Imported Upstream version 5.4.0.167

Former-commit-id: 5624ac747d633e885131e8349322922b6a59baaa

mcs/class/System/Mono.Btls/MonoBtlsContext.cs

@@ -234,7 +234,7 @@ namespace Mono.Btls
 			if (!IsServer)
 				ctx.SetSelectCallback (SelectCallback);
 
-			ctx.SetVerifyParam (MonoBtlsProvider.GetVerifyParam (ServerName, IsServer));
+			ctx.SetVerifyParam (MonoBtlsProvider.GetVerifyParam (Settings, ServerName, IsServer));
 
 			TlsProtocolCode minProtocol, maxProtocol;
 			GetProtocolVersions (out minProtocol, out maxProtocol);
@@ -316,6 +316,9 @@ namespace Mono.Btls
 				if (status == MonoBtlsSslError.WantRead) {
 					wantMore = true;
 					return 0;
+				} else if (status == MonoBtlsSslError.ZeroReturn) {
+					wantMore = false;
+					return size;
 				} else if (status != MonoBtlsSslError.None) {
 					throw GetException (status);
 				}
@@ -358,26 +361,11 @@ namespace Mono.Btls
 			}
 		}
 
-		public override void Close ()
+		public override void Shutdown ()
 		{
-			Debug ("Close!");
-
-			if (ssl != null) {
-				ssl.Dispose ();
-				ssl = null;
-			}
-			if (ctx != null) {
-				ctx.Dispose ();
-				ctx = null;
-			}
-			if (bio != null) {
-				bio.Dispose ();
-				bio = null;
-			}
-			if (errbio != null) {
-				errbio.Dispose ();
-				errbio = null;
-			}
+			Debug ("Shutdown!");
+//			ssl.SetQuietShutdown ();
+			ssl.Shutdown ();
 		}
 
 		void Dispose<T> (ref T disposable)
@@ -397,12 +385,12 @@ namespace Mono.Btls
 		{
 			try {
 				if (disposing) {
+					Dispose (ref ssl);
+					Dispose (ref ctx);
 					Dispose (ref remoteCertificate);
 					Dispose (ref nativeServerCertificate);
 					Dispose (ref nativeClientCertificate);
 					Dispose (ref clientCertificate);
-					Dispose (ref ctx);
-					Dispose (ref ssl);
 					Dispose (ref bio);
 					Dispose (ref errbio);
 				}

mcs/class/System/Mono.Btls/MonoBtlsObject.cs

@@ -102,6 +102,20 @@ namespace Mono.Btls
 			CheckError (ret == 1, callerName);
 		}
 
+		protected internal void CheckLastError ([CallerMemberName] string callerName = null)
+		{
+			var error = Interlocked.Exchange (ref lastError, null);
+			if (error == null)
+				return;
+
+			string message;
+			if (callerName != null)
+				message = string.Format ("Caught unhandled exception in {0}.{1}.", GetType ().Name, callerName);
+			else
+				message = string.Format ("Caught unhandled exception.");
+			throw new MonoBtlsException (message, error);
+		}
+
 		[DllImport (BTLS_DYLIB)]
 		extern static void mono_btls_free (IntPtr data);
 

mcs/class/System/Mono.Btls/MonoBtlsProvider.cs

@@ -32,6 +32,7 @@ using System;
 using System.IO;
 using System.Threading;
 using System.Threading.Tasks;
+using System.Net.Security;
 using System.Security.Cryptography.X509Certificates;
 using System.Security.Authentication;
 
@@ -49,10 +50,8 @@ namespace Mono.Btls
 {
 	class MonoBtlsProvider : MonoTlsProvider
 	{
-		static readonly Guid id = new Guid ("432d18c9-9348-4b90-bfbf-9f2a10e1f15b");
-
 		public override Guid ID {
-			get { return id; }
+			get { return MNS.MonoTlsProviderFactory.BtlsId; }
 		}
 		public override string Name {
 			get { return "btls"; }
@@ -83,9 +82,16 @@ namespace Mono.Btls
 		public override IMonoSslStream CreateSslStream (
 			Stream innerStream, bool leaveInnerStreamOpen,
 			MonoTlsSettings settings = null)
+		{
+			return SslStream.CreateMonoSslStream (innerStream, leaveInnerStreamOpen, this, settings);
+		}
+
+		internal override IMonoSslStream CreateSslStreamInternal (
+			SslStream sslStream, Stream innerStream, bool leaveInnerStreamOpen,
+			MonoTlsSettings settings)
 		{
 			return new MonoBtlsStream (
-				innerStream, leaveInnerStreamOpen, settings, this);
+				innerStream, leaveInnerStreamOpen, sslStream, settings, this);
 		}
 
 		internal override bool HasNativeCertificates {
@@ -111,7 +117,7 @@ namespace Mono.Btls
 			return new X509CertificateImplBtls (data, MonoBtlsX509Format.DER, false);
 		}
 
-		internal static MonoBtlsX509VerifyParam GetVerifyParam (string targetHost, bool serverMode)
+		internal static MonoBtlsX509VerifyParam GetVerifyParam (MonoTlsSettings settings, string targetHost, bool serverMode)
 		{
 			MonoBtlsX509VerifyParam param;
 			if (serverMode)
@@ -119,12 +125,15 @@ namespace Mono.Btls
 			else
 				param = MonoBtlsX509VerifyParam.GetSslServer ();
 
-			if (targetHost == null)
+			if (targetHost == null && settings?.CertificateValidationTime == null)
 				return param;
 
 			try {
 				var copy = param.Copy ();
-				copy.SetHost (targetHost);
+				if (targetHost != null)
+					copy.SetHost (targetHost);
+				if (settings?.CertificateValidationTime != null)
+					copy.SetTime (settings.CertificateValidationTime.Value);
 				return copy;
 			} finally {
 				param.Dispose ();
@@ -148,7 +157,7 @@ namespace Mono.Btls
 
 			using (var store = new MonoBtlsX509Store ())
 			using (var nativeChain = MonoBtlsProvider.GetNativeChain (certificates))
-			using (var param = GetVerifyParam (targetHost, serverMode))
+			using (var param = GetVerifyParam (validator.Settings, targetHost, serverMode))
 			using (var storeCtx = new MonoBtlsX509StoreCtx ()) {
 				SetupCertificateStore (store, validator.Settings, serverMode);
 
@@ -176,7 +185,12 @@ namespace Mono.Btls
 		{
 			using (var store = new MonoBtlsX509Store ())
 			using (var storeCtx = new MonoBtlsX509StoreCtx ()) {
-				SetupCertificateStore (store);
+				/*
+				 * We're called from X509Certificate2.Verify() via X509CertificateImplBtls.Verify().
+				 *
+				 * Use the default settings and assume client-mode.
+				 */
+				SetupCertificateStore (store, MonoTlsSettings.DefaultSettings, false);
 
 				storeCtx.Initialize (store, chain);
 
@@ -203,46 +217,62 @@ namespace Mono.Btls
 
 		internal static void SetupCertificateStore (MonoBtlsX509Store store, MonoTlsSettings settings, bool server)
 		{
-			if (settings?.CertificateSearchPaths == null)
-				AddTrustedRoots (store, settings, server);
+			/*
+			 * In server-mode, we only add certificates which are explicitly trusted via
+			 * MonoTlsSettings.TrustAnchors.
+			 * 
+			 * MonoTlsSettings.CertificateSearchPaths is ignored on Android.
+			 * 
+			 */
 
 #if MONODROID
-			SetupCertificateStore (store);
+			AddTrustedRoots (store, settings, server);
+			if (!server)
+				SetupDefaultCertificateStore (store);
 			return;
 #else
-			if (settings?.CertificateSearchPaths == null) {
-				SetupCertificateStore (store);
+			if (server || settings?.CertificateSearchPaths == null) {
+				AddTrustedRoots (store, settings, server);
+				if (!server)
+					SetupDefaultCertificateStore (store);
 				return;
 			}
 
 			foreach (var path in settings.CertificateSearchPaths) {
-				if (string.Equals (path, "@default", StringComparison.Ordinal)) {
+				switch (path) {
+				case "@default":
 					AddTrustedRoots (store, settings, server);
 					AddUserStore (store);
 					AddMachineStore (store);
-				} else if (string.Equals (path, "@user", StringComparison.Ordinal))
-					AddUserStore (store);
-				else if (string.Equals (path, "@machine", StringComparison.Ordinal))
-					AddMachineStore (store);
-				else if (string.Equals (path, "@trusted", StringComparison.Ordinal))
+					break;
+				case "@trusted":
 					AddTrustedRoots (store, settings, server);
-				else if (path.StartsWith ("@pem:", StringComparison.Ordinal)) {
-					var realPath = path.Substring (5);
-					if (Directory.Exists (realPath))
-						store.AddDirectoryLookup (realPath, MonoBtlsX509FileType.PEM);
-				} else if (path.StartsWith ("@der:", StringComparison.Ordinal)) {
-					var realPath = path.Substring (5);
-					if (Directory.Exists (realPath))
-						store.AddDirectoryLookup (realPath, MonoBtlsX509FileType.ASN1);
-				} else {
-					if (Directory.Exists (path))
-						store.AddDirectoryLookup (path, MonoBtlsX509FileType.PEM);
+					break;
+				case "@user":
+					AddUserStore (store);
+					break;
+				case "@machine":
+					AddMachineStore (store);
+					break;
+				default:
+					if (path.StartsWith ("@pem:")) {
+						var realPath = path.Substring (5);
+						if (Directory.Exists (realPath))
+							store.AddDirectoryLookup (realPath, MonoBtlsX509FileType.PEM);
+						break;
+					} else if (path.StartsWith ("@der:")) {
+						var realPath = path.Substring (5);
+						if (Directory.Exists (realPath))
+							store.AddDirectoryLookup (realPath, MonoBtlsX509FileType.ASN1);
+						break;
+					}
+					throw new NotSupportedException (string.Format ("Invalid item `{0}' in MonoTlsSettings.CertificateSearchPaths.", path));
 				}
 			}
 #endif
 		}
 
-		internal static void SetupCertificateStore (MonoBtlsX509Store store)
+		static void SetupDefaultCertificateStore (MonoBtlsX509Store store)
 		{
 #if MONODROID
 			store.SetDefaultPaths ();

mcs/class/System/Mono.Btls/MonoBtlsSsl.cs

@@ -47,6 +47,7 @@ namespace Mono.Btls
 			protected override bool ReleaseHandle ()
 			{
 				mono_btls_ssl_destroy (handle);
+				handle = IntPtr.Zero;
 				return true;
 			}
 		}
@@ -78,6 +79,12 @@ namespace Mono.Btls
 		[DllImport (BTLS_DYLIB)]
 		extern static void mono_btls_ssl_close (IntPtr handle);
 
+		[DllImport (BTLS_DYLIB)]
+		extern static int mono_btls_ssl_shutdown (IntPtr handle);
+
+		[DllImport (BTLS_DYLIB)]
+		extern static void mono_btls_ssl_set_quiet_shutdown (IntPtr handle, int mode);
+
 		[DllImport (BTLS_DYLIB)]
 		extern static void mono_btls_ssl_set_bio (IntPtr handle, IntPtr bio);
 
@@ -131,6 +138,7 @@ namespace Mono.Btls
 			return new BoringSslHandle (handle);
 		}
 
+		MonoBtlsBio bio;
 		PrintErrorsCallbackFunc printErrorsFunc;
 		IntPtr printErrorsFuncPtr;
 
@@ -148,6 +156,7 @@ namespace Mono.Btls
 		public void SetBio (MonoBtlsBio bio)
 		{
 			CheckThrow ();
+			this.bio = bio;
 			mono_btls_ssl_set_bio (
 				Handle.DangerousGetHandle (),
 				bio.Handle.DangerousGetHandle ());
@@ -164,18 +173,17 @@ namespace Mono.Btls
 				errors = null;
 			}
 
-			if (errors != null) {
-				Console.Error.WriteLine ("ERROR: {0} failed: {1}", callerName, errors);
+			if (errors != null)
 				throw new MonoBtlsException ("{0} failed: {1}.", callerName, errors);
-			} else {
-				Console.Error.WriteLine ("ERROR: {0} failed.", callerName);
+			else
 				throw new MonoBtlsException ("{0} failed.", callerName);
-			}
 		}
 
 		MonoBtlsSslError GetError (int ret_code)
 		{
 			CheckThrow ();
+			bio.CheckLastError ();
+
 			var error = mono_btls_ssl_get_error (
 				Handle.DangerousGetHandle (), ret_code);
 			return (MonoBtlsSslError)error;
@@ -287,15 +295,20 @@ namespace Mono.Btls
 			var ret = mono_btls_ssl_read (
 				Handle.DangerousGetHandle (), data, dataSize);
 
-			if (ret >= 0) {
+			if (ret > 0) {
 				dataSize = ret;
 				return MonoBtlsSslError.None;
 			}
 
-			var error = mono_btls_ssl_get_error (
-				Handle.DangerousGetHandle (), ret);
+			var error = GetError (ret);
+			if (ret == 0 && error == MonoBtlsSslError.Syscall) {
+				// End-of-stream
+				dataSize = 0;
+				return MonoBtlsSslError.None;
+			}
+
 			dataSize = 0;
-			return (MonoBtlsSslError)error;
+			return error;
 		}
 
 		public MonoBtlsSslError Write (IntPtr data, ref int dataSize)
@@ -416,9 +429,24 @@ namespace Mono.Btls
 			return Marshal.PtrToStringAnsi (namePtr);
 		}
 
+		public void Shutdown ()
+		{
+			CheckThrow ();
+			var ret = mono_btls_ssl_shutdown (Handle.DangerousGetHandle ());
+			if (ret < 0)
+				throw ThrowError ();
+		}
+
+		public void SetQuietShutdown ()
+		{
+			CheckThrow ();
+			mono_btls_ssl_set_quiet_shutdown (Handle.DangerousGetHandle (), 1);
+		}
+
 		protected override void Close ()
 		{
-			mono_btls_ssl_close (Handle.DangerousGetHandle ());
+			if (!Handle.IsInvalid)
+				mono_btls_ssl_close (Handle.DangerousGetHandle ());
 		}
 	}
 }

mcs/class/System/Mono.Btls/MonoBtlsStream.cs

@@ -30,6 +30,7 @@ extern alias MonoSecurity;
 
 using System;
 using System.IO;
+using System.Net.Security;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 
@@ -45,18 +46,19 @@ namespace Mono.Btls
 {
 	class MonoBtlsStream : MNS.MobileAuthenticatedStream
 	{
-		public MonoBtlsStream (Stream innerStream, bool leaveInnerStreamOpen, MonoTlsSettings settings, MonoTlsProvider provider)
-			: base (innerStream, leaveInnerStreamOpen, settings, provider)
+		public MonoBtlsStream (Stream innerStream, bool leaveInnerStreamOpen, SslStream owner,
+		                       MonoTlsSettings settings, MonoTlsProvider provider)
+			: base (innerStream, leaveInnerStreamOpen, owner, settings, provider)
 		{
 		}
 
 		protected override MNS.MobileTlsContext CreateContext (
-			MNS.MobileAuthenticatedStream parent, bool serverMode, string targetHost,
-			SslProtocols enabledProtocols, X509Certificate serverCertificate,
-			X509CertificateCollection clientCertificates, bool askForClientCert)
+			bool serverMode, string targetHost, SslProtocols enabledProtocols,
+			X509Certificate serverCertificate, X509CertificateCollection clientCertificates,
+			bool askForClientCert)
 		{
 			return new MonoBtlsContext (
-				parent, serverMode, targetHost,
+				this, serverMode, targetHost,
 				enabledProtocols, serverCertificate,
 				clientCertificates, askForClientCert);
 		}

mcs/class/System/Mono.Btls/MonoBtlsX509Store.cs

@@ -24,6 +24,9 @@
 // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 // THE SOFTWARE.
 #if SECURITY_DEP && MONO_FEATURE_BTLS
+#if MONO_SECURITY_ALIAS
+extern alias MonoSecurity;
+#endif
 using System;
 using System.IO;
 using System.Collections.Generic;
@@ -31,6 +34,12 @@ using System.Runtime.InteropServices;
 using System.Runtime.CompilerServices;
 using System.Security.Cryptography.X509Certificates;
 
+#if MONO_SECURITY_ALIAS
+using MonoSecurity::Mono.Security.Interface;
+#else
+using Mono.Security.Interface;
+#endif
+
 namespace Mono.Btls
 {
 	class MonoBtlsX509Store : MonoBtlsObject
@@ -159,7 +168,7 @@ namespace Mono.Btls
 
 		internal void AddTrustedRoots ()
 		{
-			MonoBtlsProvider.SetupCertificateStore (this);
+			MonoBtlsProvider.SetupCertificateStore (this, MonoTlsSettings.DefaultSettings, false);
 		}
 
 		public MonoBtlsX509Lookup AddLookup (MonoBtlsX509LookupType type)