webrtc.org>
Reviewed-by: Per Kjellander <perkj@webrtc.org>
Commit-Queue: Ali Tofigh <alito@webrtc.org>
Cr-Commit-Position: refs/heads/main@{#36239}
