private SecurityStatus EncryptDecryptHelper(SafeDeleteContext securityContext, byte[] buffer, int offset, int size, int headerSize, int trailerSize, bool encrypt, out int resultSize)
{
bool gotReference = false;
resultSize = 0;
try
{
securityContext.DangerousAddRef(ref gotReference);
Interop.libssl.SslErrorCode errorCode = Interop.libssl.SslErrorCode.SSL_ERROR_NONE;
unsafe
{
fixed(byte *bufferPtr = buffer)
{
IntPtr inputPtr = new IntPtr(bufferPtr);
IntPtr scHandle = securityContext.DangerousGetHandle();
resultSize = encrypt ?
Interop.OpenSsl.Encrypt(scHandle, inputPtr, offset, size, buffer.Length, out errorCode) :
Interop.OpenSsl.Decrypt(scHandle, inputPtr, size, out errorCode);
}
}
switch (errorCode)
{
case Interop.libssl.SslErrorCode.SSL_ERROR_RENEGOTIATE:
return(SecurityStatus.Renegotiate);
case Interop.libssl.SslErrorCode.SSL_ERROR_ZERO_RETURN:
return(SecurityStatus.ContextExpired);
case Interop.libssl.SslErrorCode.SSL_ERROR_NONE:
case Interop.libssl.SslErrorCode.SSL_ERROR_WANT_READ:
return(SecurityStatus.OK);
default:
return(SecurityStatus.InternalError);
}
}
catch (Exception ex)
{
Debug.Fail("Exception Caught. - " + ex);
return(SecurityStatus.InternalError);
}
finally
{
if (gotReference)
{
securityContext.DangerousRelease();
}
}
}
private SecurityStatus EncryptDecryptHelper(SafeDeleteContext securityContext, byte[] buffer, int offset, int size, int headerSize, int trailerSize, bool encrypt, out int resultSize)
{
bool gotReference = false;
resultSize = 0;
try
{
securityContext.DangerousAddRef(ref gotReference);
unsafe
{
fixed(byte *bufferPtr = buffer)
{
IntPtr inputPtr = new IntPtr(bufferPtr);
IntPtr scHandle = securityContext.DangerousGetHandle();
resultSize = encrypt ?
Interop.OpenSsl.Encrypt(scHandle, inputPtr, offset, size, buffer.Length) :
Interop.OpenSsl.Decrypt(scHandle, inputPtr, size);
}
}
return(((size == 0) || (resultSize > 0)) ? SecurityStatus.OK : SecurityStatus.ContextExpired);
}
catch (Exception ex)
{
Debug.Fail("Exception Caught. - " + ex);
return(SecurityStatus.InternalError);
}
finally
{
if (gotReference)
{
securityContext.DangerousRelease();
}
}
}
public int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo)
{
bool gotReference = false;
connectionInfo = null;
try
{
securityContext.DangerousAddRef(ref gotReference);
Interop.libssl.SSL_CIPHER cipher = Interop.OpenSsl.GetConnectionInfo(securityContext.DangerousGetHandle());
connectionInfo = new SslConnectionInfo(cipher);
return(0);
}
catch
{
return(-1);
}
finally
{
if (gotReference)
{
securityContext.DangerousRelease();
}
}
}
public int QueryContextRemoteCertificate(SafeDeleteContext securityContext, out SafeFreeCertContext remoteCertContext)
{
bool gotReference = false;
remoteCertContext = null;
try
{
securityContext.DangerousAddRef(ref gotReference);
IntPtr certPtr = Interop.OpenSsl.GetPeerCertificate(securityContext.DangerousGetHandle());
remoteCertContext = new SafeFreeCertContext(certPtr);
return(0);
}
catch
{
return(-1);
}
finally
{
if (gotReference)
{
securityContext.DangerousRelease();
}
}
}
//
// Extracts a remote certificate upon request.
//
internal override X509Certificate2 GetRemoteCertificate(SafeDeleteContext securityContext, out X509Certificate2Collection remoteCertificateStore)
{
remoteCertificateStore = null;
bool gotReference = false;
if (securityContext == null)
{
return(null);
}
GlobalLog.Enter("SecureChannel#" + Logging.HashString(this) + "::RemoteCertificate{get;}");
X509Certificate2 result = null;
SafeFreeCertContext remoteContext = null;
try
{
int errorCode = SSPIWrapper.QueryContextRemoteCertificate(GlobalSSPI.SSPISecureChannel, securityContext, out remoteContext);
if (remoteContext != null && !remoteContext.IsInvalid)
{
remoteContext.DangerousAddRef(ref gotReference);
result = new X509Certificate2(remoteContext.DangerousGetHandle());
}
remoteCertificateStore = new X509Certificate2Collection();
SafeSharedX509StackHandle chainStack =
Interop.OpenSsl.GetPeerCertificateChain(securityContext.DangerousGetHandle());
GC.KeepAlive(securityContext);
using (chainStack)
{
if (!chainStack.IsInvalid)
{
int count = Interop.Crypto.GetX509StackFieldCount(chainStack);
for (int i = 0; i < count; i++)
{
IntPtr certPtr = Interop.Crypto.GetX509StackField(chainStack, i);
if (certPtr != IntPtr.Zero)
{
// X509Certificate2(IntPtr) calls X509_dup, so the reference is appropriately tracked.
X509Certificate2 chainCert = new X509Certificate2(certPtr);
remoteCertificateStore.Add(chainCert);
}
}
}
}
}
finally
{
if (gotReference)
{
remoteContext.DangerousRelease();
}
if (remoteContext != null)
{
remoteContext.Dispose();
}
}
if (Logging.On)
{
Logging.PrintInfo(Logging.Web, SR.Format(SR.net_log_remote_certificate, (result == null ? "null" : result.ToString(true))));
}
GlobalLog.Leave("SecureChannel#" + Logging.HashString(this) + "::RemoteCertificate{get;}", (result == null ? "null" : result.Subject));
return(result);
}