FFmpeg: libavformat/tls_libtls.c Source File

FFmpeg

[フレーム]

libavformat

tls_libtls.c

Go to the documentation of this file.

1 /*

2 * TLS/SSL Protocol

5 *

6 * This file is part of FFmpeg.

7 *

8 * FFmpeg is free software; you can redistribute it and/or

9 * modify it under the terms of the GNU Lesser General Public

10 * License as published by the Free Software Foundation; either

11 * version 2.1 of the License, or (at your option) any later version.

12 *

13 * FFmpeg is distributed in the hope that it will be useful,

14 * but WITHOUT ANY WARRANTY; without even the implied warranty of

15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU

16 * Lesser General Public License for more details.

17 *

18 * You should have received a copy of the GNU Lesser General Public

19 * License along with FFmpeg; if not, write to the Free Software

20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

21 */

23 #include "avformat.h"

24 #include "internal.h"

25 #include "network.h"

26 #include "url.h"

27 #include "tls.h"

28 #include "libavcodec/internal.h"

29 #include "libavutil/avutil.h"

30 #include "libavutil/opt.h"

32 #include <tls.h>

34 typedef struct TLSContext {

35 const AVClass *class;

36 TLSShared tls_shared;

37 struct tls *ctx;

38 } TLSContext;

40 static int ff_tls_close(URLContext *h)

41 {

42 TLSContext *p = h->priv_data;

43 if (p->ctx) {

44 tls_close(p->ctx);

45 tls_free(p->ctx);

46 }

47 ffurl_closep(&p->tls_shared.tcp);

48 return 0;

49 }

51 static ssize_t tls_read_callback(struct tls *ctx, void *buf, size_t buflen, void *cb_arg)

52 {

53 URLContext *h = (URLContext*) cb_arg;

54 int ret = ffurl_read(h, buf, buflen);

55 if (ret == AVERROR(EAGAIN))

56 return TLS_WANT_POLLIN;

57 else if (ret == AVERROR_EXIT)

58 return 0;

59 return ret >= 0 ? ret : -1;

60 }

62 static ssize_t tls_write_callback(struct tls *ctx, const void *buf, size_t buflen, void *cb_arg)

63 {

64 URLContext *h = (URLContext*) cb_arg;

65 int ret = ffurl_write(h, buf, buflen);

66 if (ret == AVERROR(EAGAIN))

67 return TLS_WANT_POLLOUT;

68 else if (ret == AVERROR_EXIT)

69 return 0;

70 return ret >= 0 ? ret : -1;

71 }

73 static int ff_tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)

74 {

75 TLSContext *p = h->priv_data;

76 TLSShared *c = &p->tls_shared;

77 struct tls_config *cfg = NULL;

78 int ret;

80 if (tls_init() == -1) {

81 ret = AVERROR(EIO);

82 goto fail;

83 }

85 if ((ret = ff_tls_open_underlying(c, h, uri, options)) < 0)

86 goto fail;

88 p->ctx = !c->listen ? tls_client() : tls_server();

89 if (!p->ctx) {

90 ret = AVERROR(EIO);

91 goto fail;

92 }

94 cfg = tls_config_new();

95 if (!p->ctx) {

96 ret = AVERROR(EIO);

97 goto fail;

98 }

99 if (tls_config_set_protocols(cfg, TLS_PROTOCOLS_ALL) == -1)

100 goto err_config;

101 // While TLSv1.0 and TLSv1.1 are already enabled by the above,

102 // we need to be less strict with ciphers so it works in practice.

103 if (tls_config_set_ciphers(cfg, "compat") == -1)

104 goto err_config;

105 if (c->ca_file && tls_config_set_ca_file(cfg, c->ca_file) == -1)

106 goto err_config;

107 if (c->cert_file && tls_config_set_cert_file(cfg, c->cert_file) == -1)

108 goto err_config;

109 if (c->key_file && tls_config_set_key_file(cfg, c->key_file) == -1)

110 goto err_config;

111 if (!c->verify) {

112 tls_config_insecure_noverifycert(cfg);

113 tls_config_insecure_noverifyname(cfg);

114 tls_config_insecure_noverifytime(cfg);

115 }

116 if (tls_configure(p->ctx, cfg) == -1)

117 goto err_ctx;

118

119 if (!c->listen) {

120 ret = tls_connect_cbs(p->ctx, tls_read_callback, tls_write_callback,

121 c->tcp, c->host);

122 } else {

123 struct tls *ctx_new;

124 ret = tls_accept_cbs(p->ctx, &ctx_new, tls_read_callback,

125 tls_write_callback, c->tcp);

126 if (ret == 0) {

127 // free "server" context and replace by "connection" context

128 tls_free(p->ctx);

129 p->ctx = ctx_new;

130 }

131 }

132 if (ret == -1)

133 goto err_ctx;

134

135 tls_config_free(cfg);

136 return 0;

137 err_config:

138 av_log(h, AV_LOG_ERROR, "%s\n", tls_config_error(cfg));

139 ret = AVERROR(EIO);

140 goto fail;

141 err_ctx:

142 av_log(h, AV_LOG_ERROR, "%s\n", tls_error(p->ctx));

143 ret = AVERROR(EIO);

144 /* fallthrough */

145 fail:

146 if (cfg)

147 tls_config_free(cfg);

148 ff_tls_close(h);

149 return ret;

150 }

151

152 static int ff_tls_read(URLContext *h, uint8_t *buf, int size)

153 {

154 TLSContext *p = h->priv_data;

155 ssize_t ret;

156 ret = tls_read(p->ctx, buf, size);

157 if (ret > 0)

158 return ret;

159 else if (ret == 0)

160 return AVERROR_EOF;

161 else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)

162 return AVERROR(EAGAIN);

163 av_log(h, AV_LOG_ERROR, "%s\n", tls_error(p->ctx));

164 return AVERROR(EIO);

165 }

166

167 static int ff_tls_write(URLContext *h, const uint8_t *buf, int size)

168 {

169 TLSContext *p = h->priv_data;

170 ssize_t ret;

171 ret = tls_write(p->ctx, buf, size);

172 if (ret > 0)

173 return ret;

174 else if (ret == 0)

175 return AVERROR_EOF;

176 else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)

177 return AVERROR(EAGAIN);

178 av_log(h, AV_LOG_ERROR, "%s\n", tls_error(p->ctx));

179 return AVERROR(EIO);

180 }

181

182 static int tls_get_file_handle(URLContext *h)

183 {

184 TLSContext *c = h->priv_data;

185 return ffurl_get_file_handle(c->tls_shared.tcp);

186 }

187

188 static int tls_get_short_seek(URLContext *h)

189 {

190 TLSContext *s = h->priv_data;

191 return ffurl_get_short_seek(s->tls_shared.tcp);

192 }

193

194 static const AVOption options[] = {

195 TLS_COMMON_OPTIONS(TLSContext, tls_shared),

196 { NULL }

197 };

198

199 static const AVClass tls_class = {

200 .class_name = "tls",

201 .item_name = av_default_item_name,

202 .option = options,

203 .version = LIBAVUTIL_VERSION_INT,

204 };

205

206 const URLProtocol ff_tls_protocol = {

207 .name = "tls",

208 .url_open2 = ff_tls_open,

209 .url_read = ff_tls_read,

210 .url_write = ff_tls_write,

211 .url_close = ff_tls_close,

212 .url_get_file_handle = tls_get_file_handle,

213 .url_get_short_seek = tls_get_short_seek,

214 .priv_data_size = sizeof(TLSContext),

215 .flags = URL_PROTOCOL_FLAG_NETWORK,

216 .priv_data_class = &tls_class,

217 };

TLSContext

Definition: tls_gnutls.c:48

AVERROR

Filter the word "frame" indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later. That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another. Frame references ownership and permissions

opt.h

URL_PROTOCOL_FLAG_NETWORK

#define URL_PROTOCOL_FLAG_NETWORK

Definition: url.h:33

AVERROR_EOF

#define AVERROR_EOF

End of file.

Definition: error.h:57

ff_tls_close

static int ff_tls_close(URLContext *h)

Definition: tls_libtls.c:40

internal.h

AVOption

AVOption.

Definition: opt.h:251

tls_write

static int tls_write(URLContext *h, const uint8_t *buf, int size)

Definition: tls_gnutls.c:263

AVDictionary

Definition: dict.c:32

URLProtocol

Definition: url.h:53

ff_tls_read

static int ff_tls_read(URLContext *h, uint8_t *buf, int size)

Definition: tls_libtls.c:152

TLS_COMMON_OPTIONS

#define TLS_COMMON_OPTIONS(pstruct, options_field)

Definition: tls.h:46

fail

#define fail()

Definition: checkasm.h:134

ff_tls_open

static int ff_tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)

Definition: tls_libtls.c:73

tls_class

static const AVClass tls_class

Definition: tls_libtls.c:199

AV_LOG_ERROR

#define AV_LOG_ERROR

Something went wrong and cannot losslessly be recovered.

Definition: log.h:180

#define s(width, name)

Definition: cbs_vp9.c:256

ctx

AVFormatContext * ctx

Definition: movenc.c:48

tls_get_file_handle

static int tls_get_file_handle(URLContext *h)

Definition: tls_libtls.c:182

tls_close

static int tls_close(URLContext *h)

Definition: tls_gnutls.c:102

LIBAVUTIL_VERSION_INT

#define LIBAVUTIL_VERSION_INT

Definition: version.h:85

AVClass

Describe the class of an AVClass context structure.

Definition: log.h:66

NULL

#define NULL

Definition: coverity.c:32

av_default_item_name

const char * av_default_item_name(void *ptr)

Return the context name.

Definition: log.c:237

options

static const AVOption options[]

Definition: tls_libtls.c:194

Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c

Definition: undefined.txt:32

size

int size

Definition: twinvq_data.h:10344

TLSContext::tls_shared

TLSShared tls_shared

Definition: tls_gnutls.c:50

URLProtocol::name

const char * name

Definition: url.h:54

tls_get_short_seek

static int tls_get_short_seek(URLContext *h)