The gcrypt definition of `bn_new` used to use the return statement
on errors, with an AVERROR return value, regardless of the signature
of the function where the macro is used - it is called in
`dh_generate_key` and `ff_dh_init` which return pointers. As a result,
compiling with gcrypt and the ffrtmpcrypt protocol resulted in an
int-conversion warning. GCC 14 may upgrade these to errors [1].
This patch fixes the problem by changing the macro to remove `AVERROR`
and instead set `bn` to null if the allocation fails. This is the
behaviour of all the other `bn_new` implementations and so the result is
already checked at all the callsites. AFAICT, this should be the only
change needed to get ffmpeg off Fedora's naughty list of projects with
warnings which may be upgraded to errors in GCC 14 [2].
[1]: https://gcc.gnu.org/pipermail/gcc/2023-May/241264.html
[2]: https://www.mail-archive.com/devel@lists.fedoraproject.org/msg196024.html
Signed-off-by: Frank Plowman <post@frankplowman.com>
Signed-off-by: Martin Storsjö <martin@martin.st>
Instead use our own struct, which we already use when using
gcrypt and gnutls.
In OpenSSL 1.1, the DH struct has been made opaque.
Signed-off-by: Martin Storsjö <martin@martin.st>
* commit 'd12b5b2f135aade4099f4b26b0fe678656158c13':
build: Split test programs off into separate files
Some conversions done by: James Almer <jamrial@gmail.com>
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Either disabling or init'ing secure memory is required after the use
of gcry_check_version. From a look at the functions rtmpdh uses, I
noticed none require the use of secure memory, so we disable it [1][2].
This resolves some errors returned by rtmpdh code with uninitialized
gcrypt, especifically:
Fatal: failed to create the RNG lock: Invalid argument
FATAL: failed to acquire the FSM lock in libgrypt: Invalid argument
Version "1.5.4" was arbitrarily chosen. An older version probably works
as well, but I couldn't compile older versions to test on my machine.
[1]
https://gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html
[2]
https://www.gnupg.org/documentation/manuals/gcrypt/Controlling-the-library.html
Signed-off-by: Ricardo Constantino <wiiaboo@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
mpz_import and mpz_export were added in GMP 4.1, in 2002.
This simplifies the DH code by clarifying that it only uses pure
bignum functions, no other parts of nettle/hogweed.
Signed-off-by: Martin Storsjö <martin@martin.st>
* commit 'b2f0f37d242f1194fe1f886557cf6cefdf98caf6':
rtmpdh: Generate the whole private exponent using av_get_random_seed() with nettle/gmp
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit 'e9e86d9ef637f5a600c76b352ffe5a82b71b25d1':
rtmpdh: Create sufficiently long private keys for gcrypt/nettle
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '8016a1bd3b60e917e1b12748dd80c06c3462c286':
rtmpdh: Remove an unnecessary check in the gcrypt/nettle dh_compute_key
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '063f7467e4d14ab7fe01b2845dab60cc75df8b53':
rtmpdh: Add fate test for the DH handshake routine
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '0508faaa11bf7507ffdd655aee57c9dc5a8203f4':
rtmpdh: Pass the actual buffer size of the output secret key
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '9f1b3050d9e31e9283d818f3640f3460ac8cfb5b':
rtmpdh: Check the output buffer size in the openssl version of dh_compute_key
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '127d813bcb5705202b7100cf1eccd1e26d72ba14':
rtmpdh: Fix a local variable name in the nettle/gcrypt codepath
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* commit '78efc69e7c990226f4b913721ef1b308ca5bfa04':
rtmpdh: Make sure ret is initialized in the nettle version of bn_hex2bn
Merged-by: Michael Niedermayer <michaelni@gmx.at>
There was a misunderstanding betewen bits and bytes for the parameter
value for generating random big numbers.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master:
mpegvideo_enc: don't use deprecated avcodec_encode_video().
cmdutils: refactor -codecs option.
avconv: make -shortest a per-output file option.
lavc: add avcodec_descriptor_get_by_name().
lavc: add const to AVCodec* function parameters.
swf(dec): replace CODEC_ID with AV_CODEC_ID
dvenc: don't use deprecated AVCODEC_MAX_AUDIO_FRAME_SIZE
rtmpdh: Do not generate the same private key every time when using libnettle
rtp: remove ff_rtp_get_rtcp_file_handle().
rtsp.c: use ffurl_get_multi_file_handle() instead of ff_rtp_get_rtcp_file_handle()
avio: add (ff)url_get_multi_file_handle() for getting more than one fd
h264: vdpau: fix crash with unsupported colorspace
amrwbdec: Decode the fr_quality bit properly
Conflicts:
Changelog
cmdutils.c
cmdutils_common_opts.h
doc/ffmpeg.texi
ffmpeg.c
ffmpeg.h
ffmpeg_opt.c
libavcodec/h264.c
libavcodec/options.c
libavcodec/utils.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
Replace mpz_random by mpz_urandomb with a random state initialization in
order to improve the randomness.
Signed-off-by: Martin Storsjö <martin@martin.st>
* qatar/master:
rtmp: Add credit/copyright to librtmp authors for parts of the RTMPE code
rtmp: Move the CONFIG_ condition into the if conditions
aac: Mention abbreviation as well in long_name
build: Skip compiling rtmpdh.h if ffrtmpcrypt protocol is not enabled
doc: Add Git configuration section
configure: Add a dependency on https for rtmpts
rtp: Only choose static payload types if the sample rate and channels are right
Conflicts:
doc/git-howto.texi
libavformat/rtmpproto.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
* qatar/master:
v410dec: Implement explode mode support
zerocodec: fix direct rendering.
wav: init st to NULL to avoid a false-positive warning.
wavpack: set bits_per_raw_sample for S32 samples to properly identify 24-bit
h264: refactor NAL decode loop
RTMPTE protocol support
RTMPE protocol support
rtmp: Add ff_rtmp_calc_digest_pos()
rtmp: Rename rtmp_calc_digest to ff_rtmp_calc_digest and make it global
swscale: add missing HAVE_INLINE_ASM check.
lavfi: place x86 inline assembly under HAVE_INLINE_ASM.
vc1: Add a test for interlaced field pictures
swscale: Mark all init functions as av_cold
swscale: x86: Drop pointless _mmx suffix from filenames
lavf: use conditional notation for default codec in muxer declarations.
swscale: place inline assembly bilinear scaler under HAVE_INLINE_ASM.
dsputil: ppc: cosmetics: pretty-print
dsputil: x86: add SHUFFLE_MASK_W macro
configure: respect CC_O setting in check_cc
Conflicts:
Changelog
configure
libavcodec/v410dec.c
libavcodec/zerocodec.c
libavformat/asfenc.c
libavformat/version.h
libswscale/utils.c
libswscale/x86/swscale.c
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This adds two protocols, but one of them is an internal implementation
detail just used as an abstraction layer/generalization in the code. The
RTMPE protocol implementation uses ffrtmpcrypt:// as an alternative to the
tcp:// protocol. This allows moving most of the lower level logic out
from the higher level generic rtmp code.
Signed-off-by: Martin Storsjö <martin@martin.st>
