1. 19 May, 2017 1 commit
    • Timothy B. Terriberry's avatar
      Fix two minor errors in hostname validation. · 0a94cf8f
      Timothy B. Terriberry authored
      RFC 6125 says that if the host is an IP address, a subjectAltName of
       type iPAddress must (no 2119 caps) be present and must be used.
      We would still fall back to checking the Common Name if no
       subjectAltName was present.
      
      https://marc.info/?l=openssl-dev&m=139617145216047&w=2 interprets
       RFC 6125 to say that if the host is a DNS name, but the certificate
       only contains a subjectAltName of type iPAddress, then we should
       still fall back to checking the Common Name.
      We would only check the Common Name if there was no subjectAltName
       of any type.
      
      Restructure the hostname validation to check IP addresses up-front
       and fall back to checking the Common Name in the proper cases.
      0a94cf8f
  2. 08 Feb, 2017 1 commit
  3. 16 Sep, 2016 1 commit
    • Timothy B. Terriberry's avatar
      Fix MSVC warnings. · d0c82543
      Timothy B. Terriberry authored
      Some of these pointed to real potential overflows (given arbitrary
       inputs by the calling application).
      I was sad about stripping const qualifiers from the struct addrinfo
       pointers, but MSVC seems to erroneously think that an array of
       pointers to constant data is itself a pointer to constant data (or
       maybe that it is not compatible with a const void *?), and
       converting the memmove()s to for loops triggered an erroneous
       warning about out-of-bounds array accesses in gcc (but on only one
       of the two identical loops).
      d0c82543
  4. 06 Jul, 2016 1 commit
    • Timothy B. Terriberry's avatar
      Add support for OpenSSL 1.1.x. · 13a6a454
      Timothy B. Terriberry authored
      The API and ABI is not backwards-compatible.
      This is based on the prerelease version 1.1.0-pre5.
      It should continue to work with older versions of OpenSSL.
      
      Thanks to Ron Lee and the Debian project for reporting the build
       errors and testing the patch.
      13a6a454
  5. 26 Jun, 2016 1 commit
  6. 19 Jun, 2016 1 commit
  7. 30 Dec, 2015 1 commit
    • Timothy B. Terriberry's avatar
      Fix potential memory leaks with OpusServerInfo. · 0b2fe85a
      Timothy B. Terriberry authored
      In op_[v]open_url() and op_[v]test_url(), if we successfully
       connected to the URL but fail to parse it as an Opus stream, then
       we would return to the calling application without clearing any
       OpusServerInfo we might have filled in when connecting.
      This contradicts the general contract for user output buffers in
       our APIs, which is that they do not need to be initialized prior
       to a call and that their contents are untouched if a function
       fails (so that an application need do no additional clean-up on
       error).
      It would have been possible for an application to avoid these leaks
       by always calling opus_server_info_init() before a call to
       op_[v]open_url() or op_[v]test_url() and always calling
       opus_server_info_clear() afterwards (even on failure), but our
       examples don't do this and no other API of ours requires it.
      
      Fix the potential leaks by wrapping the implementation of
       op_url_stream_vcreate() so we can a) tell if the information was
       requested and b) store it in a separate, local buffer and delay
       copying it to the application until we know we've succeeded.
      0b2fe85a
  8. 27 Feb, 2015 1 commit
    • Timothy B. Terriberry's avatar
      Broaden the test for AI_NUMERICSERV. · bb765c37
      Timothy B. Terriberry authored
      OS X 10.5.8 does not define AI_NUMIERCSERV either, so instead of
       trying to enumerate the platforms that don't, just test for the
       value itself.
      Patch by Dave Evans at MacPorts.
      
      Fixes #2172
      bb765c37
  9. 20 Nov, 2013 4 commits
  10. 25 Aug, 2013 1 commit
  11. 24 Aug, 2013 1 commit
  12. 23 Aug, 2013 2 commits
    • Timothy B. Terriberry's avatar
      Add API to report information from server headers. · 97917914
      Timothy B. Terriberry authored
      This allows the application to report details about the server for
       HTTP[S] streams.
      For all HTTP[S], this includes the server software, content-type,
       and whether or not it's using HTTPS.
      For live streams, it also includes the station name, description,
       genre, homepage, nominal bitrate, and whether or not it's publicly
       listed.
      97917914
    • Timothy B. Terriberry's avatar
      Fix backwards HTTP Server header test. · f310b9ef
      Timothy B. Terriberry authored
      This was treating every unknown header as a Server header.
      Good thing this was last!
      The only damage was that we might have enabled pipelining even on
       known-bad servers.
      f310b9ef
  13. 21 Aug, 2013 1 commit
  14. 06 Aug, 2013 1 commit
  15. 28 Jun, 2013 1 commit
  16. 13 May, 2013 1 commit
    • Timothy B. Terriberry's avatar
      Move last few URL functions into http.c · 5e3c66ce
      Timothy B. Terriberry authored
      This makes it easier to split http.c and friends into their own
       library.
      This allows distributions to ship a libopusfile with generic Opus
       parsing support, and a libopusurl with http/https support.
      Keeping the latter in a separate library means that GPL
       applications don't have to link against the GPL-incompatible
       openssl, and distributions don't have to disable http support to
       allow GPL applications to use libopusfile.
      5e3c66ce
  17. 28 Apr, 2013 1 commit
  18. 28 Feb, 2013 6 commits
    • Timothy B. Terriberry's avatar
      More minor win32 cleanups. · 27c8948a
      Timothy B. Terriberry authored
      Just normalizing coding style.
      27c8948a
    • Timothy B. Terriberry's avatar
      Support the Windows system certificate store. · 9a866b18
      Timothy B. Terriberry authored and Ralph Giles's avatar Ralph Giles committed
      OpenSSL on Windows does not pull certificates from any well-known
       location (in fact most binaries continue to use the default Unix
       path, which usually doesn't even exist).
      We could ship our own set of certificates (e.g., cloned from the
       Mozilla root list), but I don't want to be responsible for
       releasing libopusfile updates when things like DigiNotar
       fiasco [1] happen.
      That approach also means that we would need to load, parse, and
       keep a copy of every certificate in the system for every SSL
       session.
      
      OpenSSL has had patches sitting in their bugtracker which load
       certificates from the Crypto API's system certificate store.
      However, those patches have been sitting around for several years,
       so movement on that front in the near future seems unlikely.
      We don't care about using OpenSSL's builtin CAPI engine, though, so
       we can do the same thing with less than 200 lines of code.
      This puts the maintenance burden on Windows Update, which will be
       far more timely and effective than getting people to upgrade
       libopusfile, and gets us on-demand loading of just the
       certificates we need.
      
      [1] <https://bugzilla.mozilla.org/show_bug.cgi?id=682927>
      9a866b18
    • Timothy B. Terriberry's avatar
      Fix warnings when compiling with a recent MSVC. · 4ce926cb
      Timothy B. Terriberry authored and Ralph Giles's avatar Ralph Giles committed
      Apparently Vista includes more things in its Winsock implementation
       and errno.h than earlier versions of Windows.
      4ce926cb
    • Timothy B. Terriberry's avatar
      Clean up winsock usage. · 25477092
      Timothy B. Terriberry authored and Ralph Giles's avatar Ralph Giles committed
      This keeps differences which can be cleanly abstracted away clean
       (closesocket, ioctlsocket, getsockopt, setsockopt), and makes
       differences which cannot be cleanly abstracted explicit (SOCKET,
       INVALID_SOCKET, WSAGetLastError/WSASetLastError).
      It also gets rid of wsockwrapper.[ch], since it contained just a
       single function.
      
      This can successfully pass the seeking_example tests on
       big.chained.blob over https when built with i686-w64-mingw32 and
       run under wine.
      It does not solve the certificate distribution problems with using
       OpenSSL on a real Windows system.
      25477092
    • Timothy B. Terriberry's avatar
      Clean up mingw32 configuruation. · 1e9d7d85
      Timothy B. Terriberry authored and Ralph Giles's avatar Ralph Giles committed
      Properly check for HTTP support and handle the case where it's
       disabled.
      Also fixes the include paths broken by 3e7f0ddc.
      1e9d7d85
    • Ralph Giles's avatar
      Initial winsock support patch from nu774. · 9c097eee
      Ralph Giles authored and Ralph Giles's avatar Ralph Giles committed
      Some tweak might be still needed to take care of OPENSSL_AppLink
      to get https support working. In win32, user application of openssl
      is required to include openssl/applink.c or something, when openssl
      is compiled with OPENSSL_USE_APPLINK.
      
      I don't know how it should be taken care of, from the library point of
      view (it must be done by user of libopusfile, since openssl always
      searches that function in executable module).
      
      Posted to the hydrogenaudio format 2012 November 19.
      http://www.hydrogenaudio.org/forums/index.php?s=&showtopic=97856&view=findpost&p=814582
      9c097eee
  19. 12 Feb, 2013 1 commit
  20. 10 Jan, 2013 1 commit
  21. 23 Dec, 2012 1 commit
  22. 13 Nov, 2012 1 commit
  23. 28 Oct, 2012 1 commit
  24. 27 Oct, 2012 2 commits
    • Timothy B. Terriberry's avatar
      A few small updates to the hostname verification. · 3bc74807
      Timothy B. Terriberry authored
      Fixes the case where a raw IPv6 address would be rejected as not
       looking like a FQDN.
      Also simplifies the wildcard comparison a little.
      3bc74807
    • Timothy B. Terriberry's avatar
      Make SSL/TLS certificate checking actually work. · a7c5b93c
      Timothy B. Terriberry authored
      We weren't loading the default certificate store, so there were no
       trusted certificates to validate hosts with, and all checks would
       fail (unless explicitly disabled with
       OP_SSL_SKIP_CERTIFICATE_CHECK(0)).
      This adds that call, and also adds hostname verification (which
       OpenSSL does not do for us, because they are morons).
      I've done my best to get the latter right by reading the RFCs, but
       this stuff is complex, it's easy to make mistakes, and I only have
       a limited ability to test it, so caveat emptor.
      a7c5b93c
  25. 24 Oct, 2012 1 commit
    • Timothy B. Terriberry's avatar
      Replace return code checks with OP_ALWAYS_TRUE(). · 4b70af03
      Timothy B. Terriberry authored
      Instead of assigning the return code to a local variable and then
       using OP_ASSERT(), define a new OP_ALWAYS_TRUE() macro that still
       evaluates its argument when assertions are disabled.
      This avoids -Wunused-but-set-variable warnings from clang and
       useless scan-build reports (if scan-build is run without
       assertions enabled).
      4b70af03
  26. 23 Oct, 2012 2 commits
    • Timothy B. Terriberry's avatar
      Some http improvements. · 7b2cc5f1
      Timothy B. Terriberry authored
      - Attempt to re-use connections when we've already received enough
         data to do so immediately.
      - Make sure when seeking near the end, if the current chunk size is
         such that the _next_ chunk will be half the normal size or less,
         we just ask for the rest of the resource.
      
      With these two changes, a normal open of a single-chain Opus-only
       file requires exactly two HTTP requests.
      
      - Also use the response buffer as a dummy buffer when skipping
         data.
        This will avoid helgrind errors for multiple writes from
         different threads without locking (should someone be reading
         multiple streams from different threads).
        It's also better for SMP cache contention.
      7b2cc5f1
    • Timothy B. Terriberry's avatar
      Be more scrupulous about reading extra data. · 7c52622f
      Timothy B. Terriberry authored
      This can be quite expensive with the http backend, especially if it
       causes us to pass a chunk threshold and issue a new request.
      It also lets us error out more quickly if the underlying stream
       data changes.
      7c52622f
  27. 22 Oct, 2012 1 commit
    • Timothy B. Terriberry's avatar
      Fix a few minor nits. · 21f72850
      Timothy B. Terriberry authored
      - The DIGIT character sets shouldn't need to list "0" twice.
      - Avoid a lookup for the port number in getaddrinfo().
      - Resolve the OPUS_SET_GAIN TODO (by refusing to implement a fallback).
      - A few more minor things.
      21f72850
  28. 20 Oct, 2012 2 commits
    • Timothy B. Terriberry's avatar
      Re-do abstract stream reader API. · e2d7b266
      Timothy B. Terriberry authored
      This changes op_read_func to
      a) Take a single byte count to read instead of an "item" count
          (which the http backend couldn't properly support anyway).
      b) Use integers for buffer sizes to avoid having to worry about
          sign differences and whether size_t is larger or smaller than
          opus_int64, etc.
      c) Return an explicit error code (instead of using errno like
          fread).
         We had already eliminated the use of errno, but we did it by
          treating read errors and EOF identically in all cases.
         This was preventing us from reporting SSL truncation attacks
          from the https backend.
         The https backend now properly reports such errors.
      
      This commit also fixes a bug introduced in 9b57b0c2, where we
       accidentally started passing absolute offsets to the _boundary
       parameter of op_get_next_page() instead of relative offsets.
      We now use absolute offsets in all places, as it is the simpler
       choice.
      This matters now, because the error reported when encountering EOF
       before hitting the _boundary is no longer suppressed (but instead
       reported as OP_EBADLINK).
      
      Finally, it removes the op_page_seek() function.
      Except for the time needed to decode forward after seeking, this
       function was identical in performance to op_pcm_seek(), and Opus
       requires decoding 80 ms of data after seek anyway, so the relative
       benefit is much smaller than with Vorbis.
      A survey of open-source code using libvorbisfile showed that the
       only usages of ov_page_seek() in the wild were calling it to seek
       to the start of the stream, for which op_pcm_seek() already has a
       special case that makes it just as fast.
      
      The documentation was also updated to describe all of these chanes.
      
      This is an incompatible API change.
      e2d7b266
    • Timothy B. Terriberry's avatar
      Make the URL API more extensible. · 800be8c0
      Timothy B. Terriberry authored
      Right now we have no way to add any more parameters beyond a set of
       basic binary flags.
      This unifies op_url_stream_create() and
       op_url_stream_create_with_proxy() into a single function that
       takes a variable-length list of arguments, which can be extended
       in the future to include more options of any type.
      
      This is an incompatible API change.
      800be8c0