Imported Upstream version 4.8.0.344

Former-commit-id: 609085c14e6ad2a66429d180056034e93c0547d2

mono/btls/CMakeLists.txt

@@ -0,0 +1,94 @@
+cmake_minimum_required (VERSION 2.8.10)
+
+project (mono-btls)
+
+if(POLICY CMP0026)
+cmake_policy(SET CMP0026 NEW)
+endif()
+if(POLICY CMP0042)
+cmake_policy(SET CMP0042 NEW)
+endif()
+
+enable_language(C)
+enable_language(CXX)
+
+# FIXME: cmake's asm detection is broken when using xcrun.
+set (CMAKE_ASM_COMPILER "${CMAKE_C_COMPILER}")
+set (CMAKE_ASM_COMPILER_ARG1 "${CMAKE_C_COMPILER_ARG1}")
+set (CMAKE_ASM_COMPILER_ID "${CMAKE_C_COMPILER_ID}")
+enable_language(ASM)
+
+if (NOT "${BTLS_ARCH}" STREQUAL "")
+	message (WARNING "SET ARCH: ${BTLS_ARCH}")
+	set (CMAKE_SYSTEM_PROCESSOR "${BTLS_ARCH}")
+endif ()
+set (C_CXX_FLAGS "-Wall -Wsign-compare -Wmissing-field-initializers -ggdb -fvisibility=hidden")
+set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${C_CXX_FLAGS} ${BTLS_CFLAGS}")
+set (CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_CXX_FLAGS} ${BTLS_CFLAGS}")
+set (CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} ${BTLS_CFLAGS}")
+set (CMAKE_MACOSX_RPATH 1)
+set (MONO_BTLS 1)
+
+add_subdirectory (${BTLS_ROOT} boringssl)
+
+include_directories (
+	${SRC_DIR}
+	${BTLS_ROOT}/include
+)
+
+set (
+	MONO_BTLS_SOURCES
+
+	btls-bio.c
+	btls-bio.h
+	btls-error.c
+	btls-error.h
+	btls-key.c
+	btls-key.h
+	btls-pkcs12.c
+	btls-pkcs12.h
+	btls-ssl-ctx.c
+	btls-ssl-ctx.h
+	btls-ssl.c
+	btls-ssl.h
+	btls-time64.c
+	btls-util.c
+	btls-util.h
+	btls-x509-chain.c
+	btls-x509-chain.h
+	btls-x509-crl.c
+	btls-x509-crl.h
+	btls-x509-lookup.c
+	btls-x509-lookup.h
+	btls-x509-lookup-mono.c
+	btls-x509-lookup-mono.h
+	btls-x509-name.c
+	btls-x509-name.h
+	btls-x509-revoked.c
+	btls-x509-revoked.h
+	btls-x509-store-ctx.c
+	btls-x509-store-ctx.h
+	btls-x509-store.c
+	btls-x509-store.h
+	btls-x509-verify-param.c
+	btls-x509-verify-param.h
+	btls-x509.c
+	btls-x509.h
+
+	${BORINGSSL_OBJECTS}
+)
+
+if (BUILD_DYNAMIC_BTLS)
+	add_library (mono-btls-shared SHARED ${MONO_BTLS_SOURCES})
+elseif (BUILD_SHARED_LIBS)
+	add_library (mono-btls-shared SHARED ${MONO_BTLS_SOURCES})
+	set_target_properties (mono-btls-shared PROPERTIES RULE_LAUNCH_LINK
+               "${PROJECT_SOURCE_DIR}/create-object-library.sh ${CMAKE_BINARY_DIR} mono-btls-shared.txt mono-btls-shared-lo.txt libmono-btls-shared.a shared ${CMAKE_AR} ${CMAKE_RANLIB} <OBJECTS> --"
+	)
+else ()
+	add_library (mono-btls-static STATIC ${MONO_BTLS_SOURCES})
+	set_target_properties (mono-btls-static PROPERTIES RULE_LAUNCH_LINK
+		"${PROJECT_SOURCE_DIR}/create-object-library.sh ${CMAKE_BINARY_DIR} mono-btls-static.txt mono-btls-static-lo.txt libmono-btls-static.a static ${CMAKE_AR} ${CMAKE_RANLIB} <OBJECTS> --"
+	)
+endif ()
+

mono/btls/Makefile.am

@@ -1,7 +1,44 @@
 BTLS_STATIC_LIST = build-static/mono-btls-static-lo.txt
 BTLS_SHARED_LIST = build-shared/mono-btls-shared-lo.txt
 
-BTLS_DEPS = $(BTLS_LIBS) build-shared/Makefile build-static/Makefile
+EXTRA_DIST = \
+	btls-bio.c \
+	btls-bio.h \
+	btls-error.c \
+	btls-error.h \
+	btls-key.c \
+	btls-key.h \
+	btls-pkcs12.c \
+	btls-pkcs12.h \
+	btls-ssl.c \
+	btls-ssl-ctx.c \
+	btls-ssl-ctx.h \
+	btls-ssl.h \
+	btls-time64.c \
+	btls-util.c \
+	btls-util.h \
+	btls-x509.c \
+	btls-x509-chain.c \
+	btls-x509-chain.h \
+	btls-x509-crl.c \
+	btls-x509-crl.h \
+	btls-x509.h \
+	btls-x509-lookup.c \
+	btls-x509-lookup.h \
+	btls-x509-lookup-mono.c \
+	btls-x509-lookup-mono.h \
+	btls-x509-name.c \
+	btls-x509-name.h \
+	btls-x509-revoked.c \
+	btls-x509-revoked.h \
+	btls-x509-store.c \
+	btls-x509-store-ctx.c \
+	btls-x509-store-ctx.h \
+	btls-x509-store.h \
+	btls-x509-verify-param.c \
+	btls-x509-verify-param.h \
+	CMakeLists.txt \
+	create-object-library.sh
 
 CMAKE_VERBOSE=$(if $(V),VERBOSE=1,)
 

mono/btls/Makefile.in

@@ -332,7 +332,45 @@ top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 BTLS_STATIC_LIST = build-static/mono-btls-static-lo.txt
 BTLS_SHARED_LIST = build-shared/mono-btls-shared-lo.txt
-BTLS_DEPS = $(BTLS_LIBS) build-shared/Makefile build-static/Makefile
+EXTRA_DIST = \
+	btls-bio.c \
+	btls-bio.h \
+	btls-error.c \
+	btls-error.h \
+	btls-key.c \
+	btls-key.h \
+	btls-pkcs12.c \
+	btls-pkcs12.h \
+	btls-ssl.c \
+	btls-ssl-ctx.c \
+	btls-ssl-ctx.h \
+	btls-ssl.h \
+	btls-time64.c \
+	btls-util.c \
+	btls-util.h \
+	btls-x509.c \
+	btls-x509-chain.c \
+	btls-x509-chain.h \
+	btls-x509-crl.c \
+	btls-x509-crl.h \
+	btls-x509.h \
+	btls-x509-lookup.c \
+	btls-x509-lookup.h \
+	btls-x509-lookup-mono.c \
+	btls-x509-lookup-mono.h \
+	btls-x509-name.c \
+	btls-x509-name.h \
+	btls-x509-revoked.c \
+	btls-x509-revoked.h \
+	btls-x509-store.c \
+	btls-x509-store-ctx.c \
+	btls-x509-store-ctx.h \
+	btls-x509-store.h \
+	btls-x509-verify-param.c \
+	btls-x509-verify-param.h \
+	CMakeLists.txt \
+	create-object-library.sh
+
 CMAKE_VERBOSE = $(if $(V),VERBOSE=1,)
 CMAKE_ARGS = -D CMAKE_INSTALL_PREFIX:PATH=$(prefix) -D BTLS_ROOT:PATH=$(BTLS_ROOT) \
 	-D SRC_DIR:PATH=$(abs_top_srcdir)/mono/btls -D BTLS_CFLAGS:STRING="$(BTLS_CFLAGS)"

mono/btls/btls-bio.c

@@ -0,0 +1,206 @@
+//
+//  btls-bio.c
+//  MonoBtls
+//
+//  Created by Martin Baulig on 14/11/15.
+//  Copyright (c) 2015 Xamarin. All rights reserved.
+//
+
+#include <btls-ssl.h>
+#include <btls-bio.h>
+#include <errno.h>
+
+struct MonoBtlsBio {
+	const void *instance;
+	MonoBtlsReadFunc read_func;
+	MonoBtlsWriteFunc write_func;
+	MonoBtlsControlFunc control_func;
+};
+
+#if 0
+static void
+mono_debug (const char *message)
+{
+	BIO *bio_err;
+	bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+	fprintf (stderr, "DEBUG: %s\n", message);
+	ERR_print_errors (bio_err);
+}
+#endif
+
+static int
+mono_read (BIO *bio, char *out, int outl)
+{
+	MonoBtlsBio *mono = (MonoBtlsBio *)bio->ptr;
+	int ret, wantMore;
+
+	if (!mono)
+		return -1;
+
+	ret = mono->read_func (mono->instance, out, outl, &wantMore);
+
+	if (ret < 0)
+		return -1;
+	if (ret > 0)
+		return ret;
+
+	if (wantMore) {
+		errno = EAGAIN;
+		BIO_set_retry_read (bio);
+		return -1;
+	}
+
+	return 0;
+}
+
+static int
+mono_write (BIO *bio, const char *in, int inl)
+{
+	MonoBtlsBio *mono = (MonoBtlsBio *)bio->ptr;
+
+	if (!mono)
+		return -1;
+
+	return mono->write_func (mono->instance, in, inl);
+}
+
+static int64_t
+mono_ctrl (BIO *bio, int cmd, int64_t num, void *ptr)
+{
+	MonoBtlsBio *mono = (MonoBtlsBio *)bio->ptr;
+
+	if (!mono)
+		return -1;
+
+	// fprintf (stderr, "mono_ctrl: %x - %lx - %p\n", cmd, num, ptr);
+	switch (cmd) {
+		case BIO_CTRL_FLUSH:
+			return mono->control_func (mono->instance, MONO_BTLS_CONTROL_COMMAND_FLUSH, 0);
+		default:
+			return -1;
+	}
+	return -1;
+}
+
+static int
+mono_new (BIO *bio)
+{
+	// mono_debug("mono_new!\n");
+	bio->init = 0;
+	bio->num = -1;
+	bio->flags = 0;
+	return 1;
+}
+
+static int
+mono_free (BIO *bio)
+{
+	// mono_debug ("mono_free!\n");
+	if (bio->ptr) {
+		MonoBtlsBio *mono = (MonoBtlsBio *)bio->ptr;
+
+		bio->ptr = NULL;
+		mono->instance = NULL;
+		mono->read_func = NULL;
+		mono->write_func = NULL;
+		mono->control_func = NULL;
+		free (mono);
+	}
+	return 1;
+}
+
+static const BIO_METHOD mono_method = {
+	BIO_TYPE_NONE, "mono", mono_write, mono_read,
+	NULL, NULL, mono_ctrl, mono_new, mono_free, NULL
+};
+
+MONO_API BIO *
+mono_btls_bio_mono_new (void)
+{
+	BIO *bio;
+	MonoBtlsBio *monoBio;
+
+	bio = BIO_new (&mono_method);
+	if (!bio)
+		return NULL;
+
+	monoBio = calloc (1, sizeof (MonoBtlsBio));
+	if (!monoBio) {
+		BIO_free (bio);
+		return NULL;
+	}
+
+	bio->ptr = monoBio;
+	bio->init = 0;
+
+	return bio;
+}
+
+MONO_API void
+mono_btls_bio_mono_initialize (BIO *bio, const void *instance,
+			      MonoBtlsReadFunc read_func, MonoBtlsWriteFunc write_func,
+			      MonoBtlsControlFunc control_func)
+{
+	MonoBtlsBio *monoBio = bio->ptr;
+
+	monoBio->instance = instance;
+	monoBio->read_func = read_func;
+	monoBio->write_func = write_func;
+	monoBio->control_func = control_func;
+
+	bio->init = 1;
+}
+
+MONO_API int
+mono_btls_bio_read (BIO *bio, void *data, int len)
+{
+	return BIO_read (bio, data, len);
+}
+
+MONO_API int
+mono_btls_bio_write (BIO *bio, const void *data, int len)
+{
+	return BIO_write (bio, data, len);
+}
+
+MONO_API int
+mono_btls_bio_flush (BIO *bio)
+{
+	return BIO_flush (bio);
+}
+
+MONO_API int
+mono_btls_bio_indent (BIO *bio, unsigned indent, unsigned max_indent)
+{
+	return BIO_indent (bio, indent, max_indent);
+}
+
+MONO_API int
+mono_btls_bio_hexdump (BIO *bio, const uint8_t *data, int len, unsigned indent)
+{
+	return BIO_hexdump (bio, data, len, indent);
+}
+
+MONO_API void
+mono_btls_bio_print_errors (BIO *bio)
+{
+	BIO_print_errors (bio);
+}
+
+MONO_API void
+mono_btls_bio_free (BIO *bio)
+{
+	BIO_free (bio);
+}
+
+MONO_API BIO *
+mono_btls_bio_mem_new (void)
+{
+	return BIO_new (BIO_s_mem ());
+}
+
+MONO_API int
+mono_btls_bio_mem_get_data (BIO *bio, void **data)
+{
+	return (int)BIO_get_mem_data (bio, (char**)data);
+}

mono/btls/btls-bio.h

@@ -0,0 +1,58 @@
+//
+//  btls-bio.h
+//  MonoBtls
+//
+//  Created by Martin Baulig on 14/11/15.
+//  Copyright (c) 2015 Xamarin. All rights reserved.
+//
+
+#ifndef __btls__btls_bio__
+#define __btls__btls_bio__
+
+#include <stdio.h>
+#include <btls-ssl.h>
+
+typedef enum {
+	MONO_BTLS_CONTROL_COMMAND_FLUSH	= 1
+} MonoBtlsControlCommand;
+
+typedef int (* MonoBtlsReadFunc) (const void *instance, const void *buf, int size, int *wantMore);
+typedef int (* MonoBtlsWriteFunc) (const void *instance, const void *buf, int size);
+typedef int64_t (* MonoBtlsControlFunc) (const void *instance, MonoBtlsControlCommand command, int64_t arg);
+
+BIO *
+mono_btls_bio_mono_new (void);
+
+void
+mono_btls_bio_mono_initialize (BIO *bio, const void *instance,
+			      MonoBtlsReadFunc read_func, MonoBtlsWriteFunc write_func,
+			      MonoBtlsControlFunc control_func);
+
+int
+mono_btls_bio_read (BIO *bio, void *data, int len);
+
+int
+mono_btls_bio_write (BIO *bio, const void *data, int len);
+
+int
+mono_btls_bio_flush (BIO *bio);
+
+int
+mono_btls_bio_indent (BIO *bio, unsigned indent, unsigned max_indent);
+
+int
+mono_btls_bio_hexdump (BIO *bio, const uint8_t *data, int len, unsigned indent);
+
+void
+mono_btls_bio_print_errors (BIO *bio);
+
+void
+mono_btls_bio_free (BIO *bio);
+
+BIO *
+mono_btls_bio_mem_new (void);
+
+int
+mono_btls_bio_mem_get_data (BIO *bio, void **data);
+
+#endif /* defined(__btls__btls_bio__) */

mono/btls/btls-error.c

@@ -0,0 +1,36 @@
+//
+//  btls-error.c
+//  MonoBtls
+//
+//  Created by Martin Baulig on 6/19/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#include <btls-error.h>
+#include <btls-util.h>
+#include <assert.h>
+
+MONO_API int
+mono_btls_error_peek_error (void)
+{
+	return ERR_peek_error ();
+}
+
+MONO_API int
+mono_btls_error_get_error (void)
+{
+	return ERR_get_error ();
+}
+
+MONO_API void
+mono_btls_error_clear_error (void)
+{
+	ERR_clear_error ();
+}
+
+MONO_API void
+mono_btls_error_get_error_string_n (int error, char *buf, int len)
+{
+	ERR_error_string_n (error, buf, len);
+}
+

mono/btls/btls-error.h

@@ -0,0 +1,29 @@
+//
+//  btls-util.h
+//  MonoBtls
+//
+//  Created by Martin Baulig on 3/23/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#ifndef __btls__btls_error__
+#define __btls__btls_error__
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/ssl.h>
+
+int
+mono_btls_error_peek_error (void);
+
+int
+mono_btls_error_get_error (void);
+
+void
+mono_btls_error_clear_error (void);
+
+void
+mono_btls_error_get_error_string_n (int error, char *buf, int len);
+
+#endif /* __btls__btls_error__ */

mono/btls/btls-key.c

@@ -0,0 +1,62 @@
+//
+//  btls-key.c
+//  MonoBtls
+//
+//  Created by Martin Baulig on 3/7/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#include <btls-key.h>
+
+MONO_API void
+mono_btls_key_free (EVP_PKEY *pkey)
+{
+	EVP_PKEY_free (pkey);
+}
+
+MONO_API EVP_PKEY *
+mono_btls_key_up_ref (EVP_PKEY *pkey)
+{
+	return EVP_PKEY_up_ref (pkey);
+}
+
+MONO_API int
+mono_btls_key_get_bits (EVP_PKEY *pkey)
+{
+	return EVP_PKEY_bits (pkey);
+}
+
+MONO_API int
+mono_btls_key_is_rsa (EVP_PKEY *pkey)
+{
+	return pkey->type == EVP_PKEY_RSA;
+}
+
+MONO_API int
+mono_btls_key_get_bytes (EVP_PKEY *pkey, uint8_t **buffer, int *size, int include_private_bits)
+{
+	size_t len;
+	RSA *rsa;
+	int ret;
+
+	*size = 0;
+	*buffer = NULL;
+
+	if (pkey->type != EVP_PKEY_RSA)
+		return 0;
+
+	rsa = EVP_PKEY_get1_RSA (pkey);
+	if (!rsa)
+		return 0;
+
+	if (include_private_bits)
+		ret = RSA_private_key_to_bytes (buffer, &len, rsa);
+	else
+		ret = RSA_public_key_to_bytes (buffer, &len, rsa);
+
+	if (ret != 1)
+		return 0;
+
+	*size = (int)len;
+	return 1;
+}

mono/btls/btls-key.h

@@ -0,0 +1,32 @@
+//
+//  btls-key.h
+//  MonoBtls
+//
+//  Created by Martin Baulig on 3/7/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#ifndef __btls__btls_key__
+#define __btls__btls_key__
+
+#include <stdio.h>
+#include <btls-ssl.h>
+#include <btls-x509.h>
+
+void
+mono_btls_key_free (EVP_PKEY *pkey);
+
+EVP_PKEY *
+mono_btls_key_up_ref (EVP_PKEY *pkey);
+
+int
+mono_btls_key_get_bits (EVP_PKEY *pkey);
+
+int
+mono_btls_key_is_rsa (EVP_PKEY *pkey);
+
+int
+mono_btls_key_get_bytes (EVP_PKEY *pkey, uint8_t **buffer, int *size, int include_private_bits);
+
+#endif /* __btls__btls_key__ */
+

mono/btls/btls-pkcs12.c

@@ -0,0 +1,101 @@
+//
+//  btls-pkcs12.c
+//  MonoBtls
+//
+//  Created by Martin Baulig on 3/8/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#include <btls-pkcs12.h>
+#include <openssl/pkcs12.h>
+
+struct MonoBtlsPkcs12 {
+	STACK_OF(X509) *certs;
+	EVP_PKEY *private_key;
+	CRYPTO_refcount_t references;
+};
+
+MONO_API MonoBtlsPkcs12 *
+mono_btls_pkcs12_new (void)
+{
+	MonoBtlsPkcs12 *pkcs12 = (MonoBtlsPkcs12 *)OPENSSL_malloc (sizeof (MonoBtlsPkcs12));
+	if (pkcs12 == NULL)
+		return NULL;
+
+	memset (pkcs12, 0, sizeof(MonoBtlsPkcs12));
+	pkcs12->certs = sk_X509_new_null ();
+	pkcs12->references = 1;
+	return pkcs12;
+}
+
+MONO_API int
+mono_btls_pkcs12_get_count (MonoBtlsPkcs12 *pkcs12)
+{
+	return (int)sk_X509_num (pkcs12->certs);
+}
+
+MONO_API X509 *
+mono_btls_pkcs12_get_cert (MonoBtlsPkcs12 *pkcs12, int index)
+{
+	X509 *cert;
+
+	if ((size_t)index >= sk_X509_num (pkcs12->certs))
+		return NULL;
+	cert = sk_X509_value (pkcs12->certs, index);
+	if (cert)
+		X509_up_ref (cert);
+	return cert;
+}
+
+MONO_API STACK_OF(X509) *
+mono_btls_pkcs12_get_certs (MonoBtlsPkcs12 *pkcs12)
+{
+	return pkcs12->certs;
+}
+
+MONO_API int
+mono_btls_pkcs12_free (MonoBtlsPkcs12 *pkcs12)
+{
+	if (!CRYPTO_refcount_dec_and_test_zero (&pkcs12->references))
+		return 0;
+
+	sk_X509_pop_free (pkcs12->certs, X509_free);
+	OPENSSL_free (pkcs12);
+	return 1;
+}
+
+MONO_API MonoBtlsPkcs12 *
+mono_btls_pkcs12_up_ref (MonoBtlsPkcs12 *pkcs12)
+{
+	CRYPTO_refcount_inc (&pkcs12->references);
+	return pkcs12;
+}
+
+MONO_API void
+mono_btls_pkcs12_add_cert (MonoBtlsPkcs12 *pkcs12, X509 *x509)
+{
+	X509_up_ref (x509);
+	sk_X509_push (pkcs12->certs, x509);
+}
+
+MONO_API int
+mono_btls_pkcs12_import (MonoBtlsPkcs12 *pkcs12, const void *data, int len, const void *password)
+{
+	CBS cbs;
+	CBS_init (&cbs, data, len);
+	return PKCS12_get_key_and_certs (&pkcs12->private_key, pkcs12->certs, &cbs, password);
+}
+
+MONO_API int
+mono_btls_pkcs12_has_private_key (MonoBtlsPkcs12 *pkcs12)
+{
+	return pkcs12->private_key != NULL;
+}
+
+MONO_API EVP_PKEY *
+mono_btls_pkcs12_get_private_key (MonoBtlsPkcs12 *pkcs12)
+{
+	if (!pkcs12->private_key)
+		return NULL;
+	return EVP_PKEY_up_ref (pkcs12->private_key);
+}

mono/btls/btls-pkcs12.h

@@ -0,0 +1,46 @@
+//
+//  btls-pkcs12.h
+//  MonoBtls
+//
+//  Created by Martin Baulig on 3/8/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#ifndef __btls__btls_pkcs12__
+#define __btls__btls_pkcs12__
+
+#include <stdio.h>
+#include <btls-ssl.h>
+#include <btls-x509.h>
+
+MonoBtlsPkcs12 *
+mono_btls_pkcs12_new (void);
+
+int
+mono_btls_pkcs12_get_count (MonoBtlsPkcs12 *pkcs12);
+
+X509 *
+mono_btls_pkcs12_get_cert (MonoBtlsPkcs12 *pkcs12, int index);
+
+STACK_OF(X509) *
+mono_btls_pkcs12_get_certs (MonoBtlsPkcs12 *pkcs12);
+
+int
+mono_btls_pkcs12_free (MonoBtlsPkcs12 *pkcs12);
+
+MonoBtlsPkcs12 *
+mono_btls_pkcs12_up_ref (MonoBtlsPkcs12 *pkcs12);
+
+void
+mono_btls_pkcs12_add_cert (MonoBtlsPkcs12 *pkcs12, X509 *x509);
+
+int
+mono_btls_pkcs12_import (MonoBtlsPkcs12 *pkcs12, const void *data, int len, const void *password);
+
+int
+mono_btls_pkcs12_has_private_key (MonoBtlsPkcs12 *pkcs12);
+
+EVP_PKEY *
+mono_btls_pkcs12_get_private_key (MonoBtlsPkcs12 *pkcs12);
+
+#endif /* __btls__btls_pkcs12__ */

mono/btls/btls-ssl-ctx.c

@@ -0,0 +1,255 @@
+//
+//  btls-ssl-ctx.c
+//  MonoBtls
+//
+//  Created by Martin Baulig on 4/11/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#include <btls-ssl-ctx.h>
+#include <btls-x509-verify-param.h>
+
+struct MonoBtlsSslCtx {
+	CRYPTO_refcount_t references;
+	SSL_CTX *ctx;
+	BIO *bio;
+	BIO *debug_bio;
+	void *instance;
+	MonoBtlsVerifyFunc verify_func;
+	MonoBtlsSelectFunc select_func;
+};
+
+#define debug_print(ptr,message) \
+do { if (mono_btls_ssl_ctx_is_debug_enabled(ptr)) \
+mono_btls_ssl_ctx_debug_printf (ptr, "%s:%d:%s(): " message, __FILE__, __LINE__, \
+	__func__); } while (0)
+
+#define debug_printf(ptr,fmt, ...) \
+do { if (mono_btls_ssl_ctx_is_debug_enabled(ptr)) \
+mono_btls_ssl_ctx_debug_printf (ptr, "%s:%d:%s(): " fmt, __FILE__, __LINE__, \
+	__func__, __VA_ARGS__); } while (0)
+
+void ssl_cipher_preference_list_free (struct ssl_cipher_preference_list_st *cipher_list);
+
+MONO_API int
+mono_btls_ssl_ctx_is_debug_enabled (MonoBtlsSslCtx *ctx)
+{
+	return ctx->debug_bio != NULL;
+}
+
+MONO_API int
+mono_btls_ssl_ctx_debug_printf (MonoBtlsSslCtx *ctx, const char *format, ...)
+{
+	va_list args;
+	int ret;
+
+	if (!ctx->debug_bio)
+		return 0;
+
+	va_start (args, format);
+	ret = mono_btls_debug_printf (ctx->debug_bio, format, args);
+	va_end (args);
+	return ret;
+}
+
+MONO_API MonoBtlsSslCtx *
+mono_btls_ssl_ctx_new (void)
+{
+	MonoBtlsSslCtx *ctx;
+
+	ctx = OPENSSL_malloc (sizeof (MonoBtlsSslCtx));
+	if (!ctx)
+		return NULL;
+
+	memset (ctx, 0, sizeof (MonoBtlsSslCtx));
+	ctx->references = 1;
+	ctx->ctx = SSL_CTX_new (TLS_method ());
+	return ctx;
+}
+
+MONO_API MonoBtlsSslCtx *
+mono_btls_ssl_ctx_up_ref (MonoBtlsSslCtx *ctx)
+{
+	CRYPTO_refcount_inc (&ctx->references);
+	return ctx;
+}
+
+MONO_API int
+mono_btls_ssl_ctx_free (MonoBtlsSslCtx *ctx)
+{
+	if (!CRYPTO_refcount_dec_and_test_zero (&ctx->references))
+		return 0;
+	SSL_CTX_free (ctx->ctx);
+	ctx->instance = NULL;
+	OPENSSL_free (ctx);
+	return 1;
+}
+
+MONO_API SSL_CTX *
+mono_btls_ssl_ctx_get_ctx (MonoBtlsSslCtx *ctx)
+{
+	return ctx->ctx;
+}
+
+MONO_API void
+mono_btls_ssl_ctx_set_debug_bio (MonoBtlsSslCtx *ctx, BIO *debug_bio)
+{
+	if (debug_bio)
+		ctx->debug_bio = BIO_up_ref(debug_bio);
+	else
+		ctx->debug_bio = NULL;
+}
+
+MONO_API void
+mono_btls_ssl_ctx_initialize (MonoBtlsSslCtx *ctx, void *instance)
+{
+	ctx->instance = instance;
+}
+
+static int
+cert_verify_callback (X509_STORE_CTX *storeCtx, void *arg)
+{
+	MonoBtlsSslCtx *ptr = (MonoBtlsSslCtx*)arg;
+	int ret;
+
+	debug_printf (ptr, "cert_verify_callback(): %p\n", ptr->verify_func);
+	ret = X509_verify_cert (storeCtx);
+	debug_printf (ptr, "cert_verify_callback() #1: %d\n", ret);
+
+	if (ptr->verify_func)
+		ret = ptr->verify_func (ptr->instance, ret, storeCtx);
+
+	return ret;
+}
+
+MONO_API void
+mono_btls_ssl_ctx_set_cert_verify_callback (MonoBtlsSslCtx *ptr, MonoBtlsVerifyFunc func, int cert_required)
+{
+	int mode;
+
+	ptr->verify_func = func;
+	SSL_CTX_set_cert_verify_callback (ptr->ctx, cert_verify_callback, ptr);
+
+	mode = SSL_VERIFY_PEER;
+	if (cert_required)
+		mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
+
+	SSL_CTX_set_verify (ptr->ctx, mode, NULL);
+}
+
+static int
+cert_select_callback (SSL *ssl, void *arg)
+{
+	MonoBtlsSslCtx *ptr = (MonoBtlsSslCtx*)arg;
+	int ret = 1;
+
+	debug_printf (ptr, "cert_select_callback(): %p\n", ptr->select_func);
+	if (ptr->select_func)
+		ret = ptr->select_func (ptr->instance);
+	debug_printf (ptr, "cert_select_callback() #1: %d\n", ret);
+
+	return ret;
+}
+
+MONO_API void
+mono_btls_ssl_ctx_set_cert_select_callback (MonoBtlsSslCtx *ptr, MonoBtlsSelectFunc func)
+{
+	ptr->select_func = func;
+	SSL_CTX_set_cert_cb (ptr->ctx, cert_select_callback, ptr);
+}
+
+MONO_API X509_STORE *
+mono_btls_ssl_ctx_peek_store (MonoBtlsSslCtx *ctx)
+{
+	return SSL_CTX_get_cert_store (ctx->ctx);
+}
+
+MONO_API void
+mono_btls_ssl_ctx_set_min_version (MonoBtlsSslCtx *ctx, int version)
+{
+	SSL_CTX_set_min_version (ctx->ctx, version);
+}
+
+MONO_API void
+mono_btls_ssl_ctx_set_max_version (MonoBtlsSslCtx *ctx, int version)
+{
+	SSL_CTX_set_max_version (ctx->ctx, version);
+}
+
+MONO_API int
+mono_btls_ssl_ctx_is_cipher_supported (MonoBtlsSslCtx *ctx, uint16_t value)
+{
+	const SSL_CIPHER *cipher;
+
+	cipher = SSL_get_cipher_by_value (value);
+	return cipher != NULL;
+}
+
+MONO_API int
+mono_btls_ssl_ctx_set_ciphers (MonoBtlsSslCtx *ctx, int count, const uint16_t *data,
+				   int allow_unsupported)
+{
+	STACK_OF(SSL_CIPHER) *ciphers = NULL;
+	struct ssl_cipher_preference_list_st *pref_list = NULL;
+	uint8_t *in_group_flags = NULL;
+	int i;
+
+	ciphers = sk_SSL_CIPHER_new_null ();
+	if (!ciphers)
+		goto err;
+
+	for (i = 0; i < count; i++) {
+		const SSL_CIPHER *cipher = SSL_get_cipher_by_value (data [i]);
+		if (!cipher) {
+			debug_printf (ctx, "mono_btls_ssl_ctx_set_ciphers(): unknown cipher %02x", data [i]);
+			if (!allow_unsupported)
+				goto err;
+			continue;
+		}
+		if (!sk_SSL_CIPHER_push (ciphers, cipher))
+			 goto err;
+	}
+
+	pref_list = OPENSSL_malloc (sizeof (struct ssl_cipher_preference_list_st));
+	if (!pref_list)
+		goto err;
+
+	memset (pref_list, 0, sizeof (struct ssl_cipher_preference_list_st));
+	pref_list->ciphers = sk_SSL_CIPHER_dup (ciphers);
+	if (!pref_list->ciphers)
+		goto err;
+	pref_list->in_group_flags = OPENSSL_malloc (sk_SSL_CIPHER_num (ciphers));
+	if (!pref_list->in_group_flags)
+		goto err;
+
+	if (ctx->ctx->cipher_list)
+		ssl_cipher_preference_list_free (ctx->ctx->cipher_list);
+	if (ctx->ctx->cipher_list_by_id)
+		sk_SSL_CIPHER_free (ctx->ctx->cipher_list_by_id);
+	if (ctx->ctx->cipher_list_tls10) {
+		ssl_cipher_preference_list_free (ctx->ctx->cipher_list_tls10);
+		ctx->ctx->cipher_list_tls10 = NULL;
+	}
+	if (ctx->ctx->cipher_list_tls11) {
+		ssl_cipher_preference_list_free (ctx->ctx->cipher_list_tls11);
+		ctx->ctx->cipher_list_tls11 = NULL;
+	}
+
+	ctx->ctx->cipher_list = pref_list;
+	ctx->ctx->cipher_list_by_id = ciphers;
+
+	return (int)sk_SSL_CIPHER_num (ciphers);
+
+err:
+	sk_SSL_CIPHER_free (ciphers);
+	OPENSSL_free (pref_list);
+	OPENSSL_free (in_group_flags);
+	return 0;
+}
+
+MONO_API int
+mono_btls_ssl_ctx_set_verify_param (MonoBtlsSslCtx *ctx, const MonoBtlsX509VerifyParam *param)
+{
+	return SSL_CTX_set1_param (ctx->ctx, mono_btls_x509_verify_param_peek_param (param));
+}
+

mono/btls/btls-ssl-ctx.h

@@ -0,0 +1,84 @@
+//
+//  btls-ssl-ctx.h
+//  MonoBtls
+//
+//  Created by Martin Baulig on 4/11/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#ifndef __btls_ssl_ctx__btls_ssl_ctx__
+#define __btls_ssl_ctx__btls_ssl_ctx__
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/ssl.h>
+#include <btls-util.h>
+
+typedef struct MonoBtlsBio MonoBtlsBio;
+typedef struct MonoBtlsX509Chain MonoBtlsX509Chain;
+typedef struct MonoBtlsX509Crl MonoBtlsX509Crl;
+typedef struct MonoBtlsX509Lookup MonoBtlsX509Lookup;
+typedef struct MonoBtlsX509LookupMono MonoBtlsX509LookupMono;
+typedef struct MonoBtlsX509Name MonoBtlsX509Name;
+typedef struct MonoBtlsX509Store MonoBtlsX509Store;
+typedef struct MonoBtlsX509StoreCtx MonoBtlsX509StoreCtx;
+typedef struct MonoBtlsX509Revoked MonoBtlsX509Revoked;
+typedef struct MonoBtlsX509VerifyParam MonoBtlsX509VerifyParam;
+typedef struct MonoBtlsPkcs12 MonoBtlsPkcs12;
+typedef struct MonoBtlsSsl MonoBtlsSsl;
+typedef struct MonoBtlsSslCtx MonoBtlsSslCtx;
+
+typedef int (* MonoBtlsVerifyFunc) (void *instance, int preverify_ok, X509_STORE_CTX *ctx);
+typedef int (* MonoBtlsSelectFunc) (void *instance);
+
+MonoBtlsSslCtx *
+mono_btls_ssl_ctx_new (void);
+
+MonoBtlsSslCtx *
+mono_btls_ssl_ctx_up_ref (MonoBtlsSslCtx *ctx);
+
+int
+mono_btls_ssl_ctx_free (MonoBtlsSslCtx *ctx);
+
+void
+mono_btls_ssl_ctx_initialize (MonoBtlsSslCtx *ctx, void *instance);
+
+SSL_CTX *
+mono_btls_ssl_ctx_get_ctx (MonoBtlsSslCtx *ctx);
+
+int
+mono_btls_ssl_ctx_debug_printf (MonoBtlsSslCtx *ctx, const char *format, ...);
+
+int
+mono_btls_ssl_ctx_is_debug_enabled (MonoBtlsSslCtx *ctx);
+
+void
+mono_btls_ssl_ctx_set_cert_verify_callback (MonoBtlsSslCtx *ptr, MonoBtlsVerifyFunc func, int cert_required);
+
+void
+mono_btls_ssl_ctx_set_cert_select_callback (MonoBtlsSslCtx *ptr, MonoBtlsSelectFunc func);
+
+void
+mono_btls_ssl_ctx_set_debug_bio (MonoBtlsSslCtx *ctx, BIO *debug_bio);
+
+X509_STORE *
+mono_btls_ssl_ctx_peek_store (MonoBtlsSslCtx *ctx);
+
+void
+mono_btls_ssl_ctx_set_min_version (MonoBtlsSslCtx *ctx, int version);
+
+void
+mono_btls_ssl_ctx_set_max_version (MonoBtlsSslCtx *ctx, int version);
+
+int
+mono_btls_ssl_ctx_is_cipher_supported (MonoBtlsSslCtx *ctx, uint16_t value);
+
+int
+mono_btls_ssl_ctx_set_ciphers (MonoBtlsSslCtx *ctx, int count, const uint16_t *data,
+				   int allow_unsupported);
+
+int
+mono_btls_ssl_ctx_set_verify_param (MonoBtlsSslCtx *ctx, const MonoBtlsX509VerifyParam *param);
+
+#endif /* __btls_ssl_ctx__btls_ssl_ctx__ */

mono/btls/btls-ssl.c

@@ -0,0 +1,209 @@
+//
+//  btls-ssl.c
+//  MonoBtls
+//
+//  Created by Martin Baulig on 14/11/15.
+//  Copyright (c) 2015 Xamarin. All rights reserved.
+//
+
+#include <btls-ssl.h>
+#include <btls-x509-verify-param.h>
+
+struct MonoBtlsSsl {
+	MonoBtlsSslCtx *ctx;
+	SSL *ssl;
+};
+
+#define debug_print(ptr,message) \
+do { if (mono_btls_ssl_ctx_is_debug_enabled(ptr->ctx)) \
+mono_btls_ssl_ctx_debug_printf (ptr->ctx, "%s:%d:%s(): " message, __FILE__, __LINE__, \
+__func__); } while (0)
+
+#define debug_printf(ptr,fmt, ...) \
+do { if (mono_btls_ssl_ctx_is_debug_enabled(ptr->ctx)) \
+mono_btls_ssl_ctx_debug_printf (ptr->ctx, "%s:%d:%s(): " fmt, __FILE__, __LINE__, \
+__func__, __VA_ARGS__); } while (0)
+
+STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list (SSL *s, const CBS *cbs);
+
+MONO_API MonoBtlsSsl *
+mono_btls_ssl_new (MonoBtlsSslCtx *ctx)
+{
+	MonoBtlsSsl *ptr;
+
+	ptr = calloc (1, sizeof (MonoBtlsSsl));
+
+	ptr->ctx = mono_btls_ssl_ctx_up_ref (ctx);
+	ptr->ssl = SSL_new (mono_btls_ssl_ctx_get_ctx (ptr->ctx));
+
+	SSL_set_options (ptr->ssl, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+
+	return ptr;
+}
+
+MONO_API void
+mono_btls_ssl_destroy (MonoBtlsSsl *ptr)
+{
+	mono_btls_ssl_close (ptr);
+	if (ptr->ssl) {
+		SSL_free (ptr->ssl);
+		ptr->ssl = NULL;
+	}
+	if (ptr->ctx) {
+		mono_btls_ssl_ctx_free (ptr->ctx);
+		ptr->ctx = NULL;
+	}
+	free (ptr);
+}
+
+MONO_API void
+mono_btls_ssl_close (MonoBtlsSsl *ptr)
+{
+	;
+}
+
+MONO_API void
+mono_btls_ssl_set_bio (MonoBtlsSsl *ptr, BIO *bio)
+{
+	BIO_up_ref (bio);
+	SSL_set_bio (ptr->ssl, bio, bio);
+}
+
+MONO_API void
+mono_btls_ssl_print_errors_cb (ERR_print_errors_callback_t callback, void *ctx)
+{
+	ERR_print_errors_cb (callback, ctx);
+}
+
+MONO_API int
+mono_btls_ssl_use_certificate (MonoBtlsSsl *ptr, X509 *x509)
+{
+	return SSL_use_certificate (ptr->ssl, x509);
+}
+
+MONO_API int
+mono_btls_ssl_use_private_key (MonoBtlsSsl *ptr, EVP_PKEY *key)
+{
+	return SSL_use_PrivateKey (ptr->ssl, key);
+}
+
+MONO_API int
+mono_btls_ssl_add_chain_certificate (MonoBtlsSsl *ptr, X509 *x509)
+{
+	return SSL_add1_chain_cert (ptr->ssl, x509);
+}
+
+MONO_API int
+mono_btls_ssl_accept (MonoBtlsSsl *ptr)
+{
+	return SSL_accept (ptr->ssl);
+}
+
+MONO_API int
+mono_btls_ssl_connect (MonoBtlsSsl *ptr)
+{
+	return SSL_connect (ptr->ssl);
+}
+
+MONO_API int
+mono_btls_ssl_handshake (MonoBtlsSsl *ptr)
+{
+	return SSL_do_handshake (ptr->ssl);
+}
+
+MONO_API int
+mono_btls_ssl_read (MonoBtlsSsl *ptr, void *buf, int count)
+{
+	return SSL_read (ptr->ssl, buf, count);
+}
+
+MONO_API int
+mono_btls_ssl_write (MonoBtlsSsl *ptr, void *buf, int count)
+{
+	return SSL_write (ptr->ssl, buf, count);
+}
+
+MONO_API int
+mono_btls_ssl_get_version (MonoBtlsSsl *ptr)
+{
+	return SSL_version (ptr->ssl);
+}
+
+MONO_API void
+mono_btls_ssl_set_min_version (MonoBtlsSsl *ptr, int version)
+{
+	SSL_set_min_version (ptr->ssl, version);
+}
+
+MONO_API void
+mono_btls_ssl_set_max_version (MonoBtlsSsl *ptr, int version)
+{
+	SSL_set_max_version (ptr->ssl, version);
+}
+
+MONO_API int
+mono_btls_ssl_get_cipher (MonoBtlsSsl *ptr)
+{
+	const SSL_CIPHER *cipher;
+
+	cipher = SSL_get_current_cipher (ptr->ssl);
+	if (!cipher)
+		return 0;
+	return (uint16_t)SSL_CIPHER_get_id (cipher);
+}
+
+MONO_API int
+mono_btls_ssl_set_cipher_list (MonoBtlsSsl *ptr, const char *str)
+{
+	return SSL_set_cipher_list(ptr->ssl, str);
+}
+
+MONO_API int
+mono_btls_ssl_get_ciphers (MonoBtlsSsl *ptr, uint16_t **data)
+{
+	STACK_OF(SSL_CIPHER) *ciphers;
+	int count, i;
+
+	*data = NULL;
+
+	ciphers = SSL_get_ciphers (ptr->ssl);
+	if (!ciphers)
+		return 0;
+
+	count = (int)sk_SSL_CIPHER_num (ciphers);
+
+	*data = OPENSSL_malloc (2 * count);
+	if (!*data)
+		return 0;
+
+	for (i = 0; i < count; i++) {
+		const SSL_CIPHER *cipher = sk_SSL_CIPHER_value (ciphers, i);
+		(*data) [i] = (uint16_t) SSL_CIPHER_get_id (cipher);
+	}
+
+	return count;
+}
+
+MONO_API X509 *
+mono_btls_ssl_get_peer_certificate (MonoBtlsSsl *ptr)
+{
+	return SSL_get_peer_certificate (ptr->ssl);
+}
+
+MONO_API int
+mono_btls_ssl_get_error (MonoBtlsSsl *ptr, int ret_code)
+{
+	return SSL_get_error (ptr->ssl, ret_code);
+}
+
+MONO_API int
+mono_btls_ssl_set_verify_param (MonoBtlsSsl *ptr, const MonoBtlsX509VerifyParam *param)
+{
+	return SSL_set1_param (ptr->ssl, mono_btls_x509_verify_param_peek_param (param));
+}
+
+MONO_API int
+mono_btls_ssl_set_server_name (MonoBtlsSsl *ptr, const char *name)
+{
+	return SSL_set_tlsext_host_name (ptr->ssl, name);
+}

mono/btls/btls-ssl.h

@@ -0,0 +1,83 @@
+//
+//  btls-ssl.h
+//  MonoBtls
+//
+//  Created by Martin Baulig on 14/11/15.
+//  Copyright (c) 2015 Xamarin. All rights reserved.
+//
+
+#ifndef __btls__btls_ssl__
+#define __btls__btls_ssl__
+
+#include <btls-ssl-ctx.h>
+
+MonoBtlsSsl *
+mono_btls_ssl_new (MonoBtlsSslCtx *ctx);
+
+int
+mono_btls_ssl_use_certificate (MonoBtlsSsl *ptr, X509 *x509);
+
+int
+mono_btls_ssl_use_private_key (MonoBtlsSsl *ptr, EVP_PKEY *key);
+
+int
+mono_btls_ssl_add_chain_certificate (MonoBtlsSsl *ptr, X509 *x509);
+
+int
+mono_btls_ssl_accept (MonoBtlsSsl *ptr);
+
+int
+mono_btls_ssl_connect (MonoBtlsSsl *ptr);
+
+int
+mono_btls_ssl_handshake (MonoBtlsSsl *ptr);
+
+void
+mono_btls_ssl_print_errors_cb (ERR_print_errors_callback_t callback, void *ctx);
+
+void
+mono_btls_ssl_set_bio (MonoBtlsSsl *ptr, BIO *bio);
+
+int
+mono_btls_ssl_read (MonoBtlsSsl *ptr, void *buf, int count);
+
+int
+mono_btls_ssl_write (MonoBtlsSsl *ptr, void *buf, int count);
+
+int
+mono_btls_ssl_get_version (MonoBtlsSsl *ptr);
+
+void
+mono_btls_ssl_set_min_version (MonoBtlsSsl *ptr, int version);
+
+void
+mono_btls_ssl_set_max_version (MonoBtlsSsl *ptr, int version);
+
+int
+mono_btls_ssl_get_cipher (MonoBtlsSsl *ptr);
+
+int
+mono_btls_ssl_set_cipher_list (MonoBtlsSsl *ptr, const char *str);
+
+int
+mono_btls_ssl_get_ciphers (MonoBtlsSsl *ptr, uint16_t **data);
+
+X509 *
+mono_btls_ssl_get_peer_certificate (MonoBtlsSsl *ptr);
+
+void
+mono_btls_ssl_close (MonoBtlsSsl *ptr);
+
+int
+mono_btls_ssl_get_error (MonoBtlsSsl *ptr, int ret_code);
+
+int
+mono_btls_ssl_set_verify_param (MonoBtlsSsl *ptr, const MonoBtlsX509VerifyParam *param);
+
+int
+mono_btls_ssl_set_server_name (MonoBtlsSsl *ptr, const char *name);
+
+void
+mono_btls_ssl_destroy (MonoBtlsSsl *ptr);
+
+#endif /* defined(__btls__btls_ssl__) */

mono/btls/btls-time64.c

@@ -0,0 +1,158 @@
+/*
+
+Copyright (c) 2007-2008  Michael G Schwern
+
+This software originally derived from Paul Sheer's pivotal_gmtime_r.c.
+
+The MIT License:
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
+
+*/
+
+/* See http://code.google.com/p/y2038 for this code's origin */
+
+#include <assert.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <stdint.h>
+#include <string.h>
+#include <time.h>
+#include <errno.h>
+
+/* Spec says except for stftime() and the _r() functions, these
+   all return static memory.  Stabbings! */
+static struct tm   Static_Return_Date;
+static char        Static_Return_String[35];
+
+static const int days_in_month[2][12] = {
+    {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
+    {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31},
+};
+
+static const int julian_days_by_month[2][12] = {
+    {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334},
+    {0, 31, 60, 91, 121, 152, 182, 213, 244, 274, 305, 335},
+};
+
+static char const wday_name[7][3] = {
+    "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"
+};
+
+static char const mon_name[12][3] = {
+    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
+
+static const int length_of_year[2] = { 365, 366 };
+
+/* Some numbers relating to the gregorian cycle */
+static const int64_t     years_in_gregorian_cycle   = 400;
+#define               days_in_gregorian_cycle      ((365 * 400) + 100 - 4 + 1)
+static const int64_t seconds_in_gregorian_cycle = days_in_gregorian_cycle * 60LL * 60LL * 24LL;
+
+/* Year range we can trust the time funcitons with */
+#define MAX_SAFE_YEAR 2037
+#define MIN_SAFE_YEAR 1971
+
+/* 28 year Julian calendar cycle */
+#define SOLAR_CYCLE_LENGTH 28
+
+/* Year cycle from MAX_SAFE_YEAR down. */
+static const int safe_years_high[SOLAR_CYCLE_LENGTH] = {
+    2016, 2017, 2018, 2019,
+    2020, 2021, 2022, 2023,
+    2024, 2025, 2026, 2027,
+    2028, 2029, 2030, 2031,
+    2032, 2033, 2034, 2035,
+    2036, 2037, 2010, 2011,
+    2012, 2013, 2014, 2015
+};
+
+/* Year cycle from MIN_SAFE_YEAR up */
+static const int safe_years_low[SOLAR_CYCLE_LENGTH] = {
+    1996, 1997, 1998, 1971,
+    1972, 1973, 1974, 1975,
+    1976, 1977, 1978, 1979,
+    1980, 1981, 1982, 1983,
+    1984, 1985, 1986, 1987,
+    1988, 1989, 1990, 1991,
+    1992, 1993, 1994, 1995,
+};
+
+/* Let's assume people are going to be looking for dates in the future.
+   Let's provide some cheats so you can skip ahead.
+   This has a 4x speed boost when near 2008.
+*/
+/* Number of days since epoch on Jan 1st, 2008 GMT */
+#define CHEAT_DAYS  (1199145600 / 24 / 60 / 60)
+#define CHEAT_YEARS 108
+
+#define IS_LEAP(n)      ((!(((n) + 1900) % 400) || (!(((n) + 1900) % 4) && (((n) + 1900) % 100))) != 0)
+#define WRAP(a,b,m)     ((a) = ((a) <  0  ) ? ((b)--, (a) + (m)) : (a))
+
+/* timegm() is not in the C or POSIX spec, but it is such a useful
+   extension I would be remiss in leaving it out.  Also I need it
+   for localtime64()
+*/
+int64_t btls_timegm64(const struct tm *date) {
+    int64_t days    = 0;
+    int64_t seconds = 0;
+    int64_t     year;
+    int64_t     orig_year = (int64_t)date->tm_year;
+    int      cycles  = 0;
+
+    if( orig_year > 100 ) {
+        cycles = (orig_year - 100) / 400;
+        orig_year -= cycles * 400;
+        days      += (int64_t)cycles * days_in_gregorian_cycle;
+    }
+    else if( orig_year < -300 ) {
+        cycles = (orig_year - 100) / 400;
+        orig_year -= cycles * 400;
+        days      += (int64_t)cycles * days_in_gregorian_cycle;
+    }
+
+    if( orig_year > 70 ) {
+        year = 70;
+        while( year < orig_year ) {
+            days += length_of_year[IS_LEAP(year)];
+            year++;
+        }
+    }
+    else if ( orig_year < 70 ) {
+        year = 69;
+        do {
+            days -= length_of_year[IS_LEAP(year)];
+            year--;
+        } while( year >= orig_year );
+    }
+
+
+    days += julian_days_by_month[IS_LEAP(orig_year)][date->tm_mon];
+    days += date->tm_mday - 1;
+
+    seconds = days * 60 * 60 * 24;
+
+    seconds += date->tm_hour * 60 * 60;
+    seconds += date->tm_min * 60;
+    seconds += date->tm_sec;
+
+    return(seconds);
+}

mono/btls/btls-util.c

@@ -0,0 +1,77 @@
+//
+//  btls-util.c
+//  MonoBtls
+//
+//  Created by Martin Baulig on 3/23/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#include <btls-util.h>
+#include <assert.h>
+// #include <time.h>
+
+extern int asn1_generalizedtime_to_tm (struct tm *tm, const ASN1_GENERALIZEDTIME *d);
+
+extern int64_t btls_timegm64 (const struct tm *date);
+
+
+MONO_API void
+mono_btls_free (void *data)
+{
+	OPENSSL_free (data);
+}
+
+int64_t
+mono_btls_util_asn1_time_to_ticks (ASN1_TIME *time)
+{
+	ASN1_GENERALIZEDTIME *gtime;
+	struct tm tm;
+	int64_t epoch;
+	int ret;
+	
+	memset (&tm, 0, sizeof (tm));
+
+	gtime = ASN1_TIME_to_generalizedtime (time, NULL);
+	ret = asn1_generalizedtime_to_tm (&tm, gtime);
+	ASN1_GENERALIZEDTIME_free (gtime);
+	epoch = btls_timegm64 (&tm);
+
+	return epoch;
+}
+
+// Copied from crypto/bio/printf.c, takes va_list
+int
+mono_btls_debug_printf (BIO *bio, const char *format, va_list args)
+{
+	char buf[256], *out, out_malloced = 0;
+	int out_len, ret;
+
+	out_len = vsnprintf (buf, sizeof(buf), format, args);
+	if (out_len < 0) {
+		return -1;
+	}
+
+	if ((size_t) out_len >= sizeof(buf)) {
+		const int requested_len = out_len;
+		/* The output was truncated. Note that vsnprintf's return value
+		 * does not include a trailing NUL, but the buffer must be sized
+		 * for it. */
+		out = OPENSSL_malloc (requested_len + 1);
+		out_malloced = 1;
+		if (out == NULL) {
+			OPENSSL_PUT_ERROR(BIO, ERR_R_MALLOC_FAILURE);
+			return -1;
+		}
+		out_len = vsnprintf (out, requested_len + 1, format, args);
+		assert(out_len == requested_len);
+	} else {
+		out = buf;
+	}
+
+	ret = BIO_write(bio, out, out_len);
+	if (out_malloced) {
+		OPENSSL_free(out);
+	}
+
+	return ret;
+}

mono/btls/btls-util.h

@@ -0,0 +1,45 @@
+//
+//  btls-util.h
+//  MonoBtls
+//
+//  Created by Martin Baulig on 3/23/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#ifndef __btls__btls_util__
+#define __btls__btls_util__
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <openssl/ssl.h>
+
+#ifndef MONO_API
+#if defined(_MSC_VER)
+
+#define MONO_API __declspec(dllexport)
+
+#else
+
+#ifdef __GNUC__
+#define MONO_API __attribute__ ((visibility ("default")))
+#else
+#define MONO_API
+#endif
+
+#endif
+#endif
+
+void
+mono_btls_free (void *data);
+
+int64_t
+mono_btls_util_asn1_time_to_ticks (ASN1_TIME *time);
+
+int
+mono_btls_debug_printf (BIO *bio, const char *format, va_list args);
+
+OPENSSL_EXPORT void CRYPTO_refcount_inc(CRYPTO_refcount_t *count);
+OPENSSL_EXPORT int CRYPTO_refcount_dec_and_test_zero(CRYPTO_refcount_t *count);
+
+#endif /* __btls__btls_util__ */

mono/btls/btls-x509-chain.c

@@ -0,0 +1,96 @@
+//
+//  btls-x509-chain.c
+//  MonoBtls
+//
+//  Created by Martin Baulig on 3/3/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#include <btls-x509-chain.h>
+
+struct MonoBtlsX509Chain {
+	STACK_OF(X509) *certs;
+	CRYPTO_refcount_t references;
+};
+
+MONO_API MonoBtlsX509Chain *
+mono_btls_x509_chain_new (void)
+{
+	MonoBtlsX509Chain *chain = (MonoBtlsX509Chain *)OPENSSL_malloc (sizeof (MonoBtlsX509Chain));
+	if (chain == NULL)
+		return NULL;
+
+	memset(chain, 0, sizeof(MonoBtlsX509Chain));
+	chain->certs = sk_X509_new_null ();
+	chain->references = 1;
+	return chain;
+}
+
+MONO_API MonoBtlsX509Chain *
+mono_btls_x509_chain_from_certs (STACK_OF(X509) *certs)
+{
+	MonoBtlsX509Chain *chain = (MonoBtlsX509Chain *)OPENSSL_malloc (sizeof (MonoBtlsX509Chain));
+	if (chain == NULL)
+		return NULL;
+
+	memset(chain, 0, sizeof(MonoBtlsX509Chain));
+	chain->certs = X509_chain_up_ref(certs);
+	chain->references = 1;
+	return chain;
+}
+
+MONO_API STACK_OF(X509) *
+mono_btls_x509_chain_peek_certs (MonoBtlsX509Chain *chain)
+{
+	return chain->certs;
+}
+
+MONO_API int
+mono_btls_x509_chain_get_count (MonoBtlsX509Chain *chain)
+{
+	return (int)sk_X509_num(chain->certs);
+}
+
+MONO_API X509 *
+mono_btls_x509_chain_get_cert (MonoBtlsX509Chain *chain, int index)
+{
+	X509 *cert;
+
+	if ((size_t)index >= sk_X509_num(chain->certs))
+		return NULL;
+	cert = sk_X509_value(chain->certs, index);
+	if (cert)
+		X509_up_ref(cert);
+	return cert;
+}
+
+MONO_API STACK_OF(X509) *
+mono_btls_x509_chain_get_certs (MonoBtlsX509Chain *chain)
+{
+	return chain->certs;
+}
+
+MONO_API int
+mono_btls_x509_chain_free (MonoBtlsX509Chain *chain)
+{
+	if (!CRYPTO_refcount_dec_and_test_zero(&chain->references))
+		return 0;
+
+	sk_X509_pop_free(chain->certs, X509_free);
+	OPENSSL_free (chain);
+	return 1;
+}
+
+MONO_API MonoBtlsX509Chain *
+mono_btls_x509_chain_up_ref (MonoBtlsX509Chain *chain)
+{
+	CRYPTO_refcount_inc(&chain->references);
+	return chain;
+}
+
+MONO_API void
+mono_btls_x509_chain_add_cert (MonoBtlsX509Chain *chain, X509 *x509)
+{
+	X509_up_ref(x509);
+	sk_X509_push(chain->certs, x509);
+}

mono/btls/btls-x509-chain.h

@@ -0,0 +1,41 @@
+//
+//  btls-x509-chain.h
+//  MonoBtls
+//
+//  Created by Martin Baulig on 3/3/16.
+//  Copyright © 2016 Xamarin. All rights reserved.
+//
+
+#ifndef __btls__btls_x509_chain__
+#define __btls__btls_x509_chain__
+
+#include <stdio.h>
+#include <btls-ssl.h>
+#include <btls-x509.h>
+
+MonoBtlsX509Chain *
+mono_btls_x509_chain_new (void);
+
+MonoBtlsX509Chain *
+mono_btls_x509_chain_from_certs (STACK_OF(X509) *certs);
+
+STACK_OF(X509) *
+mono_btls_x509_chain_peek_certs (MonoBtlsX509Chain *chain);
+
+int
+mono_btls_x509_chain_get_count (MonoBtlsX509Chain *chain);
+
+X509 *
+mono_btls_x509_chain_get_cert (MonoBtlsX509Chain *chain, int index);
+
+MonoBtlsX509Chain *
+mono_btls_x509_chain_up_ref (MonoBtlsX509Chain *chain);
+
+int
+mono_btls_x509_chain_free (MonoBtlsX509Chain *chain);
+
+void
+mono_btls_x509_chain_add_cert (MonoBtlsX509Chain *chain, X509 *x509);
+
+#endif /* defined(__btls__btls_x509_chain__) */
+