[Opalvoip-svn] SF.net SVN: opalvoip:[31782] ptlib/trunk
Brought to you by:
csoutheren,
rjongbloed
From: <rjo...@us...> - 2014-04-16 09:20:00
|
Revision: 31782 http://sourceforge.net/p/opalvoip/code/31782 Author: rjongbloed Date: 2014-04-16 09:19:57 +0000 (Wed, 16 Apr 2014) Log Message: ----------- Applied patch #275 Some fixes for DTLS, thanks Sysolyatin Pavel Modified Paths: -------------- ptlib/trunk/include/ptclib/pssl.h ptlib/trunk/src/ptclib/pssl.cxx Modified: ptlib/trunk/include/ptclib/pssl.h =================================================================== --- ptlib/trunk/include/ptclib/pssl.h 2014-04-16 09:04:02 UTC (rev 31781) +++ ptlib/trunk/include/ptclib/pssl.h 2014-04-16 09:19:57 UTC (rev 31782) @@ -944,6 +944,11 @@ virtual PBoolean RawSSLRead(void * buf, PINDEX & len); + /**Get the internal SSL context structure. + */ + operator ssl_st *() const { return m_ssl; } + + protected: void Construct(PSSLContext * ctx, PBoolean autoDel); virtual bool InternalAccept(); @@ -1003,6 +1008,7 @@ PBYTEArray GetKeyMaterial() const; protected: + virtual PBoolean OnOpen(); virtual bool InternalAccept(); virtual bool InternalConnect(); Modified: ptlib/trunk/src/ptclib/pssl.cxx =================================================================== --- ptlib/trunk/src/ptclib/pssl.cxx 2014-04-16 09:04:02 UTC (rev 31781) +++ ptlib/trunk/src/ptclib/pssl.cxx 2014-04-16 09:19:57 UTC (rev 31782) @@ -2113,7 +2113,7 @@ bool PSSLContext::SetExtension(const char * extension) { - return SSL_CTX_set_tlsext_use_srtp(m_context, extension) != 0; + return SSL_CTX_set_tlsext_use_srtp(m_context, extension) == 0; } @@ -2562,9 +2562,9 @@ class PSSLChannelDTLS::Implementation : public PObject { public: - Implementation(SSL * ssl) + Implementation(PSSLChannelDTLS& aChannel) : m_handshakeFinished(false) - , m_ssl(ssl) + , m_channel(aChannel) , m_socket(NULL) , m_waitResponse(false) , m_outBio(BIO_new(BIO_s_mem())) @@ -2573,10 +2573,10 @@ BIO_set_mem_eof_return(m_inBio, -1); BIO_set_mem_eof_return(m_outBio, -1); - SSL_set_bio(m_ssl, m_inBio, m_outBio); + SSL_set_bio(m_channel, m_inBio, m_outBio); - SSL_set_mode(m_ssl, SSL_MODE_AUTO_RETRY); - SSL_set_read_ahead(m_ssl, 1); + SSL_set_mode(m_channel, SSL_MODE_AUTO_RETRY); + SSL_set_read_ahead(m_channel, 1); m_readTimer.SetNotifier(PCREATE_NOTIFIER(OnReadTimeout)); } @@ -2617,8 +2617,15 @@ return true; } - ret = SSL_do_handshake(m_ssl); + // Reset for retransmit. + if (isReceive && frameSize == 0) + { + m_waitResponse = false; + return true; + } + ret = SSL_do_handshake(m_channel); + errbuf[0] = 0; ERR_error_string_n(ERR_peek_error(), errbuf, sizeof(errbuf)); @@ -2627,7 +2634,7 @@ unsigned char *outBioData; outBioLen = BIO_get_mem_data(m_outBio, &outBioData); - ret = SSL_get_error(m_ssl, ret); + ret = SSL_get_error(m_channel, ret); switch (ret) { case SSL_ERROR_NONE: @@ -2658,7 +2665,7 @@ if (outBioLen) { PTRACE(4, "DTLSChannel\tWrite " << outBioLen << " bytes to " << *m_socket); - if (!m_socket->Write(outBioData, outBioLen)) + if (m_socket == NULL || !m_socket->Write(outBioData, outBioLen)) { PTRACE(2, "DTLSChannel\tCan't write to socket... " << outBioLen); return false; @@ -2673,7 +2680,7 @@ if (CompleteHandshake()) { if (!m_callback.IsNULL()) - m_callback(*this, false); + m_callback(m_channel, false); } else return false; @@ -2688,7 +2695,7 @@ bool CompleteHandshake() { - SRTP_PROTECTION_PROFILE *p = SSL_get_selected_srtp_profile(m_ssl); + SRTP_PROTECTION_PROFILE *p = SSL_get_selected_srtp_profile(m_channel); if (!p) { PTRACE(2, "DTLSChannel\tSSL_get_selected_srtp_profile returned NULL: " << ERR_error_string(ERR_get_error(), NULL)); @@ -2696,13 +2703,16 @@ } m_profile = p->name; - static const PINDEX MaxKeySize = (256 >> 3) // rfc5764 4.1.2. SRTP Protection Profiles - + (112 >> 3); // rfc5764 4.1.2. SRTP Protection Profiles - ; static PConstString const KeyMaterialName("EXTRACTOR-dtls_srtp"); - if (SSL_export_keying_material(m_ssl, - m_keyMaterial.GetPointer(MaxKeySize), MaxKeySize, + static const PINDEX MaxKeySize = ((256 >> 3) // rfc5764 4.1.2. SRTP Protection Profiles, key + +(112 >> 3) // rfc5764 4.1.2. SRTP Protection Profiles, salt + )*2; + + memset(m_keyMaterial.GetPointer(MaxKeySize), 0, MaxKeySize); + + if (SSL_export_keying_material(m_channel, + m_keyMaterial.GetPointer(), MaxKeySize, KeyMaterialName, KeyMaterialName.GetLength(), NULL, 0, 0) == 1) return true; @@ -2715,11 +2725,11 @@ { PTRACE(2, "DTLSChannel\tHandshake retransmit..."); if (!Handshake(NULL, 0, true) && !m_callback.IsNULL()) - m_callback(*this, true); // Failed! + m_callback(m_channel, true); // Failed! } bool m_handshakeFinished; - SSL* m_ssl; + PSSLChannelDTLS& m_channel; PUDPSocket * m_socket; PTimer m_readTimer; bool m_waitResponse; @@ -2735,15 +2745,17 @@ PSSLChannelDTLS::PSSLChannelDTLS(PSSLContext * context, bool autoDeleteContext) : PSSLChannel(context, autoDeleteContext) - , m_imp(new Implementation(m_ssl)) + , m_imp(new Implementation(*this)) { + PTRACE(4, "Create PSSLChannelDTLS instance."); } PSSLChannelDTLS::PSSLChannelDTLS(PSSLContext & context) : PSSLChannel(context) - , m_imp(new Implementation(m_ssl)) + , m_imp(new Implementation(*this)) { + PTRACE(4, "Create PSSLChannelDTLS instance."); } @@ -2793,7 +2805,7 @@ { if ((m_imp->m_socket = dynamic_cast<PUDPSocket *>(GetReadChannel())) == NULL) return false; - SSL_set_accept_state(m_ssl); + SSL_set_accept_state(*this); return true; } @@ -2802,11 +2814,16 @@ { if ((m_imp->m_socket = dynamic_cast<PUDPSocket *>(GetReadChannel())) == NULL) return false; - SSL_set_connect_state(m_ssl); + SSL_set_connect_state(*this); return true; } +PBoolean PSSLChannelDTLS::OnOpen() +{ + return true; +} + #else #pragma message("SSL support (via OpenSSL) DISABLED") #endif // P_SSL This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |