public static SecurityStatusPal ApplyShutdownToken(ref SafeFreeCredentials credentialsHandle, SafeDeleteContext securityContext) { SafeDeleteSslContext sslContext = ((SafeDeleteSslContext)securityContext); // Unset the quiet shutdown option initially configured. Interop.Ssl.SslSetQuietShutdown(sslContext.SslContext, 0); int status = Interop.Ssl.SslShutdown(sslContext.SslContext); if (status == 0) { // Call SSL_shutdown again for a bi-directional shutdown. status = Interop.Ssl.SslShutdown(sslContext.SslContext); } if (status == 1) { return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK)); } Interop.Ssl.SslErrorCode code = Interop.Ssl.SslGetError(sslContext.SslContext, status); if (code == Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_READ || code == Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_WRITE) { return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK)); } else { return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, new Interop.OpenSsl.SslException((int)code))); } }
public static SecurityStatusPal ApplyShutdownToken(ref SafeFreeCredentials?credentialsHandle, SafeDeleteSslContext sslContext) { // Unset the quiet shutdown option initially configured. Interop.Ssl.SslSetQuietShutdown(sslContext.SslContext, 0); int status = Interop.Ssl.SslShutdown(sslContext.SslContext); if (status == 0) { // Call SSL_shutdown again for a bi-directional shutdown. status = Interop.Ssl.SslShutdown(sslContext.SslContext); } if (status == 1) { return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK)); } Interop.Ssl.SslErrorCode code = Interop.Ssl.SslGetError(sslContext.SslContext, status); if (code == Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_READ || code == Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_WRITE) { return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK)); } else if (code == Interop.Ssl.SslErrorCode.SSL_ERROR_SSL) { // OpenSSL failure occurred. The error queue contains more details, when building the exception the queue will be cleared. return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, Interop.Crypto.CreateOpenSslCryptographicException())); } else { return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, new Interop.OpenSsl.SslException((int)code))); } }
private static SecurityStatusPal EncryptDecryptHelper(SafeDeleteContext securityContext, byte[] input, int offset, int size, bool encrypt, ref byte[] output, out int resultSize) { resultSize = 0; try { Interop.Ssl.SslErrorCode errorCode = Interop.Ssl.SslErrorCode.SSL_ERROR_NONE; SafeSslHandle scHandle = ((SafeDeleteSslContext)securityContext).SslContext; if (encrypt) { resultSize = Interop.OpenSsl.Encrypt(scHandle, input, offset, size, ref output, out errorCode); } else { Debug.Assert(offset == 0, "Expected offset 0 when decrypting"); Debug.Assert(ReferenceEquals(input, output), "Expected input==output when decrypting"); resultSize = Interop.OpenSsl.Decrypt(scHandle, input, size, out errorCode); } switch (errorCode) { case Interop.Ssl.SslErrorCode.SSL_ERROR_RENEGOTIATE: return(new SecurityStatusPal(SecurityStatusPalErrorCode.Renegotiate)); case Interop.Ssl.SslErrorCode.SSL_ERROR_ZERO_RETURN: return(new SecurityStatusPal(SecurityStatusPalErrorCode.ContextExpired)); case Interop.Ssl.SslErrorCode.SSL_ERROR_NONE: case Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_READ: return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK)); default: return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, new Interop.OpenSsl.SslException((int)errorCode))); } } catch (Exception ex) { return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex)); } }
private static SecurityStatusPal EncryptDecryptHelper(SafeDeleteContext securityContext, byte[] buffer, int offset, int size, int headerSize, int trailerSize, bool encrypt, out int resultSize) { resultSize = 0; try { Interop.Ssl.SslErrorCode errorCode = Interop.Ssl.SslErrorCode.SSL_ERROR_NONE; SafeSslHandle scHandle = securityContext.SslContext; if (encrypt) { resultSize = Interop.OpenSsl.Encrypt(scHandle, buffer, offset, size, out errorCode); } else { Debug.Assert(offset == 0, "Expected offset 0 when decrypting"); resultSize = Interop.OpenSsl.Decrypt(scHandle, buffer, size, out errorCode); } switch (errorCode) { case Interop.Ssl.SslErrorCode.SSL_ERROR_RENEGOTIATE: return(SecurityStatusPal.Renegotiate); case Interop.Ssl.SslErrorCode.SSL_ERROR_ZERO_RETURN: return(SecurityStatusPal.ContextExpired); case Interop.Ssl.SslErrorCode.SSL_ERROR_NONE: case Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_READ: return(SecurityStatusPal.OK); default: return(SecurityStatusPal.InternalError); } } catch (Exception ex) { Debug.Fail("Exception Caught. - " + ex); return(SecurityStatusPal.InternalError); } }
private static SecurityStatusPal EncryptDecryptHelper(SafeDeleteContext securityContext, ReadOnlyMemory <byte> input, int offset, int size, bool encrypt, ref byte[] output, out int resultSize) { resultSize = 0; try { Interop.Ssl.SslErrorCode errorCode = Interop.Ssl.SslErrorCode.SSL_ERROR_NONE; SafeSslHandle scHandle = ((SafeDeleteSslContext)securityContext).SslContext; if (encrypt) { resultSize = Interop.OpenSsl.Encrypt(scHandle, input.Span, ref output, out errorCode); } else { resultSize = Interop.OpenSsl.Decrypt(scHandle, output, offset, size, out errorCode); } switch (errorCode) { case Interop.Ssl.SslErrorCode.SSL_ERROR_RENEGOTIATE: return(new SecurityStatusPal(SecurityStatusPalErrorCode.Renegotiate)); case Interop.Ssl.SslErrorCode.SSL_ERROR_ZERO_RETURN: return(new SecurityStatusPal(SecurityStatusPalErrorCode.ContextExpired)); case Interop.Ssl.SslErrorCode.SSL_ERROR_NONE: case Interop.Ssl.SslErrorCode.SSL_ERROR_WANT_READ: return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK)); default: return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, new Interop.OpenSsl.SslException((int)errorCode))); } } catch (Exception ex) { return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, ex)); } }
private static SecurityStatusPal MapNativeErrorCode(Interop.Ssl.SslErrorCode errorCode) => errorCode switch {