2 * Copyright (c) 2014, Ericsson AB. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without modification,
5 * are permitted provided that the following conditions are met:
7 * 1. Redistributions of source code must retain the above copyright notice, this
8 * list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright notice, this
11 * list of conditions and the following disclaimer in the documentation and/or other
12 * materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
18 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
21 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
32 #include "gstdtlsagent.h"
35 # define __AVAILABILITYMACROS__
36 # define DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER
39 #include <openssl/err.h>
40 #include <openssl/ssl.h>
42 GST_DEBUG_CATEGORY_STATIC (gst_dtls_agent_debug);
43 #define GST_CAT_DEFAULT gst_dtls_agent_debug
52 static GParamSpec *properties[NUM_PROPERTIES];
54 struct _GstDtlsAgentPrivate
58 GstDtlsCertificate *certificate;
61 G_DEFINE_TYPE_WITH_PRIVATE (GstDtlsAgent, gst_dtls_agent, GST_TYPE_OBJECT);
63 static void gst_dtls_agent_finalize (GObject * gobject);
64 static void gst_dtls_agent_set_property (GObject *, guint prop_id,
65 const GValue *, GParamSpec *);
66 const gchar *gst_dtls_agent_peek_id (GstDtlsAgent *);
68 #if OPENSSL_VERSION_NUMBER < 0x10100000L
69 static GRWLock *ssl_locks;
72 ssl_locking_function (gint mode, gint lock_num, const gchar * file, gint line)
78 locking = mode & CRYPTO_LOCK;
79 reading = mode & CRYPTO_READ;
80 lock = &ssl_locks[lock_num];
82 GST_TRACE_OBJECT (NULL, "%s SSL lock for %s, thread=%p location=%s:%d",
83 locking ? "locking" : "unlocking", reading ? "reading" : "writing",
84 g_thread_self (), file, line);
88 g_rw_lock_reader_lock (lock);
90 g_rw_lock_writer_lock (lock);
94 g_rw_lock_reader_unlock (lock);
96 g_rw_lock_writer_unlock (lock);
102 ssl_thread_id_function (CRYPTO_THREADID * id)
104 CRYPTO_THREADID_set_pointer (id, g_thread_self ());
109 _gst_dtls_init_openssl (void)
111 static gsize is_init = 0;
113 if (g_once_init_enter (&is_init)) {
114 GST_DEBUG_CATEGORY_INIT (gst_dtls_agent_debug, "dtlsagent", 0,
117 if (OPENSSL_VERSION_NUMBER < 0x1000100fL) {
118 GST_WARNING_OBJECT (NULL,
119 "Incorrect OpenSSL version, should be >= 1.0.1, is %s",
120 OPENSSL_VERSION_TEXT);
121 g_assert_not_reached ();
123 #if OPENSSL_VERSION_NUMBER < 0x10100000L
124 GST_INFO_OBJECT (NULL, "initializing openssl %lx", OPENSSL_VERSION_NUMBER);
126 SSL_load_error_strings ();
127 ERR_load_BIO_strings ();
129 if (!CRYPTO_get_locking_callback ()) {
132 num_locks = CRYPTO_num_locks ();
133 ssl_locks = g_new (GRWLock, num_locks);
134 for (i = 0; i < num_locks; ++i) {
135 g_rw_lock_init (&ssl_locks[i]);
137 CRYPTO_set_locking_callback (ssl_locking_function);
138 CRYPTO_THREADID_set_callback (ssl_thread_id_function);
142 g_once_init_leave (&is_init, 1);
147 gst_dtls_agent_class_init (GstDtlsAgentClass * klass)
149 GObjectClass *gobject_class = G_OBJECT_CLASS (klass);
151 gobject_class->set_property = gst_dtls_agent_set_property;
152 gobject_class->finalize = gst_dtls_agent_finalize;
154 properties[PROP_CERTIFICATE] =
155 g_param_spec_object ("certificate",
156 "GstDtlsCertificate",
157 "Sets the certificate of the agent",
158 GST_TYPE_DTLS_CERTIFICATE,
159 G_PARAM_WRITABLE | G_PARAM_CONSTRUCT_ONLY | G_PARAM_STATIC_STRINGS);
161 g_object_class_install_properties (gobject_class, NUM_PROPERTIES, properties);
163 _gst_dtls_init_openssl ();
167 ssl_warn_cb (const char *str, size_t len, void *u)
169 GstDtlsAgent *self = u;
170 GST_WARNING_OBJECT (self, "ssl error: %s", str);
175 gst_dtls_agent_init (GstDtlsAgent * self)
177 GstDtlsAgentPrivate *priv = gst_dtls_agent_get_instance_private (self);
182 #if OPENSSL_VERSION_NUMBER >= 0x1000200fL
183 priv->ssl_context = SSL_CTX_new (DTLS_method ());
185 priv->ssl_context = SSL_CTX_new (DTLSv1_method ());
187 if (!priv->ssl_context) {
188 GST_WARNING_OBJECT (self, "Error creating SSL Context");
189 ERR_print_errors_cb (ssl_warn_cb, self);
191 g_return_if_reached ();
193 /* If any non-fatal issues happened, print them out and carry on */
194 if (ERR_peek_error ()) {
195 ERR_print_errors_cb (ssl_warn_cb, self);
199 SSL_CTX_set_verify_depth (priv->ssl_context, 2);
200 SSL_CTX_set_tlsext_use_srtp (priv->ssl_context, "SRTP_AES128_CM_SHA1_80");
201 SSL_CTX_set_cipher_list (priv->ssl_context,
202 "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH");
203 SSL_CTX_set_read_ahead (priv->ssl_context, 1);
204 #if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) && (OPENSSL_VERSION_NUMBER < 0x10100000L)
205 SSL_CTX_set_ecdh_auto (priv->ssl_context, 1);
210 gst_dtls_agent_finalize (GObject * gobject)
212 GstDtlsAgentPrivate *priv = GST_DTLS_AGENT (gobject)->priv;
214 SSL_CTX_free (priv->ssl_context);
215 priv->ssl_context = NULL;
217 g_clear_object (&priv->certificate);
219 GST_DEBUG_OBJECT (gobject, "finalized");
221 G_OBJECT_CLASS (gst_dtls_agent_parent_class)->finalize (gobject);
225 gst_dtls_agent_set_property (GObject * object, guint prop_id,
226 const GValue * value, GParamSpec * pspec)
228 GstDtlsAgent *self = GST_DTLS_AGENT (object);
229 GstDtlsCertificate *certificate;
232 case PROP_CERTIFICATE:
233 certificate = GST_DTLS_CERTIFICATE (g_value_get_object (value));
234 g_return_if_fail (GST_IS_DTLS_CERTIFICATE (certificate));
235 g_return_if_fail (self->priv->ssl_context);
237 self->priv->certificate = certificate;
238 g_object_ref (certificate);
240 if (!SSL_CTX_use_certificate (self->priv->ssl_context,
241 _gst_dtls_certificate_get_internal_certificate (certificate))) {
242 GST_WARNING_OBJECT (self, "could not use certificate");
243 g_return_if_reached ();
246 if (!SSL_CTX_use_PrivateKey (self->priv->ssl_context,
247 _gst_dtls_certificate_get_internal_key (certificate))) {
248 GST_WARNING_OBJECT (self, "could not use private key");
249 g_return_if_reached ();
252 if (!SSL_CTX_check_private_key (self->priv->ssl_context)) {
253 GST_WARNING_OBJECT (self, "invalid private key");
254 g_return_if_reached ();
258 G_OBJECT_WARN_INVALID_PROPERTY_ID (self, prop_id, pspec);
263 gst_dtls_agent_get_certificate (GstDtlsAgent * self)
265 g_return_val_if_fail (GST_IS_DTLS_AGENT (self), NULL);
266 if (self->priv->certificate) {
267 g_object_ref (self->priv->certificate);
269 return self->priv->certificate;
273 gst_dtls_agent_get_certificate_pem (GstDtlsAgent * self)
276 g_return_val_if_fail (GST_IS_DTLS_AGENT (self), NULL);
277 g_return_val_if_fail (GST_IS_DTLS_CERTIFICATE (self->priv->certificate),
280 g_object_get (self->priv->certificate, "pem", &pem, NULL);
285 const GstDtlsAgentContext
286 _gst_dtls_agent_peek_context (GstDtlsAgent * self)
288 g_return_val_if_fail (GST_IS_DTLS_AGENT (self), NULL);
289 return self->priv->ssl_context;