mirror of
https://github.com/dart-lang/sdk
synced 2024-10-14 12:30:03 +00:00
Update BoringSSL to 4dfd5af70191b068aebe567b8e29ce108cee85ce.
Update usage of PKCS12_parse to PKCS12_get_key_and_certs, since the former changed behavior when the PKCS12 has no private key. Change-Id: I040c1a17e2994ac66cf03ad1efa80e423136cdbd Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/116828 Reviewed-by: Jonas Termansen <sortie@google.com> Reviewed-by: Zach Anderson <zra@google.com> Commit-Queue: Ryan Macnak <rmacnak@google.com>
This commit is contained in:
parent
0ad30fafc1
commit
93f1324449
4
DEPS
4
DEPS
|
@ -59,8 +59,8 @@ vars = {
|
|||
"bazel_worker_tag": "bazel_worker-v0.1.20",
|
||||
"benchmark_harness_tag": "81641290dea44c34138a109a37e215482f405f81",
|
||||
"boolean_selector_tag" : "1.0.4",
|
||||
"boringssl_gen_rev": "bbf52f18f425e29b1185f2f6753bec02ed8c5880",
|
||||
"boringssl_rev" : "702e2b6d3831486535e958f262a05c75a5cb312e",
|
||||
"boringssl_gen_rev": "b9e27cff1ff0803e97ab1f88764a83be4aa94a6d",
|
||||
"boringssl_rev" : "4dfd5af70191b068aebe567b8e29ce108cee85ce",
|
||||
"charcode_tag": "v1.1.2",
|
||||
"chrome_rev" : "19997",
|
||||
"cli_util_rev" : "4ad7ccbe3195fd2583b30f86a86697ef61e80f41",
|
||||
|
|
|
@ -102,6 +102,9 @@ class ScopedMemBIO {
|
|||
return bio_;
|
||||
}
|
||||
|
||||
uint8_t* data() { return bytes_; }
|
||||
intptr_t length() { return bytes_len_; }
|
||||
|
||||
private:
|
||||
Dart_Handle object_;
|
||||
uint8_t* bytes_;
|
||||
|
|
|
@ -165,30 +165,19 @@ Dart_Handle X509Helper::WrappedX509Certificate(X509* certificate) {
|
|||
}
|
||||
|
||||
static int SetTrustedCertificatesBytesPKCS12(SSL_CTX* context,
|
||||
BIO* bio,
|
||||
ScopedMemBIO* bio,
|
||||
const char* password) {
|
||||
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
|
||||
if (p12.get() == NULL) {
|
||||
return 0;
|
||||
}
|
||||
CBS cbs;
|
||||
CBS_init(&cbs, bio->data(), bio->length());
|
||||
|
||||
EVP_PKEY* key = NULL;
|
||||
X509* cert = NULL;
|
||||
STACK_OF(X509)* ca_certs = NULL;
|
||||
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
|
||||
ScopedX509Stack cert_stack(sk_X509_new_null());
|
||||
int status = PKCS12_get_key_and_certs(&key, cert_stack.get(), &cbs, password);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
||||
ScopedX509Stack cert_stack(ca_certs);
|
||||
X509_STORE* store = SSL_CTX_get_cert_store(context);
|
||||
status = X509_STORE_add_cert(store, cert);
|
||||
// X509_STORE_add_cert increments the reference count of cert on success.
|
||||
X509_free(cert);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
||||
X509* ca;
|
||||
while ((ca = sk_X509_shift(cert_stack.get())) != NULL) {
|
||||
status = X509_STORE_add_cert(store, ca);
|
||||
|
@ -234,8 +223,7 @@ void SSLCertContext::SetTrustedCertificatesBytes(Dart_Handle cert_bytes,
|
|||
if (SecureSocketUtils::NoPEMStartLine()) {
|
||||
ERR_clear_error();
|
||||
BIO_reset(bio.bio());
|
||||
status =
|
||||
SetTrustedCertificatesBytesPKCS12(context(), bio.bio(), password);
|
||||
status = SetTrustedCertificatesBytesPKCS12(context(), &bio, password);
|
||||
}
|
||||
} else {
|
||||
// The PEM file was successfully parsed.
|
||||
|
@ -247,25 +235,14 @@ void SSLCertContext::SetTrustedCertificatesBytes(Dart_Handle cert_bytes,
|
|||
}
|
||||
|
||||
static int SetClientAuthoritiesPKCS12(SSL_CTX* context,
|
||||
BIO* bio,
|
||||
ScopedMemBIO* bio,
|
||||
const char* password) {
|
||||
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
|
||||
if (p12.get() == NULL) {
|
||||
return 0;
|
||||
}
|
||||
CBS cbs;
|
||||
CBS_init(&cbs, bio->data(), bio->length());
|
||||
|
||||
EVP_PKEY* key = NULL;
|
||||
X509* cert = NULL;
|
||||
STACK_OF(X509)* ca_certs = NULL;
|
||||
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
||||
ScopedX509Stack cert_stack(ca_certs);
|
||||
status = SSL_CTX_add_client_CA(context, cert);
|
||||
// SSL_CTX_add_client_CA increments the reference count of cert on success.
|
||||
X509_free(cert);
|
||||
ScopedX509Stack cert_stack(sk_X509_new_null());
|
||||
int status = PKCS12_get_key_and_certs(&key, cert_stack.get(), &cbs, password);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
@ -297,13 +274,13 @@ static int SetClientAuthoritiesPEM(SSL_CTX* context, BIO* bio) {
|
|||
}
|
||||
|
||||
static int SetClientAuthorities(SSL_CTX* context,
|
||||
BIO* bio,
|
||||
ScopedMemBIO* bio,
|
||||
const char* password) {
|
||||
int status = SetClientAuthoritiesPEM(context, bio);
|
||||
int status = SetClientAuthoritiesPEM(context, bio->bio());
|
||||
if (status == 0) {
|
||||
if (SecureSocketUtils::NoPEMStartLine()) {
|
||||
ERR_clear_error();
|
||||
BIO_reset(bio);
|
||||
BIO_reset(bio->bio());
|
||||
status = SetClientAuthoritiesPKCS12(context, bio, password);
|
||||
}
|
||||
} else {
|
||||
|
@ -319,7 +296,7 @@ void SSLCertContext::SetClientAuthoritiesBytes(
|
|||
int status;
|
||||
{
|
||||
ScopedMemBIO bio(client_authorities_bytes);
|
||||
status = SetClientAuthorities(context(), bio.bio(), password);
|
||||
status = SetClientAuthorities(context(), &bio, password);
|
||||
}
|
||||
|
||||
SecureSocketUtils::CheckStatus(status, "TlsException",
|
||||
|
@ -543,35 +520,31 @@ void SSLCertContext::SetAlpnProtocolList(Dart_Handle protocols_handle,
|
|||
}
|
||||
|
||||
static int UseChainBytesPKCS12(SSL_CTX* context,
|
||||
BIO* bio,
|
||||
ScopedMemBIO* bio,
|
||||
const char* password) {
|
||||
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
|
||||
if (p12.get() == NULL) {
|
||||
return 0;
|
||||
}
|
||||
CBS cbs;
|
||||
CBS_init(&cbs, bio->data(), bio->length());
|
||||
|
||||
EVP_PKEY* key = NULL;
|
||||
X509* cert = NULL;
|
||||
STACK_OF(X509)* ca_certs = NULL;
|
||||
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
|
||||
ScopedX509Stack certs(sk_X509_new_null());
|
||||
int status = PKCS12_get_key_and_certs(&key, certs.get(), &cbs, password);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
||||
ScopedX509 x509(cert);
|
||||
ScopedX509Stack certs(ca_certs);
|
||||
status = SSL_CTX_use_certificate(context, x509.get());
|
||||
X509* ca = sk_X509_shift(certs.get());
|
||||
status = SSL_CTX_use_certificate(context, ca);
|
||||
if (ERR_peek_error() != 0) {
|
||||
// Key/certificate mismatch doesn't imply status is 0.
|
||||
status = 0;
|
||||
}
|
||||
X509_free(ca);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
||||
SSL_CTX_clear_chain_certs(context);
|
||||
|
||||
X509* ca;
|
||||
while ((ca = sk_X509_shift(certs.get())) != NULL) {
|
||||
status = SSL_CTX_add0_chain_cert(context, ca);
|
||||
// SSL_CTX_add0_chain_cert does not inc ref count, so don't free unless the
|
||||
|
@ -620,12 +593,14 @@ static int UseChainBytesPEM(SSL_CTX* context, BIO* bio) {
|
|||
return SecureSocketUtils::NoPEMStartLine() ? status : 0;
|
||||
}
|
||||
|
||||
static int UseChainBytes(SSL_CTX* context, BIO* bio, const char* password) {
|
||||
int status = UseChainBytesPEM(context, bio);
|
||||
static int UseChainBytes(SSL_CTX* context,
|
||||
ScopedMemBIO* bio,
|
||||
const char* password) {
|
||||
int status = UseChainBytesPEM(context, bio->bio());
|
||||
if (status == 0) {
|
||||
if (SecureSocketUtils::NoPEMStartLine()) {
|
||||
ERR_clear_error();
|
||||
BIO_reset(bio);
|
||||
BIO_reset(bio->bio());
|
||||
status = UseChainBytesPKCS12(context, bio, password);
|
||||
}
|
||||
} else {
|
||||
|
@ -638,7 +613,7 @@ static int UseChainBytes(SSL_CTX* context, BIO* bio, const char* password) {
|
|||
int SSLCertContext::UseCertificateChainBytes(Dart_Handle cert_chain_bytes,
|
||||
const char* password) {
|
||||
ScopedMemBIO bio(cert_chain_bytes);
|
||||
return UseChainBytes(context(), bio.bio(), password);
|
||||
return UseChainBytes(context(), &bio, password);
|
||||
}
|
||||
|
||||
static X509* GetX509Certificate(Dart_NativeArguments args) {
|
||||
|
|
Loading…
Reference in a new issue