public static SecurityStatusPal ApplyShutdownToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext)
{
SafeDeleteSslContext sslContext = ((SafeDeleteSslContext)securityContext);
// Unset the quiet shutdown option initially configured.
Interop.Ssl.SslSetQuietShutdown(sslContext.SslContext, 0);
int status = Interop.Ssl.SslShutdown(sslContext.SslContext);
if (status == 0)
{
// Call SSL_shutdown again for a bi-directional shutdown.
status = Interop.Ssl.SslShutdown(sslContext.SslContext);
}
if (status == 1)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK));
}
Interop.Ssl.SslErrorCode code = Interop.Ssl.SslGetError(sslContext.SslContext, status);
if (code == Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_READ ||
code == Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_WRITE)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK));
}
else
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, new Interop.OpenSsl.SslException((int)code)));
}
}
public static SecurityStatusPal ApplyShutdownToken(ref SafeFreeCredentials?credentialsHandle, SafeDeleteSslContext sslContext)
{
// Unset the quiet shutdown option initially configured.
Interop.Ssl.SslSetQuietShutdown(sslContext.SslContext, 0);
int status = Interop.Ssl.SslShutdown(sslContext.SslContext);
if (status == 0)
{
// Call SSL_shutdown again for a bi-directional shutdown.
status = Interop.Ssl.SslShutdown(sslContext.SslContext);
}
if (status == 1)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK));
}
Interop.Ssl.SslErrorCode code = Interop.Ssl.SslGetError(sslContext.SslContext, status);
if (code == Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_READ ||
code == Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_WRITE)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK));
}
else if (code == Interop.Ssl.SslErrorCode.SSL_ERROR_SSL)
{
// OpenSSL failure occurred. The error queue contains more details, when building the exception the queue will be cleared.
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, Interop.Crypto.CreateOpenSslCryptographicException()));
}
else
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, new Interop.OpenSsl.SslException((int)code)));
}
}
private static SecurityStatusPal EncryptDecryptHelper(SafeDeleteContext securityContext, byte[] input, int offset, int size, bool encrypt, ref byte[] output, out int resultSize)
{
resultSize = 0;
try
{
Interop.Ssl.SslErrorCode errorCode = Interop.Ssl.SslErrorCode.SSL_ERROR_NONE;
SafeSslHandle scHandle = ((SafeDeleteSslContext)securityContext).SslContext;
if (encrypt)
{
resultSize = Interop.OpenSsl.Encrypt(scHandle, input, offset, size, ref output, out errorCode);
}
else
{
Debug.Assert(offset == 0, "Expected offset 0 when decrypting");
Debug.Assert(ReferenceEquals(input, output), "Expected input==output when decrypting");
resultSize = Interop.OpenSsl.Decrypt(scHandle, input, size, out errorCode);
}
switch (errorCode)
{
case Interop.Ssl.SslErrorCode.SSL_ERROR_RENEGOTIATE:
return(new SecurityStatusPal(SecurityStatusPalErrorCode.Renegotiate));
case Interop.Ssl.SslErrorCode.SSL_ERROR_ZERO_RETURN:
return(new SecurityStatusPal(SecurityStatusPalErrorCode.ContextExpired));
case Interop.Ssl.SslErrorCode.SSL_ERROR_NONE:
case Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_READ:
return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK));
default:
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, new Interop.OpenSsl.SslException((int)errorCode)));
}
}
catch (Exception ex)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex));
}
}
private static SecurityStatusPal EncryptDecryptHelper(SafeDeleteContext securityContext, byte[] buffer, int offset, int size, int headerSize, int trailerSize, bool encrypt, out int resultSize)
{
resultSize = 0;
try
{
Interop.Ssl.SslErrorCode errorCode = Interop.Ssl.SslErrorCode.SSL_ERROR_NONE;
SafeSslHandle scHandle = securityContext.SslContext;
if (encrypt)
{
resultSize = Interop.OpenSsl.Encrypt(scHandle, buffer, offset, size, out errorCode);
}
else
{
Debug.Assert(offset == 0, "Expected offset 0 when decrypting");
resultSize = Interop.OpenSsl.Decrypt(scHandle, buffer, size, out errorCode);
}
switch (errorCode)
{
case Interop.Ssl.SslErrorCode.SSL_ERROR_RENEGOTIATE:
return(SecurityStatusPal.Renegotiate);
case Interop.Ssl.SslErrorCode.SSL_ERROR_ZERO_RETURN:
return(SecurityStatusPal.ContextExpired);
case Interop.Ssl.SslErrorCode.SSL_ERROR_NONE:
case Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_READ:
return(SecurityStatusPal.OK);
default:
return(SecurityStatusPal.InternalError);
}
}
catch (Exception ex)
{
Debug.Fail("Exception Caught. - " + ex);
return(SecurityStatusPal.InternalError);
}
}
private static SecurityStatusPal EncryptDecryptHelper(SafeDeleteContext securityContext, ReadOnlyMemory <byte> input, int offset, int size, bool encrypt, ref byte[] output, out int resultSize)
{
resultSize = 0;
try
{
Interop.Ssl.SslErrorCode errorCode = Interop.Ssl.SslErrorCode.SSL_ERROR_NONE;
SafeSslHandle scHandle = ((SafeDeleteSslContext)securityContext).SslContext;
if (encrypt)
{
resultSize = Interop.OpenSsl.Encrypt(scHandle, input.Span, ref output, out errorCode);
}
else
{
resultSize = Interop.OpenSsl.Decrypt(scHandle, output, offset, size, out errorCode);
}
switch (errorCode)
{
case Interop.Ssl.SslErrorCode.SSL_ERROR_RENEGOTIATE:
return(new SecurityStatusPal(SecurityStatusPalErrorCode.Renegotiate));
case Interop.Ssl.SslErrorCode.SSL_ERROR_ZERO_RETURN:
return(new SecurityStatusPal(SecurityStatusPalErrorCode.ContextExpired));
case Interop.Ssl.SslErrorCode.SSL_ERROR_NONE:
case Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_READ:
return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK));
default:
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, new Interop.OpenSsl.SslException((int)errorCode)));
}
}
catch (Exception ex)
{
return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex));
}
}
private static SecurityStatusPal MapNativeErrorCode(Interop.Ssl.SslErrorCode errorCode) =>
errorCode switch
{
