Tls resume PoC (server stateless)

src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.SetProtocolOptions.cs

@@ -4,12 +4,16 @@
 using System;
 using System.Runtime.InteropServices;
 using System.Security.Authentication;
+using Microsoft.Win32.SafeHandles;
 
 internal static partial class Interop
 {
     internal static partial class Ssl
     {
-        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SetProtocolOptions")]
-        internal static extern void SetProtocolOptions(IntPtr ctx, SslProtocols protocols);
+        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslCtxSetProtocolOptions")]
+        internal static extern void SslCtxSetProtocolOptions(IntPtr ctx, SslProtocols protocols);
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslCtxSetProtocolOptions")]
+        internal static extern void SslCtxSetProtocolOptions(SafeSslContextHandle ctx, SslProtocols protocols);
     }
 }

src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.Ssl.cs

@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 
 using System;
+using System.Collections.Generic;
 using System.Diagnostics;
 using System.Net.Security;
 using System.Runtime.InteropServices;
@@ -44,6 +45,9 @@ internal static partial class Ssl
         [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslSetAcceptState")]
         internal static extern void SslSetAcceptState(SafeSslHandle ssl);
 
+        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslSetAlpnProtos")]
+        internal static extern int SslSetAlpnProtos(SafeSslHandle ssl, IntPtr protos, int len);
+
         [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslGetVersion")]
         internal static extern IntPtr SslGetVersion(SafeSslHandle ssl);
 
@@ -133,6 +137,31 @@ internal static partial class Ssl
         [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_GetOpenSslCipherSuiteName")]
         private static extern IntPtr GetOpenSslCipherSuiteName(SafeSslHandle ssl, int cipherSuite, out int isTls12OrLower);
 
+        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SetCiphers")]
+        internal static extern unsafe bool SslSetCiphers(SafeSslHandle ssl, byte* cipherList, byte* cipherSuites);
+
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslSetVerifyPeer")]
+        internal static extern void SslSetVerifyPeer(SafeSslHandle ssl);
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslGetData")]
+        internal static extern IntPtr SslGetData(IntPtr ssl);
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslSetData")]
+        internal static extern int SslSetData(SafeSslHandle ssl, IntPtr data);
+
+        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslSetData")]
+        internal static extern int SslSetData(IntPtr ssl, IntPtr data);
+
+        internal static unsafe int SslSetAlpnProtos(SafeSslHandle ssl, List<SslApplicationProtocol> protocols)
+        {
+            byte[] buffer = ConvertAlpnProtocolListToByteArray(protocols);
+            fixed (byte* b = buffer)
+            {
+                return SslSetAlpnProtos(ssl, (IntPtr)b, buffer.Length);
+            }
+        }
+
         internal static string? GetOpenSslCipherSuiteName(SafeSslHandle ssl, TlsCipherSuite cipherSuite, out bool isTls12OrLower)
         {
             string? ret = Marshal.PtrToStringAnsi(GetOpenSslCipherSuiteName(ssl, (int)cipherSuite, out int isTls12OrLowerInt));

src/libraries/Common/src/Interop/Unix/System.Security.Cryptography.Native/Interop.SslCtxOptions.cs

@@ -26,10 +26,10 @@ internal static partial class Ssl
         [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslCtxSetVerify")]
         internal static extern unsafe void SslCtxSetVerify(SafeSslContextHandle ctx, delegate* unmanaged<int, IntPtr, int> callback);
 
-        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SetCiphers")]
-        internal static extern unsafe bool SetCiphers(SafeSslContextHandle ctx, byte* cipherList, byte* cipherSuites);
+        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslCtxSetCiphers")]
+        internal static extern unsafe bool SslCtxSetCiphers(SafeSslContextHandle ctx, byte* cipherList, byte* cipherSuites);
 
-        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SetEncryptionPolicy")]
+        [DllImport(Libraries.CryptoNative, EntryPoint = "CryptoNative_SslCtxSetEncryptionPolicy")]
         internal static extern bool SetEncryptionPolicy(SafeSslContextHandle ctx, EncryptionPolicy policy);
     }
 }

src/libraries/Common/src/System/Net/Security/Unix/SafeDeleteSslContext.cs

@@ -34,12 +34,7 @@ public SafeDeleteSslContext(SafeFreeSslCredentials credential, SslAuthentication
 
             try
             {
-                _sslContext = Interop.OpenSsl.AllocateSslContext(
-                    credential.Protocols,
-                    credential.CertHandle,
-                    credential.CertKeyHandle,
-                    credential.Policy,
-                    sslAuthenticationOptions);
+                _sslContext = Interop.OpenSsl.AllocateSslHandle(credential, sslAuthenticationOptions);
             }
             catch (Exception ex)
             {

src/libraries/Common/src/System/Net/Security/Unix/SafeFreeSslCredentials.cs

@@ -21,6 +21,7 @@ internal sealed class SafeFreeSslCredentials : SafeFreeCredentials
         private SslProtocols _protocols = SslProtocols.None;
         private EncryptionPolicy _policy;
         private bool _isInvalid;
+        private SslStreamCertificateContext? _context;
 
         internal SafeX509Handle? CertHandle
         {
@@ -42,14 +43,15 @@ internal EncryptionPolicy Policy
             get { return _policy; }
         }
 
-        public SafeFreeSslCredentials(X509Certificate? certificate, SslProtocols protocols, EncryptionPolicy policy)
+        public SafeFreeSslCredentials(SslStreamCertificateContext? context, SslProtocols protocols, EncryptionPolicy policy, bool isServer)
             : base(IntPtr.Zero, true)
         {
+
             Debug.Assert(
-                certificate == null || certificate is X509Certificate2,
+                context == null || context.Certificate is X509Certificate2,
                 "Only X509Certificate2 certificates are supported at this time");
 
-            X509Certificate2? cert = (X509Certificate2?)certificate;
+            X509Certificate2? cert = context?.Certificate;
 
             if (cert != null)
             {
@@ -87,6 +89,7 @@ public SafeFreeSslCredentials(X509Certificate? certificate, SslProtocols protoco
 
             _protocols = protocols;
             _policy = policy;
+            _context = context;
         }
 
         public override bool IsInvalid

src/libraries/Native/Unix/System.Security.Cryptography.Native/apibridge.c

@@ -803,6 +803,12 @@ void local_SSL_CTX_set_security_level(SSL_CTX* ctx, int32_t level)
     (void)level;
 }
 
+void local_SSL_set_security_level(SSL* ssl, int32_t level)
+{
+    (void)ssl;
+    (void)level;
+}
+
 int local_BIO_up_ref(BIO *bio)
 {
     if (!bio)

src/libraries/Native/Unix/System.Security.Cryptography.Native/apibridge.h

@@ -36,6 +36,7 @@ int32_t local_SSL_CTX_config(SSL_CTX* ctx, const char* name);
 unsigned long local_SSL_CTX_set_options(SSL_CTX* ctx, unsigned long options);
 unsigned long local_SSL_set_options(SSL* ssl, unsigned long options);
 void local_SSL_CTX_set_security_level(SSL_CTX* ctx, int32_t level);
+void local_SSL_set_security_level(SSL* ssl, int32_t level);
 int local_SSL_session_reused(SSL* ssl);
 int32_t local_X509_check_host(X509* x509, const char* name, size_t namelen, unsigned int flags, char** peername);
 const ASN1_TIME* local_X509_CRL_get0_nextUpdate(const X509_CRL* crl);

src/libraries/Native/Unix/System.Security.Cryptography.Native/entrypoints.c

@@ -287,16 +287,17 @@ static const Entry s_cryptoNative[] =
     DllImportEntry(CryptoNative_SslRenegotiate)
     DllImportEntry(CryptoNative_IsSslRenegotiatePending)
     DllImportEntry(CryptoNative_IsSslStateOK)
+    DllImportEntry(CryptoNative_SslCtxSetCiphers)
+    DllImportEntry(CryptoNative_SslCtxSetEncryptionPolicy)
     DllImportEntry(CryptoNative_SetCiphers)
-    DllImportEntry(CryptoNative_SetEncryptionPolicy)
-    DllImportEntry(CryptoNative_SetProtocolOptions)
     DllImportEntry(CryptoNative_SslAddExtraChainCert)
     DllImportEntry(CryptoNative_SslCreate)
     DllImportEntry(CryptoNative_SslCtxCheckPrivateKey)
     DllImportEntry(CryptoNative_SslCtxCreate)
     DllImportEntry(CryptoNative_SslCtxDestroy)
     DllImportEntry(CryptoNative_SslCtxSetAlpnProtos)
     DllImportEntry(CryptoNative_SslCtxSetAlpnSelectCb)
+    DllImportEntry(CryptoNative_SslCtxSetProtocolOptions)
     DllImportEntry(CryptoNative_SslCtxSetQuietShutdown)
     DllImportEntry(CryptoNative_SslCtxSetVerify)
     DllImportEntry(CryptoNative_SslCtxUseCertificate)
@@ -305,6 +306,7 @@ static const Entry s_cryptoNative[] =
     DllImportEntry(CryptoNative_SslDoHandshake)
     DllImportEntry(CryptoNative_SslGetClientCAList)
     DllImportEntry(CryptoNative_SslGetCurrentCipherId)
+    DllImportEntry(CryptoNative_SslGetData)
     DllImportEntry(CryptoNative_SslGetError)
     DllImportEntry(CryptoNative_SslGetFinished)
     DllImportEntry(CryptoNative_SslGetPeerCertChain)
@@ -314,10 +316,13 @@ static const Entry s_cryptoNative[] =
     DllImportEntry(CryptoNative_SslRead)
     DllImportEntry(CryptoNative_SslSessionReused)
     DllImportEntry(CryptoNative_SslSetAcceptState)
+    DllImportEntry(CryptoNative_SslSetAlpnProtos)
     DllImportEntry(CryptoNative_SslSetBio)
     DllImportEntry(CryptoNative_SslSetConnectState)
+    DllImportEntry(CryptoNative_SslSetData)
     DllImportEntry(CryptoNative_SslSetQuietShutdown)
     DllImportEntry(CryptoNative_SslSetTlsExtHostName)
+    DllImportEntry(CryptoNative_SslSetVerifyPeer)
     DllImportEntry(CryptoNative_SslShutdown)
     DllImportEntry(CryptoNative_SslV2_3Method)
     DllImportEntry(CryptoNative_SslWrite)

src/libraries/Native/Unix/System.Security.Cryptography.Native/opensslshim.h

@@ -115,6 +115,7 @@ int EC_POINT_set_affine_coordinates_GF2m(
 #undef HAVE_OPENSSL_SET_CIPHERSUITES
 #define HAVE_OPENSSL_SET_CIPHERSUITES 1
 int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
+int SSL_set_ciphersuites(SSL *s, const char *str);
 const SSL_CIPHER* SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
 #endif
 
@@ -128,7 +129,6 @@ const SSL_CIPHER* SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
 #include "osslcompat_111.h"
 #endif
 
-
 #if !HAVE_OPENSSL_ALPN
 #undef HAVE_OPENSSL_ALPN
 #define HAVE_OPENSSL_ALPN 1
@@ -458,6 +458,7 @@ const EVP_CIPHER* EVP_chacha20_poly1305(void);
     LIGHTUP_FUNCTION(SSL_CIPHER_get_name) \
     LIGHTUP_FUNCTION(SSL_CIPHER_get_version) \
     REQUIRED_FUNCTION(SSL_ctrl) \
+    REQUIRED_FUNCTION(SSL_set_alpn_protos) \
     REQUIRED_FUNCTION(SSL_set_quiet_shutdown) \
     REQUIRED_FUNCTION(SSL_CTX_check_private_key) \
     FALLBACK_FUNCTION(SSL_CTX_config) \
@@ -482,6 +483,7 @@ const EVP_CIPHER* EVP_chacha20_poly1305(void);
     REQUIRED_FUNCTION(SSL_get_client_CA_list) \
     REQUIRED_FUNCTION(SSL_get_current_cipher) \
     REQUIRED_FUNCTION(SSL_get_error) \
+    REQUIRED_FUNCTION(SSL_get_ex_data) \
     REQUIRED_FUNCTION(SSL_get_finished) \
     REQUIRED_FUNCTION(SSL_get_peer_cert_chain) \
     REQUIRED_FUNCTION(SSL_get_peer_finished) \
@@ -499,7 +501,10 @@ const EVP_CIPHER* EVP_chacha20_poly1305(void);
     FALLBACK_FUNCTION(SSL_session_reused) \
     REQUIRED_FUNCTION(SSL_set_accept_state) \
     REQUIRED_FUNCTION(SSL_set_bio) \
+    REQUIRED_FUNCTION(SSL_set_cipher_list) \
+    LIGHTUP_FUNCTION(SSL_set_ciphersuites) \
     REQUIRED_FUNCTION(SSL_set_connect_state) \
+    REQUIRED_FUNCTION(SSL_set_ex_data) \
     FALLBACK_FUNCTION(SSL_set_options) \
     REQUIRED_FUNCTION(SSL_set_verify) \
     REQUIRED_FUNCTION(SSL_shutdown) \
@@ -908,6 +913,7 @@ FOR_ALL_OPENSSL_FUNCTIONS
 #define SSL_CIPHER_get_name SSL_CIPHER_get_name_ptr
 #define SSL_CIPHER_get_version SSL_CIPHER_get_version_ptr
 #define SSL_ctrl SSL_ctrl_ptr
+#define SSL_set_alpn_protos SSL_set_alpn_protos_ptr
 #define SSL_set_quiet_shutdown SSL_set_quiet_shutdown_ptr
 #define SSL_CTX_check_private_key SSL_CTX_check_private_key_ptr
 #define SSL_CTX_config SSL_CTX_config_ptr
@@ -931,6 +937,7 @@ FOR_ALL_OPENSSL_FUNCTIONS
 #define SSL_get_client_CA_list SSL_get_client_CA_list_ptr
 #define SSL_get_current_cipher SSL_get_current_cipher_ptr
 #define SSL_get_error SSL_get_error_ptr
+#define SSL_get_ex_data SSL_get_ex_data_ptr
 #define SSL_get_finished SSL_get_finished_ptr
 #define SSL_get_peer_cert_chain SSL_get_peer_cert_chain_ptr
 #define SSL_get_peer_finished SSL_get_peer_finished_ptr
@@ -951,7 +958,10 @@ FOR_ALL_OPENSSL_FUNCTIONS
 #define SSL_session_reused SSL_session_reused_ptr
 #define SSL_set_accept_state SSL_set_accept_state_ptr
 #define SSL_set_bio SSL_set_bio_ptr
+#define SSL_set_cipher_list SSL_set_cipher_list_ptr
+#define SSL_set_ciphersuites SSL_set_ciphersuites_ptr
 #define SSL_set_connect_state SSL_set_connect_state_ptr
+#define SSL_set_ex_data SSL_set_ex_data_ptr
 #define SSL_set_options SSL_set_options_ptr
 #define SSL_set_verify SSL_set_verify_ptr
 #define SSL_shutdown SSL_shutdown_ptr