30 #define SECURITY_WIN32 35 #define SCHANNEL_INITIAL_BUFFER_SIZE 4096 36 #define SCHANNEL_FREE_BUFFER_SIZE 1024 39 #ifndef SECBUFFER_ALERT 40 #define SECBUFFER_ALERT 17 64 SecPkgContext_StreamSizes
sizes;
74 buffer->cbBuffer =
size;
75 buffer->BufferType =
type;
76 buffer->pvBuffer =
data;
80 unsigned long buffer_count)
82 desc->ulVersion = SECBUFFER_VERSION;
83 desc->pBuffers = buffers;
84 desc->cBuffers = buffer_count;
94 SecBufferDesc BuffDesc;
96 SECURITY_STATUS sspi_ret;
98 SecBufferDesc outbuf_desc;
100 DWORD dwshut = SCHANNEL_SHUTDOWN;
104 sspi_ret = ApplyControlToken(&c->
ctxt_handle, &BuffDesc);
105 if (sspi_ret != SEC_E_OK)
114 if (sspi_ret == SEC_E_OK || sspi_ret == SEC_I_CONTEXT_EXPIRED) {
116 FreeContextBuffer(outbuf.pvBuffer);
117 if (ret < 0 || ret != outbuf.cbBuffer)
150 SECURITY_STATUS sspi_ret;
152 SecBufferDesc outbuf_desc;
154 SecBufferDesc inbuf_desc;
198 if (inbuf[0].pvBuffer ==
NULL) {
217 if (sspi_ret == SEC_E_INCOMPLETE_MESSAGE) {
224 if (sspi_ret == SEC_I_INCOMPLETE_CREDENTIALS &&
233 if (sspi_ret == SEC_I_CONTINUE_NEEDED || sspi_ret == SEC_E_OK) {
234 for (i = 0; i < 3; i++) {
235 if (outbuf[i].BufferType == SECBUFFER_TOKEN && outbuf[i].cbBuffer > 0) {
237 if (ret < 0 || ret != outbuf[i].cbBuffer) {
244 if (outbuf[i].pvBuffer !=
NULL) {
245 FreeContextBuffer(outbuf[i].pvBuffer);
246 outbuf[i].pvBuffer =
NULL;
250 if (sspi_ret == SEC_E_WRONG_PRINCIPAL)
258 if (inbuf[1].BufferType == SECBUFFER_EXTRA && inbuf[1].cbBuffer > 0) {
263 if (sspi_ret == SEC_I_CONTINUE_NEEDED) {
272 if (sspi_ret == SEC_I_CONTINUE_NEEDED) {
284 for (i = 0; i < 3; i++) {
285 if (outbuf[i].pvBuffer !=
NULL) {
286 FreeContextBuffer(outbuf[i].pvBuffer);
287 outbuf[i].pvBuffer =
NULL;
299 SecBufferDesc outbuf_desc;
300 SECURITY_STATUS sspi_ret;
306 c->
request_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
307 ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY |
313 if (sspi_ret != SEC_I_CONTINUE_NEEDED) {
314 av_log(h,
AV_LOG_ERROR,
"Unable to create initial security context (0x%lx)\n", sspi_ret);
320 FreeContextBuffer(outbuf.pvBuffer);
321 if (ret < 0 || ret != outbuf.cbBuffer) {
338 SECURITY_STATUS sspi_ret;
339 SCHANNEL_CRED schannel_cred = { 0 };
352 schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
355 schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
356 SCH_CRED_REVOCATION_CHECK_CHAIN;
358 schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
359 SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
360 SCH_CRED_IGNORE_REVOCATION_OFFLINE;
363 sspi_ret = AcquireCredentialsHandle(
NULL, (
TCHAR *)UNISP_NAME, SECPKG_CRED_OUTBOUND,
366 if (sspi_ret != SEC_E_OK) {
367 av_log(h,
AV_LOG_ERROR,
"Unable to acquire security credentials (0x%lx)\n", sspi_ret);
389 SECURITY_STATUS sspi_ret = SEC_E_OK;
391 SecBufferDesc inbuf_desc;
403 if (size < SCHANNEL_FREE_BUFFER_SIZE || c->
enc_buf_size < min_enc_buf_size) {
419 }
else if (ret < 0) {
438 if (sspi_ret == SEC_E_OK || sspi_ret == SEC_I_RENEGOTIATE ||
439 sspi_ret == SEC_I_CONTEXT_EXPIRED) {
441 if (inbuf[1].BufferType == SECBUFFER_DATA) {
443 size = inbuf[1].cbBuffer > SCHANNEL_FREE_BUFFER_SIZE ?
457 size = inbuf[1].cbBuffer;
463 if (inbuf[3].BufferType == SECBUFFER_EXTRA && inbuf[3].cbBuffer > 0) {
472 if (sspi_ret == SEC_I_RENEGOTIATE) {
486 }
else if (sspi_ret == SEC_I_CONTEXT_EXPIRED) {
495 }
else if (sspi_ret == SEC_E_INCOMPLETE_MESSAGE) {
499 av_log(h,
AV_LOG_ERROR,
"Unable to decrypt message (error 0x%x)\n", (
unsigned)sspi_ret);
527 SECURITY_STATUS sspi_ret;
528 int ret = 0, data_size;
531 SecBufferDesc outbuf_desc;
533 if (c->
sizes.cbMaximumMessage == 0) {
534 sspi_ret = QueryContextAttributes(&c->
ctxt_handle, SECPKG_ATTR_STREAM_SIZES, &c->
sizes);
535 if (sspi_ret != SEC_E_OK)
542 data_size = c->
sizes.cbHeader + len + c->
sizes.cbTrailer;
548 data, c->
sizes.cbHeader);
550 data + c->
sizes.cbHeader, len);
552 data + c->
sizes.cbHeader + len,
557 memcpy(outbuf[1].pvBuffer, buf, len);
559 sspi_ret = EncryptMessage(&c->
ctxt_handle, 0, &outbuf_desc, 0);
560 if (sspi_ret == SEC_E_OK) {
561 len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer;
563 if (ret < 0 || ret != len) {
570 if (sspi_ret == SEC_E_INSUFFICIENT_MEMORY)
579 return ret < 0 ? ret : outbuf[1].cbBuffer;
609 .priv_data_class = &tls_class,
#define URL_PROTOCOL_FLAG_NETWORK
static const AVClass tls_class
#define LIBAVUTIL_VERSION_INT
static int read_data(void *opaque, uint8_t *buf, int buf_size)
int ffurl_write(URLContext *h, const unsigned char *buf, int size)
Write size bytes from buf to the resource accessed by h.
const URLProtocol ff_tls_protocol
const char * av_default_item_name(void *ptr)
Return the context name.
#define SCHANNEL_FREE_BUFFER_SIZE
static const AVOption options[]
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
static int tls_read(URLContext *h, uint8_t *buf, int len)
static int tls_write(URLContext *h, const uint8_t *buf, int len)
miscellaneous OS support macros and functions.
static void init_sec_buffer_desc(SecBufferDesc *desc, SecBuffer *buffers, unsigned long buffer_count)
#define AVERROR_EOF
End of file.
#define AV_LOG_VERBOSE
Detailed information.
static void init_sec_buffer(SecBuffer *buffer, unsigned long type, void *data, unsigned long size)
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
#define AV_LOG_DEBUG
Stuff which is only useful for libav* developers.
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
static int tls_close(URLContext *h)
SecPkgContext_StreamSizes sizes
#define TLS_COMMON_OPTIONS(pstruct, options_field)
int ffurl_get_file_handle(URLContext *h)
Return the file descriptor associated with this URL.
int av_reallocp(void *ptr, size_t size)
Allocate, reallocate, or free a block of memory through a pointer to a pointer.
static int tls_shutdown_client(URLContext *h)
Describe the class of an AVClass context structure.
#define SCHANNEL_INITIAL_BUFFER_SIZE
static int tls_client_handshake(URLContext *h)
int ffurl_close(URLContext *h)
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
#define AVERROR_UNKNOWN
Unknown error, typically from an external library.
static int tls_client_handshake_loop(URLContext *h, int initial)
static int tls_get_file_handle(URLContext *h)
unbuffered private I/O API
int ffurl_read(URLContext *h, unsigned char *buf, int size)
Read up to size bytes from the resource accessed by h, and store the read bytes in buf...
static av_cold void cleanup(FlashSV2Context *s)