Commit graph

35 commits

Author SHA1 Message Date
Jan Schmidt
760592a29c dtls: Avoid bio_buffer assertion on shutdown.
On shutdown, a previous iteration of dtsl_connection_process()
might be incomplete and leave a partial bio_buffer behind.

If the DTLS connection is already marked closed, drop out
of dtls_connection_process early without asserting.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1741>
2020-10-31 01:47:06 +00:00
Olivier Crête
8a0d1d85cf dtlsconnection: Ignore OpenSSL system call errors
OpenSSL shouldn't be making real system calls, so we can safely
ignore syscall errors. System interactions should happen through
our BIO. So especially don't look at the system's errno, as it
should be meaningless.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1656>
2020-10-10 15:34:21 +00:00
Sebastian Dröge
3864c9f97f gstdtlsconnection: Propagate errors from key export to the caller
Otherwise the DTLS connection silently does nothing instead of reporting
an error via the elements.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1156>
2020-06-26 10:20:04 +03:00
Miguel Paris
3dd2bbf23c dtlsconnection: do not set keys_exported flag if actually not exported
keys_exported flag should be set only if keys are actually exported.
For that the next conditions are needed:
  1 - SSL_export_keying_material on success
  2 - SSL_get_selected_srtp_profile returns a valid profile
  3 - The profile ID is SRTP_AES128_CM_SHA1_80 or SRTP_AES128_CM_SHA1_32

Also don't crash if NULL is returned as profile.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/-/merge_requests/1156>
2020-06-26 10:19:28 +03:00
Matthew Waters
8da177c0bf dtls/connection: fix EOF handling with openssl 1.1.1e
openssl 1.1.1e does some stricker EOF handling and will throw an error
if the EOF is unexpected (like in the middle of a record).  As we are
streaming data into openssl here, it is entirely possible that we push
data from multiple buffers/packets into openssl separately.

From the openssl changelog:

 Changes between 1.1.1d and 1.1.1e [17 Mar 2020]
  *) Properly detect EOF while reading in libssl. Previously if we hit an EOF
     while reading in libssl then we would report an error back to the
     application (SSL_ERROR_SYSCALL) but errno would be 0. We now add
     an error to the stack (which means we instead return SSL_ERROR_SSL) and
     therefore give a hint as to what went wrong.
     [Matt Caswell]

We can relax the EOF signalling to only return TRUE when we have stopped
for any reason (EOS, error).

Will also remove a spurious EOF error from previous openssl version.
2020-03-27 11:43:53 +11:00
Sebastian Dröge
7fcfb6c6c5 dtls: Keep track of the connection state and signal it through all the layers
This allows the application to keep track of the underlying DTLS
connection state and act accordingly.
2020-01-19 11:16:34 +00:00
Sebastian Dröge
d66aa872ca dtls: Handle errors/close_notify at all steps and propagate through the layers properly
Previously we simply logged errors but never reported them to elements
or even to the user. Fatal errors are now properly reported.

Additionally proper connection closing is implemented based on EOS:
- dtlsenc: EOS will cause close_notify to be sent to the peer and only
           if the peer also sent back close_notify we will forward the
           EOS event.
- dtlsdec: EOS will be forwarded normally, this only means that the
           unterlying transport was closed. On receiving a DTLS packet
           containing close_notify, return EOS and send EOS downstream.
2020-01-19 11:16:34 +00:00
Sebastian Dröge
a132138f1c dtls: Propagate write errors backwards through dtlsenc/dtlsconnection 2020-01-19 11:16:34 +00:00
Sebastian Dröge
ee55dac8d4 dtls: Use a plain function pointer instead of a GClosure for the send callback
There's not point in using GClosure and going through all the
GValue/libffi infrastructure for each DTLS packet.
2020-01-19 11:16:34 +00:00
Niels De Graef
d8f61515d8 Don't pass default GLib marshallers for signals
By passing NULL to `g_signal_new` instead of a marshaller, GLib will
actually internally optimize the signal (if the marshaller is available
in GLib itself) by also setting the valist marshaller. This makes the
signal emission a bit more performant than the regular marshalling,
which still needs to box into `GValue` and call libffi in case of a
generic marshaller.

Note that for custom marshallers, one would use
`g_signal_set_va_marshaller()` with the valist marshaller instead.
2019-11-06 14:27:46 +00:00
Ilya Smelykh
aa0dea09d6 dtls: fix dtls connection object leak 2019-07-25 10:21:29 +00:00
Jordan Petridis
1f562870ee Run gst-indent through the files
This is required before we enabled an indent test in the CI.

https://gitlab.freedesktop.org/gstreamer/gstreamer-project/issues/33
2018-11-28 14:18:26 +00:00
Jan Alexander Steffens (heftig)
b1509b1047 dtlsconnection: Print out errno info for syscall errors
As suggested in [the SSL_get_error manpage][1]. Upgrade the message to a
warning if the errno isn't 0 (success). The latter apparently means the
transport encountered an EOF (shutdown) without the shut down handshake
on the (D)TLS level. This happens quite often for otherwise normal DTLS
connections.

[1]: https://www.openssl.org/docs/man1.1.1/man3/SSL_get_error.html
2018-11-06 16:23:50 +00:00
Andreas Frisch
51f0307900 dtls: Properly display all errors/warnings from ERR queue
Print out all errors from the OpenSSL error queue instead of just
looking at the topmost error. Using the callback interface also removes
the need for formatting using a buffer on the stack.
2018-11-06 16:23:50 +00:00
Jan Alexander Steffens (heftig)
7bb6ce352b dtlsconnection: Replace if-else chain with switch
A more idiomatic construct for testing a bunch of integers.
2018-11-06 16:23:50 +00:00
Jan Alexander Steffens (heftig)
49cc7b8091 dtlsconnection: Clear error queue before SSL_do_handshake
As documented on [the SSL_get_error manpage][1] we need to empty the
error queue before making any call that we check with SSL_get_error.

[1]: https://www.openssl.org/docs/man1.1.1/man3/SSL_get_error.html
2018-11-06 16:23:50 +00:00
Jan Alexander Steffens (heftig)
fa92909d0d dtlsconnection: Lower BIO error log level to DEBUG
Periodic SSL_ERROR_SYSCALL errors with errno == 0 seem to be normal
behavior for DTLS connections.

Fixes https://gitlab.freedesktop.org/gstreamer/gst-plugins-bad/issues/677
2018-11-06 16:23:50 +00:00
Jan Alexander Steffens (heftig)
a9b9994738 dtlsconnection: Run gst-indent 2018-11-06 16:23:50 +00:00
Tim-Philipp Müller
3c6f642fa6 dtls: Update for g_type_class_add_private() deprecation in recent GLib 2018-06-24 01:06:24 +02:00
Matthew Waters
dc452aa799 dtls: don't leak the system clock
Obtain and release it as needed.
2018-02-05 17:44:33 +11:00
Daiki Ueno
e938933167 dtls: port to OpenSSL 1.1.0
Changes are:

- Use the wrapper functions to access opaque data types.  To preserve
  backward compatibility, define fallback definitions

- Remove the use of idiom "pqueue_size(ssl->d1->sent_messages)", since
  there is no replacement

- Use RSA_generate_key_ex instead of the deprecated RSA_generate_key

https://bugzilla.gnome.org/show_bug.cgi?id=773540
2016-10-31 12:49:11 +02:00
Jan Schmidt
587e7c4a23 Don't throw compiler warnings with G_DISABLE_ASSERT
Disable code that warns about unused variables when G_DISABLE_ASSERT
is defined, as it is in tarballs and pre-releases.
2015-09-18 00:29:51 +10:00
Jose Antonio Santos Cadenas
c44acd8bde dtlsconnection: Fix memory leak while setting closure
https://bugzilla.gnome.org/show_bug.cgi?id=749325
2015-05-13 19:10:34 +03:00
Sebastian Dröge
82b73713cb dtls: Pass the connection instance as data to the thread pool
No need to ref/unref the connection every time we push something on the pool.
However we have to provide non-NULL data to the pool, so let's just give it
some coffee.
2015-03-19 14:04:28 +01:00
Sebastian Dröge
602b1ca3d2 dtls: Remove unused thread struct field 2015-03-19 13:55:53 +01:00
Sebastian Dröge
fd609f6bc0 dtls: Use a shared thread pool for the timeouts
This way we will share threads with other DTLS connections if possible, and
don't have to start/stop threads for timeouts if there are many to be handled
in a short period of time.

Also use the system clock and async waiting on it for scheduling the timeouts.
2015-03-19 13:30:00 +01:00
Sebastian Dröge
4072666c7d dtls: Shutdown timeout thread when it's not needed
It is not needed most of the time and usually we have a thread
idling around doing nothing all the time after the first few seconds.
2015-03-18 18:21:35 +01:00
Sebastian Dröge
2082476efb dtls: Fix some search & replace mistakes from renaming the elements 2015-03-18 09:46:40 +01:00
Tim-Philipp Müller
9f06d36d95 dtls: make sure we actually log into the right debug category
GST_DTLS_USE_GST_LOG is not defined anywhere, so
we'd just log into the default category by accident.
We use the gst logging system unconditionally now,
so might just as well remove this #if #else.
2015-03-16 17:51:20 +00:00
Tim-Philipp Müller
86a889883e dtls: fix some more compiler warnings
gcc-4.9.2:
gstdtlsagent.c:114:1: error: old-style function definition
gstdtlsconnection.c:253:3: error: ISO C90 forbids mixed declarations and code
gstdtlsconnection.c:291:3: error: ISO C90 forbids mixed declarations and code
gstdtlsconnection.c:391:3: error: ISO C90 forbids mixed declarations and code
gstdtlsconnection.c:434:3: error: ISO C90 forbids mixed declarations and code
gstdtlsconnection.c:773:1: error: 'BIO_s_gst_dtls_connection' was used with no prototype before its definition
gstdtlsconnection.c:773:1: error: old-style function definition
2015-03-16 17:36:49 +00:00
Sebastian Dröge
d9344ad820 dtls: Unconditionally use GStreamer debug log system 2015-03-16 18:23:27 +01:00
Sebastian Dröge
936fa2f1c4 dtls: Re-namespace from Er to Gst 2015-03-16 18:23:27 +01:00
Sebastian Dröge
1de51fcf02 dtls: Fix some compiler warnings
gstdtlsconnection.c:128:32: error: passing 'const char [30]' to parameter of type 'void *'
      discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
      SSL_get_ex_new_index (0, "gstdtlsagent connection index", NULL, NULL,
                               ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/openssl/ssl.h:1981:43: note: passing argument to parameter 'argp' here
int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
                                          ^
gstdtlsconnection.c:822:40: error: arithmetic on a pointer to void is a GNU extension
      [-Werror,-Wpointer-arith]
  memcpy (out_buffer, priv->bio_buffer + priv->bio_buffer_offset, copy_size);
                      ~~~~~~~~~~~~~~~~ ^
2015-03-16 18:23:27 +01:00
Sebastian Dröge
6183e99eec dtls: Fix indention 2015-03-16 18:23:27 +01:00
Sebastian Dröge
1e0ed9af11 dtls: Add new DTLS plugin
This is a copy of the Ericsson DTLS plugin from
https://github.com/EricssonResearch/openwebrtc-gst-plugins/tree/master/ext/erdtls/src

https://bugzilla.gnome.org/show_bug.cgi?id=744582
2015-03-16 18:23:27 +01:00