This repository has been archived by the owner on Jan 23, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4.9k
More SSL error queue cleaning #29171
Merged
Merged
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -24,32 +24,24 @@ private OpenSslPkcs12Reader(SafePkcs12Handle pkcs12Handle) | |
|
||
public static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader) | ||
{ | ||
SafePkcs12Handle handle = Interop.Crypto.DecodePkcs12(data, data.Length); | ||
|
||
if (!handle.IsInvalid) | ||
{ | ||
pkcs12Reader = new OpenSslPkcs12Reader(handle); | ||
return true; | ||
} | ||
Exception ignored; | ||
return TryRead(data, out pkcs12Reader, out ignored, captureException: false); | ||
} | ||
|
||
handle.Dispose(); | ||
pkcs12Reader = null; | ||
return false; | ||
public static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader, out Exception openSslException) | ||
{ | ||
return TryRead(data, out pkcs12Reader, out openSslException, captureException: true); | ||
} | ||
|
||
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader) | ||
{ | ||
SafePkcs12Handle p12 = Interop.Crypto.DecodePkcs12FromBio(fileBio); | ||
|
||
if (!p12.IsInvalid) | ||
{ | ||
pkcs12Reader = new OpenSslPkcs12Reader(p12); | ||
return true; | ||
} | ||
Exception ignored; | ||
return TryRead(fileBio, out pkcs12Reader, out ignored, captureException: false); | ||
} | ||
|
||
p12.Dispose(); | ||
pkcs12Reader = null; | ||
return false; | ||
public static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader, out Exception openSslException) | ||
{ | ||
return TryRead(fileBio, out pkcs12Reader, out openSslException, captureException: true); | ||
} | ||
|
||
public void Dispose() | ||
|
@@ -132,5 +124,56 @@ public List<OpenSslX509CertificateReader> ReadCertificates() | |
|
||
return certs; | ||
} | ||
|
||
private static bool TryRead(byte[] data, out OpenSslPkcs12Reader pkcs12Reader, out Exception openSslException, bool captureException) | ||
{ | ||
SafePkcs12Handle handle = Interop.Crypto.DecodePkcs12(data, data.Length); | ||
openSslException = null; | ||
|
||
if (!handle.IsInvalid) | ||
{ | ||
pkcs12Reader = new OpenSslPkcs12Reader(handle); | ||
return true; | ||
} | ||
|
||
handle.Dispose(); | ||
pkcs12Reader = null; | ||
if (captureException) | ||
{ | ||
openSslException = Interop.Crypto.CreateOpenSslCryptographicException(); | ||
} | ||
else | ||
{ | ||
Interop.Crypto.ErrClearError(); | ||
} | ||
|
||
return false; | ||
} | ||
|
||
private static bool TryRead(SafeBioHandle fileBio, out OpenSslPkcs12Reader pkcs12Reader, out Exception openSslException, bool captureException) | ||
{ | ||
SafePkcs12Handle p12 = Interop.Crypto.DecodePkcs12FromBio(fileBio); | ||
openSslException = null; | ||
|
||
if (!p12.IsInvalid) | ||
{ | ||
pkcs12Reader = new OpenSslPkcs12Reader(p12); | ||
openSslException = null; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This setting to null isn't needed, or alternatively moved the earlier setting to null down to the else block below (in which case it'd be good to keep the previous method that follows a similar form in sync with this pattern). |
||
return true; | ||
} | ||
|
||
p12.Dispose(); | ||
pkcs12Reader = null; | ||
if (captureException) | ||
{ | ||
openSslException = Interop.Crypto.CreateOpenSslCryptographicException(); | ||
} | ||
else | ||
{ | ||
Interop.Crypto.ErrClearError(); | ||
} | ||
|
||
return false; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -15,10 +15,15 @@ internal static bool IsPkcs7(byte[] rawData) | |
{ | ||
using (SafePkcs7Handle pkcs7 = Interop.Crypto.DecodePkcs7(rawData, rawData.Length)) | ||
{ | ||
if (!pkcs7.IsInvalid) | ||
if (pkcs7.IsInvalid) | ||
{ | ||
Interop.Crypto.ErrClearError(); | ||
} | ||
else | ||
{ | ||
return true; | ||
} | ||
|
||
} | ||
|
||
using (SafeBioHandle bio = Interop.Crypto.CreateMemoryBio()) | ||
|
@@ -29,7 +34,13 @@ internal static bool IsPkcs7(byte[] rawData) | |
|
||
using (SafePkcs7Handle pkcs7 = Interop.Crypto.PemReadBioPkcs7(bio)) | ||
{ | ||
return !pkcs7.IsInvalid; | ||
if (pkcs7.IsInvalid) | ||
{ | ||
Interop.Crypto.ErrClearError(); | ||
return false; | ||
} | ||
|
||
return true; | ||
} | ||
} | ||
} | ||
|
@@ -38,6 +49,11 @@ internal static bool IsPkcs7Der(SafeBioHandle fileBio) | |
{ | ||
using (SafePkcs7Handle pkcs7 = Interop.Crypto.D2IPkcs7Bio(fileBio)) | ||
{ | ||
if (pkcs7.IsInvalid) | ||
{ | ||
Interop.Crypto.ErrClearError(); | ||
} | ||
|
||
return !pkcs7.IsInvalid; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Nit: This is inconsistent from other similar cases. To be consistent it would be: if (pkcs7.IsInvalid)
{
Interop.Crypto.ErrClearError();
return false;
}
return true; |
||
} | ||
} | ||
|
@@ -46,7 +62,13 @@ internal static bool IsPkcs7Pem(SafeBioHandle fileBio) | |
{ | ||
using (SafePkcs7Handle pkcs7 = Interop.Crypto.PemReadBioPkcs7(fileBio)) | ||
{ | ||
return !pkcs7.IsInvalid; | ||
if (pkcs7.IsInvalid) | ||
{ | ||
Interop.Crypto.ErrClearError(); | ||
return false; | ||
} | ||
|
||
return true; | ||
} | ||
} | ||
|
||
|
@@ -90,6 +112,7 @@ private static bool TryReadPkcs7Der( | |
{ | ||
certPal = null; | ||
certPals = null; | ||
Interop.Crypto.ErrClearError(); | ||
return false; | ||
} | ||
|
||
|
@@ -109,6 +132,7 @@ private static bool TryReadPkcs7Der( | |
{ | ||
certPal = null; | ||
certPals = null; | ||
Interop.Crypto.ErrClearError(); | ||
return false; | ||
} | ||
|
||
|
@@ -172,6 +196,7 @@ private static bool TryReadPkcs7Pem( | |
{ | ||
certPal = null; | ||
certPals = null; | ||
Interop.Crypto.ErrClearError(); | ||
return false; | ||
} | ||
|
||
|
@@ -218,46 +243,46 @@ private static bool TryReadPkcs7( | |
return true; | ||
} | ||
|
||
internal static bool TryReadPkcs12(byte[] rawData, SafePasswordHandle password, out ICertificatePal certPal) | ||
internal static bool TryReadPkcs12(byte[] rawData, SafePasswordHandle password, out ICertificatePal certPal, out Exception openSslException) | ||
{ | ||
List<ICertificatePal> ignored; | ||
|
||
return TryReadPkcs12(rawData, password, true, out certPal, out ignored); | ||
|
||
return TryReadPkcs12(rawData, password, true, out certPal, out ignored, out openSslException); | ||
} | ||
|
||
internal static bool TryReadPkcs12(SafeBioHandle bio, SafePasswordHandle password, out ICertificatePal certPal) | ||
internal static bool TryReadPkcs12(SafeBioHandle bio, SafePasswordHandle password, out ICertificatePal certPal, out Exception openSslException) | ||
{ | ||
List<ICertificatePal> ignored; | ||
|
||
return TryReadPkcs12(bio, password, true, out certPal, out ignored); | ||
return TryReadPkcs12(bio, password, true, out certPal, out ignored, out openSslException); | ||
} | ||
|
||
internal static bool TryReadPkcs12(byte[] rawData, SafePasswordHandle password, out List<ICertificatePal> certPals) | ||
internal static bool TryReadPkcs12(byte[] rawData, SafePasswordHandle password, out List<ICertificatePal> certPals, out Exception openSslException) | ||
{ | ||
ICertificatePal ignored; | ||
|
||
return TryReadPkcs12(rawData, password, false, out ignored, out certPals); | ||
return TryReadPkcs12(rawData, password, false, out ignored, out certPals, out openSslException); | ||
} | ||
|
||
internal static bool TryReadPkcs12(SafeBioHandle bio, SafePasswordHandle password, out List<ICertificatePal> certPals) | ||
internal static bool TryReadPkcs12(SafeBioHandle bio, SafePasswordHandle password, out List<ICertificatePal> certPals, out Exception openSslException) | ||
{ | ||
ICertificatePal ignored; | ||
|
||
return TryReadPkcs12(bio, password, false, out ignored, out certPals); | ||
return TryReadPkcs12(bio, password, false, out ignored, out certPals, out openSslException); | ||
} | ||
|
||
private static bool TryReadPkcs12( | ||
byte[] rawData, | ||
SafePasswordHandle password, | ||
bool single, | ||
out ICertificatePal readPal, | ||
out List<ICertificatePal> readCerts) | ||
out List<ICertificatePal> readCerts, | ||
out Exception openSslException) | ||
{ | ||
// DER-PKCS12 | ||
OpenSslPkcs12Reader pfx; | ||
|
||
if (!OpenSslPkcs12Reader.TryRead(rawData, out pfx)) | ||
if (!OpenSslPkcs12Reader.TryRead(rawData, out pfx, out openSslException)) | ||
{ | ||
readPal = null; | ||
readCerts = null; | ||
|
@@ -275,12 +300,13 @@ private static bool TryReadPkcs12( | |
SafePasswordHandle password, | ||
bool single, | ||
out ICertificatePal readPal, | ||
out List<ICertificatePal> readCerts) | ||
out List<ICertificatePal> readCerts, | ||
out Exception openSslException) | ||
{ | ||
// DER-PKCS12 | ||
OpenSslPkcs12Reader pfx; | ||
|
||
if (!OpenSslPkcs12Reader.TryRead(bio, out pfx)) | ||
if (!OpenSslPkcs12Reader.TryRead(bio, out pfx, out openSslException)) | ||
{ | ||
readPal = null; | ||
readCerts = null; | ||
|
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: this can be:
Same in various places below.