private SecurityStatus EncryptDecryptHelper(SafeDeleteContext securityContext, byte[] buffer, int offset, int size, int headerSize, int trailerSize, bool encrypt, out int resultSize) { bool gotReference = false; resultSize = 0; try { securityContext.DangerousAddRef(ref gotReference); Interop.libssl.SslErrorCode errorCode = Interop.libssl.SslErrorCode.SSL_ERROR_NONE; unsafe { fixed(byte *bufferPtr = buffer) { IntPtr inputPtr = new IntPtr(bufferPtr); IntPtr scHandle = securityContext.DangerousGetHandle(); resultSize = encrypt ? Interop.OpenSsl.Encrypt(scHandle, inputPtr, offset, size, buffer.Length, out errorCode) : Interop.OpenSsl.Decrypt(scHandle, inputPtr, size, out errorCode); } } switch (errorCode) { case Interop.libssl.SslErrorCode.SSL_ERROR_RENEGOTIATE: return(SecurityStatus.Renegotiate); case Interop.libssl.SslErrorCode.SSL_ERROR_ZERO_RETURN: return(SecurityStatus.ContextExpired); case Interop.libssl.SslErrorCode.SSL_ERROR_NONE: case Interop.libssl.SslErrorCode.SSL_ERROR_WANT_READ: return(SecurityStatus.OK); default: return(SecurityStatus.InternalError); } } catch (Exception ex) { Debug.Fail("Exception Caught. - " + ex); return(SecurityStatus.InternalError); } finally { if (gotReference) { securityContext.DangerousRelease(); } } }
private SecurityStatus EncryptDecryptHelper(SafeDeleteContext securityContext, byte[] buffer, int offset, int size, int headerSize, int trailerSize, bool encrypt, out int resultSize) { bool gotReference = false; resultSize = 0; try { securityContext.DangerousAddRef(ref gotReference); unsafe { fixed(byte *bufferPtr = buffer) { IntPtr inputPtr = new IntPtr(bufferPtr); IntPtr scHandle = securityContext.DangerousGetHandle(); resultSize = encrypt ? Interop.OpenSsl.Encrypt(scHandle, inputPtr, offset, size, buffer.Length) : Interop.OpenSsl.Decrypt(scHandle, inputPtr, size); } } return(((size == 0) || (resultSize > 0)) ? SecurityStatus.OK : SecurityStatus.ContextExpired); } catch (Exception ex) { Debug.Fail("Exception Caught. - " + ex); return(SecurityStatus.InternalError); } finally { if (gotReference) { securityContext.DangerousRelease(); } } }
public int QueryContextConnectionInfo(SafeDeleteContext securityContext, out SslConnectionInfo connectionInfo) { bool gotReference = false; connectionInfo = null; try { securityContext.DangerousAddRef(ref gotReference); Interop.libssl.SSL_CIPHER cipher = Interop.OpenSsl.GetConnectionInfo(securityContext.DangerousGetHandle()); connectionInfo = new SslConnectionInfo(cipher); return(0); } catch { return(-1); } finally { if (gotReference) { securityContext.DangerousRelease(); } } }
public int QueryContextRemoteCertificate(SafeDeleteContext securityContext, out SafeFreeCertContext remoteCertContext) { bool gotReference = false; remoteCertContext = null; try { securityContext.DangerousAddRef(ref gotReference); IntPtr certPtr = Interop.OpenSsl.GetPeerCertificate(securityContext.DangerousGetHandle()); remoteCertContext = new SafeFreeCertContext(certPtr); return(0); } catch { return(-1); } finally { if (gotReference) { securityContext.DangerousRelease(); } } }
// // Extracts a remote certificate upon request. // internal override X509Certificate2 GetRemoteCertificate(SafeDeleteContext securityContext, out X509Certificate2Collection remoteCertificateStore) { remoteCertificateStore = null; bool gotReference = false; if (securityContext == null) { return(null); } GlobalLog.Enter("SecureChannel#" + Logging.HashString(this) + "::RemoteCertificate{get;}"); X509Certificate2 result = null; SafeFreeCertContext remoteContext = null; try { int errorCode = SSPIWrapper.QueryContextRemoteCertificate(GlobalSSPI.SSPISecureChannel, securityContext, out remoteContext); if (remoteContext != null && !remoteContext.IsInvalid) { remoteContext.DangerousAddRef(ref gotReference); result = new X509Certificate2(remoteContext.DangerousGetHandle()); } remoteCertificateStore = new X509Certificate2Collection(); SafeSharedX509StackHandle chainStack = Interop.OpenSsl.GetPeerCertificateChain(securityContext.DangerousGetHandle()); GC.KeepAlive(securityContext); using (chainStack) { if (!chainStack.IsInvalid) { int count = Interop.Crypto.GetX509StackFieldCount(chainStack); for (int i = 0; i < count; i++) { IntPtr certPtr = Interop.Crypto.GetX509StackField(chainStack, i); if (certPtr != IntPtr.Zero) { // X509Certificate2(IntPtr) calls X509_dup, so the reference is appropriately tracked. X509Certificate2 chainCert = new X509Certificate2(certPtr); remoteCertificateStore.Add(chainCert); } } } } } finally { if (gotReference) { remoteContext.DangerousRelease(); } if (remoteContext != null) { remoteContext.Dispose(); } } if (Logging.On) { Logging.PrintInfo(Logging.Web, SR.Format(SR.net_log_remote_certificate, (result == null ? "null" : result.ToString(true)))); } GlobalLog.Leave("SecureChannel#" + Logging.HashString(this) + "::RemoteCertificate{get;}", (result == null ? "null" : result.Subject)); return(result); }