commit de276ceeb412f21f7aa4d30302022868b309f0ee
parent 43679f07da163f6ae9feb7d130d3ba94e55f1be4
Author: Michael Froman <mfroman@mozilla.com>
Date: Thu, 9 Oct 2025 15:01:39 -0500
Bug 1993083 - Vendor libwebrtc from 2ae34ea70c
Upstream commit: https://webrtc.googlesource.com/src/+/2ae34ea70cc43326eb4a3e0fc769f573078f693d
Remove PeerConnectionFactory::crypto_options
and prepare for making it not optional in the RTCConfiguration.
Bug: webrtc:42235111
Change-Id: Idcb675e54b32d0172936553c1eb2909e6e0c48cd
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/398643
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Guido Urdaneta <guidou@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@meta.com>
Cr-Commit-Position: refs/heads/main@{#45171}
Diffstat:
7 files changed, 61 insertions(+), 59 deletions(-)
diff --git a/third_party/libwebrtc/README.mozilla.last-vendor b/third_party/libwebrtc/README.mozilla.last-vendor
@@ -1,4 +1,4 @@
# ./mach python dom/media/webrtc/third_party_build/vendor-libwebrtc.py --from-local /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc --commit mozpatches libwebrtc
-libwebrtc updated from /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2025-10-09T20:00:24.951344+00:00.
+libwebrtc updated from /home/mfroman/mozilla/elm/.moz-fast-forward/moz-libwebrtc commit mozpatches on 2025-10-09T20:01:29.528201+00:00.
# base of lastest vendoring
-e83b2bd4c4
+2ae34ea70c
diff --git a/third_party/libwebrtc/api/peer_connection_interface.h b/third_party/libwebrtc/api/peer_connection_interface.h
@@ -655,8 +655,7 @@ class RTC_EXPORT PeerConnectionInterface : public RefCountInterface {
bool active_reset_srtp_params = false;
// Defines advanced optional cryptographic settings related to SRTP and
- // frame encryption for native WebRTC. Setting this will overwrite any
- // settings set in PeerConnectionFactory (which is deprecated).
+ // frame encryption for native WebRTC.
std::optional<CryptoOptions> crypto_options;
// Configure if we should include the SDP attribute extmap-allow-mixed in
@@ -1526,9 +1525,6 @@ class RTC_EXPORT PeerConnectionFactoryInterface : public RefCountInterface {
// supported by both ends will be used for the connection, i.e. if one
// party supports DTLS 1.0 and the other DTLS 1.2, DTLS 1.0 will be used.
SSLProtocolVersion ssl_max_version = SSL_PROTOCOL_DTLS_12;
-
- // Sets crypto related options, e.g. enabled cipher suites.
- CryptoOptions crypto_options = {};
};
// Set the options to be used for subsequently created PeerConnections.
diff --git a/third_party/libwebrtc/pc/peer_connection.cc b/third_party/libwebrtc/pc/peer_connection.cc
@@ -298,6 +298,7 @@ RTCErrorOr<PeerConnectionInterface::RTCConfiguration> ApplyConfiguration(
existing_configuration;
modified_config.servers = configuration.servers;
modified_config.type = configuration.type;
+ modified_config.crypto_options = configuration.crypto_options;
modified_config.ice_candidate_pool_size =
configuration.ice_candidate_pool_size;
modified_config.prune_turn_ports = configuration.prune_turn_ports;
@@ -687,11 +688,9 @@ JsepTransportController* PeerConnection::InitializeTransportController_n(
config.disable_encryption = options_.disable_encryption;
config.bundle_policy = configuration.bundle_policy;
config.rtcp_mux_policy = configuration.rtcp_mux_policy;
- // TODO(bugs.webrtc.org/9891) - Remove options_.crypto_options then remove
- // this stub.
config.crypto_options = configuration.crypto_options.has_value()
? *configuration.crypto_options
- : options_.crypto_options;
+ : CryptoOptions();
// Maybe enable PQC from FieldTrials
config.crypto_options.ephemeral_key_exchange_cipher_groups.Update(
@@ -2968,11 +2967,10 @@ RTCError PeerConnection::StartSctpTransport(const SctpOptions& options) {
CryptoOptions PeerConnection::GetCryptoOptions() {
RTC_DCHECK_RUN_ON(signaling_thread());
- // TODO(bugs.webrtc.org/9891) - Remove PeerConnectionFactory::CryptoOptions
- // after it has been removed.
- return configuration_.crypto_options.has_value()
- ? *configuration_.crypto_options
- : options_.crypto_options;
+ if (!configuration_.crypto_options) {
+ configuration_.crypto_options = CryptoOptions();
+ }
+ return *configuration_.crypto_options;
}
void PeerConnection::ClearStatsCache() {
diff --git a/third_party/libwebrtc/pc/peer_connection.h b/third_party/libwebrtc/pc/peer_connection.h
@@ -414,8 +414,8 @@ class PeerConnection : public PeerConnectionInternal,
RTCError StartSctpTransport(const SctpOptions& options) override;
// Returns the CryptoOptions for this PeerConnection. This will always
- // return the RTCConfiguration.crypto_options if set and will only default
- // back to the PeerConnectionFactory settings if nothing was set.
+ // return the RTCConfiguration.crypto_options if set and return a stock
+ // configuration if nothing was set.
CryptoOptions GetCryptoOptions() override;
// Internal implementation for AddTransceiver family of methods. If
diff --git a/third_party/libwebrtc/pc/peer_connection_integrationtest.cc b/third_party/libwebrtc/pc/peer_connection_integrationtest.cc
@@ -1804,35 +1804,45 @@ TEST_P(PeerConnectionIntegrationTest, CallerDtls10ToCalleeDtls12) {
// works as expected; the cipher should only be used if enabled by both sides.
TEST_P(PeerConnectionIntegrationTest,
Aes128Sha1_32_CipherNotUsedWhenOnlyCallerSupported) {
- PeerConnectionFactory::Options caller_options;
- caller_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
- PeerConnectionFactory::Options callee_options;
- callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher =
- false;
+ RTCConfiguration caller_config;
+ CryptoOptions caller_crypto;
+ caller_crypto.srtp.enable_aes128_sha1_32_crypto_cipher = true;
+ caller_config.crypto_options = caller_crypto;
+ RTCConfiguration callee_config;
+ CryptoOptions callee_crypto;
+ callee_crypto.srtp.enable_aes128_sha1_32_crypto_cipher = false;
+ callee_config.crypto_options = callee_crypto;
int expected_cipher_suite = kSrtpAes128CmSha1_80;
- TestNegotiatedCipherSuite(caller_options, callee_options,
+ TestNegotiatedCipherSuite(caller_config, callee_config,
expected_cipher_suite);
}
TEST_P(PeerConnectionIntegrationTest,
Aes128Sha1_32_CipherNotUsedWhenOnlyCalleeSupported) {
- PeerConnectionFactory::Options caller_options;
- caller_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher =
- false;
- PeerConnectionFactory::Options callee_options;
- callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
+ RTCConfiguration caller_config;
+ CryptoOptions caller_crypto;
+ caller_crypto.srtp.enable_aes128_sha1_32_crypto_cipher = false;
+ caller_config.crypto_options = caller_crypto;
+ RTCConfiguration callee_config;
+ CryptoOptions callee_crypto;
+ callee_crypto.srtp.enable_aes128_sha1_32_crypto_cipher = true;
+ callee_config.crypto_options = callee_crypto;
int expected_cipher_suite = kSrtpAes128CmSha1_80;
- TestNegotiatedCipherSuite(caller_options, callee_options,
+ TestNegotiatedCipherSuite(caller_config, callee_config,
expected_cipher_suite);
}
TEST_P(PeerConnectionIntegrationTest, Aes128Sha1_32_CipherUsedWhenSupported) {
- PeerConnectionFactory::Options caller_options;
- caller_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
- PeerConnectionFactory::Options callee_options;
- callee_options.crypto_options.srtp.enable_aes128_sha1_32_crypto_cipher = true;
+ RTCConfiguration caller_config;
+ CryptoOptions caller_crypto;
+ caller_crypto.srtp.enable_aes128_sha1_32_crypto_cipher = true;
+ caller_config.crypto_options = caller_crypto;
+ RTCConfiguration callee_config;
+ CryptoOptions callee_crypto;
+ callee_crypto.srtp.enable_aes128_sha1_32_crypto_cipher = true;
+ callee_config.crypto_options = callee_crypto;
int expected_cipher_suite = kSrtpAes128CmSha1_32;
- TestNegotiatedCipherSuite(caller_options, callee_options,
+ TestNegotiatedCipherSuite(caller_config, callee_config,
expected_cipher_suite);
}
@@ -1862,11 +1872,12 @@ TEST_P(PeerConnectionIntegrationTest, GcmCipherUsedWhenOnlyGcmSupported) {
// only verify that a GCM cipher is negotiated, and not necessarily that SRTP
// works with it.
TEST_P(PeerConnectionIntegrationTest, EndToEndCallWithGcmCipher) {
- PeerConnectionFactory::Options gcm_options;
- gcm_options.crypto_options.srtp.enable_gcm_crypto_suites = true;
- gcm_options.crypto_options.srtp.enable_aes128_sha1_80_crypto_cipher = false;
- ASSERT_TRUE(
- CreatePeerConnectionWrappersWithOptions(gcm_options, gcm_options));
+ RTCConfiguration gcm_config;
+ CryptoOptions gcm_options;
+ gcm_options.srtp.enable_gcm_crypto_suites = true;
+ gcm_options.srtp.enable_aes128_sha1_80_crypto_cipher = false;
+ gcm_config.crypto_options = gcm_options;
+ ASSERT_TRUE(CreatePeerConnectionWrappersWithConfig(gcm_config, gcm_config));
ConnectFakeSignaling();
// Do normal offer/answer and wait for some frames to be received in each
// direction.
diff --git a/third_party/libwebrtc/pc/peer_connection_internal.h b/third_party/libwebrtc/pc/peer_connection_internal.h
@@ -88,9 +88,7 @@ class PeerConnectionSdpMethods {
virtual bool dtls_enabled() const = 0;
virtual const PeerConnectionFactoryInterface::Options* options() const = 0;
- // Returns the CryptoOptions for this PeerConnection. This will always
- // return the RTCConfiguration.crypto_options if set and will only default
- // back to the PeerConnectionFactory settings if nothing was set.
+ // Returns the CryptoOptions for this PeerConnection.
virtual CryptoOptions GetCryptoOptions() = 0;
virtual JsepTransportController* transport_controller_s() = 0;
virtual JsepTransportController* transport_controller_n() = 0;
diff --git a/third_party/libwebrtc/pc/test/integration_test_helpers.h b/third_party/libwebrtc/pc/test/integration_test_helpers.h
@@ -1874,12 +1874,11 @@ class PeerConnectionIntegrationBaseTest : public ::testing::Test {
callee()->pc()->Close();
}
- void TestNegotiatedCipherSuite(
- const PeerConnectionFactory::Options& caller_options,
- const PeerConnectionFactory::Options& callee_options,
- int expected_cipher_suite) {
- ASSERT_TRUE(CreatePeerConnectionWrappersWithOptions(caller_options,
- callee_options));
+ void TestNegotiatedCipherSuite(const RTCConfiguration& caller_config,
+ const RTCConfiguration& callee_config,
+ int expected_cipher_suite) {
+ ASSERT_TRUE(
+ CreatePeerConnectionWrappersWithConfig(caller_config, callee_config));
ConnectFakeSignaling();
caller()->AddAudioVideoTracks();
callee()->AddAudioVideoTracks();
@@ -1896,17 +1895,17 @@ class PeerConnectionIntegrationBaseTest : public ::testing::Test {
bool remote_gcm_enabled,
bool aes_ctr_enabled,
int expected_cipher_suite) {
- PeerConnectionFactory::Options caller_options;
- caller_options.crypto_options.srtp.enable_gcm_crypto_suites =
- local_gcm_enabled;
- caller_options.crypto_options.srtp.enable_aes128_sha1_80_crypto_cipher =
- aes_ctr_enabled;
- PeerConnectionFactory::Options callee_options;
- callee_options.crypto_options.srtp.enable_gcm_crypto_suites =
- remote_gcm_enabled;
- callee_options.crypto_options.srtp.enable_aes128_sha1_80_crypto_cipher =
- aes_ctr_enabled;
- TestNegotiatedCipherSuite(caller_options, callee_options,
+ RTCConfiguration caller_config;
+ CryptoOptions caller_crypto;
+ caller_crypto.srtp.enable_gcm_crypto_suites = local_gcm_enabled;
+ caller_crypto.srtp.enable_aes128_sha1_80_crypto_cipher = aes_ctr_enabled;
+ caller_config.crypto_options = caller_crypto;
+ RTCConfiguration callee_config;
+ CryptoOptions callee_crypto;
+ callee_crypto.srtp.enable_gcm_crypto_suites = remote_gcm_enabled;
+ callee_crypto.srtp.enable_aes128_sha1_80_crypto_cipher = aes_ctr_enabled;
+ callee_config.crypto_options = callee_crypto;
+ TestNegotiatedCipherSuite(caller_config, callee_config,
expected_cipher_suite);
}
