FFmpeg: libavformat/tls_securetransport.c Source File

FFmpeg

[フレーム]

libavformat

tls_securetransport.c

Go to the documentation of this file.

1 /*

3 *

4 * This file is part of FFmpeg.

5 *

6 * FFmpeg is free software; you can redistribute it and/or

7 * modify it under the terms of the GNU Lesser General Public License

8 * as published by the Free Software Foundation; either

9 * version 2.1 of the License, or (at your option) any later version.

10 *

11 * FFmpeg is distributed in the hope that it will be useful,

12 * but WITHOUT ANY WARRANTY; without even the implied warranty of

13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

14 * GNU Lesser General Public License for more details.

15 *

16 * You should have received a copy of the GNU Lesser General Public License

17 * along with FFmpeg; if not, write to the Free Software * Foundation, Inc.,

18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

19 */

21 #include <errno.h>

24 #include "avformat.h"

25 #include "avio_internal.h"

26 #include "internal.h"

27 #include "network.h"

28 #include "os_support.h"

29 #include "url.h"

30 #include "tls.h"

31 #include "libavcodec/internal.h"

32 #include "libavutil/avstring.h"

33 #include "libavutil/mem.h"

34 #include "libavutil/opt.h"

35 #include "libavutil/parseutils.h"

37 #include <Security/Security.h>

38 #include <Security/SecureTransport.h>

39 #include <CoreFoundation/CoreFoundation.h>

41 // We use a private API call here; it's good enough for WebKit.

42 SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey);

43 #define ioErr -36

45 typedef struct TLSContext {

46 const AVClass *class;

47 TLSShared tls_shared;

48 SSLContextRef ssl_context;

49 CFArrayRef ca_array;

50 int lastErr;

51 } TLSContext;

53 static int print_tls_error(URLContext *h, int ret)

54 {

55 TLSContext *c = h->priv_data;

56 switch (ret) {

57 case errSSLWouldBlock:

58 return AVERROR(EAGAIN);

59 case errSSLXCertChainInvalid:

60 av_log(h, AV_LOG_ERROR, "Invalid certificate chain\n");

61 return AVERROR(EIO);

62 case ioErr:

63 return c->lastErr;

64 default:

65 av_log(h, AV_LOG_ERROR, "IO Error: %i\n", ret);

66 return AVERROR(EIO);

67 }

68 return AVERROR(EIO);

69 }

71 static int import_pem(URLContext *h, char *path, CFArrayRef *array)

72 {

73 #if !HAVE_SECITEMIMPORT

74 return AVERROR_PATCHWELCOME;

75 #else

76 AVIOContext *s = NULL;

77 CFDataRef data = NULL;

78 int64_t ret = 0;

79 char *buf = NULL;

80 SecExternalFormat format = kSecFormatPEMSequence;

81 SecExternalFormat type = kSecItemTypeAggregate;

82 CFStringRef pathStr = CFStringCreateWithCString(NULL, path, 0x08000100);

83 if (!pathStr) {

84 ret = AVERROR(ENOMEM);

85 goto end;

86 }

88 if ((ret = ffio_open_whitelist(&s, path, AVIO_FLAG_READ,

89 &h->interrupt_callback, NULL,

90 h->protocol_whitelist, h->protocol_blacklist)) < 0)

91 goto end;

93 if ((ret = avio_size(s)) < 0)

94 goto end;

96 if (ret == 0) {

97 ret = AVERROR_INVALIDDATA;

98 goto end;

99 }

100

101 if (!(buf = av_malloc(ret))) {

102 ret = AVERROR(ENOMEM);

103 goto end;

104 }

105

106 if ((ret = avio_read(s, buf, ret)) < 0)

107 goto end;

108

109 data = CFDataCreate(kCFAllocatorDefault, buf, ret);

110

111 if (SecItemImport(data, pathStr, &format, &type,

112 0, NULL, NULL, array) != noErr || !array) {

113 ret = AVERROR_UNKNOWN;

114 goto end;

115 }

116

117 if (CFArrayGetCount(*array) == 0) {

118 ret = AVERROR_INVALIDDATA;

119 goto end;

120 }

121

122 end:

123 av_free(buf);

124 if (pathStr)

125 CFRelease(pathStr);

126 if (data)

127 CFRelease(data);

128 if (s)

129 avio_close(s);

130 return ret;

131 #endif

132 }

133

134 static int load_ca(URLContext *h)

135 {

136 TLSContext *c = h->priv_data;

137 int ret = 0;

138 CFArrayRef array = NULL;

139

140 if ((ret = import_pem(h, c->tls_shared.ca_file, &array)) < 0)

141 goto end;

142

143 if (!(c->ca_array = CFRetain(array))) {

144 ret = AVERROR(ENOMEM);

145 goto end;

146 }

147

148 end:

149 if (array)

150 CFRelease(array);

151 return ret;

152 }

153

154 static int load_cert(URLContext *h)

155 {

156 TLSContext *c = h->priv_data;

157 int ret = 0;

158 CFArrayRef certArray = NULL;

159 CFArrayRef keyArray = NULL;

160 SecIdentityRef id = NULL;

161 CFMutableArrayRef outArray = NULL;

162

163 if ((ret = import_pem(h, c->tls_shared.cert_file, &certArray)) < 0)

164 goto end;

165

166 if ((ret = import_pem(h, c->tls_shared.key_file, &keyArray)) < 0)

167 goto end;

168

169 if (!(id = SecIdentityCreate(kCFAllocatorDefault,

170 (SecCertificateRef)CFArrayGetValueAtIndex(certArray, 0),

171 (SecKeyRef)CFArrayGetValueAtIndex(keyArray, 0)))) {

172 ret = AVERROR_UNKNOWN;

173 goto end;

174 }

175

176 if (!(outArray = CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, certArray))) {

177 ret = AVERROR(ENOMEM);

178 goto end;

179 }

180

181 CFArraySetValueAtIndex(outArray, 0, id);

182

183 SSLSetCertificate(c->ssl_context, outArray);

184

185 end:

186 if (certArray)

187 CFRelease(certArray);

188 if (keyArray)

189 CFRelease(keyArray);

190 if (outArray)

191 CFRelease(outArray);

192 if (id)

193 CFRelease(id);

194 return ret;

195 }

196

197 static OSStatus tls_read_cb(SSLConnectionRef connection, void *data, size_t *dataLength)

198 {

199 URLContext *h = (URLContext*)connection;

200 TLSContext *c = h->priv_data;

201 size_t requested = *dataLength;

202 int read = ffurl_read(c->tls_shared.tcp, data, requested);

203 if (read <= 0) {

204 *dataLength = 0;

205 switch(AVUNERROR(read)) {

206 case ENOENT:

207 case 0:

208 return errSSLClosedGraceful;

209 case ECONNRESET:

210 return errSSLClosedAbort;

211 case EAGAIN:

212 return errSSLWouldBlock;

213 default:

214 c->lastErr = read;

215 return ioErr;

216 }

217 } else {

218 *dataLength = read;

219 if (read < requested)

220 return errSSLWouldBlock;

221 else

222 return noErr;

223 }

224 }

225

226 static OSStatus tls_write_cb(SSLConnectionRef connection, const void *data, size_t *dataLength)

227 {

228 URLContext *h = (URLContext*)connection;

229 TLSContext *c = h->priv_data;

230 int written = ffurl_write(c->tls_shared.tcp, data, *dataLength);

231 if (written <= 0) {

232 *dataLength = 0;

233 switch(AVUNERROR(written)) {

234 case EAGAIN:

235 return errSSLWouldBlock;

236 default:

237 c->lastErr = written;

238 return ioErr;

239 }

240 } else {

241 *dataLength = written;

242 return noErr;

243 }

244 }

245

246 static int tls_close(URLContext *h)

247 {

248 TLSContext *c = h->priv_data;

249 if (c->ssl_context) {

250 SSLClose(c->ssl_context);

251 CFRelease(c->ssl_context);

252 }

253 if (c->ca_array)

254 CFRelease(c->ca_array);

255 ffurl_closep(&c->tls_shared.tcp);

256 return 0;

257 }

258

259 #define CHECK_ERROR(func, ...) do { \

260 OSStatus status = func(__VA_ARGS__); \

261 if (status != noErr) { \

262 ret = AVERROR_UNKNOWN; \

263 av_log(h, AV_LOG_ERROR, #func ": Error %i\n", (int)status); \

264 goto fail; \

265 } \

266 } while (0)

267

268 static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)

269 {

270 TLSContext *c = h->priv_data;

271 TLSShared *s = &c->tls_shared;

272 int ret;

273

274 if ((ret = ff_tls_open_underlying(s, h, uri, options)) < 0)

275 goto fail;

276

277 c->ssl_context = SSLCreateContext(NULL, s->listen ? kSSLServerSide : kSSLClientSide, kSSLStreamType);

278 if (!c->ssl_context) {

279 av_log(h, AV_LOG_ERROR, "Unable to create SSL context\n");

280 ret = AVERROR(ENOMEM);

281 goto fail;

282 }

283 if (s->ca_file) {

284 if ((ret = load_ca(h)) < 0)

285 goto fail;

286 }

287 if (s->ca_file || !s->verify)

288 CHECK_ERROR(SSLSetSessionOption, c->ssl_context, kSSLSessionOptionBreakOnServerAuth, true);

289 if (s->cert_file)

290 if ((ret = load_cert(h)) < 0)

291 goto fail;

292 CHECK_ERROR(SSLSetPeerDomainName, c->ssl_context, s->host, strlen(s->host));

293 CHECK_ERROR(SSLSetIOFuncs, c->ssl_context, tls_read_cb, tls_write_cb);

294 CHECK_ERROR(SSLSetConnection, c->ssl_context, h);

295 while (1) {

296 OSStatus status = SSLHandshake(c->ssl_context);

297 if (status == errSSLServerAuthCompleted) {

298 SecTrustRef peerTrust;

299 SecTrustResultType trustResult;

300 if (!s->verify)

301 continue;

302

303 if (SSLCopyPeerTrust(c->ssl_context, &peerTrust) != noErr) {

304 ret = AVERROR(ENOMEM);

305 goto fail;

306 }

307

308 if (SecTrustSetAnchorCertificates(peerTrust, c->ca_array) != noErr) {

309 ret = AVERROR_UNKNOWN;

310 goto fail;

311 }

312

313 if (SecTrustEvaluate(peerTrust, &trustResult) != noErr) {

314 ret = AVERROR_UNKNOWN;

315 goto fail;

316 }

317

318 if (trustResult == kSecTrustResultProceed ||

319 trustResult == kSecTrustResultUnspecified) {

320 // certificate is trusted

321 status = errSSLWouldBlock; // so we call SSLHandshake again

322 } else if (trustResult == kSecTrustResultRecoverableTrustFailure) {

323 // not trusted, for some reason other than being expired

324 status = errSSLXCertChainInvalid;

325 } else {

326 // cannot use this certificate (fatal)

327 status = errSSLBadCert;

328 }

329

330 if (peerTrust)

331 CFRelease(peerTrust);

332 }

333 if (status == noErr) {

334 break;

335 } else if (status != errSSLWouldBlock) {

336 av_log(h, AV_LOG_ERROR, "Unable to negotiate TLS/SSL session: %i\n", (int)status);

337 ret = AVERROR(EIO);

338 goto fail;

339 }

340 }

341

342 return 0;

343 fail:

344 tls_close(h);

345 return ret;

346 }

347

348 static int map_ssl_error(OSStatus status, size_t processed)

349 {

350 switch (status) {

351 case noErr:

352 return processed;

353 case errSSLClosedGraceful:

354 case errSSLClosedNoNotify:

355 return 0;

356 case errSSLWouldBlock:

357 if (processed > 0)

358 return processed;

359 default:

360 return (int)status;

361 }

362 }

363

364 static int tls_read(URLContext *h, uint8_t *buf, int size)

365 {

366 TLSContext *c = h->priv_data;

367 size_t available = 0, processed = 0;

368 int ret;

369 SSLGetBufferedReadSize(c->ssl_context, &available);

370 if (available)

371 size = FFMIN(available, size);

372 ret = SSLRead(c->ssl_context, buf, size, &processed);

373 ret = map_ssl_error(ret, processed);

374 if (ret > 0)

375 return ret;

376 if (ret == 0)

377 return AVERROR_EOF;

378 return print_tls_error(h, ret);

379 }

380

381 static int tls_write(URLContext *h, const uint8_t *buf, int size)

382 {

383 TLSContext *c = h->priv_data;

384 size_t processed = 0;

385 int ret = SSLWrite(c->ssl_context, buf, size, &processed);

386 ret = map_ssl_error(ret, processed);

387 if (ret > 0)

388 return ret;

389 if (ret == 0)

390 return AVERROR_EOF;

391 return print_tls_error(h, ret);

392 }

393

394 static int tls_get_file_handle(URLContext *h)

395 {

396 TLSContext *c = h->priv_data;

397 return ffurl_get_file_handle(c->tls_shared.tcp);

398 }

399

400 static int tls_get_short_seek(URLContext *h)

401 {

402 TLSContext *s = h->priv_data;

403 return ffurl_get_short_seek(s->tls_shared.tcp);

404 }

405

406 static const AVOption options[] = {

407 TLS_COMMON_OPTIONS(TLSContext, tls_shared),

408 { NULL }

409 };

410

411 static const AVClass tls_class = {

412 .class_name = "tls",

413 .item_name = av_default_item_name,

414 .option = options,

415 .version = LIBAVUTIL_VERSION_INT,

416 };

417

418 const URLProtocol ff_tls_protocol = {

419 .name = "tls",

420 .url_open2 = tls_open,

421 .url_read = tls_read,

422 .url_write = tls_write,

423 .url_close = tls_close,

424 .url_get_file_handle = tls_get_file_handle,

425 .url_get_short_seek = tls_get_short_seek,

426 .priv_data_size = sizeof(TLSContext),

427 .flags = URL_PROTOCOL_FLAG_NETWORK,

428 .priv_data_class = &tls_class,

429 };

ffio_open_whitelist

int ffio_open_whitelist(AVIOContext **s, const char *filename, int flags, const AVIOInterruptCB *int_cb, AVDictionary **options, const char *whitelist, const char *blacklist)

Definition: avio.c:471

TLSContext

Definition: tls_gnutls.c:44

AVERROR

Filter the word "frame" indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later. That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another. Frame references ownership and permissions

opt.h

CHECK_ERROR

#define CHECK_ERROR(func,...)

Definition: tls_securetransport.c:259

URL_PROTOCOL_FLAG_NETWORK

#define URL_PROTOCOL_FLAG_NETWORK

Definition: url.h:33

AVERROR_EOF

#define AVERROR_EOF

End of file.

Definition: error.h:57

int64_t

long long int64_t

Definition: coverity.c:34

print_tls_error

static int print_tls_error(URLContext *h, int ret)

Definition: tls_securetransport.c:53

ffurl_write

static int ffurl_write(URLContext *h, const uint8_t *buf, int size)

Write size bytes from buf to the resource accessed by h.

Definition: url.h:202

tls_open

static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)

Definition: tls_securetransport.c:268

internal.h

map_ssl_error

static int map_ssl_error(OSStatus status, size_t processed)

Definition: tls_securetransport.c:348

AVOption

AVOption.

Definition: opt.h:429

data

const char data[16]

Definition: mxf.c:148

tls_write

static int tls_write(URLContext *h, const uint8_t *buf, int size)

Definition: tls_securetransport.c:381

AVDictionary

Definition: dict.c:34

processed

status_in is a status change that must be taken into account after all frames in fifo have been processed

Definition: filter_design.txt:159

AVERROR_UNKNOWN

#define AVERROR_UNKNOWN

Unknown error, typically from an external library.

Definition: error.h:73

avio_size

int64_t avio_size(AVIOContext *s)

Get the filesize.

Definition: aviobuf.c:323

URLProtocol

Definition: url.h:51

os_support.h

av_malloc

#define av_malloc(s)

Definition: tableprint_vlc.h:30

AVUNERROR

#define AVUNERROR(e)

Definition: error.h:46

TLS_COMMON_OPTIONS

#define TLS_COMMON_OPTIONS(pstruct, options_field)

Definition: tls.h:46

fail

#define fail()

Definition: checkasm.h:188

ffurl_get_short_seek

int ffurl_get_short_seek(void *urlcontext)

Return the current short seek threshold value for this URL.

Definition: avio.c:838

tls_write_cb

static OSStatus tls_write_cb(SSLConnectionRef connection, const void *data, size_t *dataLength)

Definition: tls_securetransport.c:226

tls_read_cb

static OSStatus tls_read_cb(SSLConnectionRef connection, void *data, size_t *dataLength)

Definition: tls_securetransport.c:197

type

it s the only field you need to keep assuming you have a context There is some magic you don t need to care about around this just let it vf type

Definition: writing_filters.txt:86

tls_get_short_seek

static int tls_get_short_seek(URLContext *h)

Definition: tls_securetransport.c:400

AV_LOG_ERROR

#define AV_LOG_ERROR

Something went wrong and cannot losslessly be recovered.

Definition: log.h:180

load_ca

static int load_ca(URLContext *h)

Definition: tls_securetransport.c:134

#define s(width, name)

Definition: cbs_vp9.c:198

ioErr

#define ioErr

Definition: tls_securetransport.c:43

format

LIBAVUTIL_VERSION_INT

#define LIBAVUTIL_VERSION_INT

Definition: version.h:85

AVClass

Describe the class of an AVClass context structure.

Definition: log.h:66

NULL

#define NULL

Definition: coverity.c:32

AVERROR_PATCHWELCOME

#define AVERROR_PATCHWELCOME

Not yet implemented in FFmpeg, patches welcome.

Definition: error.h:64

TLSContext::lastErr

int lastErr

Definition: tls_securetransport.c:50

TLSContext::ca_array

CFArrayRef ca_array

Definition: tls_securetransport.c:49

av_default_item_name

const char * av_default_item_name(void *ptr)

Return the context name.

Definition: log.c:237

parseutils.h

Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c

Definition: undefined.txt:32

SecIdentityCreate

SecIdentityRef SecIdentityCreate(CFAllocatorRef allocator, SecCertificateRef certificate, SecKeyRef privateKey)

AVIOContext

Bytestream IO Context.

Definition: avio.h:160

tls_get_file_handle

static int tls_get_file_handle(URLContext *h)

Definition: tls_securetransport.c:394

tls_read

static int tls_read(URLContext *h, uint8_t *buf, int size)

Definition: tls_securetransport.c:364