[Security] Make P/Invokes in [Sec]Trust.cs have blittable signatures.

src/Security/SecTrust.cs

@@ -42,7 +42,7 @@ public SecTrust (SecCertificate certificate, SecPolicy policy)
 		[SupportedOSPlatform ("tvos")]
 #endif
 		[DllImport (Constants.SecurityLibrary)]
-		extern static SecStatusCode /* OSStatus */ SecTrustCopyPolicies (IntPtr /* SecTrustRef */ trust, ref IntPtr /* CFArrayRef* */ policies);
+		unsafe extern static SecStatusCode /* OSStatus */ SecTrustCopyPolicies (IntPtr /* SecTrustRef */ trust, IntPtr* /* CFArrayRef* */ policies);
 
 #if NET
 		[SupportedOSPlatform ("ios")]
@@ -53,7 +53,10 @@ public SecTrust (SecCertificate certificate, SecPolicy policy)
 		public SecPolicy [] GetPolicies ()
 		{
 			IntPtr p = IntPtr.Zero;
-			SecStatusCode result = SecTrustCopyPolicies (Handle, ref p);
+			SecStatusCode result;
+			unsafe {
+				result = SecTrustCopyPolicies (Handle, &p);
+			}
 			if (result != SecStatusCode.Success)
 				throw new InvalidOperationException (result.ToString ());
 			return NSArray.ArrayFromHandle<SecPolicy> (p);
@@ -102,7 +105,7 @@ public void SetPolicies (NSArray policies)
 		[SupportedOSPlatform ("tvos")]
 #endif
 		[DllImport (Constants.SecurityLibrary)]
-		extern static SecStatusCode /* OSStatus */ SecTrustGetNetworkFetchAllowed (IntPtr /* SecTrustRef */ trust, [MarshalAs (UnmanagedType.I1)] out bool /* Boolean* */ allowFetch);
+		unsafe extern static SecStatusCode /* OSStatus */ SecTrustGetNetworkFetchAllowed (IntPtr /* SecTrustRef */ trust, byte* /* Boolean* */ allowFetch);
 
 #if NET
 		[SupportedOSPlatform ("ios")]
@@ -111,7 +114,7 @@ public void SetPolicies (NSArray policies)
 		[SupportedOSPlatform ("tvos")]
 #endif
 		[DllImport (Constants.SecurityLibrary)]
-		extern static SecStatusCode /* OSStatus */ SecTrustSetNetworkFetchAllowed (IntPtr /* SecTrustRef */ trust, [MarshalAs (UnmanagedType.I1)] bool /* Boolean */ allowFetch);
+		extern static SecStatusCode /* OSStatus */ SecTrustSetNetworkFetchAllowed (IntPtr /* SecTrustRef */ trust, byte /* Boolean */ allowFetch);
 
 #if NET
 		[SupportedOSPlatform ("ios")]
@@ -121,14 +124,17 @@ public void SetPolicies (NSArray policies)
 #endif
 		public bool NetworkFetchAllowed {
 			get {
-				bool value;
-				SecStatusCode result = SecTrustGetNetworkFetchAllowed (Handle, out value);
+				byte value;
+				SecStatusCode result;
+				unsafe {
+					result = SecTrustGetNetworkFetchAllowed (Handle, &value);
+				}
 				if (result != SecStatusCode.Success)
 					throw new InvalidOperationException (result.ToString ());
-				return value;
+				return value != 0;
 			}
 			set {
-				SecStatusCode result = SecTrustSetNetworkFetchAllowed (Handle, value);
+				SecStatusCode result = SecTrustSetNetworkFetchAllowed (Handle, value.AsByte ());
 				if (result != SecStatusCode.Success)
 					throw new InvalidOperationException (result.ToString ());
 			}
@@ -141,7 +147,7 @@ public bool NetworkFetchAllowed {
 		[SupportedOSPlatform ("tvos")]
 #endif
 		[DllImport (Constants.SecurityLibrary)]
-		extern static SecStatusCode /* OSStatus */ SecTrustCopyCustomAnchorCertificates (IntPtr /* SecTrustRef */ trust, out IntPtr /* CFArrayRef* */ anchors);
+		unsafe extern static SecStatusCode /* OSStatus */ SecTrustCopyCustomAnchorCertificates (IntPtr /* SecTrustRef */ trust, IntPtr* /* CFArrayRef* */ anchors);
 
 #if NET
 		[SupportedOSPlatform ("ios")]
@@ -152,7 +158,10 @@ public bool NetworkFetchAllowed {
 		public SecCertificate [] GetCustomAnchorCertificates ()
 		{
 			IntPtr p;
-			SecStatusCode result = SecTrustCopyCustomAnchorCertificates (Handle, out p);
+			SecStatusCode result;
+			unsafe {
+				result = SecTrustCopyCustomAnchorCertificates (Handle, &p);
+			}
 			if (result != SecStatusCode.Success)
 				throw new InvalidOperationException (result.ToString ());
 			return NSArray.ArrayFromHandle<SecCertificate> (p);
@@ -295,7 +304,7 @@ public SecStatusCode Evaluate (DispatchQueue queue, SecTrustWithErrorCallback ha
 		[SupportedOSPlatform ("tvos")]
 #endif
 		[DllImport (Constants.SecurityLibrary)]
-		extern static SecStatusCode /* OSStatus */ SecTrustGetTrustResult (IntPtr /* SecTrustRef */ trust, out SecTrustResult /* SecTrustResultType */ result);
+		unsafe extern static SecStatusCode /* OSStatus */ SecTrustGetTrustResult (IntPtr /* SecTrustRef */ trust, SecTrustResult* /* SecTrustResultType */ result);
 
 #if NET
 		[SupportedOSPlatform ("ios")]
@@ -306,7 +315,10 @@ public SecStatusCode Evaluate (DispatchQueue queue, SecTrustWithErrorCallback ha
 		public SecTrustResult GetTrustResult ()
 		{
 			SecTrustResult trust_result;
-			SecStatusCode result = SecTrustGetTrustResult (Handle, out trust_result);
+			SecStatusCode result;
+			unsafe {
+				result = SecTrustGetTrustResult (Handle, &trust_result);
+			}
 			if (result != SecStatusCode.Success)
 				throw new InvalidOperationException (result.ToString ());
 			return trust_result;
@@ -323,8 +335,7 @@ public SecTrustResult GetTrustResult ()
 		[iOS (12, 0)]
 #endif
 		[DllImport (Constants.SecurityLibrary)]
-		[return: MarshalAs (UnmanagedType.U1)]
-		static extern bool SecTrustEvaluateWithError (/* SecTrustRef */ IntPtr trust, out /* CFErrorRef** */ IntPtr error);
+		unsafe static extern byte SecTrustEvaluateWithError (/* SecTrustRef */ IntPtr trust, /* CFErrorRef** */ IntPtr* error);
 
 #if NET
 		[SupportedOSPlatform ("tvos12.0")]
@@ -338,7 +349,11 @@ public SecTrustResult GetTrustResult ()
 #endif
 		public bool Evaluate (out NSError? error)
 		{
-			var result = SecTrustEvaluateWithError (Handle, out var err);
+			IntPtr err;
+			bool result;
+			unsafe {
+				result = SecTrustEvaluateWithError (Handle, &err) != 0;
+			}
 			error = err == IntPtr.Zero ? null : new NSError (err);
 			return result;
 		}

src/Security/Trust.cs

@@ -63,10 +63,10 @@ internal SecTrust (NativeHandle handle, bool owns)
 		public extern static nint GetTypeID ();
 
 		[DllImport (Constants.SecurityLibrary)]
-		extern static SecStatusCode SecTrustCreateWithCertificates (
+		unsafe extern static SecStatusCode SecTrustCreateWithCertificates (
 			/* CFTypeRef */            IntPtr certOrCertArray,
 			/* CFTypeRef __nullable */ IntPtr policies,
-			/* SecTrustRef *__nonull */ out IntPtr sectrustref);
+			/* SecTrustRef *__nonull */ IntPtr* sectrustref);
 
 
 		public SecTrust (X509Certificate certificate, SecPolicy? policy)
@@ -122,7 +122,11 @@ void Initialize (SecCertificate [] array, SecPolicy? policy)
 
 		void Initialize (IntPtr certHandle, SecPolicy? policy)
 		{
-			SecStatusCode result = SecTrustCreateWithCertificates (certHandle, policy.GetHandle (), out var handle);
+			IntPtr handle;
+			SecStatusCode result;
+			unsafe {
+				result = SecTrustCreateWithCertificates (certHandle, policy.GetHandle (), &handle);
+			}
 			if (result != SecStatusCode.Success)
 				throw new ArgumentException (result.ToString ());
 			InitializeHandle (handle);
@@ -143,7 +147,7 @@ void Initialize (IntPtr certHandle, SecPolicy? policy)
 		[Deprecated (PlatformName.MacOSX, 10, 14, 1, message: "Use 'SecTrust.Evaluate (out NSError)' instead.")]
 #endif
 		[DllImport (Constants.SecurityLibrary)]
-		extern static SecStatusCode /* OSStatus */ SecTrustEvaluate (IntPtr /* SecTrustRef */ trust, out /* SecTrustResultType */ SecTrustResult result);
+		unsafe extern static SecStatusCode /* OSStatus */ SecTrustEvaluate (IntPtr /* SecTrustRef */ trust, /* SecTrustResultType */ SecTrustResult* result);
 
 #if NET
 		[SupportedOSPlatform ("ios")]
@@ -162,7 +166,10 @@ void Initialize (IntPtr certHandle, SecPolicy? policy)
 		public SecTrustResult Evaluate ()
 		{
 			SecTrustResult trust;
-			SecStatusCode result = SecTrustEvaluate (GetCheckedHandle (), out trust);
+			SecStatusCode result;
+			unsafe {
+				result = SecTrustEvaluate (GetCheckedHandle (), &trust);
+			}
 			if (result != SecStatusCode.Success)
 				throw new InvalidOperationException (result.ToString ());
 			return trust;
@@ -349,8 +356,7 @@ public SecKey GetKey ()
 		[SupportedOSPlatform ("tvos")]
 #endif
 		[DllImport (Constants.SecurityLibrary)]
-		[return: MarshalAs (UnmanagedType.U1)]
-		extern static bool SecTrustSetExceptions (IntPtr /* SecTrustRef */ trust, IntPtr /* __nullable CFDataRef */ exceptions);
+		extern static byte SecTrustSetExceptions (IntPtr /* SecTrustRef */ trust, IntPtr /* __nullable CFDataRef */ exceptions);
 
 #if NET
 		[SupportedOSPlatform ("macos")]
@@ -360,7 +366,7 @@ public SecKey GetKey ()
 #endif
 		public bool SetExceptions (NSData data)
 		{
-			return SecTrustSetExceptions (GetCheckedHandle (), data.GetHandle ());
+			return SecTrustSetExceptions (GetCheckedHandle (), data.GetHandle ()) != 0;
 		}
 
 		[DllImport (Constants.SecurityLibrary)]
@@ -419,11 +425,11 @@ public SecStatusCode SetAnchorCertificates (SecCertificate [] array)
 		}
 
 		[DllImport (Constants.SecurityLibrary)]
-		extern static SecStatusCode /* OSStatus */ SecTrustSetAnchorCertificatesOnly (IntPtr /* SecTrustRef */ trust, [MarshalAs (UnmanagedType.I1)] bool anchorCertificatesOnly);
+		extern static SecStatusCode /* OSStatus */ SecTrustSetAnchorCertificatesOnly (IntPtr /* SecTrustRef */ trust, byte anchorCertificatesOnly);
 
 		public SecStatusCode SetAnchorCertificatesOnly (bool anchorCertificatesOnly)
 		{
-			return SecTrustSetAnchorCertificatesOnly (GetCheckedHandle (), anchorCertificatesOnly);
+			return SecTrustSetAnchorCertificatesOnly (GetCheckedHandle (), anchorCertificatesOnly.AsByte ());
 		}
 #endif
 	}

tests/cecil-tests/BlittablePInvokes.KnownFailures.cs

@@ -66,14 +66,6 @@ public partial class BlittablePInvokes {
 			"Security.SecStatusCode Security.SecItem::SecItemCopyMatching(System.IntPtr,System.IntPtr&)",
 			"Security.SecStatusCode Security.SecKeyChain::SecKeychainFindGenericPassword(System.IntPtr,System.Int32,System.Byte[],System.Int32,System.Byte[],System.Int32&,System.IntPtr&,System.IntPtr)",
 			"Security.SecStatusCode Security.SecKeyChain::SecKeychainFindInternetPassword(System.IntPtr,System.Int32,System.Byte[],System.Int32,System.Byte[],System.Int32,System.Byte[],System.Int32,System.Byte[],System.Int16,System.IntPtr,System.IntPtr,System.Int32&,System.IntPtr&,System.IntPtr)",
-			"Security.SecStatusCode Security.SecTrust::SecTrustCopyCustomAnchorCertificates(System.IntPtr,System.IntPtr&)",
-			"Security.SecStatusCode Security.SecTrust::SecTrustCopyPolicies(System.IntPtr,System.IntPtr&)",
-			"Security.SecStatusCode Security.SecTrust::SecTrustCreateWithCertificates(System.IntPtr,System.IntPtr,System.IntPtr&)",
-			"Security.SecStatusCode Security.SecTrust::SecTrustEvaluate(System.IntPtr,Security.SecTrustResult&)",
-			"Security.SecStatusCode Security.SecTrust::SecTrustGetNetworkFetchAllowed(System.IntPtr,System.Boolean&)",
-			"Security.SecStatusCode Security.SecTrust::SecTrustGetTrustResult(System.IntPtr,Security.SecTrustResult&)",
-			"Security.SecStatusCode Security.SecTrust::SecTrustSetAnchorCertificatesOnly(System.IntPtr,System.Boolean)",
-			"Security.SecStatusCode Security.SecTrust::SecTrustSetNetworkFetchAllowed(System.IntPtr,System.Boolean)",
 			"System.Boolean Network.NWAdvertiseDescriptor::nw_advertise_descriptor_get_no_auto_rename(System.IntPtr)",
 			"System.Boolean Network.NWBrowserDescriptor::nw_browse_descriptor_get_include_txt_record(System.IntPtr)",
 			"System.Boolean Network.NWConnectionGroup::nw_connection_group_reinsert_extracted_connection(System.IntPtr,System.IntPtr)",
@@ -129,8 +121,6 @@ public partial class BlittablePInvokes {
 			"System.Boolean Security.SecProtocolMetadata::sec_protocol_metadata_challenge_parameters_are_equal(System.IntPtr,System.IntPtr)",
 			"System.Boolean Security.SecProtocolMetadata::sec_protocol_metadata_peers_are_equal(System.IntPtr,System.IntPtr)",
 			"System.Boolean Security.SecProtocolOptions::sec_protocol_options_are_equal(System.IntPtr,System.IntPtr)",
-			"System.Boolean Security.SecTrust::SecTrustEvaluateWithError(System.IntPtr,System.IntPtr&)",
-			"System.Boolean Security.SecTrust::SecTrustSetExceptions(System.IntPtr,System.IntPtr)",
 			"System.Byte Security.SecProtocolMetadata::sec_protocol_metadata_access_supported_signature_algorithms(System.IntPtr,ObjCRuntime.BlockLiteral*)",
 			"System.Byte* Network.NWEndpoint::nw_endpoint_get_signature(System.IntPtr,System.UIntPtr&)",
 			"System.Int32 AudioUnit.AudioUnit::AudioObjectGetPropertyData(System.UInt32,AudioUnit.AudioObjectPropertyAddress&,System.UInt32&,System.IntPtr&,System.UInt32&,System.UInt32&)",