1 /*
2 * Copyright (c) 2015 Hendrik Leppkes
3 *
4 * This file is part of FFmpeg.
5 *
6 * FFmpeg is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * FFmpeg is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with FFmpeg; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 /** Based on the CURL SChannel module */
22
23 #include "avformat.h"
24 #include "internal.h"
25 #include "network.h"
26 #include "os_support.h"
27 #include "url.h"
28 #include "tls.h"
29
30 #define SECURITY_WIN32
31 #include <windows.h>
32 #include <security.h>
33 #include <schnlsp.h>
34
35 #define SCHANNEL_INITIAL_BUFFER_SIZE 4096
36 #define SCHANNEL_FREE_BUFFER_SIZE 1024
37
38 /* mingw does not define this symbol */
39 #ifndef SECBUFFER_ALERT
40 #define SECBUFFER_ALERT 17
41 #endif
42
43 typedef struct TLSContext {
44 const AVClass *class;
45 TLSShared tls_shared;
46
47 CredHandle cred_handle;
48 TimeStamp cred_timestamp;
49
50 CtxtHandle ctxt_handle;
51 TimeStamp ctxt_timestamp;
52
53 ULONG request_flags;
54 ULONG context_flags;
55
56 uint8_t *enc_buf;
57 int enc_buf_size;
58 int enc_buf_offset;
59
60 uint8_t *dec_buf;
61 int dec_buf_size;
62 int dec_buf_offset;
63
64 SecPkgContext_StreamSizes sizes;
65
66 int connected;
67 int connection_closed;
68 int sspi_close_notify;
69 } TLSContext;
70
init_sec_buffer(SecBuffer * buffer,unsigned long type,void * data,unsigned long size)71 static void init_sec_buffer(SecBuffer *buffer, unsigned long type,
72 void *data, unsigned long size)
73 {
74 buffer->cbBuffer = size;
75 buffer->BufferType = type;
76 buffer->pvBuffer = data;
77 }
78
init_sec_buffer_desc(SecBufferDesc * desc,SecBuffer * buffers,unsigned long buffer_count)79 static void init_sec_buffer_desc(SecBufferDesc *desc, SecBuffer *buffers,
80 unsigned long buffer_count)
81 {
82 desc->ulVersion = SECBUFFER_VERSION;
83 desc->pBuffers = buffers;
84 desc->cBuffers = buffer_count;
85 }
86
tls_shutdown_client(URLContext * h)87 static int tls_shutdown_client(URLContext *h)
88 {
89 TLSContext *c = h->priv_data;
90 TLSShared *s = &c->tls_shared;
91 int ret;
92
93 if (c->connected) {
94 SecBufferDesc BuffDesc;
95 SecBuffer Buffer;
96 SECURITY_STATUS sspi_ret;
97 SecBuffer outbuf;
98 SecBufferDesc outbuf_desc;
99
100 DWORD dwshut = SCHANNEL_SHUTDOWN;
101 init_sec_buffer(&Buffer, SECBUFFER_TOKEN, &dwshut, sizeof(dwshut));
102 init_sec_buffer_desc(&BuffDesc, &Buffer, 1);
103
104 sspi_ret = ApplyControlToken(&c->ctxt_handle, &BuffDesc);
105 if (sspi_ret != SEC_E_OK)
106 av_log(h, AV_LOG_ERROR, "ApplyControlToken failed\n");
107
108 init_sec_buffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);
109 init_sec_buffer_desc(&outbuf_desc, &outbuf, 1);
110
111 sspi_ret = InitializeSecurityContext(&c->cred_handle, &c->ctxt_handle, s->host,
112 c->request_flags, 0, 0, NULL, 0, &c->ctxt_handle,
113 &outbuf_desc, &c->context_flags, &c->ctxt_timestamp);
114 if (sspi_ret == SEC_E_OK || sspi_ret == SEC_I_CONTEXT_EXPIRED) {
115 ret = ffurl_write(s->tcp, outbuf.pvBuffer, outbuf.cbBuffer);
116 FreeContextBuffer(outbuf.pvBuffer);
117 if (ret < 0 || ret != outbuf.cbBuffer)
118 av_log(h, AV_LOG_ERROR, "Failed to send close message\n");
119 }
120
121 c->connected = 0;
122 }
123 return 0;
124 }
125
tls_close(URLContext * h)126 static int tls_close(URLContext *h)
127 {
128 TLSContext *c = h->priv_data;
129
130 tls_shutdown_client(h);
131
132 DeleteSecurityContext(&c->ctxt_handle);
133 FreeCredentialsHandle(&c->cred_handle);
134
135 av_freep(&c->enc_buf);
136 c->enc_buf_size = c->enc_buf_offset = 0;
137
138 av_freep(&c->dec_buf);
139 c->dec_buf_size = c->dec_buf_offset = 0;
140
141 ffurl_closep(&c->tls_shared.tcp);
142 return 0;
143 }
144
tls_client_handshake_loop(URLContext * h,int initial)145 static int tls_client_handshake_loop(URLContext *h, int initial)
146 {
147 TLSContext *c = h->priv_data;
148 TLSShared *s = &c->tls_shared;
149 SECURITY_STATUS sspi_ret;
150 SecBuffer outbuf[3] = { 0 };
151 SecBufferDesc outbuf_desc;
152 SecBuffer inbuf[2];
153 SecBufferDesc inbuf_desc;
154 int i, ret = 0, read_data = initial;
155
156 if (c->enc_buf == NULL) {
157 c->enc_buf_offset = 0;
158 ret = av_reallocp(&c->enc_buf, SCHANNEL_INITIAL_BUFFER_SIZE);
159 if (ret < 0)
160 goto fail;
161 c->enc_buf_size = SCHANNEL_INITIAL_BUFFER_SIZE;
162 }
163
164 if (c->dec_buf == NULL) {
165 c->dec_buf_offset = 0;
166 ret = av_reallocp(&c->dec_buf, SCHANNEL_INITIAL_BUFFER_SIZE);
167 if (ret < 0)
168 goto fail;
169 c->dec_buf_size = SCHANNEL_INITIAL_BUFFER_SIZE;
170 }
171
172 while (1) {
173 if (c->enc_buf_size - c->enc_buf_offset < SCHANNEL_FREE_BUFFER_SIZE) {
174 c->enc_buf_size = c->enc_buf_offset + SCHANNEL_FREE_BUFFER_SIZE;
175 ret = av_reallocp(&c->enc_buf, c->enc_buf_size);
176 if (ret < 0) {
177 c->enc_buf_size = c->enc_buf_offset = 0;
178 goto fail;
179 }
180 }
181
182 if (read_data) {
183 ret = ffurl_read(c->tls_shared.tcp, c->enc_buf + c->enc_buf_offset,
184 c->enc_buf_size - c->enc_buf_offset);
185 if (ret < 0) {
186 av_log(h, AV_LOG_ERROR, "Failed to read handshake response\n");
187 goto fail;
188 }
189 c->enc_buf_offset += ret;
190 }
191
192 /* input buffers */
193 init_sec_buffer(&inbuf[0], SECBUFFER_TOKEN, av_malloc(c->enc_buf_offset), c->enc_buf_offset);
194 init_sec_buffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0);
195 init_sec_buffer_desc(&inbuf_desc, inbuf, 2);
196
197 if (inbuf[0].pvBuffer == NULL) {
198 av_log(h, AV_LOG_ERROR, "Failed to allocate input buffer\n");
199 ret = AVERROR(ENOMEM);
200 goto fail;
201 }
202
203 memcpy(inbuf[0].pvBuffer, c->enc_buf, c->enc_buf_offset);
204
205 /* output buffers */
206 init_sec_buffer(&outbuf[0], SECBUFFER_TOKEN, NULL, 0);
207 init_sec_buffer(&outbuf[1], SECBUFFER_ALERT, NULL, 0);
208 init_sec_buffer(&outbuf[2], SECBUFFER_EMPTY, NULL, 0);
209 init_sec_buffer_desc(&outbuf_desc, outbuf, 3);
210
211 sspi_ret = InitializeSecurityContext(&c->cred_handle, &c->ctxt_handle, s->host, c->request_flags,
212 0, 0, &inbuf_desc, 0, NULL, &outbuf_desc, &c->context_flags,
213 &c->ctxt_timestamp);
214 av_freep(&inbuf[0].pvBuffer);
215
216 if (sspi_ret == SEC_E_INCOMPLETE_MESSAGE) {
217 av_log(h, AV_LOG_DEBUG, "Received incomplete handshake, need more data\n");
218 read_data = 1;
219 continue;
220 }
221
222 /* remote requests a client certificate - attempt to continue without one anyway */
223 if (sspi_ret == SEC_I_INCOMPLETE_CREDENTIALS &&
224 !(c->request_flags & ISC_REQ_USE_SUPPLIED_CREDS)) {
225 av_log(h, AV_LOG_VERBOSE, "Client certificate has been requested, ignoring\n");
226 c->request_flags |= ISC_REQ_USE_SUPPLIED_CREDS;
227 read_data = 0;
228 continue;
229 }
230
231 /* continue handshake */
232 if (sspi_ret == SEC_I_CONTINUE_NEEDED || sspi_ret == SEC_E_OK) {
233 for (i = 0; i < 3; i++) {
234 if (outbuf[i].BufferType == SECBUFFER_TOKEN && outbuf[i].cbBuffer > 0) {
235 ret = ffurl_write(c->tls_shared.tcp, outbuf[i].pvBuffer, outbuf[i].cbBuffer);
236 if (ret < 0 || ret != outbuf[i].cbBuffer) {
237 av_log(h, AV_LOG_VERBOSE, "Failed to send handshake data\n");
238 ret = AVERROR(EIO);
239 goto fail;
240 }
241 }
242
243 if (outbuf[i].pvBuffer != NULL) {
244 FreeContextBuffer(outbuf[i].pvBuffer);
245 outbuf[i].pvBuffer = NULL;
246 }
247 }
248 } else {
249 if (sspi_ret == SEC_E_WRONG_PRINCIPAL)
250 av_log(h, AV_LOG_ERROR, "SNI or certificate check failed\n");
251 else
252 av_log(h, AV_LOG_ERROR, "Creating security context failed (0x%lx)\n", sspi_ret);
253 ret = AVERROR_UNKNOWN;
254 goto fail;
255 }
256
257 if (inbuf[1].BufferType == SECBUFFER_EXTRA && inbuf[1].cbBuffer > 0) {
258 if (c->enc_buf_offset > inbuf[1].cbBuffer) {
259 memmove(c->enc_buf, (c->enc_buf + c->enc_buf_offset) - inbuf[1].cbBuffer,
260 inbuf[1].cbBuffer);
261 c->enc_buf_offset = inbuf[1].cbBuffer;
262 if (sspi_ret == SEC_I_CONTINUE_NEEDED) {
263 read_data = 0;
264 continue;
265 }
266 }
267 } else {
268 c->enc_buf_offset = 0;
269 }
270
271 if (sspi_ret == SEC_I_CONTINUE_NEEDED) {
272 read_data = 1;
273 continue;
274 }
275
276 break;
277 }
278
279 return 0;
280
281 fail:
282 /* free any remaining output data */
283 for (i = 0; i < 3; i++) {
284 if (outbuf[i].pvBuffer != NULL) {
285 FreeContextBuffer(outbuf[i].pvBuffer);
286 outbuf[i].pvBuffer = NULL;
287 }
288 }
289
290 return ret;
291 }
292
tls_client_handshake(URLContext * h)293 static int tls_client_handshake(URLContext *h)
294 {
295 TLSContext *c = h->priv_data;
296 TLSShared *s = &c->tls_shared;
297 SecBuffer outbuf;
298 SecBufferDesc outbuf_desc;
299 SECURITY_STATUS sspi_ret;
300 int ret;
301
302 init_sec_buffer(&outbuf, SECBUFFER_EMPTY, NULL, 0);
303 init_sec_buffer_desc(&outbuf_desc, &outbuf, 1);
304
305 c->request_flags = ISC_REQ_SEQUENCE_DETECT | ISC_REQ_REPLAY_DETECT |
306 ISC_REQ_CONFIDENTIALITY | ISC_REQ_ALLOCATE_MEMORY |
307 ISC_REQ_STREAM;
308
309 sspi_ret = InitializeSecurityContext(&c->cred_handle, NULL, s->host, c->request_flags, 0, 0,
310 NULL, 0, &c->ctxt_handle, &outbuf_desc, &c->context_flags,
311 &c->ctxt_timestamp);
312 if (sspi_ret != SEC_I_CONTINUE_NEEDED) {
313 av_log(h, AV_LOG_ERROR, "Unable to create initial security context (0x%lx)\n", sspi_ret);
314 ret = AVERROR_UNKNOWN;
315 goto fail;
316 }
317
318 ret = ffurl_write(s->tcp, outbuf.pvBuffer, outbuf.cbBuffer);
319 FreeContextBuffer(outbuf.pvBuffer);
320 if (ret < 0 || ret != outbuf.cbBuffer) {
321 av_log(h, AV_LOG_ERROR, "Failed to send initial handshake data\n");
322 ret = AVERROR(EIO);
323 goto fail;
324 }
325
326 return tls_client_handshake_loop(h, 1);
327
328 fail:
329 DeleteSecurityContext(&c->ctxt_handle);
330 return ret;
331 }
332
tls_open(URLContext * h,const char * uri,int flags,AVDictionary ** options)333 static int tls_open(URLContext *h, const char *uri, int flags, AVDictionary **options)
334 {
335 TLSContext *c = h->priv_data;
336 TLSShared *s = &c->tls_shared;
337 SECURITY_STATUS sspi_ret;
338 SCHANNEL_CRED schannel_cred = { 0 };
339 int ret;
340
341 if ((ret = ff_tls_open_underlying(s, h, uri, options)) < 0)
342 goto fail;
343
344 if (s->listen) {
345 av_log(h, AV_LOG_ERROR, "TLS Listen Sockets with SChannel is not implemented.\n");
346 ret = AVERROR(EINVAL);
347 goto fail;
348 }
349
350 /* SChannel Options */
351 schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
352
353 if (s->verify)
354 schannel_cred.dwFlags = SCH_CRED_AUTO_CRED_VALIDATION |
355 SCH_CRED_REVOCATION_CHECK_CHAIN;
356 else
357 schannel_cred.dwFlags = SCH_CRED_MANUAL_CRED_VALIDATION |
358 SCH_CRED_IGNORE_NO_REVOCATION_CHECK |
359 SCH_CRED_IGNORE_REVOCATION_OFFLINE;
360
361 /* Get credential handle */
362 sspi_ret = AcquireCredentialsHandle(NULL, (TCHAR *)UNISP_NAME, SECPKG_CRED_OUTBOUND,
363 NULL, &schannel_cred, NULL, NULL, &c->cred_handle,
364 &c->cred_timestamp);
365 if (sspi_ret != SEC_E_OK) {
366 av_log(h, AV_LOG_ERROR, "Unable to acquire security credentials (0x%lx)\n", sspi_ret);
367 ret = AVERROR_UNKNOWN;
368 goto fail;
369 }
370
371 ret = tls_client_handshake(h);
372 if (ret < 0)
373 goto fail;
374
375 c->connected = 1;
376
377 return 0;
378
379 fail:
380 tls_close(h);
381 return ret;
382 }
383
tls_read(URLContext * h,uint8_t * buf,int len)384 static int tls_read(URLContext *h, uint8_t *buf, int len)
385 {
386 TLSContext *c = h->priv_data;
387 TLSShared *s = &c->tls_shared;
388 SECURITY_STATUS sspi_ret = SEC_E_OK;
389 SecBuffer inbuf[4];
390 SecBufferDesc inbuf_desc;
391 int size, ret;
392 int min_enc_buf_size = len + SCHANNEL_FREE_BUFFER_SIZE;
393
394 /* If we have some left-over data from previous network activity,
395 * return it first in case it is enough. It may contain
396 * data that is required to know whether this connection
397 * is still required or not, esp. in case of HTTP keep-alive
398 * connections. */
399 if (c->dec_buf_offset > 0)
400 goto cleanup;
401
402 if (c->sspi_close_notify)
403 goto cleanup;
404
405 if (!c->connection_closed) {
406 size = c->enc_buf_size - c->enc_buf_offset;
407 if (size < SCHANNEL_FREE_BUFFER_SIZE || c->enc_buf_size < min_enc_buf_size) {
408 c->enc_buf_size = c->enc_buf_offset + SCHANNEL_FREE_BUFFER_SIZE;
409 if (c->enc_buf_size < min_enc_buf_size)
410 c->enc_buf_size = min_enc_buf_size;
411 ret = av_reallocp(&c->enc_buf, c->enc_buf_size);
412 if (ret < 0) {
413 c->enc_buf_size = c->enc_buf_offset = 0;
414 return ret;
415 }
416 }
417
418 ret = ffurl_read(s->tcp, c->enc_buf + c->enc_buf_offset,
419 c->enc_buf_size - c->enc_buf_offset);
420 if (ret == AVERROR_EOF) {
421 c->connection_closed = 1;
422 ret = 0;
423 } else if (ret < 0) {
424 av_log(h, AV_LOG_ERROR, "Unable to read from socket\n");
425 return ret;
426 }
427
428 c->enc_buf_offset += ret;
429 }
430
431 while (c->enc_buf_offset > 0 && sspi_ret == SEC_E_OK) {
432 /* input buffer */
433 init_sec_buffer(&inbuf[0], SECBUFFER_DATA, c->enc_buf, c->enc_buf_offset);
434
435 /* additional buffers for possible output */
436 init_sec_buffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0);
437 init_sec_buffer(&inbuf[2], SECBUFFER_EMPTY, NULL, 0);
438 init_sec_buffer(&inbuf[3], SECBUFFER_EMPTY, NULL, 0);
439 init_sec_buffer_desc(&inbuf_desc, inbuf, 4);
440
441 sspi_ret = DecryptMessage(&c->ctxt_handle, &inbuf_desc, 0, NULL);
442 if (sspi_ret == SEC_E_OK || sspi_ret == SEC_I_RENEGOTIATE ||
443 sspi_ret == SEC_I_CONTEXT_EXPIRED) {
444 /* handle decrypted data */
445 if (inbuf[1].BufferType == SECBUFFER_DATA) {
446 /* grow buffer if needed */
447 size = inbuf[1].cbBuffer > SCHANNEL_FREE_BUFFER_SIZE ?
448 inbuf[1].cbBuffer : SCHANNEL_FREE_BUFFER_SIZE;
449 if (c->dec_buf_size - c->dec_buf_offset < size || c->dec_buf_size < len) {
450 c->dec_buf_size = c->dec_buf_offset + size;
451 if (c->dec_buf_size < len)
452 c->dec_buf_size = len;
453 ret = av_reallocp(&c->dec_buf, c->dec_buf_size);
454 if (ret < 0) {
455 c->dec_buf_size = c->dec_buf_offset = 0;
456 return ret;
457 }
458 }
459
460 /* copy decrypted data to buffer */
461 size = inbuf[1].cbBuffer;
462 if (size) {
463 memcpy(c->dec_buf + c->dec_buf_offset, inbuf[1].pvBuffer, size);
464 c->dec_buf_offset += size;
465 }
466 }
467 if (inbuf[3].BufferType == SECBUFFER_EXTRA && inbuf[3].cbBuffer > 0) {
468 if (c->enc_buf_offset > inbuf[3].cbBuffer) {
469 memmove(c->enc_buf, (c->enc_buf + c->enc_buf_offset) - inbuf[3].cbBuffer,
470 inbuf[3].cbBuffer);
471 c->enc_buf_offset = inbuf[3].cbBuffer;
472 }
473 } else
474 c->enc_buf_offset = 0;
475
476 if (sspi_ret == SEC_I_RENEGOTIATE) {
477 if (c->enc_buf_offset) {
478 av_log(h, AV_LOG_ERROR, "Cannot renegotiate, encrypted data buffer not empty\n");
479 ret = AVERROR_UNKNOWN;
480 goto cleanup;
481 }
482
483 av_log(h, AV_LOG_VERBOSE, "Re-negotiating security context\n");
484 ret = tls_client_handshake_loop(h, 0);
485 if (ret < 0) {
486 goto cleanup;
487 }
488 sspi_ret = SEC_E_OK;
489 continue;
490 } else if (sspi_ret == SEC_I_CONTEXT_EXPIRED) {
491 c->sspi_close_notify = 1;
492 if (!c->connection_closed) {
493 c->connection_closed = 1;
494 av_log(h, AV_LOG_VERBOSE, "Server closed the connection\n");
495 }
496 ret = 0;
497 goto cleanup;
498 }
499 } else if (sspi_ret == SEC_E_INCOMPLETE_MESSAGE) {
500 ret = AVERROR(EAGAIN);
501 goto cleanup;
502 } else {
503 av_log(h, AV_LOG_ERROR, "Unable to decrypt message (error 0x%x)\n", (unsigned)sspi_ret);
504 ret = AVERROR(EIO);
505 goto cleanup;
506 }
507 }
508
509 ret = 0;
510
511 cleanup:
512 size = FFMIN(len, c->dec_buf_offset);
513 if (size) {
514 memcpy(buf, c->dec_buf, size);
515 memmove(c->dec_buf, c->dec_buf + size, c->dec_buf_offset - size);
516 c->dec_buf_offset -= size;
517
518 return size;
519 }
520
521 if (ret == 0 && !c->connection_closed)
522 ret = AVERROR(EAGAIN);
523
524 return ret < 0 ? ret : AVERROR_EOF;
525 }
526
tls_write(URLContext * h,const uint8_t * buf,int len)527 static int tls_write(URLContext *h, const uint8_t *buf, int len)
528 {
529 TLSContext *c = h->priv_data;
530 TLSShared *s = &c->tls_shared;
531 SECURITY_STATUS sspi_ret;
532 int ret = 0, data_size;
533 uint8_t *data = NULL;
534 SecBuffer outbuf[4];
535 SecBufferDesc outbuf_desc;
536
537 if (c->sizes.cbMaximumMessage == 0) {
538 sspi_ret = QueryContextAttributes(&c->ctxt_handle, SECPKG_ATTR_STREAM_SIZES, &c->sizes);
539 if (sspi_ret != SEC_E_OK)
540 return AVERROR_UNKNOWN;
541 }
542
543 /* limit how much data we can consume */
544 len = FFMIN(len, c->sizes.cbMaximumMessage);
545
546 data_size = c->sizes.cbHeader + len + c->sizes.cbTrailer;
547 data = av_malloc(data_size);
548 if (data == NULL)
549 return AVERROR(ENOMEM);
550
551 init_sec_buffer(&outbuf[0], SECBUFFER_STREAM_HEADER,
552 data, c->sizes.cbHeader);
553 init_sec_buffer(&outbuf[1], SECBUFFER_DATA,
554 data + c->sizes.cbHeader, len);
555 init_sec_buffer(&outbuf[2], SECBUFFER_STREAM_TRAILER,
556 data + c->sizes.cbHeader + len,
557 c->sizes.cbTrailer);
558 init_sec_buffer(&outbuf[3], SECBUFFER_EMPTY, NULL, 0);
559 init_sec_buffer_desc(&outbuf_desc, outbuf, 4);
560
561 memcpy(outbuf[1].pvBuffer, buf, len);
562
563 sspi_ret = EncryptMessage(&c->ctxt_handle, 0, &outbuf_desc, 0);
564 if (sspi_ret == SEC_E_OK) {
565 len = outbuf[0].cbBuffer + outbuf[1].cbBuffer + outbuf[2].cbBuffer;
566 ret = ffurl_write(s->tcp, data, len);
567 if (ret < 0 || ret != len) {
568 ret = AVERROR(EIO);
569 av_log(h, AV_LOG_ERROR, "Writing encrypted data to socket failed\n");
570 goto done;
571 }
572 } else {
573 av_log(h, AV_LOG_ERROR, "Encrypting data failed\n");
574 if (sspi_ret == SEC_E_INSUFFICIENT_MEMORY)
575 ret = AVERROR(ENOMEM);
576 else
577 ret = AVERROR(EIO);
578 goto done;
579 }
580
581 done:
582 av_freep(&data);
583 return ret < 0 ? ret : outbuf[1].cbBuffer;
584 }
585
tls_get_file_handle(URLContext * h)586 static int tls_get_file_handle(URLContext *h)
587 {
588 TLSContext *c = h->priv_data;
589 return ffurl_get_file_handle(c->tls_shared.tcp);
590 }
591
tls_get_short_seek(URLContext * h)592 static int tls_get_short_seek(URLContext *h)
593 {
594 TLSContext *s = h->priv_data;
595 return ffurl_get_short_seek(s->tls_shared.tcp);
596 }
597
598 static const AVOption options[] = {
599 TLS_COMMON_OPTIONS(TLSContext, tls_shared),
600 { NULL }
601 };
602
603 static const AVClass tls_class = {
604 .class_name = "tls",
605 .item_name = av_default_item_name,
606 .option = options,
607 .version = LIBAVUTIL_VERSION_INT,
608 };
609
610 const URLProtocol ff_tls_protocol = {
611 .name = "tls",
612 .url_open2 = tls_open,
613 .url_read = tls_read,
614 .url_write = tls_write,
615 .url_close = tls_close,
616 .url_get_file_handle = tls_get_file_handle,
617 .url_get_short_seek = tls_get_short_seek,
618 .priv_data_size = sizeof(TLSContext),
619 .flags = URL_PROTOCOL_FLAG_NETWORK,
620 .priv_data_class = &tls_class,
621 };
622