/// <summary> /// Create another instance of SafeEvpPKeyHandle which has an independent lifetime /// from this instance, but tracks the same resource. /// </summary> /// <returns>An equivalent SafeEvpPKeyHandle with a different lifetime</returns> public SafeEvpPKeyHandle DuplicateHandle() { if (IsInvalid) throw new InvalidOperationException(SR.Cryptography_OpenInvalidHandle); // Reliability: Allocate the SafeHandle before calling UpRefEvpPkey so // that we don't lose a tracked reference in low-memory situations. SafeEvpPKeyHandle safeHandle = new SafeEvpPKeyHandle(); int newRefCount = Interop.Crypto.UpRefEvpPkey(this); // UpRefEvpPkey returns the number of references to this key, if it's less than 2 // (the incoming handle, and this one) then someone has already Disposed() this key // into non-existence. if (newRefCount < 2) { Debug.Fail("Called UpRefEvpPkey on a key which was already marked for destruction"); throw Interop.Crypto.CreateOpenSslCryptographicException(); } // Since we didn't actually create a new handle, copy the handle // to the new SafeHandle. safeHandle.SetHandle(handle); return safeHandle; }
public void Dispose() { if (_caStackHandle != null) { _caStackHandle.Dispose(); _caStackHandle = null; } if (_x509Handle != null) { _x509Handle.Dispose(); _x509Handle = null; } if (_evpPkeyHandle != null) { _evpPkeyHandle.Dispose(); _evpPkeyHandle = null; } if (_pkcs12Handle != null) { _pkcs12Handle.Dispose(); } }
//TODO (Issue #3362) Set remote certificate options internal static SafeSslHandle AllocateSslContext(long options, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, bool isServer, bool remoteCertRequired) { SafeSslHandle context = null; IntPtr method = GetSslMethod(isServer, options); using (libssl.SafeSslContextHandle innerContext = new libssl.SafeSslContextHandle(method)) { if (innerContext.IsInvalid) { throw CreateSslException(SR.net_allocate_ssl_context_failed); } libssl.SSL_CTX_ctrl(innerContext, libssl.SSL_CTRL_OPTIONS, options, IntPtr.Zero); libssl.SSL_CTX_set_quiet_shutdown(innerContext, 1); if (certHandle != null && certKeyHandle != null) { SetSslCertificate(innerContext, certHandle, certKeyHandle); } context = SafeSslHandle.Create(innerContext, isServer); Debug.Assert(context != null, "Expected non-null return value from SafeSslHandle.Create"); if (context.IsInvalid) { context.Dispose(); throw CreateSslException(SR.net_allocate_ssl_context_failed); } } return context; }
internal static SafeSslHandle AllocateSslContext(SslProtocols protocols, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, EncryptionPolicy policy, bool isServer, bool remoteCertRequired) { SafeSslHandle context = null; IntPtr method = GetSslMethod(protocols); using (SafeSslContextHandle innerContext = Ssl.SslCtxCreate(method)) { if (innerContext.IsInvalid) { throw CreateSslException(SR.net_allocate_ssl_context_failed); } // Configure allowed protocols. It's ok to use DangerousGetHandle here without AddRef/Release as we just // create the handle, it's rooted by the using, no one else has a reference to it, etc. Ssl.SetProtocolOptions(innerContext.DangerousGetHandle(), protocols); // The logic in SafeSslHandle.Disconnect is simple because we are doing a quiet // shutdown (we aren't negotiating for session close to enable later session // restoration). // // If you find yourself wanting to remove this line to enable bidirectional // close-notify, you'll probably need to rewrite SafeSslHandle.Disconnect(). // https://www.openssl.org/docs/manmaster/ssl/SSL_shutdown.html Ssl.SslCtxSetQuietShutdown(innerContext); if (!Ssl.SetEncryptionPolicy(innerContext, policy)) { throw new PlatformNotSupportedException(SR.Format(SR.net_ssl_encryptionpolicy_notsupported, policy)); } if (certHandle != null && certKeyHandle != null) { SetSslCertificate(innerContext, certHandle, certKeyHandle); } if (remoteCertRequired) { Debug.Assert(isServer, "isServer flag should be true"); Ssl.SslCtxSetVerify(innerContext, s_verifyClientCertificate); //update the client CA list UpdateCAListFromRootStore(innerContext); } context = SafeSslHandle.Create(innerContext, isServer); Debug.Assert(context != null, "Expected non-null return value from SafeSslHandle.Create"); if (context.IsInvalid) { context.Dispose(); throw CreateSslException(SR.net_allocate_ssl_context_failed); } } return context; }
internal static extern SafePkcs12Handle PKCS12_create( string pass, string name, SafeEvpPKeyHandle pkey, SafeX509Handle cert, SafeX509StackHandle ca, int nid_key, int nid_cert, int iter, int mac_iter, int keytype);
/// <summary> /// Create an ECDsaOpenSsl from an <see cref="SafeEvpPKeyHandle"/> whose value is an existing /// OpenSSL <c>EVP_PKEY*</c> wrapping an <c>EC_KEY*</c> /// </summary> /// <param name="pkeyHandle">A SafeHandle for an OpenSSL <c>EVP_PKEY*</c></param> /// <exception cref="ArgumentNullException"><paramref name="pkeyHandle"/> is <c>null</c></exception> /// <exception cref="ArgumentException"><paramref name="pkeyHandle"/> <see cref="SafeHandle.IsInvalid" /></exception> /// <exception cref="CryptographicException"><paramref name="pkeyHandle"/> is not a valid enveloped <c>EC_KEY*</c></exception> public ECDsaOpenSsl(SafeEvpPKeyHandle pkeyHandle) { if (pkeyHandle == null) throw new ArgumentNullException(nameof(pkeyHandle)); if (pkeyHandle.IsInvalid) throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, nameof(pkeyHandle)); // If ecKey is valid it has already been up-ref'd, so we can just use this handle as-is. SafeEcKeyHandle key = Interop.Crypto.EvpPkeyGetEcKey(pkeyHandle); if (key.IsInvalid) throw Interop.Crypto.CreateOpenSslCryptographicException(); SetKey(key); }
internal static SafeSslHandle AllocateSslContext(long options, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, string encryptionPolicy, bool isServer, bool remoteCertRequired) { SafeSslHandle context = null; IntPtr method = GetSslMethod(isServer, options); using (libssl.SafeSslContextHandle innerContext = Ssl.SslCtxCreate(method)) { if (innerContext.IsInvalid) { throw CreateSslException(SR.net_allocate_ssl_context_failed); } libssl.SSL_CTX_ctrl(innerContext, libssl.SSL_CTRL_OPTIONS, options, IntPtr.Zero); libssl.SSL_CTX_set_quiet_shutdown(innerContext, 1); libssl.SSL_CTX_set_cipher_list(innerContext, encryptionPolicy); if (certHandle != null && certKeyHandle != null) { SetSslCertificate(innerContext, certHandle, certKeyHandle); } if (remoteCertRequired) { Debug.Assert(isServer, "isServer flag should be true"); libssl.SSL_CTX_set_verify(innerContext, (int)libssl.ClientCertOption.SSL_VERIFY_PEER | (int)libssl.ClientCertOption.SSL_VERIFY_FAIL_IF_NO_PEER_CERT, s_verifyClientCertificate); //update the client CA list UpdateCAListFromRootStore(innerContext); } context = SafeSslHandle.Create(innerContext, isServer); Debug.Assert(context != null, "Expected non-null return value from SafeSslHandle.Create"); if (context.IsInvalid) { context.Dispose(); throw CreateSslException(SR.net_allocate_ssl_context_failed); } } return context; }
public SafeFreeSslCredentials(X509Certificate certificate, SslProtocols protocols, EncryptionPolicy policy) : base(IntPtr.Zero, true) { Debug.Assert( certificate == null || certificate is X509Certificate2, "Only X509Certificate2 certificates are supported at this time"); X509Certificate2 cert = (X509Certificate2)certificate; if (cert != null) { Debug.Assert(cert.HasPrivateKey, "cert.HasPrivateKey"); using (RSAOpenSsl rsa = (RSAOpenSsl)cert.GetRSAPrivateKey()) { if (rsa != null) { _certKeyHandle = rsa.DuplicateKeyHandle(); Interop.Crypto.CheckValidOpenSslHandle(_certKeyHandle); } } if (_certKeyHandle == null) { using (ECDsaOpenSsl ecdsa = (ECDsaOpenSsl)cert.GetECDsaPrivateKey()) { if (ecdsa != null) { _certKeyHandle = ecdsa.DuplicateKeyHandle(); Interop.Crypto.CheckValidOpenSslHandle(_certKeyHandle); } } } if (_certKeyHandle == null) { throw new NotSupportedException(SR.net_ssl_io_no_server_cert); } _certHandle = Interop.Crypto.X509UpRef(cert.Handle); Interop.Crypto.CheckValidOpenSslHandle(_certHandle); } _protocols = protocols; _policy = policy; }
internal static SafeSslHandle AllocateSslContext(SslProtocols protocols, SafeX509Handle certHandle, SafeEvpPKeyHandle certKeyHandle, EncryptionPolicy policy, bool isServer, bool remoteCertRequired) { SafeSslHandle context = null; IntPtr method = GetSslMethod(protocols); using (SafeSslContextHandle innerContext = Ssl.SslCtxCreate(method)) { if (innerContext.IsInvalid) { throw CreateSslException(SR.net_allocate_ssl_context_failed); } Ssl.SetProtocolOptions(innerContext, protocols); Ssl.SslCtxSetQuietShutdown(innerContext); Ssl.SetEncryptionPolicy(innerContext, policy); if (certHandle != null && certKeyHandle != null) { SetSslCertificate(innerContext, certHandle, certKeyHandle); } if (remoteCertRequired) { Debug.Assert(isServer, "isServer flag should be true"); Ssl.SslCtxSetVerify(innerContext, s_verifyClientCertificate); //update the client CA list UpdateCAListFromRootStore(innerContext); } context = SafeSslHandle.Create(innerContext, isServer); Debug.Assert(context != null, "Expected non-null return value from SafeSslHandle.Create"); if (context.IsInvalid) { context.Dispose(); throw CreateSslException(SR.net_allocate_ssl_context_failed); } } return context; }
/// <summary> /// Create an RSAOpenSsl from an <see cref="SafeEvpPKeyHandle"/> whose value is an existing /// OpenSSL <c>EVP_PKEY*</c> wrapping an <c>RSA*</c> /// </summary> /// <param name="pkeyHandle">A SafeHandle for an OpenSSL <c>EVP_PKEY*</c></param> /// <exception cref="ArgumentNullException"><paramref name="pkeyHandle"/> is <c>null</c></exception> /// <exception cref="ArgumentException"> /// <paramref name="pkeyHandle"/> <see cref="Runtime.InteropServices.SafeHandle.IsInvalid" /> /// </exception> /// <exception cref="CryptographicException"><paramref name="pkeyHandle"/> is not a valid enveloped <c>RSA*</c></exception> public RSAOpenSsl(SafeEvpPKeyHandle pkeyHandle) { if (pkeyHandle == null) throw new ArgumentNullException(nameof(pkeyHandle)); if (pkeyHandle.IsInvalid) throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, nameof(pkeyHandle)); // If rsa is valid it has already been up-ref'd, so we can just use this handle as-is. SafeRsaHandle rsa = Interop.Crypto.EvpPkeyGetRsa(pkeyHandle); if (rsa.IsInvalid) { throw Interop.Crypto.CreateOpenSslCryptographicException(); } // Set base.KeySize rather than this.KeySize to avoid an unnecessary Lazy<> allocation. base.KeySize = BitsPerByte * Interop.Crypto.RsaSize(rsa); _key = new Lazy<SafeRsaHandle>(() => rsa); }
/// <summary> /// Create an ECDsaOpenSsl from an <see cref="SafeEvpPKeyHandle"/> whose value is an existing /// OpenSSL <c>EVP_PKEY*</c> wrapping an <c>EC_KEY*</c> /// </summary> /// <param name="pkeyHandle">A SafeHandle for an OpenSSL <c>EVP_PKEY*</c></param> /// <exception cref="ArgumentNullException"><paramref name="pkeyHandle"/> is <c>null</c></exception> /// <exception cref="ArgumentException"><paramref name="pkeyHandle"/> <see cref="SafeHandle.IsInvalid" /></exception> /// <exception cref="CryptographicException"><paramref name="pkeyHandle"/> is not a valid enveloped <c>EC_KEY*</c></exception> public ECDsaOpenSsl(SafeEvpPKeyHandle pkeyHandle) { if (pkeyHandle == null) throw new ArgumentNullException("pkeyHandle"); if (pkeyHandle.IsInvalid) throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, "pkeyHandle"); // If ecKey is valid it has already been up-ref'd, so we can just use this handle as-is. SafeEcKeyHandle ecKey = Interop.Crypto.EvpPkeyGetEcKey(pkeyHandle); if (ecKey.IsInvalid) { throw Interop.Crypto.CreateOpenSslCryptographicException(); } // Set base.KeySize rather than this.KeySize to avoid an unnecessary Lazy<> allocation. base.KeySize = GetKeySize(ecKey); _key = new Lazy<SafeEcKeyHandle>(() => ecKey); }
/// <summary> /// Create an RSAOpenSsl from an <see cref="SafeEvpPKeyHandle"/> whose value is an existing /// OpenSSL <c>EVP_PKEY*</c> wrapping an <c>RSA*</c> /// </summary> /// <param name="pkeyHandle">A SafeHandle for an OpenSSL <c>EVP_PKEY*</c></param> /// <exception cref="ArgumentNullException"><paramref name="pkeyHandle"/> is <c>null</c></exception> /// <exception cref="ArgumentException"> /// <paramref name="pkeyHandle"/> <see cref="Runtime.InteropServices.SafeHandle.IsInvalid" /> /// </exception> /// <exception cref="CryptographicException"><paramref name="pkeyHandle"/> is not a valid enveloped <c>RSA*</c></exception> public RSAOpenSsl(SafeEvpPKeyHandle pkeyHandle) { if (pkeyHandle == null) throw new ArgumentNullException(nameof(pkeyHandle)); if (pkeyHandle.IsInvalid) throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, nameof(pkeyHandle)); // If rsa is valid it has already been up-ref'd, so we can just use this handle as-is. SafeRsaHandle rsa = Interop.Crypto.EvpPkeyGetRsa(pkeyHandle); if (rsa.IsInvalid) { throw Interop.Crypto.CreateOpenSslCryptographicException(); } // Use ForceSet instead of the property setter to ensure that LegalKeySizes doesn't interfere // with the already loaded key. ForceSetKeySize(BitsPerByte * Interop.Crypto.RsaSize(rsa)); _key = new Lazy<SafeRsaHandle>(() => rsa); }
/// <summary> /// Create an ECDsaOpenSsl from an <see cref="SafeEvpPKeyHandle"/> whose value is an existing /// OpenSSL <c>EVP_PKEY*</c> wrapping an <c>RSA*</c> /// </summary> /// <param name="pkeyHandle">A SafeHandle for an OpenSSL <c>EVP_PKEY*</c></param> /// <exception cref="ArgumentNullException"><paramref name="pkeyHandle"/> is <c>null</c></exception> /// <exception cref="ArgumentException"> /// <paramref name="pkeyHandle"/> <see cref="Runtime.InteropServices.SafeHandle.IsInvalid" /> /// </exception> /// <exception cref="CryptographicException"><paramref name="pkeyHandle"/> is not a valid enveloped <c>RSA*</c></exception> public RSAOpenSsl(SafeEvpPKeyHandle pkeyHandle) { if (pkeyHandle == null) throw new ArgumentNullException("pkeyHandle"); if (pkeyHandle.IsInvalid) throw new ArgumentException(SR.Cryptography_OpenInvalidHandle, "pkeyHandle"); // If rsa is valid it has already been up-ref'd, so we can just use this handle as-is. SafeRsaHandle rsa = Interop.libcrypto.EVP_PKEY_get1_RSA(pkeyHandle); if (rsa.IsInvalid) { throw Interop.libcrypto.CreateOpenSslCryptographicException(); } _legalKeySizesValue = new[] { s_legalKeySizes }; // Set base.KeySize rather than this.KeySize to avoid an unnecessary Lazy<> allocation. base.KeySize = BitsPerByte * Interop.libcrypto.RSA_size(rsa); _key = new Lazy<SafeRsaHandle>(() => rsa); }
internal static extern bool EvpPkeySetRsa(SafeEvpPKeyHandle pkey, SafeRsaHandle rsa);
internal static extern SafeRsaHandle EvpPkeyGetRsa(SafeEvpPKeyHandle pkey);
public List<OpenSslX509CertificateReader> ReadCertificates() { var certs = new List<OpenSslX509CertificateReader>(); if (_caStackHandle != null && !_caStackHandle.IsInvalid) { int caCertCount = Interop.Crypto.GetX509StackFieldCount(_caStackHandle); for (int i = 0; i < caCertCount; i++) { IntPtr certPtr = Interop.Crypto.GetX509StackField(_caStackHandle, i); if (certPtr != IntPtr.Zero) { // The STACK_OF(X509) still needs to be cleaned up, so upref the handle out of it. certs.Add(new OpenSslX509CertificateReader(Interop.Crypto.X509UpRef(certPtr))); } } } if (_x509Handle != null && !_x509Handle.IsInvalid) { // The certificate and (if applicable) private key handles will be given over // to the OpenSslX509CertificateReader, and the fields here are thus nulled out to // prevent double-Dispose. OpenSslX509CertificateReader reader = new OpenSslX509CertificateReader(_x509Handle); _x509Handle = null; if (_evpPkeyHandle != null && !_evpPkeyHandle.IsInvalid) { reader.SetPrivateKey(_evpPkeyHandle); _evpPkeyHandle = null; } certs.Add(reader); } return certs; }
private static void SetSslCertificate(SafeSslContextHandle contextPtr, SafeX509Handle certPtr, SafeEvpPKeyHandle keyPtr) { Debug.Assert(certPtr != null && !certPtr.IsInvalid, "certPtr != null && !certPtr.IsInvalid"); Debug.Assert(keyPtr != null && !keyPtr.IsInvalid, "keyPtr != null && !keyPtr.IsInvalid"); int retVal = Ssl.SslCtxUseCertificate(contextPtr, certPtr); if (1 != retVal) { throw CreateSslException(SR.net_ssl_use_cert_failed); } retVal = Ssl.SslCtxUsePrivateKey(contextPtr, keyPtr); if (1 != retVal) { throw CreateSslException(SR.net_ssl_use_private_key_failed); } //check private key retVal = Ssl.SslCtxCheckPrivateKey(contextPtr); if (1 != retVal) { throw CreateSslException(SR.net_ssl_check_private_key_failed); } }
internal void SetPrivateKey(SafeEvpPKeyHandle privateKey) { _privateKey = privateKey; }
private static void SetSslCertificate(IntPtr contextPtr, SafeX509Handle certPtr, SafeEvpPKeyHandle keyPtr) { Debug.Assert(certPtr != null && !certPtr.IsInvalid, "certPtr != null && !certPtr.IsInvalid"); Debug.Assert(keyPtr != null && !keyPtr.IsInvalid, "keyPtr != null && !keyPtr.IsInvalid"); int retVal = libssl.SSL_CTX_use_certificate(contextPtr, certPtr); if (1 != retVal) { throw CreateSslException("Failed to use SSL certificate"); } retVal = libssl.SSL_CTX_use_PrivateKey(contextPtr, keyPtr); if (1 != retVal) { throw CreateSslException("Failed to use SSL certificate private key"); } //check private key retVal = libssl.SSL_CTX_check_private_key(contextPtr); if (1 != retVal) { throw CreateSslException("Certificate pivate key check failed"); } }
private int TlsClientCertCallback(IntPtr ssl, out IntPtr certHandle, out IntPtr privateKeyHandle) { Interop.Crypto.CheckValidOpenSslHandle(ssl); using (SafeSslHandle sslHandle = new SafeSslHandle(ssl, false)) { certHandle = IntPtr.Zero; privateKeyHandle = IntPtr.Zero; VerboseTrace("libssl's client certificate callback"); ISet<string> issuerNames = GetRequestCertificateAuthorities(sslHandle); X509Certificate2 certificate; X509Chain chain; if (!GetClientCertificate(issuerNames, out certificate, out chain)) { VerboseTrace("no cert or chain"); return 0; } Interop.Crypto.CheckValidOpenSslHandle(certificate.Handle); using (RSAOpenSsl rsa = certificate.GetRSAPrivateKey() as RSAOpenSsl) { if (rsa != null) { _privateKeyHandle = rsa.DuplicateKeyHandle(); } else { using (ECDsaOpenSsl ecdsa = certificate.GetECDsaPrivateKey() as ECDsaOpenSsl) { if (ecdsa != null) { _privateKeyHandle = ecdsa.DuplicateKeyHandle(); } } } } if (_privateKeyHandle == null || _privateKeyHandle.IsInvalid) { VerboseTrace("invalid private key"); return 0; } _certHandle = Interop.Crypto.X509Duplicate(certificate.Handle); Interop.Crypto.CheckValidOpenSslHandle(_certHandle); if (chain != null) { for (int i = chain.ChainElements.Count - 2; i > 0; i--) { SafeX509Handle dupCertHandle = Interop.Crypto.X509Duplicate(chain.ChainElements[i].Certificate.Handle); Interop.Crypto.CheckValidOpenSslHandle(dupCertHandle); if (!Interop.Ssl.SslAddExtraChainCert(sslHandle, dupCertHandle)) { VerboseTrace("failed to add extra chain cert"); return -1; } } } certHandle = _certHandle.DangerousGetHandle(); privateKeyHandle = _privateKeyHandle.DangerousGetHandle(); return 1; } }
public override bool TryDecrypt( ReadOnlySpan <byte> data, Span <byte> destination, RSAEncryptionPadding padding, out int bytesWritten) { if (padding == null) { throw new ArgumentNullException(nameof(padding)); } ValidatePadding(padding); SafeEvpPKeyHandle key = GetKey(); int keySizeBytes = Interop.Crypto.EvpPKeySize(key); // OpenSSL requires that the decryption buffer be at least as large as EVP_PKEY_size. // So if the destination is too small, use a temporary buffer so we can match // Windows behavior of succeeding so long as the buffer can hold the final output. if (destination.Length < keySizeBytes) { // RSA up through 4096 bits use a stackalloc Span <byte> tmp = stackalloc byte[512]; byte[]? rent = null; if (keySizeBytes > tmp.Length) { rent = CryptoPool.Rent(keySizeBytes); tmp = rent; } int written = Decrypt(key, data, tmp, padding); bool ret; if (destination.Length < written) { bytesWritten = 0; ret = false; } else { tmp.Slice(0, written).CopyTo(destination); bytesWritten = written; ret = true; } // Whether a stackalloc or a rented array, clear our copy of // the decrypted content. CryptographicOperations.ZeroMemory(tmp.Slice(0, written)); if (rent != null) { // Already cleared. CryptoPool.Return(rent, clearSize: 0); } return(ret); } bytesWritten = Decrypt(key, data, destination, padding); return(true); }
internal static extern SafePkcs12Handle Pkcs12Create( string pass, SafeEvpPKeyHandle pkey, SafeX509Handle cert, SafeX509StackHandle ca);
internal static extern int SSL_CTX_use_PrivateKey(IntPtr ssl, SafeEvpPKeyHandle keyPtr);
internal static extern int SslCtxUsePrivateKey(SafeSslContextHandle ctx, SafeEvpPKeyHandle keyPtr);
public SafeFreeCredentials(X509Certificate certificate, SslProtocols protocols, EncryptionPolicy policy) : base(IntPtr.Zero, true) { Debug.Assert( certificate == null || certificate is X509Certificate2, "Only X509Certificate2 certificates are supported at this time"); X509Certificate2 cert = (X509Certificate2)certificate; if (cert != null) { Debug.Assert(cert.HasPrivateKey, "cert.HasPrivateKey"); using (RSAOpenSsl rsa = (RSAOpenSsl)cert.GetRSAPrivateKey()) { if (rsa != null) { _certKeyHandle = rsa.DuplicateKeyHandle(); Interop.libcrypto.CheckValidOpenSslHandle(_certKeyHandle); } } // TODO (3390): Add support for ECDSA. Debug.Assert(_certKeyHandle != null, "Failed to extract a private key handle"); _certHandle = Interop.libcrypto.X509_dup(cert.Handle); Interop.libcrypto.CheckValidOpenSslHandle(_certHandle); } _protocols = protocols; _policy = policy; }
internal static extern SafeEcKeyHandle EVP_PKEY_get1_EC_KEY(SafeEvpPKeyHandle pkey);
internal static extern bool EVP_PKEY_set1_EC_KEY(SafeEvpPKeyHandle pkey, SafeEcKeyHandle rsa);
public void Dispose() { if (_privateKey != null) { _privateKey.Dispose(); _privateKey = null; } if (_cert != null) { _cert.Dispose(); _cert = null; } }
internal static extern int UpRefEvpPkey(SafeEvpPKeyHandle handle);
internal static extern bool Pkcs12Parse( SafePkcs12Handle p12, string pass, out SafeEvpPKeyHandle pkey, out SafeX509Handle cert, out SafeX509StackHandle ca);
internal static extern int SSL_CTX_use_PrivateKey(SafeSslContextHandle ctx, SafeEvpPKeyHandle keyPtr);