| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/2229>
|
| |
|
|
|
|
|
|
|
|
| |
On shutdown, a previous iteration of dtsl_connection_process()
might be incomplete and leave a partial bio_buffer behind.
If the DTLS connection is already marked closed, drop out
of dtls_connection_process early without asserting.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1741>
|
| |
|
|
|
|
|
|
|
| |
OpenSSL shouldn't be making real system calls, so we can safely
ignore syscall errors. System interactions should happen through
our BIO. So especially don't look at the system's errno, as it
should be meaningless.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1656>
|
| |
|
|
|
|
|
| |
Otherwise the DTLS connection silently does nothing instead of reporting
an error via the elements.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1156>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
keys_exported flag should be set only if keys are actually exported.
For that the next conditions are needed:
1 - SSL_export_keying_material on success
2 - SSL_get_selected_srtp_profile returns a valid profile
3 - The profile ID is SRTP_AES128_CM_SHA1_80 or SRTP_AES128_CM_SHA1_32
Also don't crash if NULL is returned as profile.
Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1156>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
openssl 1.1.1e does some stricker EOF handling and will throw an error
if the EOF is unexpected (like in the middle of a record). As we are
streaming data into openssl here, it is entirely possible that we push
data from multiple buffers/packets into openssl separately.
From the openssl changelog:
Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
*) Properly detect EOF while reading in libssl. Previously if we hit an EOF
while reading in libssl then we would report an error back to the
application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
an error to the stack (which means we instead return SSL_ERROR_SSL) and
therefore give a hint as to what went wrong.
[Matt Caswell]
We can relax the EOF signalling to only return TRUE when we have stopped
for any reason (EOS, error).
Will also remove a spurious EOF error from previous openssl version.
|
| |
|
|
|
| |
This allows the application to keep track of the underlying DTLS
connection state and act accordingly.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
layers properly
Previously we simply logged errors but never reported them to elements
or even to the user. Fatal errors are now properly reported.
Additionally proper connection closing is implemented based on EOS:
- dtlsenc: EOS will cause close_notify to be sent to the peer and only
if the peer also sent back close_notify we will forward the
EOS event.
- dtlsdec: EOS will be forwarded normally, this only means that the
unterlying transport was closed. On receiving a DTLS packet
containing close_notify, return EOS and send EOS downstream.
|
| | |
|
| |
|
|
|
| |
There's not point in using GClosure and going through all the
GValue/libffi infrastructure for each DTLS packet.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
By passing NULL to `g_signal_new` instead of a marshaller, GLib will
actually internally optimize the signal (if the marshaller is available
in GLib itself) by also setting the valist marshaller. This makes the
signal emission a bit more performant than the regular marshalling,
which still needs to box into `GValue` and call libffi in case of a
generic marshaller.
Note that for custom marshallers, one would use
`g_signal_set_va_marshaller()` with the valist marshaller instead.
|
| | |
|
| |
|
|
|
|
| |
This is required before we enabled an indent test in the CI.
https://gitlab.freedesktop.org/gstreamer/gstreamer-project/issues/33
|
| |
|
|
|
|
|
|
|
|
| |
As suggested in [the SSL_get_error manpage][1]. Upgrade the message to a
warning if the errno isn't 0 (success). The latter apparently means the
transport encountered an EOF (shutdown) without the shut down handshake
on the (D)TLS level. This happens quite often for otherwise normal DTLS
connections.
[1]: https://www.openssl.org/docs/man1.1.1/man3/SSL_get_error.html
|
| |
|
|
|
|
| |
Print out all errors from the OpenSSL error queue instead of just
looking at the topmost error. Using the callback interface also removes
the need for formatting using a buffer on the stack.
|
| |
|
|
| |
A more idiomatic construct for testing a bunch of integers.
|
| |
|
|
|
|
|
| |
As documented on [the SSL_get_error manpage][1] we need to empty the
error queue before making any call that we check with SSL_get_error.
[1]: https://www.openssl.org/docs/man1.1.1/man3/SSL_get_error.html
|
| |
|
|
|
|
|
| |
Periodic SSL_ERROR_SYSCALL errors with errno == 0 seem to be normal
behavior for DTLS connections.
Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/issues/677
|
| | |
|
| | |
|
| |
|
|
| |
Obtain and release it as needed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes are:
- Use the wrapper functions to access opaque data types. To preserve
backward compatibility, define fallback definitions
- Remove the use of idiom "pqueue_size(ssl->d1->sent_messages)", since
there is no replacement
- Use RSA_generate_key_ex instead of the deprecated RSA_generate_key
https://bugzilla.gnome.org/show_bug.cgi?id=773540
|
| |
|
|
|
| |
Disable code that warns about unused variables when G_DISABLE_ASSERT
is defined, as it is in tarballs and pre-releases.
|
| |
|
|
| |
https://bugzilla.gnome.org/show_bug.cgi?id=749325
|
| |
|
|
|
|
| |
No need to ref/unref the connection every time we push something on the pool.
However we have to provide non-NULL data to the pool, so let's just give it
some coffee.
|
| | |
|
| |
|
|
|
|
|
|
| |
This way we will share threads with other DTLS connections if possible, and
don't have to start/stop threads for timeouts if there are many to be handled
in a short period of time.
Also use the system clock and async waiting on it for scheduling the timeouts.
|
| |
|
|
|
| |
It is not needed most of the time and usually we have a thread
idling around doing nothing all the time after the first few seconds.
|
| | |
|
| |
|
|
|
|
|
| |
GST_DTLS_USE_GST_LOG is not defined anywhere, so
we'd just log into the default category by accident.
We use the gst logging system unconditionally now,
so might just as well remove this #if #else.
|
| |
|
|
|
|
|
|
|
|
|
| |
gcc-4.9.2:
gstdtlsagent.c:114:1: error: old-style function definition
gstdtlsconnection.c:253:3: error: ISO C90 forbids mixed declarations and code
gstdtlsconnection.c:291:3: error: ISO C90 forbids mixed declarations and code
gstdtlsconnection.c:391:3: error: ISO C90 forbids mixed declarations and code
gstdtlsconnection.c:434:3: error: ISO C90 forbids mixed declarations and code
gstdtlsconnection.c:773:1: error: 'BIO_s_gst_dtls_connection' was used with no prototype before its definition
gstdtlsconnection.c:773:1: error: old-style function definition
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
gstdtlsconnection.c:128:32: error: passing 'const char [30]' to parameter of type 'void *'
discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
SSL_get_ex_new_index (0, "gstdtlsagent connection index", NULL, NULL,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/ssl.h:1981:43: note: passing argument to parameter 'argp' here
int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
^
gstdtlsconnection.c:822:40: error: arithmetic on a pointer to void is a GNU extension
[-Werror,-Wpointer-arith]
memcpy (out_buffer, priv->bio_buffer + priv->bio_buffer_offset, copy_size);
~~~~~~~~~~~~~~~~ ^
|
| | |
|
|
|
This is a copy of the Ericsson DTLS plugin from
https://github.com/EricssonResearch/openwebrtc-gst-plugins/tree/master/ext/erdtls/src
https://bugzilla.gnome.org/show_bug.cgi?id=744582
|
