falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
72855 Commits
32 Branches
997MB
Tree: 3dea13e710
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3dea13e710'
${ noResults }
FFmpeg/libavformat/tls_openssl.c

308 lines
8.0KB
Raw Blame History 

  1. /*

  2.  * TLS/SSL Protocol

  3.  * Copyright (c) 2011 Martin Storsjo

  4.  *

  5.  * This file is part of FFmpeg.

  6.  *

  7.  * FFmpeg is free software; you can redistribute it and/or

  8.  * modify it under the terms of the GNU Lesser General Public

  9.  * License as published by the Free Software Foundation; either

  10.  * version 2.1 of the License, or (at your option) any later version.

  11.  *

  12.  * FFmpeg is distributed in the hope that it will be useful,

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  15.  * Lesser General Public License for more details.

  16.  *

  17.  * You should have received a copy of the GNU Lesser General Public

  18.  * License along with FFmpeg; if not, write to the Free Software

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

  20.  */

  21. 

  22. #include "avformat.h"

  23. #include "internal.h"

  24. #include "network.h"

  25. #include "os_support.h"

  26. #include "url.h"

  27. #include "tls.h"

  28. #include "libavcodec/internal.h"

  29. #include "libavutil/avstring.h"

  30. #include "libavutil/avutil.h"

  31. #include "libavutil/opt.h"

  32. #include "libavutil/parseutils.h"

  33. #include "libavutil/thread.h"

  34. 

  35. #include <openssl/bio.h>

  36. #include <openssl/ssl.h>

  37. #include <openssl/err.h>

  38. 

  39. static int openssl_init;

  40. 

  41. typedef struct TLSContext {

  42.     const AVClass *class;

  43.     TLSShared tls_shared;

  44.     SSL_CTX *ctx;

  45.     SSL *ssl;

  46. } TLSContext;

  47. 

  48. #if HAVE_THREADS

  49. #include <openssl/crypto.h>

  50. pthread_mutex_t *openssl_mutexes;

  51. static void openssl_lock(int mode, int type, const char *file, int line)

  52. {

  53.     if (mode & CRYPTO_LOCK)

  54.         pthread_mutex_lock(&openssl_mutexes[type]);

  55.     else

  56.         pthread_mutex_unlock(&openssl_mutexes[type]);

  57. }

  58. #if !defined(WIN32) && OPENSSL_VERSION_NUMBER < 0x10000000

  59. static unsigned long openssl_thread_id(void)

  60. {

  61.     return (intptr_t) pthread_self();

  62. }

  63. #endif

  64. #endif

  65. 

  66. int ff_openssl_init(void)

  67. {

  68.     avpriv_lock_avformat();

  69.     if (!openssl_init) {

  70.         SSL_library_init();

  71.         SSL_load_error_strings();

  72. #if HAVE_THREADS

  73.         if (!CRYPTO_get_locking_callback()) {

  74.             int i;

  75.             openssl_mutexes = av_malloc_array(sizeof(pthread_mutex_t), CRYPTO_num_locks());

  76.             if (!openssl_mutexes) {

  77.                 avpriv_unlock_avformat();

  78.                 return AVERROR(ENOMEM);

  79.             }

  80. 

  81.             for (i = 0; i < CRYPTO_num_locks(); i++)

  82.                 pthread_mutex_init(&openssl_mutexes[i], NULL);

  83.             CRYPTO_set_locking_callback(openssl_lock);

  84. #if !defined(WIN32) && OPENSSL_VERSION_NUMBER < 0x10000000

  85.             CRYPTO_set_id_callback(openssl_thread_id);

  86. #endif

  87.         }

  88. #endif

  89.     }

  90.     openssl_init++;

  91.     avpriv_unlock_avformat();

  92. 

  93.     return 0;

  94. }

  95. 

  96. void ff_openssl_deinit(void)

  97. {

  98.     avpriv_lock_avformat();

  99.     openssl_init--;

  100.     if (!openssl_init) {

  101. #if HAVE_THREADS

  102.         if (CRYPTO_get_locking_callback() == openssl_lock) {

  103.             int i;

  104.             CRYPTO_set_locking_callback(NULL);

  105.             for (i = 0; i < CRYPTO_num_locks(); i++)

  106.                 pthread_mutex_destroy(&openssl_mutexes[i]);

  107.             av_free(openssl_mutexes);

  108.         }

  109. #endif

  110.     }

  111.     avpriv_unlock_avformat();

  112. }

  113. 

  114. static int print_tls_error(URLContext *h, int ret)

  115. {

  116.     av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));

  117.     return AVERROR(EIO);

  118. }

  119. 

  120. static int tls_close(URLContext *h)

  121. {

  122.     TLSContext *c = h->priv_data;

  123.     if (c->ssl) {

  124.         SSL_shutdown(c->ssl);

  125.         SSL_free(c->ssl);

  126.     }

  127.     if (c->ctx)

  128.         SSL_CTX_free(c->ctx);

  129.     if (c->tls_shared.tcp)

  130.         ffurl_close(c->tls_shared.tcp);

  131.     ff_openssl_deinit();

  132.     return 0;

  133. }

  134. 

  135. static int url_bio_create(BIO *b)

  136. {

  137.     b->init = 1;

  138.     b->ptr = NULL;

  139.     b->flags = 0;

  140.     return 1;

  141. }

  142. 

  143. static int url_bio_destroy(BIO *b)

  144. {

  145.     return 1;

  146. }

  147. 

  148. static int url_bio_bread(BIO *b, char *buf, int len)

  149. {

  150.     URLContext *h = b->ptr;

  151.     int ret = ffurl_read(h, buf, len);

  152.     if (ret >= 0)

  153.         return ret;

  154.     BIO_clear_retry_flags(b);

  155.     if (ret == AVERROR_EXIT)

  156.         return 0;

  157.     return -1;

  158. }

  159. 

  160. static int url_bio_bwrite(BIO *b, const char *buf, int len)

  161. {

  162.     URLContext *h = b->ptr;

  163.     int ret = ffurl_write(h, buf, len);

  164.     if (ret >= 0)

  165.         return ret;

  166.     BIO_clear_retry_flags(b);

  167.     if (ret == AVERROR_EXIT)

  168.         return 0;

  169.     return -1;

  170. }

  171. 

  172. static long url_bio_ctrl(BIO *b, int cmd, long num, void *ptr)

  173. {

  174.     if (cmd == BIO_CTRL_FLUSH) {

  175.         BIO_clear_retry_flags(b);

  176.         return 1;

  177.     }

  178.     return 0;

  179. }

  180. 

  181. static int url_bio_bputs(BIO *b, const char *str)

  182. {

  183.     return url_bio_bwrite(b, str, strlen(str));

  184. }

  185. 

  186. static BIO_METHOD url_bio_method = {

  187.     .type = BIO_TYPE_SOURCE_SINK,

  188.     .name = "urlprotocol bio",

  189.     .bwrite = url_bio_bwrite,

  190.     .bread = url_bio_bread,

  191.     .bputs = url_bio_bputs,

  192.     .bgets = NULL,

  193.     .ctrl = url_bio_ctrl,

  194.     .create = url_bio_create,

  195.     .destroy = url_bio_destroy,

  196. };

  197. 

  198. static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)

  199. {

  200.     TLSContext *p = h->priv_data;

  201.     TLSShared *c = &p->tls_shared;

  202.     BIO *bio;

  203.     int ret;

  204. 

  205.     if ((ret = ff_openssl_init()) < 0)

  206.         return ret;

  207. 

  208.     if ((ret = ff_tls_open_underlying(c, h, uri, options)) < 0)

  209.         goto fail;

  210. 

  211.     p->ctx = SSL_CTX_new(c->listen ? TLSv1_server_method() : TLSv1_client_method());

  212.     if (!p->ctx) {

  213.         av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));

  214.         ret = AVERROR(EIO);

  215.         goto fail;

  216.     }

  217.     if (c->ca_file) {

  218.         if (!SSL_CTX_load_verify_locations(p->ctx, c->ca_file, NULL))

  219.             av_log(h, AV_LOG_ERROR, "SSL_CTX_load_verify_locations %s\n", ERR_error_string(ERR_get_error(), NULL));

  220.     }

  221.     if (c->cert_file && !SSL_CTX_use_certificate_chain_file(p->ctx, c->cert_file)) {

  222.         av_log(h, AV_LOG_ERROR, "Unable to load cert file %s: %s\n",

  223.                c->cert_file, ERR_error_string(ERR_get_error(), NULL));

  224.         ret = AVERROR(EIO);

  225.         goto fail;

  226.     }

  227.     if (c->key_file && !SSL_CTX_use_PrivateKey_file(p->ctx, c->key_file, SSL_FILETYPE_PEM)) {

  228.         av_log(h, AV_LOG_ERROR, "Unable to load key file %s: %s\n",

  229.                c->key_file, ERR_error_string(ERR_get_error(), NULL));

  230.         ret = AVERROR(EIO);

  231.         goto fail;

  232.     }

  233.     // Note, this doesn't check that the peer certificate actually matches

  234.     // the requested hostname.

  235.     if (c->verify)

  236.         SSL_CTX_set_verify(p->ctx, SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL);

  237.     p->ssl = SSL_new(p->ctx);

  238.     if (!p->ssl) {

  239.         av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));

  240.         ret = AVERROR(EIO);

  241.         goto fail;

  242.     }

  243.     bio = BIO_new(&url_bio_method);

  244.     bio->ptr = c->tcp;

  245.     SSL_set_bio(p->ssl, bio, bio);

  246.     if (!c->listen && !c->numerichost)

  247.         SSL_set_tlsext_host_name(p->ssl, c->host);

  248.     ret = c->listen ? SSL_accept(p->ssl) : SSL_connect(p->ssl);

  249.     if (ret == 0) {

  250.         av_log(h, AV_LOG_ERROR, "Unable to negotiate TLS/SSL session\n");

  251.         ret = AVERROR(EIO);

  252.         goto fail;

  253.     } else if (ret < 0) {

  254.         ret = print_tls_error(h, ret);

  255.         goto fail;

  256.     }

  257. 

  258.     return 0;

  259. fail:

  260.     tls_close(h);

  261.     return ret;

  262. }

  263. 

  264. static int tls_read(URLContext *h, uint8_t *buf, int size)

  265. {

  266.     TLSContext *c = h->priv_data;

  267.     int ret = SSL_read(c->ssl, buf, size);

  268.     if (ret > 0)

  269.         return ret;

  270.     if (ret == 0)

  271.         return AVERROR_EOF;

  272.     return print_tls_error(h, ret);

  273. }

  274. 

  275. static int tls_write(URLContext *h, const uint8_t *buf, int size)

  276. {

  277.     TLSContext *c = h->priv_data;

  278.     int ret = SSL_write(c->ssl, buf, size);

  279.     if (ret > 0)

  280.         return ret;

  281.     if (ret == 0)

  282.         return AVERROR_EOF;

  283.     return print_tls_error(h, ret);

  284. }

  285. 

  286. static const AVOption options[] = {

  287.     TLS_COMMON_OPTIONS(TLSContext, tls_shared),

  288.     { NULL }

  289. };

  290. 

  291. static const AVClass tls_class = {

  292.     .class_name = "tls",

  293.     .item_name  = av_default_item_name,

  294.     .option     = options,

  295.     .version    = LIBAVUTIL_VERSION_INT,

  296. };

  297. 

  298. URLProtocol ff_tls_openssl_protocol = {

  299.     .name           = "tls",

  300.     .url_open2      = tls_open,

  301.     .url_read       = tls_read,

  302.     .url_write      = tls_write,

  303.     .url_close      = tls_close,

  304.     .priv_data_size = sizeof(TLSContext),

  305.     .flags          = URL_PROTOCOL_FLAG_NETWORK,

  306.     .priv_data_class = &tls_class,

  307. };