Changeset 249798 in webkit

Timestamp:

Sep 11, 2019 11:51:46 PM (5 years ago)

Author:

youenn@apple.com

Message:

Source/ThirdParty/libwebrtc:
Disable DTLS1.0
​https://bugs.webkit.org/show_bug.cgi?id=201679

Reviewed by Alex Christensen.

• Source/webrtc/rtc_base/opensslstreamadapter.cc:

Set minimum version to DTLS1.2 when DTLS1.2 is supported.
This makes sure any client will never downgrade to DTLS1.0.

Source/WebCore:
Disable DTLS1.0
​https://bugs.webkit.org/show_bug.cgi?id=201679

Reviewed by Alex Christensen.

Add an option to force to use DTLS1.0 and nothing else.
Add internals API to enter in that mode to verify that normal configurations cannot communicate with DTLS1.0.

Test: webrtc/datachannel/dtls10.html

• platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:

(WebCore::LibWebRTCProvider::setEnableWebRTCEncryption):
(WebCore::LibWebRTCProvider::setUseDTLS10):

• platform/mediastream/libwebrtc/LibWebRTCProvider.h:
• testing/Internals.cpp:

(WebCore::Internals::setUseDTLS10):

• testing/Internals.h:
• testing/Internals.idl:

LayoutTests:
Disable DTLS10
​https://bugs.webkit.org/show_bug.cgi?id=201679

Reviewed by Alex Christensen.

• webrtc/datachannel/dtls10-expected.txt: Added.
• webrtc/datachannel/dtls10.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/webrtc/datachannel/dtls10-expected.txt (added)
• LayoutTests/webrtc/datachannel/dtls10.html (added)
• Source/ThirdParty/libwebrtc/ChangeLog (modified) (1 diff)
• Source/ThirdParty/libwebrtc/Source/webrtc/rtc_base/opensslstreamadapter.cc (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.cpp (modified) (1 diff)
• Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.h (modified) (2 diffs)
• Source/WebCore/testing/Internals.cpp (modified) (1 diff)
• Source/WebCore/testing/Internals.h (modified) (1 diff)
• Source/WebCore/testing/Internals.idl (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2019-09-11  Youenn Fablet  <youenn@apple.com>
+
+        Disable DTLS10
+        https://bugs.webkit.org/show_bug.cgi?id=201679
+
+        Reviewed by Alex Christensen.
+
+        * webrtc/datachannel/dtls10-expected.txt: Added.
+        * webrtc/datachannel/dtls10.html: Added.
+
 2019-09-11  Saam Barati  <sbarati@apple.com>
 

trunk/Source/ThirdParty/libwebrtc/ChangeLog

@@ +1 @@
+2019-09-11  Youenn Fablet  <youenn@apple.com>
+
+        Disable DTLS1.0
+        https://bugs.webkit.org/show_bug.cgi?id=201679
+
+        Reviewed by Alex Christensen.
+
+        * Source/webrtc/rtc_base/opensslstreamadapter.cc:
+        Set minimum version to DTLS1.2 when DTLS1.2 is supported.
+        This makes sure any client will never downgrade to DTLS1.0.
+
 2019-08-29  Keith Rollin  <krollin@apple.com>
 

trunk/Source/ThirdParty/libwebrtc/Source/webrtc/rtc_base/opensslstreamadapter.cc

@@ -1032 +1032 @@
     case SSL_PROTOCOL_TLS_12:
     default:
+#if defined(WEBRTC_WEBKIT_BUILD)
+      SSL_CTX_set_min_proto_version(
+          ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);
+#endif
       SSL_CTX_set_max_proto_version(
           ctx, ssl_mode_ == SSL_MODE_DTLS ? DTLS1_2_VERSION : TLS1_2_VERSION);

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2019-09-11  Youenn Fablet  <youenn@apple.com>
+
+        Disable DTLS1.0
+        https://bugs.webkit.org/show_bug.cgi?id=201679
+
+        Reviewed by Alex Christensen.
+
+        Add an option to force to use DTLS1.0 and nothing else.
+        Add internals API to enter in that mode to verify that normal configurations cannot communicate with DTLS1.0.
+
+        Test: webrtc/datachannel/dtls10.html
+
+        * platform/mediastream/libwebrtc/LibWebRTCProvider.cpp:
+        (WebCore::LibWebRTCProvider::setEnableWebRTCEncryption):
+        (WebCore::LibWebRTCProvider::setUseDTLS10):
+        * platform/mediastream/libwebrtc/LibWebRTCProvider.h:
+        * testing/Internals.cpp:
+        (WebCore::Internals::setUseDTLS10):
+        * testing/Internals.h:
+        * testing/Internals.idl:
+
 2019-09-11  Keith Rollin  <krollin@apple.com>
 

trunk/Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.cpp

@@ -307 +307 @@
     webrtc::PeerConnectionFactoryInterface::Options options;
     options.disable_encryption = !enableWebRTCEncryption;
+    options.ssl_max_version = m_useDTLS10 ? rtc::SSL_PROTOCOL_DTLS_10 : rtc::SSL_PROTOCOL_DTLS_12;
+    m_factory->SetOptions(options);
+}
+
+void LibWebRTCProvider::setUseDTLS10(bool useDTLS10)
+{
+    m_useDTLS10 = useDTLS10;
+
+    auto* factory = this->factory();
+    if (!factory)
+        return;
+
+    webrtc::PeerConnectionFactoryInterface::Options options;
+    options.ssl_max_version = useDTLS10 ? rtc::SSL_PROTOCOL_DTLS_10 : rtc::SSL_PROTOCOL_DTLS_12;
     m_factory->SetOptions(options);
 }

trunk/Source/WebCore/platform/mediastream/libwebrtc/LibWebRTCProvider.h

@@ -119 +119 @@
     void setEnableLogging(bool);
     void setEnableWebRTCEncryption(bool);
+    void setUseDTLS10(bool);
 
     virtual std::unique_ptr<rtc::PacketSocketFactory> createSocketFactory(PAL::SessionID, String&& /* userAgent */) { return nullptr; }
@@ -139 +140 @@
     bool m_supportsVP8 { false };
     bool m_enableLogging { true };
+    bool m_useDTLS10 { false };
 #endif
 };

trunk/Source/WebCore/testing/Internals.cpp

@@ -1513 +1513 @@
 #endif
 }
+
+void Internals::setUseDTLS10(bool useDTLS10)
+{
+#if USE(LIBWEBRTC)
+    auto* document = contextDocument();
+    if (!document || !document->page())
+        return;
+    document->page()->libWebRTCProvider().setUseDTLS10(useDTLS10);
+#endif
+}
+
 #endif
 

trunk/Source/WebCore/testing/Internals.h

@@ -542 +542 @@
     void applyRotationForOutgoingVideoSources(RTCPeerConnection&);
     void setEnableWebRTCEncryption(bool);
+    void setUseDTLS10(bool);
 #endif
 

trunk/Source/WebCore/testing/Internals.idl

@@ -619 +619 @@
     [Conditional=WEB_RTC] void clearPeerConnectionFactory();
     [Conditional=WEB_RTC] void setEnableWebRTCEncryption(boolean enabled);
+    [Conditional=WEB_RTC] void setUseDTLS10(boolean use);
 
     [Conditional=VIDEO] void simulateSystemSleep();