[FFmpeg-devel] [PATCH v2 6/6] lavf/tls_mbedtls: add workaround for TLSv1.3 vs.
From 98dd9aac129fbdf07f83da16b7307cb775ff8e66 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Fri, 17 May 2024 10:06:42 +0200 Subject: [PATCH v2 6/6] lavf/tls_mbedtls: add workaround for TLSv1.3 vs. verify=0 As of mbedTLS 3.6.0 TLSv1.3 is enabled by default and certificate verification is now mandatory. Our default configuration does not do verification, so downgrade to 1.2 in these situations to avoid breaking it. ref: https://github.com/Mbed-TLS/mbedtls/issues/7075 Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 12 1 file changed, 12 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 9be817af5e..fbad23ab8c 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -163,6 +163,10 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_INTERNAL_ERROR: av_log(h, AV_LOG_ERROR, "Internal error encountered.\n"); break; +case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: +// This error only happens with TLSv1.3, we normally use mbedtls_ssl_get_verify_result(). +av_log(h, AV_LOG_ERROR, "Certificate verification failed.\n"); +break; case MBEDTLS_ERR_NET_CONN_RESET: av_log(h, AV_LOG_ERROR, "TLS handshake was aborted by peer.\n"); break; @@ -266,6 +270,14 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op goto fail; } +#ifdef MBEDTLS_SSL_PROTO_TLS1_3 +// mbedTLS does not allow disabling certificate verification with TLSv1.3 (yes, really). +if (!shr->verify) { +av_log(h, AV_LOG_INFO, "Forcing TLSv1.2 because certificate verification is disabled\n"); +mbedtls_ssl_conf_max_tls_version(_ctx->ssl_config, MBEDTLS_SSL_VERSION_TLS1_2); +} +#endif + // not VERIFY_REQUIRED because we manually check after handshake mbedtls_ssl_conf_authmode(_ctx->ssl_config, shr->verify ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_NONE); -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v2 5/6] lavf/tls_mbedtls: handle session ticket error code as
From 87bf4c7de225036b5e4458c9de2de4b941f8f9b6 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 13 May 2024 20:29:10 +0200 Subject: [PATCH v2 5/6] lavf/tls_mbedtls: handle session ticket error code as no-op When TLSv1.3 and session tickets are enabled mbedtls_ssl_read() will return an error code to inform about a received session ticket. This can simply be handled like EAGAIN instead of errornously aborting the connection. ref: https://github.com/Mbed-TLS/mbedtls/issues/8749 Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index ef447e12a5..9be817af5e 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -325,6 +325,9 @@ static int handle_tls_error(URLContext *h, const char* func_name, int ret) switch (ret) { case MBEDTLS_ERR_SSL_WANT_READ: case MBEDTLS_ERR_SSL_WANT_WRITE: +#ifdef MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET +case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: +#endif return AVERROR(EAGAIN); case MBEDTLS_ERR_NET_SEND_FAILED: case MBEDTLS_ERR_NET_RECV_FAILED: -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v2 4/6] lavf/tls_mbedtls: fix handling of certification
From d561732d7c05d820baeb9c8bff5e8a4b133fe624 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 13 May 2024 20:27:17 +0200 Subject: [PATCH v2 4/6] lavf/tls_mbedtls: fix handling of certification validation failures We manually check the verification status after the handshake has completed using mbedtls_ssl_get_verify_result(). However with VERIFY_REQUIRED mbedtls_ssl_handshake() already returns an error, so this code is never reached. Fix that by using VERIFY_OPTIONAL, which performs the verification but does not abort the handshake. Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index f53e918e04..ef447e12a5 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -266,8 +266,9 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op goto fail; } +// not VERIFY_REQUIRED because we manually check after handshake mbedtls_ssl_conf_authmode(_ctx->ssl_config, - shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); + shr->verify ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_rng(_ctx->ssl_config, mbedtls_ctr_drbg_random, _ctx->ctr_drbg_context); mbedtls_ssl_conf_ca_chain(_ctx->ssl_config, _ctx->ca_cert, NULL); -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v2 3/6] lavf/tls_mbedtls: hook up debug message callback
From f51387a129e93af13751237ec2c6e25ad07c8dc4 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 13 May 2024 20:26:16 +0200 Subject: [PATCH v2 3/6] lavf/tls_mbedtls: hook up debug message callback Unfortunately this won't work out-of-the-box because mbedTLS only provides a global (not per-context) debug toggle. Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 17 + 1 file changed, 17 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 1a61fc57d6..f53e918e04 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -26,6 +26,7 @@ #include #include #include +#include #ifdef MBEDTLS_PSA_CRYPTO_C #include #endif @@ -36,6 +37,7 @@ #include "tls.h" #include "libavutil/mem.h" #include "libavutil/parseutils.h" +#include "libavutil/avstring.h" typedef struct TLSContext { const AVClass *class; @@ -112,6 +114,13 @@ static int mbedtls_recv(void *ctx, unsigned char *buf, size_t len) return handle_transport_error(h, "ffurl_read", MBEDTLS_ERR_SSL_WANT_READ, ret); } +static void mbedtls_debug(void *ctx, int lvl, const char *file, int line, const char *msg) +{ +URLContext *h = (URLContext*) ctx; +int av_lvl = lvl >= 4 ? AV_LOG_TRACE : AV_LOG_DEBUG; +av_log(h, av_lvl, "%s:%d: %s", av_basename(file), line, msg); +} + static void handle_pk_parse_error(URLContext *h, int ret) { switch (ret) { @@ -201,6 +210,14 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op mbedtls_x509_crt_init(_ctx->ca_cert); mbedtls_pk_init(_ctx->priv_key); +if (av_log_get_level() >= AV_LOG_DEBUG) { +mbedtls_ssl_conf_dbg(_ctx->ssl_config, mbedtls_debug, shr->tcp); +/* + * Note: we can't call mbedtls_debug_set_threshold() here because + * it's global state. The user is thus expected to manage this. + */ +} + // load trusted CA if (shr->ca_file) { if ((ret = mbedtls_x509_crt_parse_file(_ctx->ca_cert, shr->ca_file)) != 0) { -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v2 2/6] lavf/tls_mbedtls: add missing call to psa_crypto_init
From 18142d98aed9e48a78a37590341bf48f1fe2339e Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 13 May 2024 20:24:43 +0200 Subject: [PATCH v2 2/6] lavf/tls_mbedtls: add missing call to psa_crypto_init This is mandatory depending on configuration or at least with mbedTLS 3.6.0. Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 1226e3780b..1a61fc57d6 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -26,6 +26,9 @@ #include #include #include +#ifdef MBEDTLS_PSA_CRYPTO_C +#include +#endif #include "avformat.h" #include "internal.h" @@ -184,6 +187,13 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op if ((ret = ff_tls_open_underlying(shr, h, uri, options)) < 0) goto fail; +#ifdef MBEDTLS_PSA_CRYPTO_C +if ((ret = psa_crypto_init()) != PSA_SUCCESS) { +av_log(h, AV_LOG_ERROR, "psa_crypto_init returned %d\n", ret); +goto fail; +} +#endif + mbedtls_ssl_init(_ctx->ssl_context); mbedtls_ssl_config_init(_ctx->ssl_config); mbedtls_entropy_init(_ctx->entropy_context); -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v2 1/6] lavf/tls_mbedtls: handle more error codes for
From e8b5b6dee2d29690d1ae18090659120399b84e7c Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 13 May 2024 20:22:44 +0200 Subject: [PATCH v2 1/6] lavf/tls_mbedtls: handle more error codes for human-readable message Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 1a182e735e..1226e3780b 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -138,6 +138,9 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: av_log(h, AV_LOG_ERROR, "TLS handshake failed.\n"); break; +case MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION: +av_log(h, AV_LOG_ERROR, "TLS protocol version mismatch.\n"); +break; #endif case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: av_log(h, AV_LOG_ERROR, "A fatal alert message was received from the peer, has the peer a correct certificate?\n"); @@ -145,6 +148,9 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED: av_log(h, AV_LOG_ERROR, "No CA chain is set, but required to operate. Was the CA correctly set?\n"); break; +case MBEDTLS_ERR_SSL_INTERNAL_ERROR: +av_log(h, AV_LOG_ERROR, "Internal error encountered.\n"); +break; case MBEDTLS_ERR_NET_CONN_RESET: av_log(h, AV_LOG_ERROR, "TLS handshake was aborted by peer.\n"); break; -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 4/6] lavf/tls_mbedtls: fix handling of certification validation failures
Am 18.05.24 um 21:53 schrieb Michael Niedermayer: On Fri, May 17, 2024 at 10:34:41AM +0200, Sfan5 wrote: We manually check the verification status after the handshake has completed using mbedtls_ssl_get_verify_result(). However with VERIFY_REQUIRED mbedtls_ssl_handshake() already returns an error, so this code is never reached. Fix that by using VERIFY_OPTIONAL, which performs the verification but does not abort the handshake. Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 9508fe3436..67d5c568b9 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -263,8 +263,9 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op goto fail; } +// not VERIFY_REQUIRED because we manually check after handshake mbedtls_ssl_conf_authmode(_ctx->ssl_config, - shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); + shr->verify ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_rng(_ctx->ssl_config, mbedtls_ctr_drbg_random, _ctx->ctr_drbg_context); mbedtls_ssl_conf_ca_chain(_ctx->ssl_config, _ctx->ca_cert, NULL); This patch looks corrupted by extra line breaks [...] Thanks for pointing that out. It looks like years later Microsoft is still incapable of leaving patches intact... Will send as attachments for v2. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 1/6] lavf/tls_mbedtls: handle more error codes for human-readable message
Am 17.05.24 um 11:42 schrieb Andrew Sayers: On Fri, May 17, 2024 at 10:34:26AM +0200, Sfan5 wrote: Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 1a182e735e..fd6ba0b1f5 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -138,6 +138,9 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: av_log(h, AV_LOG_ERROR, "TLS handshake failed.\n"); break; +case MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION: +av_log(h, AV_LOG_ERROR, "TLS protocol version mismatches.\n"); "... mismatch" or "... does not match" would be more readable than "mismatches". The word "matches" can mean either "does match" or "plural of match". It's technically valid to use "mismatches" to mean "does not match", but in practice the word is only ever used to mean "plural of mismatch". Alright. Will change for v2. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 3/6] lavf/tls_mbedtls: hook up debug message callback
Am 17.05.24 um 11:51 schrieb Rémi Denis-Courmont: Le 17 mai 2024 11:34:35 GMT+03:00, Sfan5 a écrit : Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 14 ++ 1 file changed, 14 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 24c3afd94c..9508fe3436 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -26,6 +26,7 @@ #include #include #include +#include #ifdef MBEDTLS_PSA_CRYPTO_C #include #endif @@ -36,6 +37,7 @@ #include "tls.h" #include "libavutil/mem.h" #include "libavutil/parseutils.h" +#include "libavutil/avstring.h" typedef struct TLSContext { const AVClass *class; @@ -112,6 +114,13 @@ static int mbedtls_recv(void *ctx, unsigned char *buf, size_t len) return handle_transport_error(h, "ffurl_read", MBEDTLS_ERR_SSL_WANT_READ, ret); } +static void mbedtls_debug(void *ctx, int lvl, const char *file, int line, const char *msg) +{ +URLContext *h = (URLContext*) ctx; +int av_lvl = lvl >= 4 ? AV_LOG_TRACE : AV_LOG_DEBUG; +av_log(h, av_lvl, "%s:%d: %s", av_basename(file), line, msg); +} + static void handle_pk_parse_error(URLContext *h, int ret) { switch (ret) { @@ -201,6 +210,11 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op mbedtls_x509_crt_init(_ctx->ca_cert); mbedtls_pk_init(_ctx->priv_key); +if (av_log_get_level() >= AV_LOG_DEBUG) { +mbedtls_ssl_conf_dbg(_ctx->ssl_config, mbedtls_debug, shr->tcp); +mbedtls_debug_set_threshold(4); // maximum This doesn't look thread-safe / reentrant. Indeed. But what alternative is there? mbedTLS provides only this mechanism to get debug messages from it. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 6/6] lavf/tls_mbedtls: add workaround for TLSv1.3 vs. verify=0
As of mbedTLS 3.6.0 TLSv1.3 is enabled by default and certificate verification is now mandatory. Our default configuration does not do verification, so downgrade to 1.2 in these situations to avoid breaking it. ref: https://github.com/Mbed-TLS/mbedtls/issues/7075 Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 12 1 file changed, 12 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 8268e74638..5d5c7bfb25 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -163,6 +163,10 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_INTERNAL_ERROR: av_log(h, AV_LOG_ERROR, "Internal error encountered.\n"); break; +case MBEDTLS_ERR_X509_CERT_VERIFY_FAILED: +// This error only happens with TLSv1.3, we normally use mbedtls_ssl_get_verify_result(). +av_log(h, AV_LOG_ERROR, "Certificate verification failed.\n"); +break; case MBEDTLS_ERR_NET_CONN_RESET: av_log(h, AV_LOG_ERROR, "TLS handshake was aborted by peer.\n"); break; @@ -263,6 +267,14 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op goto fail; } +#ifdef MBEDTLS_SSL_PROTO_TLS1_3 +// mbedTLS does not allow disabling certificate verification with TLSv1.3 (yes, really). +if (!shr->verify) { +av_log(h, AV_LOG_INFO, "Forcing TLSv1.2 because certificate verification is disabled\n"); +mbedtls_ssl_conf_max_tls_version(_ctx->ssl_config, MBEDTLS_SSL_VERSION_TLS1_2); +} +#endif + // not VERIFY_REQUIRED because we manually check after handshake mbedtls_ssl_conf_authmode(_ctx->ssl_config, shr->verify ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_NONE); -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 5/6] lavf/tls_mbedtls: handle session ticket error code as no-op
When TLSv1.3 and session tickets are enabled mbedtls_ssl_read() will return an error code to inform about a received session ticket. This can simply be handled like EAGAIN instead of errornously aborting the connection. ref: https://github.com/Mbed-TLS/mbedtls/issues/8749 Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 67d5c568b9..8268e74638 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -322,6 +322,9 @@ static int handle_tls_error(URLContext *h, const char* func_name, int ret) switch (ret) { case MBEDTLS_ERR_SSL_WANT_READ: case MBEDTLS_ERR_SSL_WANT_WRITE: +#ifdef MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET +case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET: +#endif return AVERROR(EAGAIN); case MBEDTLS_ERR_NET_SEND_FAILED: case MBEDTLS_ERR_NET_RECV_FAILED: -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 4/6] lavf/tls_mbedtls: fix handling of certification validation failures
We manually check the verification status after the handshake has completed using mbedtls_ssl_get_verify_result(). However with VERIFY_REQUIRED mbedtls_ssl_handshake() already returns an error, so this code is never reached. Fix that by using VERIFY_OPTIONAL, which performs the verification but does not abort the handshake. Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 9508fe3436..67d5c568b9 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -263,8 +263,9 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op goto fail; } +// not VERIFY_REQUIRED because we manually check after handshake mbedtls_ssl_conf_authmode(_ctx->ssl_config, - shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); + shr->verify ? MBEDTLS_SSL_VERIFY_OPTIONAL : MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_rng(_ctx->ssl_config, mbedtls_ctr_drbg_random, _ctx->ctr_drbg_context); mbedtls_ssl_conf_ca_chain(_ctx->ssl_config, _ctx->ca_cert, NULL); -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 3/6] lavf/tls_mbedtls: hook up debug message callback
Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 14 ++ 1 file changed, 14 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 24c3afd94c..9508fe3436 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -26,6 +26,7 @@ #include #include #include +#include #ifdef MBEDTLS_PSA_CRYPTO_C #include #endif @@ -36,6 +37,7 @@ #include "tls.h" #include "libavutil/mem.h" #include "libavutil/parseutils.h" +#include "libavutil/avstring.h" typedef struct TLSContext { const AVClass *class; @@ -112,6 +114,13 @@ static int mbedtls_recv(void *ctx, unsigned char *buf, size_t len) return handle_transport_error(h, "ffurl_read", MBEDTLS_ERR_SSL_WANT_READ, ret); } +static void mbedtls_debug(void *ctx, int lvl, const char *file, int line, const char *msg) +{ +URLContext *h = (URLContext*) ctx; +int av_lvl = lvl >= 4 ? AV_LOG_TRACE : AV_LOG_DEBUG; +av_log(h, av_lvl, "%s:%d: %s", av_basename(file), line, msg); +} + static void handle_pk_parse_error(URLContext *h, int ret) { switch (ret) { @@ -201,6 +210,11 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op mbedtls_x509_crt_init(_ctx->ca_cert); mbedtls_pk_init(_ctx->priv_key); +if (av_log_get_level() >= AV_LOG_DEBUG) { +mbedtls_ssl_conf_dbg(_ctx->ssl_config, mbedtls_debug, shr->tcp); +mbedtls_debug_set_threshold(4); // maximum +} + // load trusted CA if (shr->ca_file) { if ((ret = mbedtls_x509_crt_parse_file(_ctx->ca_cert, shr->ca_file)) != 0) { -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 2/6] lavf/tls_mbedtls: add missing call to psa_crypto_init
This is mandatory depending on configuration or at least with mbedTLS 3.6.0. Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 10 ++ 1 file changed, 10 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index fd6ba0b1f5..24c3afd94c 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -26,6 +26,9 @@ #include #include #include +#ifdef MBEDTLS_PSA_CRYPTO_C +#include +#endif #include "avformat.h" #include "internal.h" @@ -184,6 +187,13 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op if ((ret = ff_tls_open_underlying(shr, h, uri, options)) < 0) goto fail; +#ifdef MBEDTLS_PSA_CRYPTO_C +if ((ret = psa_crypto_init()) != PSA_SUCCESS) { +av_log(h, AV_LOG_ERROR, "psa_crypto_init returned %d\n", ret); +goto fail; +} +#endif + mbedtls_ssl_init(_ctx->ssl_context); mbedtls_ssl_config_init(_ctx->ssl_config); mbedtls_entropy_init(_ctx->entropy_context); -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 1/6] lavf/tls_mbedtls: handle more error codes for human-readable message
Signed-off-by: sfan5 --- libavformat/tls_mbedtls.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index 1a182e735e..fd6ba0b1f5 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -138,6 +138,9 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE: av_log(h, AV_LOG_ERROR, "TLS handshake failed.\n"); break; +case MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION: +av_log(h, AV_LOG_ERROR, "TLS protocol version mismatches.\n"); +break; #endif case MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE: av_log(h, AV_LOG_ERROR, "A fatal alert message was received from the peer, has the peer a correct certificate?\n"); @@ -145,6 +148,9 @@ static void handle_handshake_error(URLContext *h, int ret) case MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED: av_log(h, AV_LOG_ERROR, "No CA chain is set, but required to operate. Was the CA correctly set?\n"); break; +case MBEDTLS_ERR_SSL_INTERNAL_ERROR: +av_log(h, AV_LOG_ERROR, "Internal error encountered.\n"); +break; case MBEDTLS_ERR_NET_CONN_RESET: av_log(h, AV_LOG_ERROR, "TLS handshake was aborted by peer.\n"); break; -- 2.45.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] mediacodecdec_common: enable refcounting of buffers unconditionally
This allows av_mediacodec_release_buffer to be called safely after the decoder is closed, this was already the case with delay_flush=1. Note that this causes holding onto frames to keep the decoding context alive which is generally considered to be the intended behavior (resending as my patch got mangled somehow) From c3a5edd940c503cca706b3d92954b8cd5c715e26 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Sun, 18 Sep 2022 18:26:43 +0200 Subject: [PATCH] mediacodecdec_common: enable refcounting of buffers unconditionally This allows av_mediacodec_release_buffer to be called safely after the decoder is closed, this was already the case with delay_flush=1. Note that this causes holding onto frames to keep the decoding context alive which is generally considered to be the intended behavior. Signed-off-by: sfan5 --- libavcodec/mediacodecdec_common.c | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/libavcodec/mediacodecdec_common.c b/libavcodec/mediacodecdec_common.c index 9fa769656c..2a605e7f5b 100644 --- a/libavcodec/mediacodecdec_common.c +++ b/libavcodec/mediacodecdec_common.c @@ -265,8 +265,7 @@ static void mediacodec_buffer_release(void *opaque, uint8_t *data) ff_AMediaCodec_releaseOutputBuffer(ctx->codec, buffer->index, 0); } -if (ctx->delay_flush) -ff_mediacodec_dec_unref(ctx); +ff_mediacodec_dec_unref(ctx); av_freep(); } @@ -321,8 +320,7 @@ static int mediacodec_wrap_hw_buffer(AVCodecContext *avctx, buffer->ctx = s; buffer->serial = atomic_load(>serial); -if (s->delay_flush) -ff_mediacodec_dec_ref(s); +ff_mediacodec_dec_ref(s); buffer->index = index; buffer->pts = info->presentationTimeUs; @@ -872,7 +870,7 @@ int ff_mediacodec_dec_receive(AVCodecContext *avctx, MediaCodecDecContext *s, */ int ff_mediacodec_dec_flush(AVCodecContext *avctx, MediaCodecDecContext *s) { -if (!s->surface || atomic_load(>refcount) == 1) { +if (!s->surface || !s->delay_flush || atomic_load(>refcount) == 1) { int ret; /* No frames (holding a reference to the codec) are retained by the -- 2.37.3 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] mediacodecdec_common: enable refcounting of buffers unconditionally
This allows av_mediacodec_release_buffer to be called safely after the decoder is closed, this was already the case with delay_flush=1. Note that this causes holding onto frames to keep the decoding context alive which is generally considered to be the intended behavior. --- libavcodec/mediacodecdec_common.c | 8 +++- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/libavcodec/mediacodecdec_common.c b/libavcodec/mediacodecdec_common.c index 9fa769656c..2a605e7f5b 100644 --- a/libavcodec/mediacodecdec_common.c +++ b/libavcodec/mediacodecdec_common.c @@ -265,8 +265,7 @@ static void mediacodec_buffer_release(void *opaque, uint8_t *data) ff_AMediaCodec_releaseOutputBuffer(ctx->codec, buffer->index, 0); } -if (ctx->delay_flush) -ff_mediacodec_dec_unref(ctx); +ff_mediacodec_dec_unref(ctx); av_freep(); } @@ -321,8 +320,7 @@ static int mediacodec_wrap_hw_buffer(AVCodecContext *avctx, buffer->ctx = s; buffer->serial = atomic_load(>serial); -if (s->delay_flush) -ff_mediacodec_dec_ref(s); +ff_mediacodec_dec_ref(s); buffer->index = index; buffer->pts = info->presentationTimeUs; @@ -872,7 +870,7 @@ int ff_mediacodec_dec_receive(AVCodecContext *avctx, MediaCodecDecContext *s, */ int ff_mediacodec_dec_flush(AVCodecContext *avctx, MediaCodecDecContext *s) { -if (!s->surface || atomic_load(>refcount) == 1) { +if (!s->surface || !s->delay_flush || atomic_load(>refcount) == 1) { int ret; /* No frames (holding a reference to the codec) are retained by the -- 2.37.3 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0
On 29.12.2021 at 21:02 Anton Khirnov wrote: Quoting sfan5 (2021-12-13 21:55:41) If ca_file was set, setting tls_verify=0 would not actually disable verification. From 2677353187c4e3c20b50a3f9aab53130e3ead99b Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 13 Dec 2021 21:35:40 +0100 Subject: [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 If ca_file was set, setting tls_verify=0 would not actually disable verification. --- libavformat/tls_mbedtls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index aadf17760d..5754d0d018 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -223,7 +223,7 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op } mbedtls_ssl_conf_authmode(_ctx->ssl_config, - shr->ca_file ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); + shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_rng(_ctx->ssl_config, mbedtls_ctr_drbg_random, _ctx->ctr_drbg_context); mbedtls_ssl_conf_ca_chain(_ctx->ssl_config, _ctx->ca_cert, NULL); -- 2.34.1 What will happen if verify=1, but ca_file is not set? The verification fails as expected and mbedtls_ssl_handshake returns an error, just tested. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0
ping. I'll look at getting this pushed in a few days if there are no objections. If ca_file was set, setting tls_verify=0 would not actually disable verification. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] lavc/mediacodecdec: set codec profile and level from extradata for H264+HEVC
This value is later passed to MediaCodec and checked at decoder init. Notably decoding of 10-bit streams before this commit would "work" without returning errors but only return garbage output (on most Android devices). From 304d1bd55e72212c1e907922547d40da240b Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 13 Dec 2021 21:01:00 +0100 Subject: [PATCH] lavc/mediacodecdec: set codec profile and level from extradata for H264+HEVC This value is later passed to MediaCodec and checked at decoder init. Notably decoding of 10-bit streams before this commit would "work" without returning errors but only return garbage output (on most Android devices). --- libavcodec/mediacodecdec.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/mediacodecdec.c b/libavcodec/mediacodecdec.c index 1cebb3d76d..04d5026e68 100644 --- a/libavcodec/mediacodecdec.c +++ b/libavcodec/mediacodecdec.c @@ -155,6 +155,9 @@ static int h264_set_extradata(AVCodecContext *avctx, FFAMediaFormat *format) uint8_t *data = NULL; int data_size = 0; +avctx->profile = ff_h264_get_profile(sps); +avctx->level = sps->level_idc; + if ((ret = h2645_ps_to_nalu(sps->data, sps->data_size, , _size)) < 0) { goto done; } @@ -236,6 +239,9 @@ static int hevc_set_extradata(AVCodecContext *avctx, FFAMediaFormat *format) uint8_t *data; int data_size; +avctx->profile = sps->ptl.general_ptl.profile_idc; +avctx->level = sps->ptl.general_ptl.level_idc; + if ((ret = h2645_ps_to_nalu(vps->data, vps->data_size, _data, _data_size)) < 0 || (ret = h2645_ps_to_nalu(sps->data, sps->data_size, _data, _data_size)) < 0 || (ret = h2645_ps_to_nalu(pps->data, pps->data_size, _data, _data_size)) < 0) { -- 2.34.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0
If ca_file was set, setting tls_verify=0 would not actually disable verification. From 2677353187c4e3c20b50a3f9aab53130e3ead99b Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 13 Dec 2021 21:35:40 +0100 Subject: [PATCH] lavf/tls_mbedtls: fix handling of tls_verify=0 If ca_file was set, setting tls_verify=0 would not actually disable verification. --- libavformat/tls_mbedtls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/tls_mbedtls.c b/libavformat/tls_mbedtls.c index aadf17760d..5754d0d018 100644 --- a/libavformat/tls_mbedtls.c +++ b/libavformat/tls_mbedtls.c @@ -223,7 +223,7 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op } mbedtls_ssl_conf_authmode(_ctx->ssl_config, - shr->ca_file ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); + shr->verify ? MBEDTLS_SSL_VERIFY_REQUIRED : MBEDTLS_SSL_VERIFY_NONE); mbedtls_ssl_conf_rng(_ctx->ssl_config, mbedtls_ctr_drbg_random, _ctx->ctr_drbg_context); mbedtls_ssl_conf_ca_chain(_ctx->ssl_config, _ctx->ca_cert, NULL); -- 2.34.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 2/2] avcodec/mediacodec_wrapper: use MediaCodecInfo.isSoftwareOnly() when available
>From 22ebde779f61fb030633a881ef320264ea446b6b Mon Sep 17 00:00:00 2001 From: sfan5 Date: Thu, 11 Feb 2021 20:48:54 +0100 Subject: [PATCH 2/2] avcodec/mediacodec_wrapper: use MediaCodecInfo.isSoftwareOnly() when available Added in Android 10 it provides a reliable way of filtering out software decoders, unlike existing string-based checks. --- libavcodec/mediacodec_wrapper.c | 13 + 1 file changed, 13 insertions(+) diff --git a/libavcodec/mediacodec_wrapper.c b/libavcodec/mediacodec_wrapper.c index f1945bcfc0..c829941d6b 100644 --- a/libavcodec/mediacodec_wrapper.c +++ b/libavcodec/mediacodec_wrapper.c @@ -45,6 +45,7 @@ struct JNIAMediaCodecListFields { jmethodID get_codec_capabilities_id; jmethodID get_supported_types_id; jmethodID is_encoder_id; +jmethodID is_software_only_id; jclass codec_capabilities_class; jfieldID color_formats_id; @@ -81,6 +82,7 @@ static const struct FFJniField jni_amediacodeclist_mapping[] = { { "android/media/MediaCodecInfo", "getCapabilitiesForType", "(Ljava/lang/String;)Landroid/media/MediaCodecInfo$CodecCapabilities;", FF_JNI_METHOD, offsetof(struct JNIAMediaCodecListFields, get_codec_capabilities_id), 1 }, { "android/media/MediaCodecInfo", "getSupportedTypes", "()[Ljava/lang/String;", FF_JNI_METHOD, offsetof(struct JNIAMediaCodecListFields, get_supported_types_id), 1 }, { "android/media/MediaCodecInfo", "isEncoder", "()Z", FF_JNI_METHOD, offsetof(struct JNIAMediaCodecListFields, is_encoder_id), 1 }, +{ "android/media/MediaCodecInfo", "isSoftwareOnly", "()Z", FF_JNI_METHOD, offsetof(struct JNIAMediaCodecListFields, is_software_only_id), 0 }, { "android/media/MediaCodecInfo$CodecCapabilities", NULL, NULL, FF_JNI_CLASS, offsetof(struct JNIAMediaCodecListFields, codec_capabilities_class), 1 }, { "android/media/MediaCodecInfo$CodecCapabilities", "colorFormats", "[I", FF_JNI_FIELD, offsetof(struct JNIAMediaCodecListFields, color_formats_id), 1 }, @@ -441,6 +443,17 @@ char *ff_AMediaCodecList_getCodecNameByType(const char *mime, int profile, int e goto done_with_info; } +if (jfields.is_software_only_id) { +int is_software_only = (*env)->CallBooleanMethod(env, info, jfields.is_software_only_id); +if (ff_jni_exception_check(env, 1, log_ctx) < 0) { +goto done; +} + +if (is_software_only) { +goto done_with_info; +} +} + codec_name = (*env)->CallObjectMethod(env, info, jfields.get_name_id); if (ff_jni_exception_check(env, 1, log_ctx) < 0) { goto done; -- 2.30.1 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 1/2] avcodec/mediacodec_wrapper: clean up ff_AMediaCodecList_getCodecNameByType a bit
Hi, while looking into mediacodec for unrelated reasons I saw some room for improvement. Therefore, here's a series with two small patches. >From cadd2b2d4a5ffbb4dcc34faf2d3e139e1d4d608b Mon Sep 17 00:00:00 2001 From: sfan5 Date: Thu, 11 Feb 2021 19:23:26 +0100 Subject: [PATCH 1/2] avcodec/mediacodec_wrapper: clean up ff_AMediaCodecList_getCodecNameByType a bit We can skip software decoders before even looking at the mime types. --- libavcodec/mediacodec_wrapper.c | 113 1 file changed, 57 insertions(+), 56 deletions(-) diff --git a/libavcodec/mediacodec_wrapper.c b/libavcodec/mediacodec_wrapper.c index 79abc8b6aa..f1945bcfc0 100644 --- a/libavcodec/mediacodec_wrapper.c +++ b/libavcodec/mediacodec_wrapper.c @@ -441,6 +441,30 @@ char *ff_AMediaCodecList_getCodecNameByType(const char *mime, int profile, int e goto done_with_info; } +codec_name = (*env)->CallObjectMethod(env, info, jfields.get_name_id); +if (ff_jni_exception_check(env, 1, log_ctx) < 0) { +goto done; +} + +name = ff_jni_jstring_to_utf_chars(env, codec_name, log_ctx); +if (!name) { +goto done; +} + +if (codec_name) { +(*env)->DeleteLocalRef(env, codec_name); +codec_name = NULL; +} + +/* Skip software decoders */ +if ( +strstr(name, "OMX.google") || +strstr(name, "OMX.ffmpeg") || +(strstr(name, "OMX.SEC") && strstr(name, ".sw.")) || +!strcmp(name, "OMX.qcom.video.decoder.hevcswvdec")) { +goto done_with_info; +} + type_count = (*env)->GetArrayLength(env, types); for (j = 0; j < type_count; j++) { int k; @@ -456,74 +480,51 @@ char *ff_AMediaCodecList_getCodecNameByType(const char *mime, int profile, int e goto done; } -if (!av_strcasecmp(supported_type, mime)) { -codec_name = (*env)->CallObjectMethod(env, info, jfields.get_name_id); -if (ff_jni_exception_check(env, 1, log_ctx) < 0) { -goto done; -} +if (av_strcasecmp(supported_type, mime)) { +goto done_with_type; +} -name = ff_jni_jstring_to_utf_chars(env, codec_name, log_ctx); -if (!name) { -goto done; -} +capabilities = (*env)->CallObjectMethod(env, info, jfields.get_codec_capabilities_id, type); +if (ff_jni_exception_check(env, 1, log_ctx) < 0) { +goto done; +} -if (codec_name) { -(*env)->DeleteLocalRef(env, codec_name); -codec_name = NULL; -} +profile_levels = (*env)->GetObjectField(env, capabilities, jfields.profile_levels_id); +if (ff_jni_exception_check(env, 1, log_ctx) < 0) { +goto done; +} -/* Skip software decoders */ -if ( -strstr(name, "OMX.google") || -strstr(name, "OMX.ffmpeg") || -(strstr(name, "OMX.SEC") && strstr(name, ".sw.")) || -!strcmp(name, "OMX.qcom.video.decoder.hevcswvdec")) { -av_freep(); -goto done_with_type; +profile_count = (*env)->GetArrayLength(env, profile_levels); +if (!profile_count) { +found_codec = 1; +} +for (k = 0; k < profile_count; k++) { +int supported_profile = 0; + +if (profile < 0) { +found_codec = 1; +break; } -capabilities = (*env)->CallObjectMethod(env, info, jfields.get_codec_capabilities_id, type); +profile_level = (*env)->GetObjectArrayElement(env, profile_levels, k); if (ff_jni_exception_check(env, 1, log_ctx) < 0) { goto done; } -profile_levels = (*env)->GetObjectField(env, capabilities, jfields.profile_levels_id); +supported_profile = (*env)->GetIntField(env, profile_level, jfields.profile_id); if (ff_jni_exception_check(env, 1, log_ctx) < 0) { goto done; } -profile_count = (*env)->GetArrayLength(env, profile_levels); -if (!profile_count) { -found_codec = 1; +found_codec = profile == supported_profile; + +if (profile_level) { +(*env)->DeleteLocalRef(env, profile_level); +
[FFmpeg-devel] [PATCH v3] avcodec/mediacodecdec: Do not abort when H264/HEVC extradata extraction fails
12.02.21 - 21:43 - Andreas Rheinhardt: sfan5: Hi, attached v2 patch after discussion on IRC with JEEB (as he already mentioned). Only change is that the log level turns to debug when missing parameter sets are within spec (cf. 14496-15). -av_log(avctx, AV_LOG_ERROR, "Could not extract PPS/SPS from extradata"); -ret = AVERROR_INVALIDDATA; +const int warn = is_avc && avctx->codec_tag != MKTAG('a','v','c','1') && +avctx->codec_tag != MKTAG('a','v','c','2'); +av_log(avctx, warn ? AV_LOG_WARNING : AV_LOG_DEBUG, +"Could not extract PPS/SPS from extradata\n"); +ret = 0; } warn = is_avc && (avctx->codec_tag == MKTAG('a','v','c','1') || avctx->codec_tag == MKTAG('a','v','c','2') is what you (should) want. - Andreas Thanks for pointing that out, you're correct. here's v3: >From 40c8ba797b39d1e61dc1697c65e0261411bc20b8 Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 25 Jan 2021 18:12:54 +0100 Subject: [PATCH v3] avcodec/mediacodecdec: Do not abort when H264/HEVC extradata extraction fails Although rare, extradata can be present but empty and extraction will fail. However Android also supports passing codec-specific data inline and will likely play such a stream anyway. So there's no reason to abort initialization before we know for sure. --- libavcodec/mediacodecdec.c | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/libavcodec/mediacodecdec.c b/libavcodec/mediacodecdec.c index ac1725e466..f5d13b171e 100644 --- a/libavcodec/mediacodecdec.c +++ b/libavcodec/mediacodecdec.c @@ -167,8 +167,11 @@ static int h264_set_extradata(AVCodecContext *avctx, FFAMediaFormat *format) ff_AMediaFormat_setBuffer(format, "csd-1", (void*)data, data_size); av_freep(); } else { -av_log(avctx, AV_LOG_ERROR, "Could not extract PPS/SPS from extradata"); -ret = AVERROR_INVALIDDATA; +const int warn = is_avc && (avctx->codec_tag == MKTAG('a','v','c','1') || +avctx->codec_tag == MKTAG('a','v','c','2')); +av_log(avctx, warn ? AV_LOG_WARNING : AV_LOG_DEBUG, +"Could not extract PPS/SPS from extradata\n"); +ret = 0; } done: @@ -254,8 +257,10 @@ static int hevc_set_extradata(AVCodecContext *avctx, FFAMediaFormat *format) av_freep(); } else { -av_log(avctx, AV_LOG_ERROR, "Could not extract VPS/PPS/SPS from extradata"); -ret = AVERROR_INVALIDDATA; +const int warn = is_nalff && avctx->codec_tag == MKTAG('h','v','c','1'); +av_log(avctx, warn ? AV_LOG_WARNING : AV_LOG_DEBUG, +"Could not extract VPS/PPS/SPS from extradata\n"); +ret = 0; } done: -- 2.30.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH v2] avcodec/mediacodecdec: Do not abort when H264/HEVC extradata extraction fails
Hi, attached v2 patch after discussion on IRC with JEEB (as he already mentioned). Only change is that the log level turns to debug when missing parameter sets are within spec (cf. 14496-15). >From 2fc46b8b22361d02f8c4008c3f47b2c3d0046b3a Mon Sep 17 00:00:00 2001 From: sfan5 Date: Mon, 25 Jan 2021 18:12:54 +0100 Subject: [PATCH v2] avcodec/mediacodecdec: Do not abort when H264/HEVC extradata extraction fails Although rare, extradata can be present but empty and extraction will fail. However Android also supports passing codec-specific data inline and will likely play such a stream anyway. So there's no reason to abort initialization before we know for sure. --- libavcodec/mediacodecdec.c | 13 + 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/libavcodec/mediacodecdec.c b/libavcodec/mediacodecdec.c index ac1725e466..5af1fd9198 100644 --- a/libavcodec/mediacodecdec.c +++ b/libavcodec/mediacodecdec.c @@ -167,8 +167,11 @@ static int h264_set_extradata(AVCodecContext *avctx, FFAMediaFormat *format) ff_AMediaFormat_setBuffer(format, "csd-1", (void*)data, data_size); av_freep(); } else { -av_log(avctx, AV_LOG_ERROR, "Could not extract PPS/SPS from extradata"); -ret = AVERROR_INVALIDDATA; +const int warn = is_avc && avctx->codec_tag != MKTAG('a','v','c','1') && +avctx->codec_tag != MKTAG('a','v','c','2'); +av_log(avctx, warn ? AV_LOG_WARNING : AV_LOG_DEBUG, +"Could not extract PPS/SPS from extradata\n"); +ret = 0; } done: @@ -254,8 +257,10 @@ static int hevc_set_extradata(AVCodecContext *avctx, FFAMediaFormat *format) av_freep(); } else { -av_log(avctx, AV_LOG_ERROR, "Could not extract VPS/PPS/SPS from extradata"); -ret = AVERROR_INVALIDDATA; +const int warn = is_nalff && avctx->codec_tag == MKTAG('h','v','c','1'); +av_log(avctx, warn ? AV_LOG_WARNING : AV_LOG_DEBUG, +"Could not extract VPS/PPS/SPS from extradata\n"); +ret = 0; } done: -- 2.30.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
Re: [FFmpeg-devel] [PATCH 1/2] avformat/dashdec: Fix missing NULL check
26.01.21 - 02:22 - Steven Liu: sfan5 于2021年1月25日周一 下午11:25写道: --- libavformat/dashdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c index 693fc7372b..dc56e89f11 100644 --- a/libavformat/dashdec.c +++ b/libavformat/dashdec.c @@ -161,7 +161,7 @@ typedef struct DASHContext { static int ishttp(char *url) { const char *proto_name = avio_find_protocol_name(url); -return av_strstart(proto_name, "http", NULL); +return proto_name && av_strstart(proto_name, "http", NULL); } static int aligned(int val) -- 2.30.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". LGTM Thanks Steven I don't have commit rights myself. Can you push these two patches? Thanks sfan5 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH] avcodec/mediacodecdec: Do not abort when H264/HEVC extradata extraction fails
Although rare, extradata can be present but empty and extraction will fail. However Android also supports passing codec-specific data inline and will likely play such a stream anyway. So there's no reason to abort initialization before we know for sure. --- libavcodec/mediacodecdec.c | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavcodec/mediacodecdec.c b/libavcodec/mediacodecdec.c index ac1725e466..67adefb530 100644 --- a/libavcodec/mediacodecdec.c +++ b/libavcodec/mediacodecdec.c @@ -167,8 +167,8 @@ static int h264_set_extradata(AVCodecContext *avctx, FFAMediaFormat *format) ff_AMediaFormat_setBuffer(format, "csd-1", (void*)data, data_size); av_freep(); } else { -av_log(avctx, AV_LOG_ERROR, "Could not extract PPS/SPS from extradata"); -ret = AVERROR_INVALIDDATA; +av_log(avctx, AV_LOG_WARNING, "Could not extract PPS/SPS from extradata\n"); +ret = 0; } done: @@ -254,8 +254,8 @@ static int hevc_set_extradata(AVCodecContext *avctx, FFAMediaFormat *format) av_freep(); } else { -av_log(avctx, AV_LOG_ERROR, "Could not extract VPS/PPS/SPS from extradata"); -ret = AVERROR_INVALIDDATA; +av_log(avctx, AV_LOG_WARNING, "Could not extract VPS/PPS/SPS from extradata\n"); +ret = 0; } done: -- 2.30.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 2/2] avformat/dashdec: Avoid segfault when URL template is unexpectedly missing
This isn't supposed to happen, but unfinished support for non-templated manifests and lack of e.g. presentationTimeOffset handling can provoke such a situation even with well-formed input. --- libavformat/dashdec.c | 10 +- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c index dc56e89f11..c4e6c3da16 100644 --- a/libavformat/dashdec.c +++ b/libavformat/dashdec.c @@ -1625,8 +1625,15 @@ static struct fragment *get_current_fragment(struct representation *pls) } } if (seg) { -char *tmpfilename= av_mallocz(c->max_url_size); +char *tmpfilename; +if (!pls->url_template) { +av_log(pls->parent, AV_LOG_ERROR, "Cannot get fragment, missing template URL\n"); +av_free(seg); +return NULL; +} +tmpfilename = av_mallocz(c->max_url_size); if (!tmpfilename) { +av_free(seg); return NULL; } ff_dash_fill_tmpl_params(tmpfilename, c->max_url_size, pls->url_template, 0, pls->cur_seq_no, 0, get_segment_start_time_based_on_timeline(pls, pls->cur_seq_no)); @@ -1637,6 +1644,7 @@ static struct fragment *get_current_fragment(struct representation *pls) if (!seg->url) { av_log(pls->parent, AV_LOG_ERROR, "Cannot resolve template url '%s'\n", pls->url_template); av_free(tmpfilename); +av_free(seg); return NULL; } } -- 2.30.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-devel] [PATCH 1/2] avformat/dashdec: Fix missing NULL check
--- libavformat/dashdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/dashdec.c b/libavformat/dashdec.c index 693fc7372b..dc56e89f11 100644 --- a/libavformat/dashdec.c +++ b/libavformat/dashdec.c @@ -161,7 +161,7 @@ typedef struct DASHContext { static int ishttp(char *url) { const char *proto_name = avio_find_protocol_name(url); -return av_strstart(proto_name, "http", NULL); +return proto_name && av_strstart(proto_name, "http", NULL); } static int aligned(int val) -- 2.30.0 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".