From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id EFD544E01D
	for <ffmpegdev@gitmailbox.com>; Fri,  6 Jun 2025 08:17:56 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 8D76F68C361;
	Fri,  6 Jun 2025 11:17:52 +0300 (EEST)
Received: from xmbghk7.mail.qq.com (xmbghk7.mail.qq.com [43.163.128.54])
 by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id E13B168B4B4
 for <ffmpeg-devel@ffmpeg.org>; Fri,  6 Jun 2025 11:17:44 +0300 (EEST)
Received: from localhost.localdomain
 ([2409:8a02:6072:8690:7da3:45cf:b5c9:673c])
 by newxmesmtplogicsvrszc13-0.qq.com (NewEsmtp) with SMTP
 id 4678EA79; Fri, 06 Jun 2025 16:17:39 +0800
X-QQ-mid: xmsmtpt1749197859t60674rap
Message-ID: <tencent_B1E45E144EE247A86781F9D2C676A04EB509@qq.com>
X-QQ-XMAILINFO: NY/MPejODIJV5McJ96MMWfrm4LEhBpB7xaLg5Pa2NnmquVIz+w2N7hrXWTI1ef
 RU5p7y9+b7AyOhBExz7YuiBE/FzX8RBjsFoIACUYWPnn1F//idtvTZ3M94kloS28Mg1EgMbXGoZg
 eNoBFc+y4O6ICUkKng/U/ZTtPfO+LFsZpX5uZlRGgHdKWLeap0bpLs5L89+l5XEN1jqG+LfBjwZK
 CxAzu/IQWl0NE+0xlLTR8KrSOCxR3nnRD8bqQLAyv/rlvImb/PC5GtGLcatFeW6Bha5x/pI8zN6P
 YrYpD3bXxBJl2vqvPKPyo3mZT4oPolNzHC4Cwuq1Ascc5evSVcdy+lTWTmhsa60jIEMOG1Qv/OYM
 RRc2l6vMIcP6QG87V3xSThufq/2rv/EaDyAfpd0z7mbPOvmRm8dUikGAL3SOg+1A7TKwJJ2cB+Ti
 2/tw8XQHaBT67DfgcQyVWhOAAkjxw1y1QybyB23qhsWwovRgTbg0n4XPPvDYmzj/z6XQBegZH0cL
 WvfXk5zXIXpBh+hyMLitIDEE6/+lSh9yQBgrzTNqsLVuJiVho/CG6+wabALDso5Dbi9s9w+kqkio
 2V7uLn/ySAACXuU48WvQbP6ubgOKKIs3TbIGpXZKQXAzgvxmgA7SlwJpUyp8FZ/ZlavxT6OGNR7G
 6FdFtFW+SCB2DZOWbu+YqIx16YzNq2jofioSQg9zbotdu1MRrgKOa9Ce3ONT89+sB3lv41LAb4z1
 uco6XAa+49NoIIghXrRbSnyHXsYVbWGa4kotsikLNjSr09tYqvgjcFBoWWTKMeMq8EioReNGwxx9
 MYzCEJyYjjZPJCxbHgtvVzY+K+gI/0f71p8DLG8/db3KdYRLXX2/lGnQvwUcERhYN5YePnwwddpR
 TGAoS6kJZiaS9sjQ+2rElLHRsEmrJy/z++0CQs289jLY1vw6UcBEKMNL1nuJzzv33vfqfJQrPy1W
 I2mbs33HrVEq7KKteG91e9NBdJHZVFHpyhmjlWebo=
X-QQ-XMRINFO: NI4Ajvh11aEj8Xl/2s1/T8w=
To: ffmpeg-devel@ffmpeg.org
Date: Fri,  6 Jun 2025 16:17:38 +0800
X-OQ-MSGID: <20250606081738.60589-1-jacklau1222@qq.com>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
X-Unsent: 1
Subject: [FFmpeg-devel] [PATCH v2] avformat/tls_openssl: fix build error
 when openssl version < 3
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
From: Jack Lau via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Jack Lau <jacklau1222@qq.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/tencent_B1E45E144EE247A86781F9D2C676A04EB509@qq.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

add the missing data structure pkey in the tls_context
properly set this pkey and free it

Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
 libavformat/tls_openssl.c | 33 ++++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/libavformat/tls_openssl.c b/libavformat/tls_openssl.c
index b589d5d90a..86e8935fee 100644
--- a/libavformat/tls_openssl.c
+++ b/libavformat/tls_openssl.c
@@ -467,6 +467,7 @@ typedef struct TLSContext {
     TLSShared tls_shared;
     SSL_CTX *ctx;
     SSL *ssl;
+    EVP_PKEY *pkey;
 #if OPENSSL_VERSION_NUMBER >= 0x1010000fL
     BIO_METHOD* url_bio_method;
 #endif
@@ -849,7 +850,7 @@ static av_cold int openssl_init_ca_key_cert(URLContext *h)
             goto fail;
         }
     } else if (p->tls_shared.key_buf) {
-        pkey = pkey_from_pem_string(p->tls_shared.key_buf, 1);
+        p->pkey = pkey = pkey_from_pem_string(p->tls_shared.key_buf, 1);
         if (SSL_CTX_use_PrivateKey(p->ctx, pkey) != 1) {
             av_log(p, AV_LOG_ERROR, "TLS: Init SSL_CTX_use_PrivateKey failed, %s\n", openssl_get_error(p));
             ret = AVERROR(EINVAL);
@@ -876,6 +877,9 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
     int ret = 0;
     c->is_dtls = 1;
     const char* ciphers = "ALL";
+#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
+    EC_KEY *ec_key = NULL;
+#endif
     /**
      * The profile for OpenSSL's SRTP is SRTP_AES128_CM_SHA1_80, see ssl/d1_srtp.c.
      * The profile for FFmpeg's SRTP is SRTP_AES128_CM_HMAC_SHA1_80, see libavformat/srtp.c.
@@ -908,15 +912,6 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
     }
 #endif
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L // v1.1.x
-#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
-    if (ctx->dtls_eckey)
-        SSL_CTX_set_tmp_ecdh(p->ctx, p->dtls_eckey);
-#else
-    SSL_CTX_set_ecdh_auto(p->ctx, 1);
-#endif
-#endif
-
     /**
      * We activate "ALL" cipher suites to align with the peer's capabilities,
      * ensuring maximum compatibility.
@@ -930,6 +925,17 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
     ret = openssl_init_ca_key_cert(h);
     if (ret < 0) goto fail;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // v1.1.x
+#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
+    if (p->pkey)
+        ec_key = EVP_PKEY_get1_EC_KEY(p->pkey);
+    if (ec_key)
+        SSL_CTX_set_tmp_ecdh(p->ctx, ec_key);
+#else
+    SSL_CTX_set_ecdh_auto(p->ctx, 1);
+#endif
+#endif
+
     /* Server will send Certificate Request. */
     SSL_CTX_set_verify(p->ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, openssl_dtls_verify_callback);
     /* The depth count is "level 0:peer certificate", "level 1: CA certificate",
@@ -1001,6 +1007,9 @@ static int dtls_start(URLContext *h, const char *url, int flags, AVDictionary **
 
     ret = 0;
 fail:
+#if OPENSSL_VERSION_NUMBER < 0x10002000L // v1.0.2
+    EC_KEY_free(ec_key);
+#endif
     return ret;
 }
 
@@ -1015,9 +1024,7 @@ static av_cold int dtls_close(URLContext *h)
     av_freep(&ctx->tls_shared.fingerprint);
     av_freep(&ctx->tls_shared.cert_buf);
     av_freep(&ctx->tls_shared.key_buf);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L /* OpenSSL 3.0 */
-    EC_KEY_free(ctx->dtls_eckey);
-#endif
+    EVP_PKEY_free(ctx->pkey);
     return 0;
 }
 
-- 
2.49.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".