8e3e9fdb5a
MT#55283 use allocated memory for stream stats
Allocate memory from bufferpool for per-stream stats. No functional
change, but it allows sharing these between kernel and user space.
Change-Id: I370a49e1d94bb91c7fd0a2bc7d00ba65f99c4f6a
2 years ago
d6b09b53ea
MT#55283 add version test for X509_STORE_CTX_get0_cert
Looks like this didn't exist prior to 1.1.1
Fix-up for 8fba68f2c9
2 years ago
afd85a4f94
MT#55283 leave SRTP keys in place after DTLS shut
closes #1772
Change-Id: Iaf80e7314730537ca56112cd5f9e1f9c85ca6e3c
2 years ago
cd4f6608cd
MT#55283 convert struct stream_fd to typedef
Change-Id: I1435a5f755cb99833535d995871f1e9050f0ec73
2 years ago
4e7078834f
MT#55283 use typed GQueue for stream_fd
Change-Id: I75544a48c79481473effa9651f1ad2b59b234dc6
2 years ago
8fba68f2c9
MT#55283 verify "zero" DTLS cert
... instead of "current" if available
closes #1771
Change-Id: Id1b742b2446d4d59b3de251a1d1a5dcbed86834a
2 years ago
469789bf19
MT#55283 make code checkers happy
Fix all instances of argument-less function signatures.
Fix all instances of auto-cleanup variables declared after they need to
be in scope.
Change-Id: I3a005df03ede971e08d4f62d7c7711a1913fda5e
2 years ago
1de9aee92d
MT#55283 limit cname length
Thread comm names are limited in length. Make sure not to try to set
names that are too long.
Change-Id: I5e41e1d0d4b65af41fc0b356ad54df86df6f0b82
2 years ago
ac7d5e8dc3
MT#56374 remove DTLS timer from poller_timer
Use a dedicated looper thread instead of using the 1 Hz poller timer.
Change-Id: If63b240274121642043999725c72164240421110
2 years ago
850a1a582e
MT#57820 fix possible NULL deref
Don't attempt to send packets to an endpoint address that is empty and
hasn't been initialised.
Change-Id: Iabeb034ebfc56fc49083c6a10a85b92c6983eebc
2 years ago
1a28b73a2d
MT#55283 Rename aux -> helpers
Windows doesn't allow a file to be named aux, so checkout fails.
closes #1686
Change-Id: I4667561f430ec8d4767d2313890839754be77322
3 years ago
2f4f6d5273
MT#55283 Handle dtls retransmissions
closes #1311
closes #1649
Change-Id: Ibb07715377e813959401d5782d0d07b158417537
3 years ago
8f17f140eb
MT#55283 support generating a=tls-id
RFC 8842
Change-Id: I197e0e80205f6c732c0f8441091c8fda9191e675
3 years ago
387895b61c
TT#44805 add bookkeeping for output stream stats
Change-Id: I353d3785e79e9e3c53154de93f48d7229cf6643e
3 years ago
aed9279176
TT#172650 update for OpenSSL >= 3.0
closes #1477
Change-Id: I0d5c14f12dd4525d63b435a565f97b5f8abcd81e
4 years ago
cf076fc074
TT#172650 support EC keys for DTLS certificate
Change-Id: I695e9b334ce26c26de6a98a5d48fc930f6bebf41
4 years ago
b171029ccf
TT#172650 don't double free RSA key in case of failure
Change-Id: I9f314c5af3ce58020bdc092a52f03f76e22a9896
4 years ago
4ce91f52d0
TT#172650 use custom software ID string for cert CN
Change-Id: Ie52196bc492c9ad791b4a619410795e2dadbe1f0
4 years ago
008c4c7dce
TT#172650 update dtls_signature field to enum
Change-Id: I83bb566131b4fc6d00a6323ccd9b105bb01fd53f
4 years ago
af948b498a
TT#172650 don't segfault if no DTLS cert is available
Change-Id: Ic567b2f585aaa199766168c250f019183036f314
4 years ago
4a173c2ebc
TT#14008 fix erroneous crypto reset after rejecting DTLS
If DTLS is rejected in an answer via `DTLS=off` we must forget that DTLS
was previously offered, as otherwise a re-invite would detect the
fingerprint as changed if the re-invite doesn't offer DTLS again. We
also make sure DTLS is shut down if during stream init DTLS is not
given, when it was present before.
Change-Id: I48ee6f0ec5ec02f558a6799951552ea2272d0e96
4 years ago
d824acf69a
TT#91151 don't send DTLS to trickle ICE addresses
Change-Id: Ie2519391e30479547f8d6e4239d6d65c316c34b9
4 years ago
dd58a1a42d
TT#14008 reset SRTP index on endpoint change
closes #1277
Change-Id: If951bc8abdfb1cec88abf5fc6e36d48aff575e98
5 years ago
575435db73
Squashed commit of the following:
commit fd25c8e281e4e106f423
5 years ago
6fc793845b
TT#111150 Use {} instead of ; to mark an empty body
Change-Id: Ib87db24dbb0d89cb03052e7b8a2e8d8802246c33
Warned-by: gcc -Wempty-body
5 years ago
d5d0a3a994
TT#111150 convert str.len to size_t
This makes the type in line with string(3) functions and eliminates some
compiler warnings.
Also update the related bencode data type.
Change-Id: I7ef4024f4b5a0f737b3dbe03bcd078032395bce6
5 years ago
07716a6a85
TT#108003 Do not print the DTLS certificate and private key on OOM
When open_memstream() fails, we should not try to write to it.
Change-Id: I9f92a1e1cc4aebe005039f28e5e3219e323e63c6
Warned-by: coverity
5 years ago
e671a5dcab
TT#108552 prefer sha-256 over sha-1
Change-Id: I1c54b6410d492a2dbd7169f000c84ecebf9d817c
5 years ago
6602a3a7c5
TT#108551 add kernel support for AEAD-AES-GCM
Also amends tests plus additional clean ups
Closes #1133
Change-Id: I0dad7b8aad9cff1b019323c7ac5a356830ab09ad
5 years ago
30733ec5cd
TT#97301 support granular log levels
Change-Id: Ife458bd2449f61113a3e6db1708821570d92dc23
5 years ago
a4d0a35430
TT#101653 eliminate superfluous log messages
Change-Id: I1fdeaac3b301e4b6bd70b4ae207505bca1d3c0a3
5 years ago
cd3652e81a
TT#97302 fix some DTLS negotiation issues
add explicit flag for fingerprint length instead of using the hash
function
restart DTLS after a shutdown due to a reset
clear fingerprint buffer when running the hash
suppress stray log message when no fingerprint was seen yet
add option to test script
closes #1095
Change-Id: Ic58ea6c5aa48a215743d6a3c1b371fc4a5ea77ce
5 years ago
dc4775d5ce
TT#97302 respond with the same DTLS hash func as was offered
Change-Id: Id72df1083b5d329fa33875853981ec471440a6c1
5 years ago
4d2291846c
fix compilation without deprecated OpenSSL APIs
Signed-off-by: Rosen Penev <rosenp@gmail.com>
5 years ago
ec061bba6f
TT#84804 add new DTLS-reverse flag
closes #1038
Change-Id: Ic58b3e3c3d1fec75a2c6ea9ddb260141d9a2831f
5 years ago
a6d2f92962
Solve Valgrind "possibly lost" for redis and dtls
6 years ago
abe7caf066
TT#75350 update cipher lists and make the configurable
closes #918
Change-Id: I949810a7c84679eac25f65784f97fdd2e9abb07d
6 years ago
0cd8883639
TT#78203 add SRTP debug options
closes #956
Change-Id: I751f6bc1ea9228b257f6258dbb1927276db10c99
6 years ago
e3ec97f858
TT#50652 add -Wstrict-prototypes everywhere
Change-Id: Ic5b5fcb892a8f70196478f8622d956bdea373422
7 years ago
a44a9bf9f0
fixing memory leaks
8 years ago
16024d2e7a
create explicit per-stream DTLS context for ICE
fixes #500
Change-Id: Iee3d9ab1c19a6992ae043896eb500b3961de3edc
8 years ago
2fc2b3bab7
fix possible null pointer segfault when using log level 7
Apparently it's possible that ps->selected_sfd is not from the ps->sfds
list, in which case the selected_sfd->crypto context will be left
uninitialized.
fixes #489
Change-Id: I844d9ba1d7e97a80b1f26769c1ea1e99cc2320b9
8 years ago
620cf6125a
version test macro for DTLS_set_link_mtu
closes #479
Change-Id: Ie0546cf77d1532c88ecf94f0476ce505e845a0cc
8 years ago
3885da946b
workaround for buggy OpenSSL that produces incorrectly fragmented DTLS
closes #413
Change-Id: Iead12e5c1b2387c15923a1cff7f7abcd9267b4bb
8 years ago
e84fd8612b
fix incorrect DTLS context being used with ICE
fixes #451
Change-Id: I4db956bd9e8234862a7dd3ee492a6ed2778150d3
8 years ago
dffbddb2d6
don't use g_ prefix for global variables
Change-Id: Ifd843b01d7fccf294f97fdf48308c71268e1b8ae
8 years ago
6824865c10
DTLS: Fix potential double BIO_free
We should set init to 1 after calling SSL_set_bio(), otherwise if
we fail to call EC_KEY_new_by_curve_name(), we will free r_bio and
w_bio twice: one with BIO_free(), and the other with SSL_free().
9 years ago
5e3ce30272
TT#14008 add missing DTLS locks
fixes possible segfaults due to race conditions
fixes #283
Change-Id: I7efba57d914163986c294b8fb1dd9531d5ef7a89
9 years ago
e85759a3b8
fix some errors caught by coverity
Change-Id: I3f5bfc2df00ab9b031eef5a1c71b6ff3ba25e60c
9 years ago
1d5668d793
compile fixes for openssl >= 1.1.0
Change-Id: I815c89dde5b6e85b9887dcaf04c25f0a45dcfd5c
9 years ago
Richard Fuchs
Michal Hajek
Orgad Shaneh
Dennis Yurasov
Tinotenda Chingosho
Guillem Jover
Rosen Penev
Stefan Mititelu
Jerzy Ptak
Changli Gao