Only use BoringSSL time callback in unit tests.

webrtc/base/opensslstreamadapter.cc

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
@@ skipping 20 matching lines @@
 #include "webrtc/base/safe_conversions.h"
 #include "webrtc/base/stream.h"
 #include "webrtc/base/openssl.h"
 #include "webrtc/base/openssladapter.h"
 #include "webrtc/base/openssldigest.h"
 #include "webrtc/base/opensslidentity.h"
 #include "webrtc/base/stringutils.h"
 #include "webrtc/base/timeutils.h"
 #include "webrtc/base/thread.h"
 
+namespace {
+  bool g_use_time_callback_for_testing = false;
+}
+
 namespace rtc {
 
 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L)
 #define HAVE_DTLS_SRTP
 #endif
 
 #ifdef HAVE_DTLS_SRTP
 // SRTP cipher suite table. |internal_name| is used to construct a
 // colon-separated profile strings which is needed by
 // SSL_CTX_set_tlsext_use_srtp().
 struct SrtpCipherMapEntry {
   const char* internal_name;
   const int id;
 };
 
 // This isn't elegant, but it's better than an external reference
 static SrtpCipherMapEntry SrtpCipherMap[] = {
     {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80},
     {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32},
     {"SRTP_AEAD_AES_128_GCM", SRTP_AEAD_AES_128_GCM},
     {"SRTP_AEAD_AES_256_GCM", SRTP_AEAD_AES_256_GCM},
     {nullptr, 0}};
 #endif
 
 #ifdef OPENSSL_IS_BORINGSSL
-static void TimeCallback(const SSL* ssl, struct timeval* out_clock) {
+// Not used in production code. Actual time should be relative to Jan 1, 1970.
+static void TimeCallbackForTesting(const SSL* ssl, struct timeval* out_clock) {
   int64_t time = TimeNanos();
   out_clock->tv_sec = time / kNumNanosecsPerSec;
   out_clock->tv_usec = (time % kNumNanosecsPerSec) / kNumNanosecsPerMicrosec;
 }
 #else  // #ifdef OPENSSL_IS_BORINGSSL
 
 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.
 struct SslCipherMapEntry {
   uint32_t openssl_id;
   const char* rfc_name;
@@ skipping 975 matching lines @@
     case SSL_PROTOCOL_TLS_11:
       SSL_CTX_set_max_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?
           DTLS1_VERSION : TLS1_1_VERSION);
       break;
     case SSL_PROTOCOL_TLS_12:
     default:
       SSL_CTX_set_max_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?
           DTLS1_2_VERSION : TLS1_2_VERSION);
       break;
   }
-  // Set a time callback for BoringSSL because:
-  // 1. Our time function is more accurate (doesn't just use gettimeofday).
-  // 2. This allows us to inject a fake clock for testing.
-  SSL_CTX_set_current_time_cb(ctx, &TimeCallback);
+  if (g_use_time_callback_for_testing) {
+    SSL_CTX_set_current_time_cb(ctx, &TimeCallbackForTesting);
+  }
 #endif
 
   if (identity_ && !identity_->ConfigureIdentity(ctx)) {
     SSL_CTX_free(ctx);
     return NULL;
   }
 
 #if !defined(NDEBUG)
   SSL_CTX_set_info_callback(ctx, OpenSSLAdapter::SSLInfoCallback);
 #endif
@@ skipping 180 matching lines @@
   if (key_type == KT_ECDSA) {
     for (const cipher_list& c : OK_ECDSA_ciphers) {
       if (cipher == c.cipher_str)
         return true;
     }
   }
 
   return false;
 }
 
+void OpenSSLStreamAdapter::enable_time_callback_for_testing() {
+  g_use_time_callback_for_testing = true;
+}
+
 }  // namespace rtc
 
 #endif  // HAVE_OPENSSL_SSL_H