internal static partial int SslRead(SafeSslHandle ssl, ref byte buf, int num, out SslErrorCode error);
internal static unsafe partial void SslSetClientCertCallback(SafeSslHandle ssl, int set);
internal static partial bool SslAddExtraChainCert(SafeSslHandle ssl, SafeX509Handle x509);
internal static partial IntPtr SslGetData(SafeSslHandle ssl);
internal static partial int SslUseCertificate(SafeSslHandle ssl, SafeX509Handle certPtr);
internal static partial bool SslGetCurrentCipherId(SafeSslHandle ssl, out int cipherId);
internal static unsafe partial bool SslSetCiphers(SafeSslHandle ssl, byte *cipherList, byte *cipherSuites);
public SslConnectionInfo(SafeSslHandle sslContext) { throw new NotImplementedException(nameof(SslConnectionInfo)); }
internal static SafeX509Handle GetPeerCertificate(SafeSslHandle context) { return(Ssl.SslGetPeerCertificate(context)); }
private static SecurityStatusPal HandshakeInternal( SecureChannel secureChannel, SafeFreeCredentials credential, ref SafeDeleteSslContext?context, ReadOnlySpan <byte> inputBuffer, ref byte[]?outputBuffer, SslAuthenticationOptions sslAuthenticationOptions) { Debug.Assert(!credential.IsInvalid); try { SafeDeleteSslContext?sslContext = ((SafeDeleteSslContext?)context); if ((null == context) || context.IsInvalid) { sslContext = new SafeDeleteSslContext((credential as SafeFreeSslCredentials) !, sslAuthenticationOptions); context = sslContext; if (!string.IsNullOrEmpty(sslAuthenticationOptions.TargetHost) && !sslAuthenticationOptions.IsServer) { Interop.AppleCrypto.SslSetTargetName(sslContext.SslContext, sslAuthenticationOptions.TargetHost); } if (sslAuthenticationOptions.CertificateContext == null && sslAuthenticationOptions.CertSelectionDelegate != null) { // certificate was not provided but there is user callback. We can break handshake if server asks for certificate // and we can try to get it based on remote certificate and trusted issuers. Interop.AppleCrypto.SslBreakOnCertRequested(sslContext.SslContext, true); } if (sslAuthenticationOptions.IsServer && sslAuthenticationOptions.RemoteCertRequired) { Interop.AppleCrypto.SslSetAcceptClientCert(sslContext.SslContext); } } if (inputBuffer.Length > 0) { sslContext !.Write(inputBuffer); } SafeSslHandle sslHandle = sslContext !.SslContext; SecurityStatusPal status = PerformHandshake(sslHandle); if (status.ErrorCode == SecurityStatusPalErrorCode.CredentialsNeeded) { X509Certificate2?clientCertificate = secureChannel.SelectClientCertificate(out _); if (clientCertificate != null) { sslAuthenticationOptions.CertificateContext = SslStreamCertificateContext.Create(clientCertificate); SafeDeleteSslContext.SetCertificate(sslContext.SslContext, sslAuthenticationOptions.CertificateContext); } // We either got certificate or we can proceed without it. It is up to the server to decide if either is OK. status = PerformHandshake(sslHandle); } outputBuffer = sslContext.ReadPendingWrites(); return(status); } catch (Exception exc) { return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, exc)); } }
public static SecurityStatusPal EncryptMessage( SafeDeleteSslContext securityContext, ReadOnlyMemory <byte> input, int headerSize, int trailerSize, ref byte[] output, out int resultSize) { resultSize = 0; Debug.Assert(input.Length > 0, $"{nameof(input.Length)} > 0 since {nameof(CanEncryptEmptyMessage)} is false"); try { SafeSslHandle sslHandle = securityContext.SslContext; unsafe { MemoryHandle memHandle = input.Pin(); try { PAL_TlsIo status = Interop.AppleCrypto.SslWrite( sslHandle, (byte *)memHandle.Pointer, input.Length, out int written); if (status < 0) { return(new SecurityStatusPal( SecurityStatusPalErrorCode.InternalError, Interop.AppleCrypto.CreateExceptionForOSStatus((int)status))); } if (securityContext.BytesReadyForConnection <= output?.Length) { resultSize = securityContext.ReadPendingWrites(output, 0, output.Length); } else { output = securityContext.ReadPendingWrites() !; resultSize = output.Length; } switch (status) { case PAL_TlsIo.Success: return(new SecurityStatusPal(SecurityStatusPalErrorCode.OK)); case PAL_TlsIo.WouldBlock: return(new SecurityStatusPal(SecurityStatusPalErrorCode.ContinueNeeded)); default: Debug.Fail($"Unknown status value: {status}"); return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError)); } } finally { memHandle.Dispose(); } } } catch (Exception e) { return(new SecurityStatusPal(SecurityStatusPalErrorCode.InternalError, e)); } }
internal static partial int SslShutdown(SafeSslHandle ssl);
internal static partial bool IsSslRenegotiatePending(SafeSslHandle ssl);
internal static partial int SslRenegotiate(SafeSslHandle ssl, out SslErrorCode error);
internal static partial bool SslSessionReused(SafeSslHandle ssl);
internal static SafeSharedX509StackHandle GetPeerCertificateChain(SafeSslHandle context) { return(Ssl.SslGetPeerCertChain(context)); }
private static partial SafeSharedX509NameStackHandle SslGetClientCAList_private(SafeSslHandle ssl);
internal static partial void SslSetBio(SafeSslHandle ssl, SafeBioHandle rbio, SafeBioHandle wbio);
private static partial IntPtr GetOpenSslCipherSuiteName(SafeSslHandle ssl, int cipherSuite, out int isTls12OrLower);
internal static partial int SslDoHandshake(SafeSslHandle ssl, out SslErrorCode error);
internal static partial void SslSetVerifyPeer(SafeSslHandle ssl);
internal static partial bool IsSslStateOK(SafeSslHandle ssl);
internal static partial int SslSetData(SafeSslHandle ssl, IntPtr data);
internal static partial SafeX509Handle SslGetPeerCertificate(SafeSslHandle ssl);
internal static partial int SslUsePrivateKey(SafeSslHandle ssl, SafeEvpPKeyHandle keyPtr);
internal static partial SafeSharedX509StackHandle SslGetPeerCertChain(SafeSslHandle ssl);
internal static partial void SslSetPostHandshakeAuth(SafeSslHandle ssl, int value);
internal static partial int SslGetFinished(SafeSslHandle ssl, IntPtr buf, int count);
private static unsafe partial bool SslAddClientCAs(SafeSslHandle ssl, IntPtr *x509s, int count);
internal static partial void SslGetAlpnSelected(SafeSslHandle ssl, out IntPtr protocol, out int len);