FFmpeg
tls_libtls.c
Go to the documentation of this file.
1 /*
2  * TLS/SSL Protocol
3  * Copyright (c) 2011 Martin Storsjo
4  * Copyright (c) 2017 sfan5 <sfan5@live.de>
5  *
6  * This file is part of FFmpeg.
7  *
8  * FFmpeg is free software; you can redistribute it and/or
9  * modify it under the terms of the GNU Lesser General Public
10  * License as published by the Free Software Foundation; either
11  * version 2.1 of the License, or (at your option) any later version.
12  *
13  * FFmpeg is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16  * Lesser General Public License for more details.
17  *
18  * You should have received a copy of the GNU Lesser General Public
19  * License along with FFmpeg; if not, write to the Free Software
20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
21  */
22 
23 #include "avformat.h"
24 #include "internal.h"
25 #include "network.h"
26 #include "url.h"
27 #include "tls.h"
28 #include "libavcodec/internal.h"
29 #include "libavutil/avutil.h"
30 #include "libavutil/opt.h"
31 
32 #include <tls.h>
33 
34 typedef struct TLSContext {
35  const AVClass *class;
37  struct tls *ctx;
38 } TLSContext;
39 
41 {
42  TLSContext *p = h->priv_data;
43  if (p->ctx) {
44  tls_close(p->ctx);
45  tls_free(p->ctx);
46  }
48  return 0;
49 }
50 
51 static ssize_t tls_read_callback(struct tls *ctx, void *buf, size_t buflen, void *cb_arg)
52 {
53  URLContext *h = (URLContext*) cb_arg;
54  int ret = ffurl_read(h, buf, buflen);
55  if (ret == AVERROR(EAGAIN))
56  return TLS_WANT_POLLIN;
57  else if (ret == AVERROR_EXIT)
58  return 0;
59  return ret >= 0 ? ret : -1;
60 }
61 
62 static ssize_t tls_write_callback(struct tls *ctx, const void *buf, size_t buflen, void *cb_arg)
63 {
64  URLContext *h = (URLContext*) cb_arg;
65  int ret = ffurl_write(h, buf, buflen);
66  if (ret == AVERROR(EAGAIN))
67  return TLS_WANT_POLLOUT;
68  else if (ret == AVERROR_EXIT)
69  return 0;
70  return ret >= 0 ? ret : -1;
71 }
72 
73 static int ff_tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
74 {
75  TLSContext *p = h->priv_data;
76  TLSShared *c = &p->tls_shared;
77  struct tls_config *cfg = NULL;
78  int ret;
79 
80  if (tls_init() == -1) {
81  ret = AVERROR(EIO);
82  goto fail;
83  }
84 
85  if ((ret = ff_tls_open_underlying(c, h, uri, options)) < 0)
86  goto fail;
87 
88  p->ctx = !c->listen ? tls_client() : tls_server();
89  if (!p->ctx) {
90  ret = AVERROR(EIO);
91  goto fail;
92  }
93 
94  cfg = tls_config_new();
95  if (!p->ctx) {
96  ret = AVERROR(EIO);
97  goto fail;
98  }
99  if (tls_config_set_protocols(cfg, TLS_PROTOCOLS_ALL) == -1)
100  goto err_config;
101  // While TLSv1.0 and TLSv1.1 are already enabled by the above,
102  // we need to be less strict with ciphers so it works in practice.
103  if (tls_config_set_ciphers(cfg, "compat") == -1)
104  goto err_config;
105  if (c->ca_file && tls_config_set_ca_file(cfg, c->ca_file) == -1)
106  goto err_config;
107  if (c->cert_file && tls_config_set_cert_file(cfg, c->cert_file) == -1)
108  goto err_config;
109  if (c->key_file && tls_config_set_key_file(cfg, c->key_file) == -1)
110  goto err_config;
111  if (!c->verify) {
112  tls_config_insecure_noverifycert(cfg);
113  tls_config_insecure_noverifyname(cfg);
114  tls_config_insecure_noverifytime(cfg);
115  }
116  if (tls_configure(p->ctx, cfg) == -1)
117  goto err_ctx;
118 
119  if (!c->listen) {
120  ret = tls_connect_cbs(p->ctx, tls_read_callback, tls_write_callback,
121  c->tcp, c->host);
122  } else {
123  struct tls *ctx_new;
124  ret = tls_accept_cbs(p->ctx, &ctx_new, tls_read_callback,
125  tls_write_callback, c->tcp);
126  if (ret == 0) {
127  // free "server" context and replace by "connection" context
128  tls_free(p->ctx);
129  p->ctx = ctx_new;
130  }
131  }
132  if (ret == -1)
133  goto err_ctx;
134 
135  tls_config_free(cfg);
136  return 0;
137 err_config:
138  av_log(h, AV_LOG_ERROR, "%s\n", tls_config_error(cfg));
139  ret = AVERROR(EIO);
140  goto fail;
141 err_ctx:
142  av_log(h, AV_LOG_ERROR, "%s\n", tls_error(p->ctx));
143  ret = AVERROR(EIO);
144  /* fallthrough */
145 fail:
146  if (cfg)
147  tls_config_free(cfg);
148  ff_tls_close(h);
149  return ret;
150 }
151 
152 static int ff_tls_read(URLContext *h, uint8_t *buf, int size)
153 {
154  TLSContext *p = h->priv_data;
155  ssize_t ret;
156  ret = tls_read(p->ctx, buf, size);
157  if (ret > 0)
158  return ret;
159  else if (ret == 0)
160  return AVERROR_EOF;
161  else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
162  return AVERROR(EAGAIN);
163  av_log(h, AV_LOG_ERROR, "%s\n", tls_error(p->ctx));
164  return AVERROR(EIO);
165 }
166 
167 static int ff_tls_write(URLContext *h, const uint8_t *buf, int size)
168 {
169  TLSContext *p = h->priv_data;
170  ssize_t ret;
171  ret = tls_write(p->ctx, buf, size);
172  if (ret > 0)
173  return ret;
174  else if (ret == 0)
175  return AVERROR_EOF;
176  else if (ret == TLS_WANT_POLLIN || ret == TLS_WANT_POLLOUT)
177  return AVERROR(EAGAIN);
178  av_log(h, AV_LOG_ERROR, "%s\n", tls_error(p->ctx));
179  return AVERROR(EIO);
180 }
181 
183 {
184  TLSContext *c = h->priv_data;
185  return ffurl_get_file_handle(c->tls_shared.tcp);
186 }
187 
189 {
190  TLSContext *s = h->priv_data;
191  return ffurl_get_short_seek(s->tls_shared.tcp);
192 }
193 
194 static const AVOption options[] = {
195  TLS_COMMON_OPTIONS(TLSContext, tls_shared),
196  { NULL }
197 };
198 
199 static const AVClass tls_class = {
200  .class_name = "tls",
201  .item_name = av_default_item_name,
202  .option = options,
203  .version = LIBAVUTIL_VERSION_INT,
204 };
205 
207  .name = "tls",
208  .url_open2 = ff_tls_open,
209  .url_read = ff_tls_read,
210  .url_write = ff_tls_write,
211  .url_close = ff_tls_close,
212  .url_get_file_handle = tls_get_file_handle,
213  .url_get_short_seek = tls_get_short_seek,
214  .priv_data_size = sizeof(TLSContext),
216  .priv_data_class = &tls_class,
217 };
TLSContext
Definition: tls_gnutls.c:44
AVERROR
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later. That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another. Frame references ownership and permissions
opt.h
URL_PROTOCOL_FLAG_NETWORK
#define URL_PROTOCOL_FLAG_NETWORK
Definition: url.h:33
AVERROR_EOF
#define AVERROR_EOF
End of file.
Definition: error.h:57
ffurl_write
static int ffurl_write(URLContext *h, const uint8_t *buf, int size)
Write size bytes from buf to the resource accessed by h.
Definition: url.h:202
ff_tls_close
static int ff_tls_close(URLContext *h)
Definition: tls_libtls.c:40
internal.h
AVOption
AVOption.
Definition: opt.h:429
tls_write
static int tls_write(URLContext *h, const uint8_t *buf, int size)
Definition: tls_gnutls.c:261
AVDictionary
Definition: dict.c:34
URLProtocol
Definition: url.h:51
ff_tls_read
static int ff_tls_read(URLContext *h, uint8_t *buf, int size)
Definition: tls_libtls.c:152
TLS_COMMON_OPTIONS
#define TLS_COMMON_OPTIONS(pstruct, options_field)
Definition: tls.h:46
fail
#define fail()
Definition: checkasm.h:189
ffurl_get_short_seek
int ffurl_get_short_seek(void *urlcontext)
Return the current short seek threshold value for this URL.
Definition: avio.c:838
ff_tls_open
static int ff_tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
Definition: tls_libtls.c:73
tls_class
static const AVClass tls_class
Definition: tls_libtls.c:199
AV_LOG_ERROR
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
Definition: log.h:209
s
#define s(width, name)
Definition: cbs_vp9.c:198
ctx
AVFormatContext * ctx
Definition: movenc.c:49
tls_get_file_handle
static int tls_get_file_handle(URLContext *h)
Definition: tls_libtls.c:182
tls_close
static int tls_close(URLContext *h)
Definition: tls_gnutls.c:100
LIBAVUTIL_VERSION_INT
#define LIBAVUTIL_VERSION_INT
Definition: version.h:85
AVClass
Describe the class of an AVClass context structure.
Definition: log.h:75
NULL
#define NULL
Definition: coverity.c:32
av_default_item_name
const char * av_default_item_name(void *ptr)
Return the context name.
Definition: log.c:237
options
Definition: swscale.c:42
options
static const AVOption options[]
Definition: tls_libtls.c:194
c
Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c
Definition: undefined.txt:32
size
int size
Definition: twinvq_data.h:10344
TLSContext::tls_shared
TLSShared tls_shared
Definition: tls_gnutls.c:46
URLProtocol::name
const char * name
Definition: url.h:52
tls_get_short_seek
static int tls_get_short_seek(URLContext *h)
Definition: tls_libtls.c:188
ff_tls_protocol
const URLProtocol ff_tls_protocol
Definition: tls_libtls.c:206
URLContext
Definition: url.h:35
url.h
ffurl_closep
int ffurl_closep(URLContext **hh)
Close the resource accessed by the URLContext h, and free the memory used by it.
Definition: avio.c:588
ff_tls_open_underlying
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
Definition: tls.c:67
ret
ret
Definition: filter_design.txt:187
AVClass::class_name
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
Definition: log.h:80
tls_write_callback
static ssize_t tls_write_callback(struct tls *ctx, const void *buf, size_t buflen, void *cb_arg)
Definition: tls_libtls.c:62
avformat.h
network.h
tls.h
avutil.h
tls_read
static int tls_read(URLContext *h, uint8_t *buf, int size)
Definition: tls_gnutls.c:246
TLSShared
Definition: tls.h:29
TLSContext::ctx
struct tls * ctx
Definition: tls_libtls.c:37
flags
#define flags(name, subs,...)
Definition: cbs_av1.c:482
ff_tls_write
static int ff_tls_write(URLContext *h, const uint8_t *buf, int size)
Definition: tls_libtls.c:167
av_log
#define av_log(a,...)
Definition: tableprint_vlc.h:27
h
h
Definition: vp9dsp_template.c:2070
AVERROR_EXIT
#define AVERROR_EXIT
Immediate exit was requested; the called function should not be restarted.
Definition: error.h:58
ffurl_get_file_handle
int ffurl_get_file_handle(URLContext *h)
Return the file descriptor associated with this URL.
Definition: avio.c:814
TLSShared::tcp
URLContext * tcp
Definition: tls.h:42
ffurl_read
static int ffurl_read(URLContext *h, uint8_t *buf, int size)
Read up to size bytes from the resource accessed by h, and store the read bytes in buf.
Definition: url.h:181
tls_read_callback
static ssize_t tls_read_callback(struct tls *ctx, void *buf, size_t buflen, void *cb_arg)
Definition: tls_libtls.c:51