lagertonne/yolobs-studio
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

New upstream version 25.0.3+dfsg1

Browse source
This commit is contained in:
Sebastian Ramacher 2020-03-25 09:07:22 +01:00
parent 04fe0efc67
commit 8b2e5f2130
569 changed files with 62491 additions and 5875 deletions
Download patch file Download diff file Expand all files Collapse all files

278
plugins/obs-outputs/librtmp/rtmp.c
View file

@ -87,7 +87,6 @@ static const char *my_dhm_G = "4";
#include <openssl/buffer.h>
#endif
TLS_CTX RTMP_TLS_ctx = NULL;
#endif
#define RTMP_SIG_SIZE 1536
@ -285,9 +284,9 @@ RTMP_LibVersion()
}
void
RTMP_TLS_LoadCerts() {
RTMP_TLS_LoadCerts(RTMP *r) {
#ifdef USE_MBEDTLS
mbedtls_x509_crt *chain = RTMP_TLS_ctx->cacert = calloc(1, sizeof(struct mbedtls_x509_crt));
mbedtls_x509_crt *chain = r->RTMP_TLS_ctx->cacert = calloc(1, sizeof(struct mbedtls_x509_crt));
mbedtls_x509_crt_init(chain);
#if defined(_WIN32)
@ -344,40 +343,45 @@ RTMP_TLS_LoadCerts() {
CFRelease(keychain_ref);
#elif defined(__linux__)
if (mbedtls_x509_crt_parse_path(chain, "/etc/ssl/certs/") != 0) {
if (mbedtls_x509_crt_parse_path(chain, "/etc/ssl/certs/") < 0) {
RTMP_Log(RTMP_LOGERROR, "mbedtls_x509_crt_parse_path: Couldn't parse "
"/etc/ssl/certs");
goto error;
}
#endif
mbedtls_ssl_conf_ca_chain(&RTMP_TLS_ctx->conf, chain, NULL);
mbedtls_ssl_conf_ca_chain(&r->RTMP_TLS_ctx->conf, chain, NULL);
return;
error:
RTMP_Log(RTMP_LOGERROR, "RTMP_TLS_LoadCerts: Failed to load "
"root certificate chains, RTMPS connections will likely "
"fail");
mbedtls_x509_crt_free(chain);
free(chain);
RTMP_TLS_ctx->cacert = NULL;
r->RTMP_TLS_ctx->cacert = NULL;
#endif /* USE_MBEDTLS */
}
void
RTMP_TLS_Init()
RTMP_TLS_Init(RTMP *r)
{
#ifdef CRYPTO
#if defined(USE_MBEDTLS)
const char * pers = "RTMP_TLS";
RTMP_TLS_ctx = calloc(1,sizeof(struct tls_ctx));
r->RTMP_TLS_ctx = calloc(1,sizeof(struct tls_ctx));
mbedtls_ssl_config_init(&RTMP_TLS_ctx->conf);
mbedtls_ctr_drbg_init(&RTMP_TLS_ctx->ctr_drbg);
mbedtls_entropy_init(&RTMP_TLS_ctx->entropy);
mbedtls_ssl_config_init(&r->RTMP_TLS_ctx->conf);
mbedtls_ctr_drbg_init(&r->RTMP_TLS_ctx->ctr_drbg);
mbedtls_entropy_init(&r->RTMP_TLS_ctx->entropy);
mbedtls_ctr_drbg_seed(&RTMP_TLS_ctx->ctr_drbg,
mbedtls_ctr_drbg_seed(&r->RTMP_TLS_ctx->ctr_drbg,
mbedtls_entropy_func,
&RTMP_TLS_ctx->entropy,
&r->RTMP_TLS_ctx->entropy,
(const unsigned char *)pers,
strlen(pers));
RTMP_TLS_LoadCerts();
RTMP_TLS_LoadCerts(r);
#elif defined(USE_POLARSSL)
/* Do this regardless of NO_SSL, we use havege for rtmpe too */
RTMP_TLS_ctx = calloc(1,sizeof(struct tls_ctx));
@ -407,114 +411,24 @@ RTMP_TLS_Init()
}
void
RTMP_TLS_Free() {
RTMP_TLS_Free(RTMP *r) {
#ifdef USE_MBEDTLS
mbedtls_ssl_config_free(&RTMP_TLS_ctx->conf);
mbedtls_ctr_drbg_free(&RTMP_TLS_ctx->ctr_drbg);
mbedtls_entropy_free(&RTMP_TLS_ctx->entropy);
if (RTMP_TLS_ctx->cacert) {
mbedtls_x509_crt_free(RTMP_TLS_ctx->cacert);
free(RTMP_TLS_ctx->cacert);
RTMP_TLS_ctx->cacert = NULL;
if (!r->RTMP_TLS_ctx)
return;
mbedtls_ssl_config_free(&r->RTMP_TLS_ctx->conf);
mbedtls_ctr_drbg_free(&r->RTMP_TLS_ctx->ctr_drbg);
mbedtls_entropy_free(&r->RTMP_TLS_ctx->entropy);
if (r->RTMP_TLS_ctx->cacert) {
mbedtls_x509_crt_free(r->RTMP_TLS_ctx->cacert);
free(r->RTMP_TLS_ctx->cacert);
r->RTMP_TLS_ctx->cacert = NULL;
}
// NO mbedtls_net_free() BECAUSE WE SET IT UP BY HAND!
free(RTMP_TLS_ctx);
RTMP_TLS_ctx = NULL;
#endif
}
void *
RTMP_TLS_AllocServerContext(const char* cert, const char* key)
{
void *ctx = NULL;
#ifdef CRYPTO
if (!RTMP_TLS_ctx)
RTMP_TLS_Init();
#if defined(USE_MBEDTLS)
tls_server_ctx *tc = ctx = calloc(1, sizeof(struct tls_server_ctx));
tc->conf = &RTMP_TLS_ctx->conf;
tc->ctr_drbg = &RTMP_TLS_ctx->ctr_drbg;
mbedtls_x509_crt_init(&tc->cert);
if (mbedtls_x509_crt_parse_file(&tc->cert, cert))
{
free(tc);
return NULL;
}
mbedtls_pk_init(&tc->key);
if (mbedtls_pk_parse_keyfile(&tc->key, key, NULL))
{
mbedtls_x509_crt_free(&tc->cert);
mbedtls_pk_free(&tc->key);
free(tc);
return NULL;
}
#elif defined(USE_POLARSSL)
tls_server_ctx *tc = ctx = calloc(1, sizeof(struct tls_server_ctx));
tc->dhm_P = my_dhm_P;
tc->dhm_G = my_dhm_G;
tc->hs = &RTMP_TLS_ctx->hs;
if (x509parse_crtfile(&tc->cert, cert))
{
free(tc);
return NULL;
}
if (x509parse_keyfile(&tc->key, key, NULL))
{
x509_free(&tc->cert);
free(tc);
return NULL;
}
#elif defined(USE_GNUTLS) && !defined(NO_SSL)
gnutls_certificate_allocate_credentials((gnutls_certificate_credentials*) &ctx);
if (gnutls_certificate_set_x509_key_file(ctx, cert, key, GNUTLS_X509_FMT_PEM) != 0)
{
gnutls_certificate_free_credentials(ctx);
return NULL;
}
#elif !defined(NO_SSL) /* USE_OPENSSL */
ctx = SSL_CTX_new(SSLv23_server_method());
if (!SSL_CTX_use_certificate_chain_file(ctx, cert))
{
SSL_CTX_free(ctx);
return NULL;
}
if (!SSL_CTX_use_PrivateKey_file(ctx, key, SSL_FILETYPE_PEM))
{
SSL_CTX_free(ctx);
return NULL;
}
#endif
#else
(void)cert;
(void)key;
#endif
return ctx;
}
void
RTMP_TLS_FreeServerContext(void *ctx)
{
#ifdef CRYPTO
#if defined(USE_MBEDTLS)
mbedtls_x509_crt_free(&((tls_server_ctx*)ctx)->cert);
mbedtls_pk_free(&((tls_server_ctx*)ctx)->key);
free(ctx);
#elif defined(USE_POLARSSL)
x509_free(&((tls_server_ctx*)ctx)->cert);
rsa_free(&((tls_server_ctx*)ctx)->key);
free(ctx);
#elif defined(USE_GNUTLS) && !defined(NO_SSL)
gnutls_certificate_free_credentials(ctx);
#elif !defined(NO_SSL) /* USE_OPENSSL */
SSL_CTX_free(ctx);
#endif
#else
(void)ctx;
free(r->RTMP_TLS_ctx);
r->RTMP_TLS_ctx = NULL;
#endif
}
@ -528,8 +442,7 @@ void
RTMP_Free(RTMP *r)
{
#if defined(CRYPTO) && defined(USE_MBEDTLS)
if (RTMP_TLS_ctx)
RTMP_TLS_Free();
RTMP_TLS_Free(r);
#endif
free(r);
}
@ -537,11 +450,6 @@ RTMP_Free(RTMP *r)
void
RTMP_Init(RTMP *r)
{
#ifdef CRYPTO
if (!RTMP_TLS_ctx)
RTMP_TLS_Init();
#endif
memset(r, 0, sizeof(RTMP));
r->m_sb.sb_socket = -1;
r->m_inChunkSize = RTMP_DEFAULT_CHUNKSIZE;
@ -557,6 +465,11 @@ RTMP_Init(RTMP *r)
r->Link.nStreams = 0;
r->Link.timeout = 30;
r->Link.swfAge = 30;
#ifdef CRYPTO
RTMP_TLS_Init(r);
#endif
}
void
@ -780,8 +693,12 @@ int RTMP_SetupURL(RTMP *r, char *url)
#ifdef CRYPTO
if ((r->Link.lFlags & RTMP_LF_SWFV) && r->Link.swfUrl.av_len)
#ifdef USE_HASHSWF
RTMP_HashSWF(r->Link.swfUrl.av_val, &r->Link.SWFSize,
(unsigned char *)r->Link.SWFHash, r->Link.swfAge);
#else
return FALSE;
#endif
#endif
SocksSetup(r, &r->Link.sockshost);
@ -1008,46 +925,16 @@ RTMP_Connect0(RTMP *r, struct sockaddr * service, socklen_t addrlen)
return TRUE;
}
int
RTMP_TLS_Accept(RTMP *r, void *ctx)
{
#if defined(CRYPTO) && !defined(NO_SSL)
tls_server_ctx *srv_ctx = ctx;
TLS_server(srv_ctx, r->m_sb.sb_ssl);
#if defined(USE_MBEDTLS)
mbedtls_net_context *client_fd = &RTMP_TLS_ctx->net;
mbedtls_net_init(client_fd);
client_fd->fd = r->m_sb.sb_socket;
TLS_setfd(r->m_sb.sb_ssl, client_fd);
#else
TLS_setfd(r->m_sb.sb_ssl, r->m_sb.sb_socket);
#endif
int connect_return = TLS_connect(r->m_sb.sb_ssl);
if (connect_return < 0)
{
RTMP_Log(RTMP_LOGERROR, "%s, TLS_Connect failed", __FUNCTION__);
return FALSE;
}
return TRUE;
#else
(void)r;
(void)ctx;
return FALSE;
#endif
}
int
RTMP_Connect1(RTMP *r, RTMPPacket *cp)
{
if (r->Link.protocol & RTMP_FEATURE_SSL)
{
#if defined(CRYPTO) && !defined(NO_SSL)
TLS_client(RTMP_TLS_ctx, r->m_sb.sb_ssl);
TLS_client(r->RTMP_TLS_ctx, r->m_sb.sb_ssl);
#if defined(USE_MBEDTLS)
mbedtls_net_context *server_fd = &RTMP_TLS_ctx->net;
mbedtls_net_context *server_fd = &r->RTMP_TLS_ctx->net;
server_fd->fd = r->m_sb.sb_socket;
TLS_setfd(r->m_sb.sb_ssl, server_fd);
@ -1070,10 +957,9 @@ RTMP_Connect1(RTMP *r, RTMPPacket *cp)
if (connect_return < 0)
{
#if defined(USE_MBEDTLS)
r->last_error_code = connect_return;
if (connect_return == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED)
{
r->last_error_code = connect_return;
// show a more detailed error in the log if possible
int verify_result = mbedtls_ssl_get_verify_result(r->m_sb.sb_ssl);
if (verify_result)
@ -2696,9 +2582,16 @@ b64enc(const unsigned char *input, int length, char *output, int maxsize)
#if defined(USE_MBEDTLS)
typedef mbedtls_md5_context MD5_CTX;
#if MBEDTLS_VERSION_NUMBER >= 0x02070000
#define MD5_Init(ctx) mbedtls_md5_init(ctx); mbedtls_md5_starts_ret(ctx)
#define MD5_Update(ctx,data,len) mbedtls_md5_update_ret(ctx,(unsigned char *)data,len)
#define MD5_Final(dig,ctx) mbedtls_md5_finish_ret(ctx,dig); mbedtls_md5_free(ctx)
#else
#define MD5_Init(ctx) mbedtls_md5_init(ctx); mbedtls_md5_starts(ctx)
#define MD5_Update(ctx,data,len) mbedtls_md5_update(ctx,(unsigned char *)data,len)
#define MD5_Final(dig,ctx) mbedtls_md5_finish(ctx,dig); mbedtls_md5_free(ctx)
#endif
#elif defined(USE_POLARSSL)
#define MD5_CTX md5_context
@ -4115,69 +4008,6 @@ HandShake(RTMP *r, int FP9HandShake)
(void)FP9HandShake;
return TRUE;
}
static int
SHandShake(RTMP *r)
{
int i;
char serverbuf[RTMP_SIG_SIZE + 1], *serversig = serverbuf + 1;
char clientsig[RTMP_SIG_SIZE];
uint32_t uptime;
int bMatch;
if (ReadN(r, serverbuf, 1) != 1) /* 0x03 or 0x06 */
return FALSE;
RTMP_Log(RTMP_LOGDEBUG, "%s: Type Request : %02X", __FUNCTION__, serverbuf[0]);
if (serverbuf[0] != 3)
{
RTMP_Log(RTMP_LOGERROR, "%s: Type unknown: client sent %02X",
__FUNCTION__, serverbuf[0]);
return FALSE;
}
uptime = htonl(RTMP_GetTime());
memcpy(serversig, &uptime, 4);
memset(&serversig[4], 0, 4);
#ifdef _DEBUG
for (i = 8; i < RTMP_SIG_SIZE; i++)
serversig[i] = 0xff;
#else
for (i = 8; i < RTMP_SIG_SIZE; i++)
serversig[i] = (char)(rand() % 256);
#endif
if (!WriteN(r, serverbuf, RTMP_SIG_SIZE + 1))
return FALSE;
if (ReadN(r, clientsig, RTMP_SIG_SIZE) != RTMP_SIG_SIZE)
return FALSE;
/* decode client response */
memcpy(&uptime, clientsig, 4);
uptime = ntohl(uptime);
RTMP_Log(RTMP_LOGDEBUG, "%s: Client Uptime : %d", __FUNCTION__, uptime);
RTMP_Log(RTMP_LOGDEBUG, "%s: Player Version: %d.%d.%d.%d", __FUNCTION__,
clientsig[4], clientsig[5], clientsig[6], clientsig[7]);
/* 2nd part of handshake */
if (!WriteN(r, clientsig, RTMP_SIG_SIZE))
return FALSE;
if (ReadN(r, clientsig, RTMP_SIG_SIZE) != RTMP_SIG_SIZE)
return FALSE;
bMatch = (memcmp(serversig, clientsig, RTMP_SIG_SIZE) == 0);
if (!bMatch)
{
RTMP_Log(RTMP_LOGWARNING, "%s, client signature does not match!", __FUNCTION__);
}
return TRUE;
}
#endif
int
@ -4421,12 +4251,6 @@ RTMP_SendPacket(RTMP *r, RTMPPacket *packet, int queue)
return TRUE;
}
int
RTMP_Serve(RTMP *r)
{
return SHandShake(r);
}
void
RTMP_Close(RTMP *r)
{