virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-11-23 21:54:53 +02:00
Code Issues Releases Activity

avformat/tls_openssl: clean keys serialization

Browse Source 
It was unnecessary convoluted, remove not needed memory allocations,
snprintf.

Also fixes posibility to call snprinft with NULL as %s input.

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
This commit is contained in:
Kacper Michajłow
2025-07-29 23:55:33 +02:00
committed by Leo Izen
parent 113c9c6cf3
commit 4676f97928
1 changed files with 36 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
libavformat/tls_openssl.c
View File

@@ -35,80 +35,57 @@
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
/** /**
* Returns a heap-allocated null-terminated string containing * Convert an EVP_PKEY to a PEM string.
* the PEM-encoded public key. Caller must free.
*/ */
static char *pkey_to_pem_string(EVP_PKEY *pkey) { static int pkey_to_pem_string(EVP_PKEY *pkey, char *out, size_t out_sz)
BIO *mem = NULL; {
BUF_MEM *bptr = NULL; BIO *mem = NULL;
char *pem_str = NULL; size_t read_bytes = 0;
if (!pkey || !out || !out_sz)
goto done;
// Create a memory BIO
if (!(mem = BIO_new(BIO_s_mem()))) if (!(mem = BIO_new(BIO_s_mem())))
goto err; goto done;
// Write public key in PEM form
if (!PEM_write_bio_PrivateKey(mem, pkey, NULL, NULL, 0, NULL, NULL)) if (!PEM_write_bio_PrivateKey(mem, pkey, NULL, NULL, 0, NULL, NULL))
goto err; goto done;
// Extract pointer/length if (!BIO_read_ex(mem, out, out_sz - 1, &read_bytes))
BIO_get_mem_ptr(mem, &bptr); goto done;
if (!bptr || !bptr->length)
goto err;
// Allocate string (+1 for NUL) done:
pem_str = av_malloc(bptr->length + 1);
if (!pem_str)
goto err;
// Copy data & NUL-terminate
memcpy(pem_str, bptr->data, bptr->length);
pem_str[bptr->length] = '\0';
cleanup:
BIO_free(mem); BIO_free(mem);
return pem_str; if (out && out_sz)
out[read_bytes] = '\0';
err: return read_bytes;
// error path: free and return NULL
free(pem_str);
pem_str = NULL;
goto cleanup;
} }
/** /**
* Serialize an X509 certificate to a av_malloc’d PEM string. * Convert an X509 certificate to a PEM string.
* Caller must free the returned pointer.
*/ */
static char *cert_to_pem_string(X509 *cert) static int cert_to_pem_string(X509 *cert, char *out, size_t out_sz)
{ {
BIO *mem = BIO_new(BIO_s_mem()); BIO *mem = NULL;
BUF_MEM *bptr = NULL; size_t read_bytes = 0;
char *out = NULL;
if (!mem) goto err; if (!cert || !out || !out_sz)
goto done;
if (!(mem = BIO_new(BIO_s_mem())))
goto done;
/* Write the PEM certificate */
if (!PEM_write_bio_X509(mem, cert)) if (!PEM_write_bio_X509(mem, cert))
goto err; goto done;
BIO_get_mem_ptr(mem, &bptr); if (!BIO_read_ex(mem, out, out_sz - 1, &read_bytes))
if (!bptr || !bptr->length) goto err; goto done;
out = av_malloc(bptr->length + 1); done:
if (!out) goto err;
memcpy(out, bptr->data, bptr->length);
out[bptr->length] = '\0';
cleanup:
BIO_free(mem); BIO_free(mem);
return out; if (out && out_sz)
out[read_bytes] = '\0';
err: return read_bytes;
free(out);
out = NULL;
goto cleanup;
} }
@@ -165,7 +142,6 @@ int ff_ssl_read_key_cert(char *key_url, char *cert_url, char *key_buf, size_t ke
AVBPrint key_bp, cert_bp; AVBPrint key_bp, cert_bp;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
X509 *cert = NULL; X509 *cert = NULL;
char *key_tem = NULL, *cert_tem = NULL;
/* To prevent a crash during cleanup, always initialize it. */ /* To prevent a crash during cleanup, always initialize it. */
av_bprint_init(&key_bp, 1, MAX_CERTIFICATE_SIZE); av_bprint_init(&key_bp, 1, MAX_CERTIFICATE_SIZE);
@@ -211,11 +187,8 @@ int ff_ssl_read_key_cert(char *key_url, char *cert_url, char *key_buf, size_t ke
goto end; goto end;
} }
key_tem = pkey_to_pem_string(pkey); pkey_to_pem_string(pkey, key_buf, key_sz);
cert_tem = cert_to_pem_string(cert); cert_to_pem_string(cert, cert_buf, cert_sz);
snprintf(key_buf, key_sz, "%s", key_tem);
snprintf(cert_buf, cert_sz, "%s", cert_tem);
/* Generate fingerprint. */ /* Generate fingerprint. */
if (fingerprint) { if (fingerprint) {
@@ -232,8 +205,6 @@ end:
av_bprint_finalize(&key_bp, NULL); av_bprint_finalize(&key_bp, NULL);
BIO_free(cert_b); BIO_free(cert_b);
av_bprint_finalize(&cert_bp, NULL); av_bprint_finalize(&cert_bp, NULL);
av_free(key_tem);
av_free(cert_tem);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
X509_free(cert); X509_free(cert);
return ret; return ret;
@@ -403,7 +374,6 @@ int ff_ssl_gen_key_cert(char *key_buf, size_t key_sz, char *cert_buf, size_t cer
int ret = 0; int ret = 0;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
X509 *cert = NULL; X509 *cert = NULL;
char *key_tem = NULL, *cert_tem = NULL;
ret = openssl_gen_private_key(&pkey); ret = openssl_gen_private_key(&pkey);
if (ret < 0) goto error; if (ret < 0) goto error;
@@ -411,14 +381,9 @@ int ff_ssl_gen_key_cert(char *key_buf, size_t key_sz, char *cert_buf, size_t cer
ret = openssl_gen_certificate(pkey, &cert, fingerprint); ret = openssl_gen_certificate(pkey, &cert, fingerprint);
if (ret < 0) goto error; if (ret < 0) goto error;
key_tem = pkey_to_pem_string(pkey); pkey_to_pem_string(pkey, key_buf, key_sz);
cert_tem = cert_to_pem_string(cert); cert_to_pem_string(cert, cert_buf, cert_sz);
snprintf(key_buf, key_sz, "%s", key_tem);
snprintf(cert_buf, cert_sz, "%s", cert_tem);
av_free(key_tem);
av_free(cert_tem);
error: error:
X509_free(cert); X509_free(cert);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);