cyrpto allows reading of data which has been aes-128-cbc encrypted given a key and an iv. But it did not handle filetypes which require seeking... e.g. it failed on an encrypted .mp4 file.
example:
take 25.mp4 created with:
ffmpeg -f lavfi -i sine=frequency=1000:beep_factor=2:r=48000:duration=720.0 -f lavfi -i testsrc=duration=720.0:rate=25 -vcodec libx264 -cmp 22 -timecode 10:00:00:00 -r 25 -y out\25.mp4
encrypt with:
openssl enc -aes-128-cbc -K 12345678901234567890123456789012 -iv 12345678901234567890123456789012 -in 25.mp4 -out 25.enc
then to transcode in ffmpeg:
ffmpeg -key 12345678901234567890123456789012 -iv 12345678901234567890123456789012 -i crypto:25.enc -vcodec mpeg4 -r 25 -y 25dec.mp4
prior to this modification, the transcode would fail.
Note also: crypto previously maked both reads and writes as streamed, which caused the whole file
to be read before the transcode started. Now, for read only, if the underlying layer is not marked as streamed,
then crypto is not. This should enable efficient reading of encrypted containers which require seeking.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
the current implementation reads in chunks of 149x16=2384 bytes.
Seems more logical for it to read in chunks of 4096
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Since all URLContexts have the same AVOptions, such AVOptions
will be applied on the outermost context only and removed from the
dict, while they probably make sense on all contexts.
This makes sure that rw_timeout gets propagated to the innermost
URLContext (to make sure it gets passed to the tcp protocol, when
opening a http connection for instance).
Alternatively, such matching options would be kept in the dict
and only removed after the ffurl_connect call.
Signed-off-by: Martin Storsjö <martin@martin.st>
This commit also disables the async fate test, because it
used internal APIs in a non-kosher way, which no longer
exists.
* commit '2758cdedfb7ac61f8b5e4861f99218b6fd43491d':
lavf: reorganize URLProtocols
Merged-by: Derek Buitenhuis <derek.buitenhuis@gmail.com>
Instead of a linked list constructed at av_register_all(), store them
in a constant array of pointers.
Since no registration is necessary now, this removes some global state
from lavf. This will also allow the urlprotocol layer caller to limit
the available protocols in a simple and flexible way in the following
commits.
* commit 'e002e3291e6dc7953f843abf56fc14f08f238b21':
Use the new aes/md5/sha/tree allocation functions
avutil: Add functions for allocating opaque contexts for algorithms
svq3: fix pointer type warning
svq3: replace unsafe pointer casting with intreadwrite macros
parseutils-test: various cleanups
Conflicts:
doc/APIchanges
libavcodec/svq3.c
libavutil/parseutils.c
libavutil/version.h
Merged-by: Michael Niedermayer <michaelni@gmx.at>
This can later be extended to support other AES bit sizes,
encryption, other crypto algorithms, reading the key from a URL, etc.
In order to use it, the key and initialization vector has to be
passed via AVOptions. Since such options can't be passed to
protocols from the command line, the protocol is currently
only for libavformat internal use.
Signed-off-by: Martin Storsjö <martin@martin.st>
