From: hyc <hyc@400ebc74-4327-4243-bc38-086b20814532>
Date: Wed, 17 Mar 2010 09:54:38 +0000 (+0000)
Subject: Remainder of gnutls support
X-Git-Tag: v2.4~172
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=46229221a5224b5f95d6e832fffaee5bd5d62989;p=rtmpdump

Remainder of gnutls support


git-svn-id: svn://svn.mplayerhq.hu/rtmpdump/trunk@366 400ebc74-4327-4243-bc38-086b20814532
---

diff --git a/Makefile b/Makefile
index 1647d8d..28c5b93 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,7 @@ OPT=-O2
 CFLAGS=-Wall $(XCFLAGS) $(INC) $(DEF) $(OPT)
 LDFLAGS=-Wall $(XLDFLAGS)
 LIBS=-lssl -lcrypto -lz
+#LIBS=-lgnutls -lz
 THREADLIB=-lpthread
 LIBRTMP=librtmp/librtmp.a
 SLIBS=$(THREADLIB) $(LIBS)
diff --git a/librtmp/Makefile b/librtmp/Makefile
index 1e58db8..3e553cf 100644
--- a/librtmp/Makefile
+++ b/librtmp/Makefile
@@ -1,7 +1,7 @@
 CC=$(CROSS_COMPILE)gcc
 LD=$(CROSS_COMPILE)ld
 
-DEF=-DRTMPDUMP_VERSION=\"v2.2a\"
+DEF=-DRTMPDUMP_VERSION=\"v2.2a\" # -DUSE_GNUTLS
 OPT=-O2
 CFLAGS=-Wall $(XCFLAGS) $(INC) $(DEF) $(OPT)
 
@@ -14,7 +14,7 @@ librtmp.a: rtmp.o log.o amf.o hashswf.o parseurl.o
 	$(AR) rs $@ $?
 
 log.o: log.c log.h Makefile
-rtmp.o: rtmp.c rtmp.h handshake.h dh.h log.h amf.h Makefile
+rtmp.o: rtmp.c rtmp.h rtmp_sys.h handshake.h dh.h log.h amf.h Makefile
 amf.o: amf.c amf.h bytes.h log.h Makefile
-hashswf.o: hashswf.c http.h rtmp.h
+hashswf.o: hashswf.c http.h rtmp.h rtmp_sys.h
 parseurl.o: parseurl.c
diff --git a/librtmp/hashswf.c b/librtmp/hashswf.c
index 60f006b..f5b66e7 100644
--- a/librtmp/hashswf.c
+++ b/librtmp/hashswf.c
@@ -28,22 +28,40 @@
 #include "log.h"
 #include "http.h"
 
+#ifdef USE_GNUTLS
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+#ifndef SHA256_DIGEST_LENGTH
+#define SHA256_DIGEST_LENGTH	32
+#endif
+#define HMAC_CTX	gcry_md_hd_t
+#define HMAC_setup(ctx, key, len)	gcry_md_open(&ctx, GCRY_MD_SHA256, GCRY_MD_FLAG_HMAC); gcry_md_setkey(ctx, key, len)
+#define HMAC_crunch(ctx, buf, len)	gcry_md_write(ctx, buf, len)
+#define HMAC_finish(ctx, dig, dlen)	dlen = SHA256_DIGEST_LENGTH; memcpy(dig, gcry_md_read(ctx, 0), dlen)
+#define HMAC_close(ctx)	gcry_md_close(ctx)
+#else
 #include <openssl/ssl.h>
 #include <openssl/sha.h>
 #include <openssl/hmac.h>
+#include <openssl/rc4.h>
+#define HMAC_setup(ctx, key, len)	HMAC_CTX_init(&ctx); HMAC_Init_ex(&ctx, (unsigned char *)key, len, EVP_sha256(), 0)
+#define HMAC_crunch(ctx, buf, len)	HMAC_Update(&ctx, (unsigned char *)buf, len)
+#define HMAC_finish(ctx, dig, dlen)	HMAC_Final(&ctx, (unsigned char *)dig, &dlen);
+#define HMAC_close(ctx)	HMAC_CTX_cleanup(&ctx)
+#endif
 #include <zlib.h>
 
 struct info
 {
-  HMAC_CTX *ctx;
   z_stream *zs;
+  HMAC_CTX ctx;
   int first;
   int zlib;
   int size;
 };
 
-extern void RTMP_SSL_Init();
-extern SSL_CTX *RTMP_ssl_ctx;
+extern void RTMP_TLS_Init();
+extern TLS_CTX RTMP_TLS_ctx;
 
 #define CHUNK	16384
 
@@ -63,7 +81,7 @@ swfcrunch(void *ptr, size_t size, size_t nmemb, void *stream)
 	  *p = 'F';
 	  i->zlib = 1;
 	}
-      HMAC_Update(i->ctx, (unsigned char *)p, 8);
+      HMAC_crunch(i->ctx, (unsigned char *)p, 8);
       p += 8;
       len -= 8;
       i->size = 8;
@@ -81,14 +99,14 @@ swfcrunch(void *ptr, size_t size, size_t nmemb, void *stream)
 	  inflate(i->zs, Z_NO_FLUSH);
 	  len = CHUNK - i->zs->avail_out;
 	  i->size += len;
-	  HMAC_Update(i->ctx, out, len);
+	  HMAC_crunch(i->ctx, out, len);
 	}
       while (i->zs->avail_out == 0);
     }
   else
     {
       i->size += len;
-      HMAC_Update(i->ctx, (unsigned char *)p, len);
+      HMAC_crunch(i->ctx, (unsigned char *)p, len);
     }
   return size * nmemb;
 }
@@ -123,8 +141,8 @@ HTTP_get(struct HTTP_ctx *http, const char *url, HTTP_read_callback *cb)
     {
       ssl = 1;
       port = 443;
-      if (!RTMP_ssl_ctx)
-	RTMP_SSL_Init();
+      if (!RTMP_TLS_ctx)
+	RTMP_TLS_Init();
     }
 
   p1 = strchr(url + 4, ':');
@@ -172,11 +190,11 @@ HTTP_get(struct HTTP_ctx *http, const char *url, HTTP_read_callback *cb)
     }
   if (ssl)
     {
-      sb.sb_ssl = SSL_new(RTMP_ssl_ctx);
-      SSL_set_fd(sb.sb_ssl, sb.sb_socket);
-      if (SSL_connect(sb.sb_ssl) < 0)
+      TLS_client(RTMP_TLS_ctx, sb.sb_ssl);
+      TLS_setfd(sb.sb_ssl, sb.sb_socket);
+      if ((i = TLS_connect(sb.sb_ssl)) < 0)
 	{
-	  Log(LOGERROR, "%s, SSL_Connect failed", __FUNCTION__);
+	  Log(LOGERROR, "%s, TLS_Connect failed", __FUNCTION__);
 	  ret = HTTPRES_LOST_CONNECTION;
 	  goto leave;
 	}
@@ -416,7 +434,6 @@ RTMP_HashSWF(const char *url, unsigned int *size, unsigned char *hash,
   struct HTTP_ctx http = { 0 };
   HTTPResult httpres;
   z_stream zs = { 0 };
-  HMAC_CTX ctx;
 
   date[0] = '\0';
   home = getenv(ENV_HOME);
@@ -519,11 +536,8 @@ RTMP_HashSWF(const char *url, unsigned int *size, unsigned char *hash,
     }
 
   in.first = 1;
-  HMAC_CTX_init(&ctx);
-  HMAC_Init_ex(&ctx, "Genuine Adobe Flash Player 001", 30, EVP_sha256(),
-	       NULL);
+  HMAC_setup(in.ctx, "Genuine Adobe Flash Player 001", 30);
   inflateInit(&zs);
-  in.ctx = &ctx;
   in.zs = &zs;
 
   http.date = date;
@@ -577,7 +591,7 @@ RTMP_HashSWF(const char *url, unsigned int *size, unsigned char *hash,
 
       if (!in.first)
 	{
-	  HMAC_Final(&ctx, (unsigned char *)hash, &hlen);
+	  HMAC_finish(in.ctx, hash, hlen);
 	  *size = in.size;
 
 	  fprintf(f, "date: %s\n", date);
@@ -588,7 +602,7 @@ RTMP_HashSWF(const char *url, unsigned int *size, unsigned char *hash,
 	  fprintf(f, "\n");
 	}
     }
-  HMAC_CTX_cleanup(&ctx);
+  HMAC_close(in.ctx);
 out:
   free(path);
   if (f)
diff --git a/librtmp/rtmp.c b/librtmp/rtmp.c
index 915de17..c06a68f 100644
--- a/librtmp/rtmp.c
+++ b/librtmp/rtmp.c
@@ -42,7 +42,7 @@
 #define RTMP_SIG_SIZE 1536
 #define RTMP_LARGE_HEADER_SIZE 12
 
-SSL_CTX *RTMP_ssl_ctx;
+TLS_CTX RTMP_TLS_ctx;
 static const int packetSize[] = { 12, 8, 4, 1 };
 
 bool RTMP_ctrlC;
@@ -181,17 +181,22 @@ RTMPPacket_Dump(RTMPPacket *p)
 }
 
 void
-RTMP_SSL_Init()
+RTMP_TLS_Init()
 {
 #ifdef USE_GNUTLS
   gnutls_global_init();
+  RTMP_TLS_ctx = malloc(sizeof(struct tls_ctx));
+  gnutls_certificate_allocate_credentials(&RTMP_TLS_ctx->cred);
+  gnutls_priority_init(&RTMP_TLS_ctx->prios, "NORMAL", NULL);
+  gnutls_certificate_set_x509_trust_file(RTMP_TLS_ctx->cred,
+  	"ca.pem", GNUTLS_X509_FMT_PEM);
 #else
   SSL_load_error_strings();
   SSL_library_init();
   OpenSSL_add_all_digests();
-  RTMP_ssl_ctx = SSL_CTX_new(SSLv23_method());
-  SSL_CTX_set_options(RTMP_ssl_ctx, SSL_OP_ALL);
-  SSL_CTX_set_default_verify_paths(RTMP_ssl_ctx);
+  RTMP_TLS_ctx = SSL_CTX_new(SSLv23_method());
+  SSL_CTX_set_options(RTMP_TLS_ctx, SSL_OP_ALL);
+  SSL_CTX_set_default_verify_paths(RTMP_TLS_ctx);
 #endif
 }
 
@@ -200,8 +205,8 @@ RTMP_Init(RTMP *r)
 {
   int i;
 
-  if (!RTMP_ssl_ctx)
-    RTMP_SSL_Init();
+  if (!RTMP_TLS_ctx)
+    RTMP_TLS_Init();
 
   for (i = 0; i < RTMP_CHANNELS; i++)
     {
@@ -466,11 +471,11 @@ RTMP_Connect1(RTMP *r, RTMPPacket *cp)
 {
   if (r->Link.protocol & RTMP_FEATURE_SSL)
     {
-      r->m_sb.sb_ssl = SSL_new(RTMP_ssl_ctx);
-      SSL_set_fd(r->m_sb.sb_ssl, r->m_sb.sb_socket);
-      if (SSL_connect(r->m_sb.sb_ssl) < 0)
+      TLS_client(RTMP_TLS_ctx, r->m_sb.sb_ssl);
+      TLS_setfd(r->m_sb.sb_ssl, r->m_sb.sb_socket);
+      if (TLS_connect(r->m_sb.sb_ssl) < 0)
 	{
-	  Log(LOGERROR, "%s, SSL_Connect failed", __FUNCTION__);
+	  Log(LOGERROR, "%s, TLS_Connect failed", __FUNCTION__);
 	  RTMP_Close(r);
 	  return false;
 	}
@@ -2836,7 +2841,7 @@ RTMPSockBuf_Fill(RTMPSockBuf *sb)
       nBytes = sizeof(sb->sb_buf) - sb->sb_size - (sb->sb_start - sb->sb_buf);
       if (sb->sb_ssl)
 	{
-	  nBytes = SSL_read(sb->sb_ssl, sb->sb_start + sb->sb_size, nBytes);
+	  nBytes = TLS_read(sb->sb_ssl, sb->sb_start + sb->sb_size, nBytes);
 	}
       else
 	{
@@ -2877,7 +2882,7 @@ RTMPSockBuf_Send(RTMPSockBuf *sb, const char *buf, int len)
 
   if (sb->sb_ssl)
     {
-      rc = SSL_write(sb->sb_ssl, buf, len);
+      rc = TLS_write(sb->sb_ssl, buf, len);
     }
   else
     {
@@ -2891,8 +2896,8 @@ RTMPSockBuf_Close(RTMPSockBuf *sb)
 {
   if (sb->sb_ssl)
     {
-      SSL_shutdown(sb->sb_ssl);
-      SSL_free(sb->sb_ssl);
+      TLS_shutdown(sb->sb_ssl);
+      TLS_close(sb->sb_ssl);
       sb->sb_ssl = NULL;
     }
   return closesocket(sb->sb_socket);
diff --git a/librtmp/rtmp_sys.h b/librtmp/rtmp_sys.h
index f606563..80bdb7c 100644
--- a/librtmp/rtmp_sys.h
+++ b/librtmp/rtmp_sys.h
@@ -48,4 +48,29 @@
 
 #include "rtmp.h"
 
+#ifdef USE_GNUTLS
+#include <gnutls/gnutls.h>
+typedef struct tls_ctx {
+	gnutls_certificate_credentials_t cred;
+	gnutls_priority_t prios;
+} tls_ctx;
+#define TLS_CTX	tls_ctx *
+#define TLS_client(ctx,s)	gnutls_init((gnutls_session_t *)(&s), GNUTLS_CLIENT); gnutls_priority_set(s, ctx->prios); gnutls_credentials_set(s, GNUTLS_CRD_CERTIFICATE, ctx->cred)
+#define TLS_setfd(s,fd)	gnutls_transport_set_ptr(s, (gnutls_transport_ptr_t)(long)fd)
+#define TLS_connect(s)	gnutls_handshake(s)
+#define TLS_read(s,b,l)	gnutls_record_recv(s,b,l)
+#define TLS_write(s,b,l)	gnutls_record_send(s,b,l)
+#define TLS_shutdown(s)	gnutls_bye(s, GNUTLS_SHUT_RDWR)
+#define TLS_close(s)	gnutls_deinit(s)
+#else
+#define TLS_CTX	SSL_CTX *
+#define TLS_client(ctx,s)	s = SSL_new(ctx)
+#define TLS_setfd(s,fd)	SSL_set_fd(s,fd)
+#define TLS_connect(s)	SSL_connect(s)
+#define TLS_read(s,b,l)	SSL_read(s,b,l)
+#define TLS_write(s,b,l)	SSL_write(s,b,l)
+#define TLS_shutdown(s)	SSL_shutdown(s)
+#define TLS_close(s)	SSL_free(s)
+
+#endif
 #endif