Bug 1928110 - Vendor libwebrtc from d79a1859e0

Upstream commit: https://webrtc.googlesource.com/src/+/d79a1859e058b6a030177b24ed8e4bb14525af79 ssl: increase default RSA key size to 2048 bits since 1024 is already deprecated by OpenSSL and causes "too small key" issues on systems enforcing a minimum size. Similar issue here: nodejs/node#44498 The minimum key size is not yet changed from 1024, this will require more effort for deprecation. BUG=webrtc:364338811 Change-Id: Id4b24a2c289ec5e3f112288d32b8ac697ba1cfed Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/361128 Reviewed-by: David Benjamin <davidben@webrtc.org> Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Philipp Hancke <phancke@meta.com> Cr-Commit-Position: refs/heads/main@{#43110}
i3roly · Nov 19, 2024 · 1ae747c · 1ae747c
1 parent 1664daa
commit 1ae747c
Show file tree

Hide file tree

Showing 7 changed files with 142 additions and 93 deletions.
diff --git a/third_party/libwebrtc/README.moz-ff-commit b/third_party/libwebrtc/README.moz-ff-commit
@@ -33123,3 +33123,6 @@ a6e555648e
 # MOZ_LIBWEBRTC_SRC=/home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc MOZ_LIBWEBRTC_BRANCH=mozpatches bash dom/media/webrtc/third_party_build/fast-forward-libwebrtc.sh
 # base of lastest vendoring
 a6fbb35ac1
+# MOZ_LIBWEBRTC_SRC=/home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc MOZ_LIBWEBRTC_BRANCH=mozpatches bash dom/media/webrtc/third_party_build/fast-forward-libwebrtc.sh
+# base of lastest vendoring
+d79a1859e0
diff --git a/third_party/libwebrtc/README.mozilla b/third_party/libwebrtc/README.mozilla
@@ -22108,3 +22108,5 @@ libwebrtc updated from /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc
 libwebrtc updated from /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2024-11-19T17:34:26.240686.
 # ./mach python dom/media/webrtc/third_party_build/vendor-libwebrtc.py --from-local /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc --commit mozpatches libwebrtc
 libwebrtc updated from /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2024-11-19T17:35:25.280581.
+# ./mach python dom/media/webrtc/third_party_build/vendor-libwebrtc.py --from-local /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc --commit mozpatches libwebrtc
+libwebrtc updated from /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2024-11-19T17:36:24.201635.
diff --git a/third_party/libwebrtc/rtc_base/boringssl_identity.cc b/third_party/libwebrtc/rtc_base/boringssl_identity.cc
@@ -129,6 +129,7 @@ std::unique_ptr<SSLIdentity> BoringSSLIdentity::CreateFromPEMChainStrings(
       uint32_t err = ERR_peek_error();
       if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
           ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
+        err = ERR_get_error();
         break;
       }
       RTC_LOG(LS_ERROR) << "Failed to parse certificate from PEM string.";

diff --git a/third_party/libwebrtc/rtc_base/openssl_identity.cc b/third_party/libwebrtc/rtc_base/openssl_identity.cc
@@ -128,6 +128,7 @@ std::unique_ptr<SSLIdentity> OpenSSLIdentity::CreateFromPEMChainStrings(
       uint32_t err = ERR_peek_error();
       if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
           ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
+        err = ERR_get_error();
         break;
       }
       RTC_LOG(LS_ERROR) << "Failed to parse certificate from PEM string: "

diff --git a/third_party/libwebrtc/rtc_base/openssl_stream_adapter.cc b/third_party/libwebrtc/rtc_base/openssl_stream_adapter.cc
@@ -1131,8 +1131,10 @@ static const cipher_list OK_RSA_ciphers[] = {
 #ifdef TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA256
     CDEF(ECDHE_RSA_WITH_AES_256_GCM_SHA256),
 #endif
-#ifdef TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+#ifdef TLS1_CK_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256  // BoringSSL.
     CDEF(ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256),
+#elif defined(TLS1_RFC_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)  // OpenSSL.
+    CDEF(ECDHE_RSA_WITH_CHACHA20_POLY1305),
 #endif
 };
 
@@ -1143,8 +1145,10 @@ static const cipher_list OK_ECDSA_ciphers[] = {
 #ifdef TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256
     CDEF(ECDHE_ECDSA_WITH_AES_256_GCM_SHA256),
 #endif
-#ifdef TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+#ifdef TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256  // BoringSSL.
     CDEF(ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256),
+#elif defined(TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305)  // OpenSSL.
+    CDEF(ECDHE_ECDSA_WITH_CHACHA20_POLY1305),
 #endif
 };
 #undef CDEF

diff --git a/third_party/libwebrtc/rtc_base/ssl_identity.h b/third_party/libwebrtc/rtc_base/ssl_identity.h
@@ -32,8 +32,9 @@ class SSLCertificate;
 // KT_DEFAULT is used as the default KeyType for KeyParams.
 enum KeyType { KT_RSA, KT_ECDSA, KT_LAST, KT_DEFAULT = KT_ECDSA };
 
-static const int kRsaDefaultModSize = 1024;
+static const int kRsaDefaultModSize = 2048;
 static const int kRsaDefaultExponent = 0x10001;  // = 2^16+1 = 65537
+// TODO(bugs.webrtc.org/364338811): raise the bar to 2048 bits.
 static const int kRsaMinModSize = 1024;
 static const int kRsaMaxModSize = 8192;