webrtc/base/opensslstreamadapter.cc - Issue 1981463002: Change initial DTLS retransmission timer from 1 second to 50ms.

Side by Side Diff: webrtc/base/opensslstreamadapter.cc

Issue 1981463002: Change initial DTLS retransmission timer from 1 second to 50ms. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master

Patch Set: Fixing typo in comment. Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 /*	1 /*

2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.	2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.

3 *	3 *

4 * Use of this source code is governed by a BSD-style license	4 * Use of this source code is governed by a BSD-style license

5 * that can be found in the LICENSE file in the root of the source	5 * that can be found in the LICENSE file in the root of the source

6 * tree. An additional intellectual property rights grant can be found	6 * tree. An additional intellectual property rights grant can be found

7 * in the file PATENTS. All contributing project authors may	7 * in the file PATENTS. All contributing project authors may

8 * be found in the AUTHORS file in the root of the source tree.	8 * be found in the AUTHORS file in the root of the source tree.

9 */	9 */

10	10

(...skipping 16 matching lines...) Expand all Loading...
27	27

28 #include "webrtc/base/common.h"	28 #include "webrtc/base/common.h"

29 #include "webrtc/base/logging.h"	29 #include "webrtc/base/logging.h"

30 #include "webrtc/base/safe_conversions.h"	30 #include "webrtc/base/safe_conversions.h"

31 #include "webrtc/base/stream.h"	31 #include "webrtc/base/stream.h"

32 #include "webrtc/base/openssl.h"	32 #include "webrtc/base/openssl.h"

33 #include "webrtc/base/openssladapter.h"	33 #include "webrtc/base/openssladapter.h"

34 #include "webrtc/base/openssldigest.h"	34 #include "webrtc/base/openssldigest.h"

35 #include "webrtc/base/opensslidentity.h"	35 #include "webrtc/base/opensslidentity.h"

36 #include "webrtc/base/stringutils.h"	36 #include "webrtc/base/stringutils.h"

	37 #include "webrtc/base/timeutils.h"

37 #include "webrtc/base/thread.h"	38 #include "webrtc/base/thread.h"

38	39

39 namespace rtc {	40 namespace rtc {

40	41

41 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L)	42 #if (OPENSSL_VERSION_NUMBER >= 0x10001000L)

42 #define HAVE_DTLS_SRTP	43 #define HAVE_DTLS_SRTP

43 #endif	44 #endif

44	45

45 #ifdef HAVE_DTLS_SRTP	46 #ifdef HAVE_DTLS_SRTP

46 // SRTP cipher suite table. \|internal_name\| is used to construct a	47 // SRTP cipher suite table. \|internal_name\| is used to construct a

47 // colon-separated profile strings which is needed by	48 // colon-separated profile strings which is needed by

48 // SSL_CTX_set_tlsext_use_srtp().	49 // SSL_CTX_set_tlsext_use_srtp().

49 struct SrtpCipherMapEntry {	50 struct SrtpCipherMapEntry {

50 const char* internal_name;	51 const char* internal_name;

51 const int id;	52 const int id;

52 };	53 };

53	54

54 // This isn't elegant, but it's better than an external reference	55 // This isn't elegant, but it's better than an external reference

55 static SrtpCipherMapEntry SrtpCipherMap[] = {	56 static SrtpCipherMapEntry SrtpCipherMap[] = {

56 {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80},	57 {"SRTP_AES128_CM_SHA1_80", SRTP_AES128_CM_SHA1_80},

57 {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32},	58 {"SRTP_AES128_CM_SHA1_32", SRTP_AES128_CM_SHA1_32},

58 {nullptr, 0}};	59 {nullptr, 0}};

59 #endif	60 #endif

60	61

61 #ifndef OPENSSL_IS_BORINGSSL	62 #ifdef OPENSSL_IS_BORINGSSL

	63 static void TimeCallback(const SSL* ssl, struct timeval* out_clock) {

	64 uint64_t time = TimeNanos();

	65 out_clock->tv_sec = time / kNumNanosecsPerSec;

	66 out_clock->tv_usec = time / kNumNanosecsPerMicrosec;

	67 }

	68 #else // #ifdef OPENSSL_IS_BORINGSSL

62	69

63 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.	70 // Cipher name table. Maps internal OpenSSL cipher ids to the RFC name.

64 struct SslCipherMapEntry {	71 struct SslCipherMapEntry {

65 uint32_t openssl_id;	72 uint32_t openssl_id;

66 const char* rfc_name;	73 const char* rfc_name;

67 };	74 };

68	75

69 #define DEFINE_CIPHER_ENTRY_SSL3(name) {SSL3_CK_##name, "TLS_"#name}	76 #define DEFINE_CIPHER_ENTRY_SSL3(name) {SSL3_CK_##name, "TLS_"#name}

70 #define DEFINE_CIPHER_ENTRY_TLS1(name) {TLS1_CK_##name, "TLS_"#name}	77 #define DEFINE_CIPHER_ENTRY_TLS1(name) {TLS1_CK_##name, "TLS_"#name}

71	78

(...skipping 692 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
764	771

765 ssl_ = SSL_new(ssl_ctx_);	772 ssl_ = SSL_new(ssl_ctx_);

766 if (!ssl_) {	773 if (!ssl_) {

767 BIO_free(bio);	774 BIO_free(bio);

768 return -1;	775 return -1;

769 }	776 }

770	777

771 SSL_set_app_data(ssl_, this);	778 SSL_set_app_data(ssl_, this);

772	779

773 SSL_set_bio(ssl_, bio, bio); // the SSL object owns the bio now.	780 SSL_set_bio(ssl_, bio, bio); // the SSL object owns the bio now.

774 #ifndef OPENSSL_IS_BORINGSSL

775 if (ssl_mode_ == SSL_MODE_DTLS) {	781 if (ssl_mode_ == SSL_MODE_DTLS) {

	782 #ifdef OPENSSL_IS_BORINGSSL

	783 // Change the initial retransmission timer from 1 second to 50ms.

	784 // This will likely result in some spurious retransmissions, but

	785 // it's useful for ensuring a timely handshake when there's packet

	786 // loss.

	787 DTLSv1_set_initial_timeout_duration(ssl_, 50);

	788 #else

776 // Enable read-ahead for DTLS so whole packets are read from internal BIO	789 // Enable read-ahead for DTLS so whole packets are read from internal BIO

777 // before parsing. This is done internally by BoringSSL for DTLS.	790 // before parsing. This is done internally by BoringSSL for DTLS.

778 SSL_set_read_ahead(ssl_, 1);	791 SSL_set_read_ahead(ssl_, 1);

	792 #endif

779 }	793 }

780 #endif

781	794

782 SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE \|	795 SSL_set_mode(ssl_, SSL_MODE_ENABLE_PARTIAL_WRITE \|

783 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);	796 SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER);

784	797

785 #if !defined(OPENSSL_IS_BORINGSSL)	798 #if !defined(OPENSSL_IS_BORINGSSL)

786 // Specify an ECDH group for ECDHE ciphers, otherwise OpenSSL cannot	799 // Specify an ECDH group for ECDHE ciphers, otherwise OpenSSL cannot

787 // negotiate them when acting as the server. Use NIST's P-256 which is	800 // negotiate them when acting as the server. Use NIST's P-256 which is

788 // commonly supported. BoringSSL doesn't need explicit configuration and has	801 // commonly supported. BoringSSL doesn't need explicit configuration and has

789 // a reasonable default set.	802 // a reasonable default set.

790 EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);	803 EC_KEY* ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);

(...skipping 187 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
978 case SSL_PROTOCOL_TLS_11:	991 case SSL_PROTOCOL_TLS_11:

979 SSL_CTX_set_max_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?	992 SSL_CTX_set_max_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?

980 DTLS1_VERSION : TLS1_1_VERSION);	993 DTLS1_VERSION : TLS1_1_VERSION);

981 break;	994 break;

982 case SSL_PROTOCOL_TLS_12:	995 case SSL_PROTOCOL_TLS_12:

983 default:	996 default:

984 SSL_CTX_set_max_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?	997 SSL_CTX_set_max_version(ctx, ssl_mode_ == SSL_MODE_DTLS ?

985 DTLS1_2_VERSION : TLS1_2_VERSION);	998 DTLS1_2_VERSION : TLS1_2_VERSION);

986 break;	999 break;

987 }	1000 }

	1001 // Set a time callback for BoringSSL because:

	1002 // 1. Our time function is more accurate (doesn't just use gettimeofday).

	1003 // 2. This allows us to inject a fake clock for testing.

	1004 // SSL_CTX_set_current_time_cb(ctx, &TimeCallback);

	1005 ctx->current_time_cb = &TimeCallback;

988 #endif	1006 #endif

989	1007

990 if (identity_ && !identity_->ConfigureIdentity(ctx)) {	1008 if (identity_ && !identity_->ConfigureIdentity(ctx)) {

991 SSL_CTX_free(ctx);	1009 SSL_CTX_free(ctx);

992 return NULL;	1010 return NULL;

993 }	1011 }

994	1012

995 #if !defined(NDEBUG)	1013 #if !defined(NDEBUG)

996 SSL_CTX_set_info_callback(ctx, OpenSSLAdapter::SSLInfoCallback);	1014 SSL_CTX_set_info_callback(ctx, OpenSSLAdapter::SSLInfoCallback);

997 #endif	1015 #endif

(...skipping 122 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1120 }	1138 }

1121	1139

1122 bool OpenSSLStreamAdapter::HaveExporter() {	1140 bool OpenSSLStreamAdapter::HaveExporter() {

1123 #ifdef HAVE_DTLS_SRTP	1141 #ifdef HAVE_DTLS_SRTP

1124 return true;	1142 return true;

1125 #else	1143 #else

1126 return false;	1144 return false;

1127 #endif	1145 #endif

1128 }	1146 }

1129	1147

	1148 bool OpenSSLStreamAdapter::IsBoringSsl() {

	1149 #ifdef OPENSSL_IS_BORINGSSL

	1150 return true;

	1151 #else

	1152 return false;

	1153 #endif

	1154 }

	1155

1130 #define CDEF(X) \	1156 #define CDEF(X) \

1131 { static_cast<uint16_t>(TLS1_CK_##X & 0xffff), "TLS_" #X }	1157 { static_cast<uint16_t>(TLS1_CK_##X & 0xffff), "TLS_" #X }

1132	1158

1133 struct cipher_list {	1159 struct cipher_list {

1134 uint16_t cipher;	1160 uint16_t cipher;

1135 const char* cipher_str;	1161 const char* cipher_str;

1136 };	1162 };

1137	1163

1138 // TODO(torbjorng): Perhaps add more cipher suites to these lists.	1164 // TODO(torbjorng): Perhaps add more cipher suites to these lists.

1139 static const cipher_list OK_RSA_ciphers[] = {	1165 static const cipher_list OK_RSA_ciphers[] = {

(...skipping 54 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1194 return true;	1220 return true;

1195 }	1221 }

1196 }	1222 }

1197	1223

1198 return false;	1224 return false;

1199 }	1225 }

1200	1226

1201 } // namespace rtc	1227 } // namespace rtc

1202	1228

1203 #endif // HAVE_OPENSSL_SSL_H	1229 #endif // HAVE_OPENSSL_SSL_H

OLD	NEW

« no previous file with comments | « webrtc/base/opensslstreamadapter.h ('k') | webrtc/base/sslstreamadapter.h » ('j') | no next file with comments »