From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 7CC734C760
	for <ffmpegdev@gitmailbox.com>; Wed, 25 Jun 2025 19:59:43 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id E0D5D68D7B2;
	Wed, 25 Jun 2025 22:59:29 +0300 (EEST)
Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com
 [209.85.221.47])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 2473968D590
 for <ffmpeg-devel@ffmpeg.org>; Wed, 25 Jun 2025 22:59:22 +0300 (EEST)
Received: by mail-wr1-f47.google.com with SMTP id
 ffacd0b85a97d-3a6cdc27438so174663f8f.2
 for <ffmpeg-devel@ffmpeg.org>; Wed, 25 Jun 2025 12:59:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1750881561; x=1751486361; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=QtiXpDdM1OBExbOZSCyEqZ/VwTDKzoH7+iYZCFkFEn8=;
 b=ZZIBIG4yFZ1MrgISRoUXcy9i+Nfjl85XRd2iDLJzQEmPKwMMxRJNiwhGb5haqOK5zJ
 MDQ0otosuY+G/lSl8HWZt5OdqVe+Rbiin2iQb4YLCNYBf8hZOu7S5gMJAAhHEJGbf+Cc
 Ax2U9UNl7pAU039BiY9HrWE5zPO7Ih9psR19av7rVV+cKktkAQFg7BYJ7CDoMnqqnFkz
 QDfoqUHp5zo0jMRNefggFcFboXjy9ttt6K3sedRP32t3tEAQ/LODe8mgaHifl/M/xOf7
 BLkzCmg+PlAvUIdDLF6tsKYFKNwji5nxHKY7uPj1fl19vnpmEmoXE1GKpWPvQhFfGK7N
 GGnQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1750881561; x=1751486361;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=QtiXpDdM1OBExbOZSCyEqZ/VwTDKzoH7+iYZCFkFEn8=;
 b=Znj6t/lrYfH5ryVXmHYURTlFqH9mwqbweenH6rDNtGxQMIxdsx2fgrbOgUveJHloxL
 VGoK1t5WrH3xT/JP05bhz+iKrunCvEnLzX9vcKkbWPaTc4sxTzDrk3w/R2ejubhMhCMl
 wJaQt+c9q18zHOONHSsUifYlLr7fejlPTic/XTGFEFC9NzUBjLJfV7SApYa+XtkySK2s
 hIO6IdWA4ysNcPUkzo3nuVHByo+UXbSaGbEpuHMJqOJcvNs9mEparaOPAv55dNz+7Cjg
 mdNBFM/A7aMyvXNXWj5Vs1+lQJrg6uyTccT/DNJhjQmmrn0qkwNvZ9llACFvFryPM6F3
 rm3g==
X-Gm-Message-State: AOJu0Yw4erVvhRIYwpBjQw7i18mfGF8u571seZmq3Wm12f3uhGGR7qh6
 58GwdcGNq93N8aWslXTWQ1/3RPFk/ld69btEA4fzpalVxWgdMmgC3ucmYiLruA==
X-Gm-Gg: ASbGncv/oTChOW06k3zHIwNHsAjerC9G1OOjGMASg2ZRLSkEMnmiWP8Hk2hv2yFQkln
 9NmHc1lm1QgemqlxKcQys54LxdXqTRuAD3JxbWdA8lS6j31AYwRGjMl8EHKD1fuZszSikvQNEnY
 pKowClxGQVYJwUtodft/LqWTHcFb2IDPhmNRpqtw2EtQJUQNAOPk6lHayA9anSnIEFFkXF1PK6L
 k5b0aoRI12YKgjp7BolY0TDwcptUzjwWVuOQ4zon8Nluqyg+Qck2zh8qs47Qia5N6iIsFrYBDrW
 25tWpBalXUFvq95QRwkct3v4OepAvo/1hvfE2yi6cC5w2VoLahCfzRLRGnuovkzaxz8IQamkX/H
 5mYaEBb1y5xhDkw3hrDJdHWBmauvMH7zrrgIzVSJ3j4p3bS+3Fh0TmCygJCLTyLZeAWnOEmstxa
 skpyj9
X-Google-Smtp-Source: AGHT+IHnOUpcG4pjLIspDuDYQXQVY9S2fcRo8PL35J+3AXdqWCuGHPZnLij11wexAM3KFGEA/ZIr1A==
X-Received: by 2002:a05:6000:288d:b0:3a4:ee3f:e9a6 with SMTP id
 ffacd0b85a97d-3a6ed651d5bmr3922941f8f.54.1750881561163; 
 Wed, 25 Jun 2025 12:59:21 -0700 (PDT)
Received: from ArmedBeast.fritz.box
 (p2003010237004500c9a67543cc7ba10e.dip0.t-ipconnect.de.
 [2003:102:3700:4500:c9a6:7543:cc7b:a10e])
 by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-3a6e810977esm5359288f8f.83.2025.06.25.12.59.20
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
 Wed, 25 Jun 2025 12:59:20 -0700 (PDT)
From: Marvin Scholz <epirat07-at-gmail.com@ffmpeg.org>
To: ffmpeg-devel@ffmpeg.org
Date: Wed, 25 Jun 2025 21:59:10 +0200
Message-Id: <20250625195916.20276-2-epirat07@gmail.com>
X-Mailer: git-send-email 2.39.5 (Apple Git-154)
In-Reply-To: <20250625195916.20276-1-epirat07@gmail.com>
References: <20250625195916.20276-1-epirat07@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 2/8] avformat: tls: drop support for OpenSSL
 < 1.1.0
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20250625195916.20276-2-epirat07@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

---
 libavformat/network.c     |   8 --
 libavformat/tls_openssl.c | 166 +-------------------------------------
 2 files changed, 2 insertions(+), 172 deletions(-)

diff --git a/libavformat/network.c b/libavformat/network.c
index 2eabd0c167..a7026ac09b 100644
--- a/libavformat/network.c
+++ b/libavformat/network.c
@@ -36,11 +36,6 @@
 int ff_tls_init(void)
 {
 #if CONFIG_TLS_PROTOCOL
-#if CONFIG_OPENSSL && OPENSSL_VERSION_NUMBER < 0x10100000L
-    int ret;
-    if ((ret = ff_openssl_init()) < 0)
-        return ret;
-#endif
 #if CONFIG_GNUTLS
     ff_gnutls_init();
 #endif
@@ -51,9 +46,6 @@ int ff_tls_init(void)
 void ff_tls_deinit(void)
 {
 #if CONFIG_TLS_PROTOCOL
-#if CONFIG_OPENSSL && OPENSSL_VERSION_NUMBER < 0x10100000L
-    ff_openssl_deinit();
-#endif
 #if CONFIG_GNUTLS
     ff_gnutls_deinit();
 #endif
diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index 2a3905891d..525b7f3701 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -262,11 +262,6 @@ static int openssl_gen_private_key(EVP_PKEY **pkey, EC_KEY **eckey)
         goto einval_end;
     }
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // v1.1.x
-    /* For openssl 1.0, we must set the group parameters, so that cert is ok. */
-    EC_GROUP_set_asn1_flag(ecgroup, OPENSSL_EC_NAMED_CURVE);
-#endif
-
     if (EC_KEY_set_group(*eckey, ecgroup) != 1) {
         av_log(NULL, AV_LOG_ERROR, "TLS: Generate private key, EC_KEY_set_group failed, %s\n", ERR_error_string(ERR_get_error(), NULL));
         goto einval_end;
@@ -415,11 +410,7 @@ error:
  */
 static EVP_PKEY *pkey_from_pem_string(const char *pem_str, int is_priv)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10002000L /* OpenSSL 1.0.2 */
-    BIO *mem = BIO_new_mem_buf((void *)pem_str, -1);
-#else
     BIO *mem = BIO_new_mem_buf(pem_str, -1);
-#endif
     if (!mem) {
         av_log(NULL, AV_LOG_ERROR, "BIO_new_mem_buf failed\n");
         return NULL;
@@ -449,11 +440,7 @@ static EVP_PKEY *pkey_from_pem_string(const char *pem_str, int is_priv)
  */
 static X509 *cert_from_pem_string(const char *pem_str)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10002000L /* OpenSSL 1.0.2 */
-    BIO *mem = BIO_new_mem_buf((void *)pem_str, -1);
-#else
     BIO *mem = BIO_new_mem_buf(pem_str, -1);
-#endif
     if (!mem) {
         av_log(NULL, AV_LOG_ERROR, "BIO_new_mem_buf failed\n");
         return NULL;
@@ -476,9 +463,7 @@ typedef struct TLSContext {
     SSL_CTX *ctx;
     SSL *ssl;
     EVP_PKEY *pkey;
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
     BIO_METHOD* url_bio_method;
-#endif
     int io_err;
     char error_message[256];
 } TLSContext;
@@ -530,87 +515,6 @@ int ff_dtls_state(URLContext *h)
     return c->tls_shared.state;
 }
 
-/* OpenSSL 1.0.2 or below, then you would use SSL_library_init. If you are
- * using OpenSSL 1.1.0 or above, then the library will initialize
- * itself automatically.
- * https://wiki.openssl.org/index.php/Library_Initialization
- */
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-#include "libavutil/thread.h"
-
-static AVMutex openssl_mutex = AV_MUTEX_INITIALIZER;
-
-static int openssl_init;
-
-#if HAVE_THREADS
-#include <openssl/crypto.h>
-#include "libavutil/mem.h"
-
-pthread_mutex_t *openssl_mutexes;
-static void openssl_lock(int mode, int type, const char *file, int line)
-{
-    if (mode & CRYPTO_LOCK)
-        pthread_mutex_lock(&openssl_mutexes[type]);
-    else
-        pthread_mutex_unlock(&openssl_mutexes[type]);
-}
-#if !defined(WIN32) && OPENSSL_VERSION_NUMBER < 0x10000000
-static unsigned long openssl_thread_id(void)
-{
-    return (intptr_t) pthread_self();
-}
-#endif
-#endif
-
-int ff_openssl_init(void)
-{
-    ff_mutex_lock(&openssl_mutex);
-    if (!openssl_init) {
-        SSL_library_init();
-        SSL_load_error_strings();
-#if HAVE_THREADS
-        if (!CRYPTO_get_locking_callback()) {
-            int i;
-            openssl_mutexes = av_malloc_array(sizeof(pthread_mutex_t), CRYPTO_num_locks());
-            if (!openssl_mutexes) {
-                ff_mutex_unlock(&openssl_mutex);
-                return AVERROR(ENOMEM);
-            }
-
-            for (i = 0; i < CRYPTO_num_locks(); i++)
-                pthread_mutex_init(&openssl_mutexes[i], NULL);
-            CRYPTO_set_locking_callback(openssl_lock);
-#if !defined(WIN32) && OPENSSL_VERSION_NUMBER < 0x10000000
-            CRYPTO_set_id_callback(openssl_thread_id);
-#endif
-        }
-#endif
-    }
-    openssl_init++;
-    ff_mutex_unlock(&openssl_mutex);
-
-    return 0;
-}
-
-void ff_openssl_deinit(void)
-{
-    ff_mutex_lock(&openssl_mutex);
-    openssl_init--;
-    if (!openssl_init) {
-#if HAVE_THREADS
-        if (CRYPTO_get_locking_callback() == openssl_lock) {
-            int i;
-            CRYPTO_set_locking_callback(NULL);
-            for (i = 0; i < CRYPTO_num_locks(); i++)
-                pthread_mutex_destroy(&openssl_mutexes[i]);
-            av_free(openssl_mutexes);
-        }
-#endif
-    }
-    ff_mutex_unlock(&openssl_mutex);
-}
-#endif
-
 static int print_ssl_error(URLContext *h, int ret)
 {
     TLSContext *c = h->priv_data;
@@ -645,27 +549,16 @@ static int tls_close(URLContext *h)
     if (c->ctx)
         SSL_CTX_free(c->ctx);
     ffurl_closep(&c->tls_shared.tcp);
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
     if (c->url_bio_method)
         BIO_meth_free(c->url_bio_method);
-#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    ff_openssl_deinit();
-#endif
     return 0;
 }
 
 static int url_bio_create(BIO *b)
 {
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
     BIO_set_init(b, 1);
     BIO_set_data(b, NULL);
     BIO_set_flags(b, 0);
-#else
-    b->init = 1;
-    b->ptr = NULL;
-    b->flags = 0;
-#endif
     return 1;
 }
 
@@ -674,11 +567,7 @@ static int url_bio_destroy(BIO *b)
     return 1;
 }
 
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
 #define GET_BIO_DATA(x) BIO_get_data(x)
-#else
-#define GET_BIO_DATA(x) (x)->ptr
-#endif
 
 static int url_bio_bread(BIO *b, char *buf, int len)
 {
@@ -726,25 +615,10 @@ static int url_bio_bputs(BIO *b, const char *str)
     return url_bio_bwrite(b, str, strlen(str));
 }
 
-#if OPENSSL_VERSION_NUMBER < 0x1010000fL
-static BIO_METHOD url_bio_method = {
-    .type = BIO_TYPE_SOURCE_SINK,
-    .name = "urlprotocol bio",
-    .bwrite = url_bio_bwrite,
-    .bread = url_bio_bread,
-    .bputs = url_bio_bputs,
-    .bgets = NULL,
-    .ctrl = url_bio_ctrl,
-    .create = url_bio_create,
-    .destroy = url_bio_destroy,
-};
-#endif
-
 static av_cold void init_bio_method(URLContext *h)
 {
     TLSContext *p = h->priv_data;
     BIO *bio;
-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
     p->url_bio_method = BIO_meth_new(BIO_TYPE_SOURCE_SINK, "urlprotocol bio");
     BIO_meth_set_write(p->url_bio_method, url_bio_bwrite);
     BIO_meth_set_read(p->url_bio_method, url_bio_bread);
@@ -754,10 +628,7 @@ static av_cold void init_bio_method(URLContext *h)
     BIO_meth_set_destroy(p->url_bio_method, url_bio_destroy);
     bio = BIO_new(p->url_bio_method);
     BIO_set_data(bio, p);
-#else
-    bio = BIO_new(&url_bio_method);
-    bio->ptr = p;
-#endif
+
     SSL_set_bio(p->ssl, bio, bio);
 }
 
@@ -885,32 +756,21 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
     int ret = 0;
     c->is_dtls = 1;
     const char* ciphers = "ALL";
-#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
-    EC_KEY *ec_key = NULL;
-#endif
+
     /**
      * The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c.
      * The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c.
      */
     const char* profiles = "SRTP_AES128_CM_SHA1_80";
     /* Refer to the test cases regarding these curves in the WebRTC code. */
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L /* OpenSSL 1.1.0 */
     const char* curves = "X25519:P-256:P-384:P-521";
-#elif OPENSSL_VERSION_NUMBER >= 0x10002000L /* OpenSSL 1.0.2 */
-    const char* curves = "P-256:P-384:P-521";
-#endif
 
-#if OPENSSL_VERSION_NUMBER < 0x10002000L /* OpenSSL v1.0.2 */
-    p->ctx = SSL_CTX_new(DTLSv1_method());
-#else
     p->ctx = SSL_CTX_new(DTLS_method());
-#endif
     if (!p->ctx) {
         ret = AVERROR(ENOMEM);
         goto fail;
     }
 
-#if OPENSSL_VERSION_NUMBER >= 0x10002000L /* OpenSSL 1.0.2 */
     /* For ECDSA, we could set the curves list. */
     if (SSL_CTX_set1_curves_list(p->ctx, curves) != 1) {
         av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_set1_curves_list failed, curves=%s, %s\n",
@@ -918,7 +778,6 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
         ret = AVERROR(EINVAL);
         return ret;
     }
-#endif
 
     /**
      * We activate "ALL" cipher suites to align with the peer's capabilities,
@@ -933,17 +792,6 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
     ret = openssl_init_ca_key_cert(h);
     if (ret < 0) goto fail;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // v1.1.x
-#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
-    if (p->pkey)
-        ec_key = EVP_PKEY_get1_EC_KEY(p->pkey);
-    if (ec_key)
-        SSL_CTX_set_tmp_ecdh(p->ctx, ec_key);
-#else
-    SSL_CTX_set_ecdh_auto(p->ctx, 1);
-#endif
-#endif
-
     /* Server will send Certificate Request. */
     SSL_CTX_set_verify(p->ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, openssl_dtls_verify_callback);
     /* The depth count is "level 0:peer certificate", "level 1: CA certificate",
@@ -975,9 +823,7 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
      */
     SSL_set_options(p->ssl, SSL_OP_NO_QUERY_MTU);
     SSL_set_mtu(p->ssl, p->tls_shared.mtu);
-#if OPENSSL_VERSION_NUMBER >= 0x100010b0L /* OpenSSL 1.0.1k */
     DTLS_set_link_mtu(p->ssl, p->tls_shared.mtu);
-#endif
     init_bio_method(h);
 
     if (p->tls_shared.use_external_udp != 1) {
@@ -1015,9 +861,6 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
 
     ret = 0;
 fail:
-#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
-    EC_KEY_free(ec_key);
-#endif
     return ret;
 }
 
@@ -1042,11 +885,6 @@ static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **op
     TLSShared *c = &p->tls_shared;
     int ret;
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    if ((ret = ff_openssl_init()) < 0)
-        return ret;
-#endif
-
     if ((ret = ff_tls_open_underlying(c, h, uri, options)) < 0)
         goto fail;
 
-- 
2.39.5 (Apple Git-154)

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".