[Opalvoip-svn] SF.net SVN: opalvoip:[31782] ptlib/trunk
Brought to you by:
csoutheren,
rjongbloed
Menu
▾
▴
[Opalvoip-svn] SF.net SVN: opalvoip:[31782] ptlib/trunk
|
From: <rjo...@us...> - 2014-04-16 09:20:00
|
Revision: 31782
http://sourceforge.net/p/opalvoip/code/31782
Author: rjongbloed
Date: 2014-04-16 09:19:57 +0000 (Wed, 16 Apr 2014)
Log Message:
-----------
Applied patch #275 Some fixes for DTLS, thanks Sysolyatin Pavel
Modified Paths:
--------------
ptlib/trunk/include/ptclib/pssl.h
ptlib/trunk/src/ptclib/pssl.cxx
Modified: ptlib/trunk/include/ptclib/pssl.h
===================================================================
--- ptlib/trunk/include/ptclib/pssl.h 2014-04-16 09:04:02 UTC (rev 31781)
+++ ptlib/trunk/include/ptclib/pssl.h 2014-04-16 09:19:57 UTC (rev 31782)
@@ -944,6 +944,11 @@
virtual PBoolean RawSSLRead(void * buf, PINDEX & len);
+ /**Get the internal SSL context structure.
+ */
+ operator ssl_st *() const { return m_ssl; }
+
+
protected:
void Construct(PSSLContext * ctx, PBoolean autoDel);
virtual bool InternalAccept();
@@ -1003,6 +1008,7 @@
PBYTEArray GetKeyMaterial() const;
protected:
+ virtual PBoolean OnOpen();
virtual bool InternalAccept();
virtual bool InternalConnect();
Modified: ptlib/trunk/src/ptclib/pssl.cxx
===================================================================
--- ptlib/trunk/src/ptclib/pssl.cxx 2014-04-16 09:04:02 UTC (rev 31781)
+++ ptlib/trunk/src/ptclib/pssl.cxx 2014-04-16 09:19:57 UTC (rev 31782)
@@ -2113,7 +2113,7 @@
bool PSSLContext::SetExtension(const char * extension)
{
- return SSL_CTX_set_tlsext_use_srtp(m_context, extension) != 0;
+ return SSL_CTX_set_tlsext_use_srtp(m_context, extension) == 0;
}
@@ -2562,9 +2562,9 @@
class PSSLChannelDTLS::Implementation : public PObject
{
public:
- Implementation(SSL * ssl)
+ Implementation(PSSLChannelDTLS& aChannel)
: m_handshakeFinished(false)
- , m_ssl(ssl)
+ , m_channel(aChannel)
, m_socket(NULL)
, m_waitResponse(false)
, m_outBio(BIO_new(BIO_s_mem()))
@@ -2573,10 +2573,10 @@
BIO_set_mem_eof_return(m_inBio, -1);
BIO_set_mem_eof_return(m_outBio, -1);
- SSL_set_bio(m_ssl, m_inBio, m_outBio);
+ SSL_set_bio(m_channel, m_inBio, m_outBio);
- SSL_set_mode(m_ssl, SSL_MODE_AUTO_RETRY);
- SSL_set_read_ahead(m_ssl, 1);
+ SSL_set_mode(m_channel, SSL_MODE_AUTO_RETRY);
+ SSL_set_read_ahead(m_channel, 1);
m_readTimer.SetNotifier(PCREATE_NOTIFIER(OnReadTimeout));
}
@@ -2617,8 +2617,15 @@
return true;
}
- ret = SSL_do_handshake(m_ssl);
+ // Reset for retransmit.
+ if (isReceive && frameSize == 0)
+ {
+ m_waitResponse = false;
+ return true;
+ }
+ ret = SSL_do_handshake(m_channel);
+
errbuf[0] = 0;
ERR_error_string_n(ERR_peek_error(), errbuf, sizeof(errbuf));
@@ -2627,7 +2634,7 @@
unsigned char *outBioData;
outBioLen = BIO_get_mem_data(m_outBio, &outBioData);
- ret = SSL_get_error(m_ssl, ret);
+ ret = SSL_get_error(m_channel, ret);
switch (ret)
{
case SSL_ERROR_NONE:
@@ -2658,7 +2665,7 @@
if (outBioLen)
{
PTRACE(4, "DTLSChannel\tWrite " << outBioLen << " bytes to " << *m_socket);
- if (!m_socket->Write(outBioData, outBioLen))
+ if (m_socket == NULL || !m_socket->Write(outBioData, outBioLen))
{
PTRACE(2, "DTLSChannel\tCan't write to socket... " << outBioLen);
return false;
@@ -2673,7 +2680,7 @@
if (CompleteHandshake())
{
if (!m_callback.IsNULL())
- m_callback(*this, false);
+ m_callback(m_channel, false);
}
else
return false;
@@ -2688,7 +2695,7 @@
bool CompleteHandshake()
{
- SRTP_PROTECTION_PROFILE *p = SSL_get_selected_srtp_profile(m_ssl);
+ SRTP_PROTECTION_PROFILE *p = SSL_get_selected_srtp_profile(m_channel);
if (!p)
{
PTRACE(2, "DTLSChannel\tSSL_get_selected_srtp_profile returned NULL: " << ERR_error_string(ERR_get_error(), NULL));
@@ -2696,13 +2703,16 @@
}
m_profile = p->name;
- static const PINDEX MaxKeySize = (256 >> 3) // rfc5764 4.1.2. SRTP Protection Profiles
- + (112 >> 3); // rfc5764 4.1.2. SRTP Protection Profiles
- ;
static PConstString const KeyMaterialName("EXTRACTOR-dtls_srtp");
- if (SSL_export_keying_material(m_ssl,
- m_keyMaterial.GetPointer(MaxKeySize), MaxKeySize,
+ static const PINDEX MaxKeySize = ((256 >> 3) // rfc5764 4.1.2. SRTP Protection Profiles, key
+ +(112 >> 3) // rfc5764 4.1.2. SRTP Protection Profiles, salt
+ )*2;
+
+ memset(m_keyMaterial.GetPointer(MaxKeySize), 0, MaxKeySize);
+
+ if (SSL_export_keying_material(m_channel,
+ m_keyMaterial.GetPointer(), MaxKeySize,
KeyMaterialName, KeyMaterialName.GetLength(),
NULL, 0, 0) == 1)
return true;
@@ -2715,11 +2725,11 @@
{
PTRACE(2, "DTLSChannel\tHandshake retransmit...");
if (!Handshake(NULL, 0, true) && !m_callback.IsNULL())
- m_callback(*this, true); // Failed!
+ m_callback(m_channel, true); // Failed!
}
bool m_handshakeFinished;
- SSL* m_ssl;
+ PSSLChannelDTLS& m_channel;
PUDPSocket * m_socket;
PTimer m_readTimer;
bool m_waitResponse;
@@ -2735,15 +2745,17 @@
PSSLChannelDTLS::PSSLChannelDTLS(PSSLContext * context, bool autoDeleteContext)
: PSSLChannel(context, autoDeleteContext)
- , m_imp(new Implementation(m_ssl))
+ , m_imp(new Implementation(*this))
{
+ PTRACE(4, "Create PSSLChannelDTLS instance.");
}
PSSLChannelDTLS::PSSLChannelDTLS(PSSLContext & context)
: PSSLChannel(context)
- , m_imp(new Implementation(m_ssl))
+ , m_imp(new Implementation(*this))
{
+ PTRACE(4, "Create PSSLChannelDTLS instance.");
}
@@ -2793,7 +2805,7 @@
{
if ((m_imp->m_socket = dynamic_cast<PUDPSocket *>(GetReadChannel())) == NULL)
return false;
- SSL_set_accept_state(m_ssl);
+ SSL_set_accept_state(*this);
return true;
}
@@ -2802,11 +2814,16 @@
{
if ((m_imp->m_socket = dynamic_cast<PUDPSocket *>(GetReadChannel())) == NULL)
return false;
- SSL_set_connect_state(m_ssl);
+ SSL_set_connect_state(*this);
return true;
}
+PBoolean PSSLChannelDTLS::OnOpen()
+{
+ return true;
+}
+
#else
#pragma message("SSL support (via OpenSSL) DISABLED")
#endif // P_SSL
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|