30 #define SECURITY_WIN32 35 #define SCHANNEL_INITIAL_BUFFER_SIZE 4096 36 #define SCHANNEL_FREE_BUFFER_SIZE 1024 39 #ifndef SECBUFFER_ALERT 40 #define SECBUFFER_ALERT 17 64 SecPkgContext_StreamSizes
sizes;
74 buffer->cbBuffer =
size;
75 buffer->BufferType =
type;
76 buffer->pvBuffer =
data;
80 unsigned long buffer_count)
82 desc->ulVersion = SECBUFFER_VERSION;
84 desc->cBuffers = buffer_count;
94 SecBufferDesc BuffDesc;
96 SECURITY_STATUS sspi_ret;
98 SecBufferDesc outbuf_desc;
100 DWORD dwshut = SCHANNEL_SHUTDOWN;
104 sspi_ret = ApplyControlToken(&c->
ctxt_handle, &BuffDesc);
105 if (sspi_ret != SEC_E_OK)
114 if (sspi_ret == SEC_E_OK || sspi_ret == SEC_I_CONTEXT_EXPIRED) {
116 FreeContextBuffer(outbuf.pvBuffer);
117 if (ret < 0 || ret != outbuf.cbBuffer)
149 SECURITY_STATUS sspi_ret;
150 SecBuffer outbuf[3] = { 0 };
151 SecBufferDesc outbuf_desc;
153 SecBufferDesc inbuf_desc;
197 if (inbuf[0].pvBuffer ==
NULL) {
216 if (sspi_ret == SEC_E_INCOMPLETE_MESSAGE) {
223 if (sspi_ret == SEC_I_INCOMPLETE_CREDENTIALS &&
232 if (sspi_ret == SEC_I_CONTINUE_NEEDED || sspi_ret == SEC_E_OK) {
233 for (i = 0; i < 3; i++) {
234 if (outbuf[i].BufferType == SECBUFFER_TOKEN && outbuf[i].cbBuffer > 0) {
236 if (ret < 0 || ret != outbuf[i].cbBuffer) {
243 if (outbuf[i].pvBuffer !=
NULL) {
244 FreeContextBuffer(outbuf[i].pvBuffer);
245 outbuf[
i].pvBuffer =
NULL;
249 if (sspi_ret == SEC_E_WRONG_PRINCIPAL)
257 if (inbuf[1].BufferType == SECBUFFER_EXTRA && inbuf[1].cbBuffer > 0) {
262 if (sspi_ret == SEC_I_CONTINUE_NEEDED) {
271 if (sspi_ret == SEC_I_CONTINUE_NEEDED) {
283 for (i = 0; i < 3; i++) {
284 if (outbuf[i].pvBuffer !=
NULL) {
285 FreeContextBuffer(outbuf[i].pvBuffer);
286 outbuf[
i].pvBuffer =
NULL;
298 SecBufferDesc outbuf_desc;
299 SECURITY_STATUS sspi_ret;
305 c->
request_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
306 ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY |
312 if (sspi_ret != SEC_I_CONTINUE_NEEDED) {
313 av_log(h,
AV_LOG_ERROR,
"Unable to create initial security context (0x%lx)\n", sspi_ret);
319 FreeContextBuffer(outbuf.pvBuffer);
320 if (ret < 0 || ret != outbuf.cbBuffer) {
337 SECURITY_STATUS sspi_ret;
338 SCHANNEL_CRED schannel_cred = { 0 };
351 schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
354 schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
355 SCH_CRED_REVOCATION_CHECK_CHAIN;
357 schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
358 SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
359 SCH_CRED_IGNORE_REVOCATION_OFFLINE;
362 sspi_ret = AcquireCredentialsHandle(
NULL, (TCHAR *)UNISP_NAME, SECPKG_CRED_OUTBOUND,
365 if (sspi_ret != SEC_E_OK) {
366 av_log(h,
AV_LOG_ERROR,
"Unable to acquire security credentials (0x%lx)\n", sspi_ret);
388 SECURITY_STATUS sspi_ret = SEC_E_OK;
390 SecBufferDesc inbuf_desc;
423 }
else if (ret < 0) {
442 if (sspi_ret == SEC_E_OK || sspi_ret == SEC_I_RENEGOTIATE ||
443 sspi_ret == SEC_I_CONTEXT_EXPIRED) {
445 if (inbuf[1].BufferType == SECBUFFER_DATA) {
447 size = inbuf[1].cbBuffer > SCHANNEL_FREE_BUFFER_SIZE ?
461 size = inbuf[1].cbBuffer;
467 if (inbuf[3].BufferType == SECBUFFER_EXTRA && inbuf[3].cbBuffer > 0) {
476 if (sspi_ret == SEC_I_RENEGOTIATE) {
490 }
else if (sspi_ret == SEC_I_CONTEXT_EXPIRED) {
499 }
else if (sspi_ret == SEC_E_INCOMPLETE_MESSAGE) {
503 av_log(h,
AV_LOG_ERROR,
"Unable to decrypt message (error 0x%x)\n", (
unsigned)sspi_ret);
531 SECURITY_STATUS sspi_ret;
532 int ret = 0, data_size;
535 SecBufferDesc outbuf_desc;
537 if (c->
sizes.cbMaximumMessage == 0) {
538 sspi_ret = QueryContextAttributes(&c->
ctxt_handle, SECPKG_ATTR_STREAM_SIZES, &c->
sizes);
539 if (sspi_ret != SEC_E_OK)
546 data_size = c->
sizes.cbHeader + len + c->
sizes.cbTrailer;
552 data, c->
sizes.cbHeader);
554 data + c->
sizes.cbHeader, len);
556 data + c->
sizes.cbHeader + len,
561 memcpy(outbuf[1].pvBuffer, buf, len);
563 sspi_ret = EncryptMessage(&c->
ctxt_handle, 0, &outbuf_desc, 0);
564 if (sspi_ret == SEC_E_OK) {
565 len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer;
567 if (ret < 0 || ret != len) {
574 if (sspi_ret == SEC_E_INSUFFICIENT_MEMORY)
583 return ret < 0 ? ret : outbuf[1].cbBuffer;
620 .priv_data_class = &tls_class,
#define URL_PROTOCOL_FLAG_NETWORK
ptrdiff_t const GLvoid * data
static const AVClass tls_class
#define LIBAVUTIL_VERSION_INT
static int read_data(void *opaque, uint8_t *buf, int buf_size)
int ffurl_write(URLContext *h, const unsigned char *buf, int size)
Write size bytes from buf to the resource accessed by h.
const URLProtocol ff_tls_protocol
const char * av_default_item_name(void *ptr)
Return the context name.
static int tls_get_short_seek(URLContext *h)
#define SCHANNEL_FREE_BUFFER_SIZE
static const AVOption options[]
const char * class_name
The name of the class; usually it is the same name as the context structure type to which the AVClass...
static int tls_read(URLContext *h, uint8_t *buf, int len)
static int tls_write(URLContext *h, const uint8_t *buf, int len)
miscellaneous OS support macros and functions.
Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c
static void init_sec_buffer_desc(SecBufferDesc *desc, SecBuffer *buffers, unsigned long buffer_count)
#define AVERROR_EOF
End of file.
#define AV_LOG_VERBOSE
Detailed information.
static void init_sec_buffer(SecBuffer *buffer, unsigned long type, void *data, unsigned long size)
#define AV_LOG_ERROR
Something went wrong and cannot losslessly be recovered.
#define AV_LOG_DEBUG
Stuff which is only useful for libav* developers.
static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
int ffurl_get_short_seek(URLContext *h)
Return the current short seek threshold value for this URL.
static int tls_close(URLContext *h)
SecPkgContext_StreamSizes sizes
#define TLS_COMMON_OPTIONS(pstruct, options_field)
int ffurl_get_file_handle(URLContext *h)
Return the file descriptor associated with this URL.
int ffurl_closep(URLContext **hh)
Close the resource accessed by the URLContext h, and free the memory used by it.
int av_reallocp(void *ptr, size_t size)
Allocate, reallocate, or free a block of memory through a pointer to a pointer.
static int tls_shutdown_client(URLContext *h)
Describe the class of an AVClass context structure.
#define SCHANNEL_INITIAL_BUFFER_SIZE
static int tls_client_handshake(URLContext *h)
#define flags(name, subs,...)
int ff_tls_open_underlying(TLSShared *c, URLContext *parent, const char *uri, AVDictionary **options)
#define AVERROR_UNKNOWN
Unknown error, typically from an external library.
static int tls_client_handshake_loop(URLContext *h, int initial)
static int tls_get_file_handle(URLContext *h)
unbuffered private I/O API
Filter the word “frame” indicates either a video frame or a group of audio as stored in an AVFrame structure Format for each input and each output the list of supported formats For video that means pixel format For audio that means channel sample they are references to shared objects When the negotiation mechanism computes the intersection of the formats supported at each end of a all references to both lists are replaced with a reference to the intersection And when a single format is eventually chosen for a link amongst the remaining all references to the list are updated That means that if a filter requires that its input and output have the same format amongst a supported all it has to do is use a reference to the same list of formats query_formats can leave some formats unset and return AVERROR(EAGAIN) to cause the negotiation mechanism toagain later.That can be used by filters with complex requirements to use the format negotiated on one link to set the formats supported on another.Frame references ownership and permissions
int ffurl_read(URLContext *h, unsigned char *buf, int size)
Read up to size bytes from the resource accessed by h, and store the read bytes in buf...
static av_cold void cleanup(FlashSV2Context *s)