|
FFmpeg
|
#include "libavutil/mem.h"#include "network.h"#include "os_support.h"#include "libavutil/time.h"#include "libavutil/random_seed.h"#include "url.h"#include "tls.h"#include "libavutil/opt.h"#include <openssl/bio.h>#include <openssl/ssl.h>#include <openssl/err.h>#include <openssl/x509v3.h>Go to the source code of this file.
Data Structures | |
| struct | TLSContext |
Macros | |
| #define | DTLS_HANDSHAKE_TIMEOUT_US 30000000 |
Functions | |
| static int | pkey_to_pem_string (EVP_PKEY *pkey, char *out, size_t out_sz) |
| Convert an EVP_PKEY to a PEM string. More... | |
| static int | cert_to_pem_string (X509 *cert, char *out, size_t out_sz) |
| Convert an X509 certificate to a PEM string. More... | |
| static int | x509_fingerprint (X509 *cert, char **fingerprint) |
| Generate a SHA-256 fingerprint of an X.509 certificate. More... | |
| int | ff_ssl_read_key_cert (char *key_url, char *cert_url, char *key_buf, size_t key_sz, char *cert_buf, size_t cert_sz, char **fingerprint) |
| static int | openssl_gen_private_key (EVP_PKEY **pkey) |
| static int | openssl_gen_certificate (EVP_PKEY *pkey, X509 **cert, char **fingerprint) |
| int | ff_ssl_gen_key_cert (char *key_buf, size_t key_sz, char *cert_buf, size_t cert_sz, char **fingerprint) |
| static EVP_PKEY * | pkey_from_pem_string (const char *pem_str, int is_priv) |
| Deserialize a PEM-encoded private or public key from a NUL-terminated C string. More... | |
| static X509 * | cert_from_pem_string (const char *pem_str) |
| Deserialize a PEM-encoded certificate from a NUL-terminated C string. More... | |
| static const char * | openssl_get_error (TLSContext *c) |
| Retrieves the error message for the latest OpenSSL error. More... | |
| int | ff_tls_set_external_socket (URLContext *h, URLContext *sock) |
| int | ff_dtls_export_materials (URLContext *h, char *dtls_srtp_materials, size_t materials_sz) |
| static int | print_ssl_error (URLContext *h, int ret) |
| static int | tls_close (URLContext *h) |
| static int | url_bio_create (BIO *b) |
| static int | url_bio_destroy (BIO *b) |
| static int | url_bio_bread (BIO *b, char *buf, int len) |
| static int | url_bio_bwrite (BIO *b, const char *buf, int len) |
| static long | url_bio_ctrl (BIO *b, int cmd, long num, void *ptr) |
| static int | url_bio_bputs (BIO *b, const char *str) |
| static av_cold void | init_bio_method (URLContext *h) |
| static void | openssl_info_callback (const SSL *ssl, int where, int ret) |
| static int | dtls_handshake (URLContext *h) |
| static av_cold int | openssl_init_ca_key_cert (URLContext *h) |
| static int | dtls_start (URLContext *h, const char *url, int flags, AVDictionary **options) |
| Once the DTLS role has been negotiated - active for the DTLS client or passive for the DTLS server - we proceed to set up the DTLS state and initiate the handshake. More... | |
| static int | tls_open (URLContext *h, const char *uri, int flags, AVDictionary **options) |
| static int | tls_read (URLContext *h, uint8_t *buf, int size) |
| static int | tls_write (URLContext *h, const uint8_t *buf, int size) |
| static int | tls_get_file_handle (URLContext *h) |
| static int | tls_get_short_seek (URLContext *h) |
Variables | |
| static const AVOption | options [] |
| static const AVClass | tls_class |
| const URLProtocol | ff_tls_protocol |
| static const AVClass | dtls_class |
| const URLProtocol | ff_dtls_protocol |
| #define DTLS_HANDSHAKE_TIMEOUT_US 30000000 |
Definition at line 40 of file tls_openssl.c.
|
static |
Convert an EVP_PKEY to a PEM string.
Definition at line 44 of file tls_openssl.c.
Referenced by ff_ssl_gen_key_cert(), and ff_ssl_read_key_cert().
|
static |
Convert an X509 certificate to a PEM string.
Definition at line 71 of file tls_openssl.c.
Referenced by ff_ssl_gen_key_cert(), and ff_ssl_read_key_cert().
|
static |
Generate a SHA-256 fingerprint of an X.509 certificate.
Definition at line 99 of file tls_openssl.c.
Referenced by ff_ssl_read_key_cert(), and openssl_gen_certificate().
| int ff_ssl_read_key_cert | ( | char * | key_url, |
| char * | cert_url, | ||
| char * | key_buf, | ||
| size_t | key_sz, | ||
| char * | cert_buf, | ||
| size_t | cert_sz, | ||
| char ** | fingerprint | ||
| ) |
Definition at line 120 of file tls_openssl.c.
|
static |
Note that secp256r1 in openssl is called NID_X9_62_prime256v1 or prime256v1 in string, not NID_secp256k1 or secp256k1 in string.
TODO: Should choose the curves in ClientHello.supported_groups, for example: Supported Group: x25519 (0x001d) Supported Group: secp256r1 (0x0017) Supported Group: secp384r1 (0x0018)
Definition at line 189 of file tls_openssl.c.
Referenced by ff_ssl_gen_key_cert(), and openssl_init_ca_key_cert().
|
static |
Definition at line 263 of file tls_openssl.c.
Referenced by ff_ssl_gen_key_cert(), and openssl_init_ca_key_cert().
| int ff_ssl_gen_key_cert | ( | char * | key_buf, |
| size_t | key_sz, | ||
| char * | cert_buf, | ||
| size_t | cert_sz, | ||
| char ** | fingerprint | ||
| ) |
Definition at line 344 of file tls_openssl.c.
|
static |
Deserialize a PEM-encoded private or public key from a NUL-terminated C string.
| pem_str | The PEM text, e.g. "-----BEGIN PRIVATE KEY-----\n…\n-----END PRIVATE KEY-----\n" |
| is_priv | If non-zero, parse as a PRIVATE key; otherwise, parse as a PUBLIC key. |
Definition at line 374 of file tls_openssl.c.
Referenced by openssl_init_ca_key_cert().
|
static |
Deserialize a PEM-encoded certificate from a NUL-terminated C string.
| pem_str | The PEM text, e.g. "-----BEGIN CERTIFICATE-----\n…\n-----END CERTIFICATE-----\n" |
Definition at line 404 of file tls_openssl.c.
Referenced by openssl_init_ca_key_cert().
|
static |
Retrieves the error message for the latest OpenSSL error.
This function retrieves the error code from the thread's error queue, converts it to a human-readable string, and stores it in the TLSContext's error_message field. The error queue is then cleared using ERR_clear_error().
Definition at line 440 of file tls_openssl.c.
Referenced by dtls_start(), ff_dtls_export_materials(), openssl_init_ca_key_cert(), and tls_open().
| int ff_tls_set_external_socket | ( | URLContext * | h, |
| URLContext * | sock | ||
| ) |
Definition at line 452 of file tls_openssl.c.
| int ff_dtls_export_materials | ( | URLContext * | h, |
| char * | dtls_srtp_materials, | ||
| size_t | materials_sz | ||
| ) |
Definition at line 465 of file tls_openssl.c.
|
static |
Definition at line 480 of file tls_openssl.c.
Referenced by dtls_handshake(), tls_open(), tls_read(), and tls_write().
|
static |
Definition at line 504 of file tls_openssl.c.
Referenced by dtls_start(), and tls_open().
|
static |
Definition at line 520 of file tls_openssl.c.
Referenced by init_bio_method().
|
static |
Definition at line 528 of file tls_openssl.c.
Referenced by init_bio_method().
|
static |
Definition at line 533 of file tls_openssl.c.
Referenced by init_bio_method().
|
static |
Definition at line 563 of file tls_openssl.c.
Referenced by init_bio_method(), and url_bio_bputs().
|
static |
Definition at line 579 of file tls_openssl.c.
Referenced by init_bio_method().
|
static |
Definition at line 588 of file tls_openssl.c.
Referenced by init_bio_method().
|
static |
Definition at line 593 of file tls_openssl.c.
Referenced by dtls_start(), and tls_open().
|
static |
Definition at line 610 of file tls_openssl.c.
Referenced by dtls_start(), and tls_open().
|
static |
Definition at line 629 of file tls_openssl.c.
Referenced by dtls_start().
|
static |
Definition at line 690 of file tls_openssl.c.
Referenced by dtls_start(), and tls_open().
|
static |
Once the DTLS role has been negotiated - active for the DTLS client or passive for the DTLS server - we proceed to set up the DTLS state and initiate the handshake.
The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c. The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c.
We have set the MTU to fragment the DTLS packet. It is important to note that the packet is split to ensure that each handshake packet is smaller than the MTU.
Definition at line 778 of file tls_openssl.c.
|
static |
Definition at line 868 of file tls_openssl.c.
|
static |
Definition at line 937 of file tls_openssl.c.
|
static |
Definition at line 954 of file tls_openssl.c.
|
static |
Definition at line 978 of file tls_openssl.c.
|
static |
Definition at line 985 of file tls_openssl.c.
Definition at line 992 of file tls_openssl.c.
|
static |
Definition at line 997 of file tls_openssl.c.
| const URLProtocol ff_tls_protocol |
Definition at line 1004 of file tls_openssl.c.
|
static |
Definition at line 1017 of file tls_openssl.c.
| const URLProtocol ff_dtls_protocol |
Definition at line 1024 of file tls_openssl.c.
1.8.17