[FFmpeg-devel] support for reading / writing encrypted MP4 files

Michael Niedermayer michael at niedermayer.cc
Thu Dec 31 16:44:58 CET 2015 

On Wed, Dec 30, 2015 at 09:53:35PM +0000, Eran Kornblau wrote:
> > > Please let me know if you think that is ok, and I will resubmit the patch with all fixes.
> > 
> > should be ok
> > 
> Updated patch attached, diff from previous patch is:
> 
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -4026,6 +4026,14 @@ static int mov_read_frma(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>      case MKTAG('e','n','c','v'):        // encrypted video
>      case MKTAG('e','n','c','a'):        // encrypted audio
>          id = mov_codec_id(st, format);
> +        if (st->codec->codec_id != AV_CODEC_ID_NONE &&
> +            st->codec->codec_id != id) {
> +            av_log(c->fc, AV_LOG_WARNING,
> +                   "ignoring 'frma' atom of '%.4s', stream has codec id %d\n",
> +                   (char*)&format, st->codec->codec_id);
> +            break;
> +        }
> +
>          st->codec->codec_id = id;
>          sc->format = format;
>          break;
> @@ -4045,7 +4053,6 @@ static int mov_read_senc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>      AVStream *st;
>      MOVStreamContext *sc;
>      size_t auxiliary_info_size;
> -    int ret;
>  
>      if (c->decryption_key_len == 0 || c->fc->nb_streams < 1)
>          return 0;
> @@ -4091,12 +4098,7 @@ static int mov_read_senc(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>          return AVERROR(ENOMEM);
>      }
>  
> -    ret = av_aes_ctr_init(sc->cenc.aes_ctr, c->decryption_key);
> -    if (ret) {
> -        return ret;
> -    }
> -
> -    return 0;
> +    return av_aes_ctr_init(sc->cenc.aes_ctr, c->decryption_key);
>  }
>  
>  static int cenc_filter(MOVContext *c, MOVStreamContext *sc, uint8_t *input, int size)
> @@ -4107,7 +4109,7 @@ static int cenc_filter(MOVContext *c, MOVStreamContext *sc, uint8_t *input, int
>      uint8_t* input_end = input + size;
>  
>      /* read the iv */
> -    if (sc->cenc.auxiliary_info_pos + AES_CTR_IV_SIZE > sc->cenc.auxiliary_info_end) {
> +    if (AES_CTR_IV_SIZE > sc->cenc.auxiliary_info_end - sc->cenc.auxiliary_info_pos) {
>          av_log(c->fc, AV_LOG_ERROR, "failed to read iv from the auxiliary info\n");
>          return AVERROR_INVALIDDATA;
>      }
> @@ -4123,7 +4125,7 @@ static int cenc_filter(MOVContext *c, MOVStreamContext *sc, uint8_t *input, int
>      }
>  
>      /* read the subsample count */
> -    if (sc->cenc.auxiliary_info_pos + sizeof(uint16_t) > sc->cenc.auxiliary_info_end) {
> +    if (sizeof(uint16_t) > sc->cenc.auxiliary_info_end - sc->cenc.auxiliary_info_pos) {
>          av_log(c->fc, AV_LOG_ERROR, "failed to read subsample count from the auxiliary info\n");
>          return AVERROR_INVALIDDATA;
>      }
> @@ -4133,7 +4135,7 @@ static int cenc_filter(MOVContext *c, MOVStreamContext *sc, uint8_t *input, int
>  
>      for (; subsample_count > 0; subsample_count--)
>      {
> -        if (sc->cenc.auxiliary_info_pos + 6 > sc->cenc.auxiliary_info_end) {
> +        if (6 > sc->cenc.auxiliary_info_end - sc->cenc.auxiliary_info_pos) {
>              av_log(c->fc, AV_LOG_ERROR, "failed to read subsample from the auxiliary info\n");
>              return AVERROR_INVALIDDATA;
>          }
> @@ -4144,7 +4146,7 @@ static int cenc_filter(MOVContext *c, MOVStreamContext *sc, uint8_t *input, int
>          encrypted_bytes = AV_RB32(sc->cenc.auxiliary_info_pos);
>          sc->cenc.auxiliary_info_pos += sizeof(uint32_t);
>  
> -        if (input + clear_bytes + encrypted_bytes > input_end) {
> +        if ((uint64_t)clear_bytes + encrypted_bytes > input_end - input) {
>              av_log(c->fc, AV_LOG_ERROR, "subsample size exceeds the packet size left\n");
>              return AVERROR_INVALIDDATA;
>          }
> 
> 
> > [...]
> > 
> > -- 
> > Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
> > 
> 
> Thanks, Michael !
> 
> Eran

>  Changelog          |    1 
>  libavformat/isom.h |   13 +++
>  libavformat/mov.c  |  181 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 195 insertions(+)
> 5974fab38debc4fae0595bcdfec63d500932495a  0001-mov-support-cenc-common-encryption.patch
> From 2021b91bd195a20ae346b877810661dddfa73144 Mon Sep 17 00:00:00 2001
> From: erankor <eran.kornblau at kaltura.com>
> Date: Mon, 7 Dec 2015 12:30:50 +0200
> Subject: [PATCH 1/2] mov: support cenc (common encryption)
> 
> support reading encrypted mp4 using aes-ctr, conforming to ISO/IEC
> 23001-7.
> 
> a new parameter was added:
> - decryption_key - 128 bit decryption key (hex)
> ---
>  Changelog          |   1 +
>  libavformat/isom.h |  13 ++++
>  libavformat/mov.c  | 181 +++++++++++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 195 insertions(+)

patch applied

thanks

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If a bugfix only changes things apparently unrelated to the bug with no
further explanation, that is a good sign that the bugfix is wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20151231/c9f4c32f/attachment.sig>

More information about the ffmpeg-devel mailing list