languages/dart-sdk
languages/dart-sdk
1
0
Fork 0
mirror of https://github.com/dart-lang/sdk synced 2024-09-16 04:57:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Reland "Update BoringSSL to 4dfd5af70191b068aebe567b8e29ce108cee85ce.""

Browse source 
This reverts commit 7eeaeade6b.

Reason for revert: This change requires some changes to he Flutter license script before it can be rolled into Flutter, Since changes on the Dart side are mounting up I am reverting this change so the roll can move forward and then we will reland this change with the right fixes to the license checking script.

Original change's description:
> Reland "Update BoringSSL to 4dfd5af70191b068aebe567b8e29ce108cee85ce."
> 
> Change-Id: I7bdc0f0d55af2ecced789f1aa8f37b804641eaf4
> Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/121887
> Reviewed-by: Jonas Termansen <sortie@google.com>
> Commit-Queue: Ryan Macnak <rmacnak@google.com>

TBR=sortie@google.com,rmacnak@google.com

# Not skipping CQ checks because original CL landed > 1 day ago.

Change-Id: I548844e9d58559e6ed5796dff08f3ab0644c6dc2
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/122410
Reviewed-by: Siva Annamalai <asiva@google.com>
Commit-Queue: Siva Annamalai <asiva@google.com>
This commit is contained in:
Siva Annamalai 2019-10-22 05:54:53 +00:00 committed by commit-bot@chromium.org
parent d0e35833b3
commit e1c409792c
3 changed files with 56 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
DEPS
View file

@ -59,8 +59,8 @@ vars = {
"bazel_worker_tag": "bazel_worker-v0.1.20",
"benchmark_harness_tag": "81641290dea44c34138a109a37e215482f405f81",
"boolean_selector_tag" : "1.0.4",
"boringssl_gen_rev": "b9e27cff1ff0803e97ab1f88764a83be4aa94a6d",
"boringssl_rev" : "4dfd5af70191b068aebe567b8e29ce108cee85ce",
"boringssl_gen_rev": "bbf52f18f425e29b1185f2f6753bec02ed8c5880",
"boringssl_rev" : "702e2b6d3831486535e958f262a05c75a5cb312e",
"charcode_tag": "v1.1.2",
"chrome_rev" : "19997",
"cli_util_rev" : "4ad7ccbe3195fd2583b30f86a86697ef61e80f41",

3
runtime/bin/secure_socket_utils.h
View file

@ -102,9 +102,6 @@ class ScopedMemBIO {
return bio_;
}
uint8_t* data() { return bytes_; }
intptr_t length() { return bytes_len_; }
private:
Dart_Handle object_;
uint8_t* bytes_;

83
runtime/bin/security_context.cc
View file

@ -165,19 +165,30 @@ Dart_Handle X509Helper::WrappedX509Certificate(X509* certificate) {
}
static int SetTrustedCertificatesBytesPKCS12(SSL_CTX* context,
ScopedMemBIO* bio,
BIO* bio,
const char* password) {
CBS cbs;
CBS_init(&cbs, bio->data(), bio->length());
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
if (p12.get() == NULL) {
return 0;
}
EVP_PKEY* key = NULL;
ScopedX509Stack cert_stack(sk_X509_new_null());
int status = PKCS12_get_key_and_certs(&key, cert_stack.get(), &cbs, password);
X509* cert = NULL;
STACK_OF(X509)* ca_certs = NULL;
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
if (status == 0) {
return status;
}
ScopedX509Stack cert_stack(ca_certs);
X509_STORE* store = SSL_CTX_get_cert_store(context);
status = X509_STORE_add_cert(store, cert);
// X509_STORE_add_cert increments the reference count of cert on success.
X509_free(cert);
if (status == 0) {
return status;
}
X509* ca;
while ((ca = sk_X509_shift(cert_stack.get())) != NULL) {
status = X509_STORE_add_cert(store, ca);
@ -223,7 +234,8 @@ void SSLCertContext::SetTrustedCertificatesBytes(Dart_Handle cert_bytes,
if (SecureSocketUtils::NoPEMStartLine()) {
ERR_clear_error();
BIO_reset(bio.bio());
status = SetTrustedCertificatesBytesPKCS12(context(), &bio, password);
status =
SetTrustedCertificatesBytesPKCS12(context(), bio.bio(), password);
}
} else {
// The PEM file was successfully parsed.
@ -235,14 +247,25 @@ void SSLCertContext::SetTrustedCertificatesBytes(Dart_Handle cert_bytes,
}
static int SetClientAuthoritiesPKCS12(SSL_CTX* context,
ScopedMemBIO* bio,
BIO* bio,
const char* password) {
CBS cbs;
CBS_init(&cbs, bio->data(), bio->length());
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
if (p12.get() == NULL) {
return 0;
}
EVP_PKEY* key = NULL;
ScopedX509Stack cert_stack(sk_X509_new_null());
int status = PKCS12_get_key_and_certs(&key, cert_stack.get(), &cbs, password);
X509* cert = NULL;
STACK_OF(X509)* ca_certs = NULL;
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
if (status == 0) {
return status;
}
ScopedX509Stack cert_stack(ca_certs);
status = SSL_CTX_add_client_CA(context, cert);
// SSL_CTX_add_client_CA increments the reference count of cert on success.
X509_free(cert);
if (status == 0) {
return status;
}
@ -274,13 +297,13 @@ static int SetClientAuthoritiesPEM(SSL_CTX* context, BIO* bio) {
}
static int SetClientAuthorities(SSL_CTX* context,
ScopedMemBIO* bio,
BIO* bio,
const char* password) {
int status = SetClientAuthoritiesPEM(context, bio->bio());
int status = SetClientAuthoritiesPEM(context, bio);
if (status == 0) {
if (SecureSocketUtils::NoPEMStartLine()) {
ERR_clear_error();
BIO_reset(bio->bio());
BIO_reset(bio);
status = SetClientAuthoritiesPKCS12(context, bio, password);
}
} else {
@ -296,7 +319,7 @@ void SSLCertContext::SetClientAuthoritiesBytes(
int status;
{
ScopedMemBIO bio(client_authorities_bytes);
status = SetClientAuthorities(context(), &bio, password);
status = SetClientAuthorities(context(), bio.bio(), password);
}
SecureSocketUtils::CheckStatus(status, "TlsException",
@ -520,31 +543,35 @@ void SSLCertContext::SetAlpnProtocolList(Dart_Handle protocols_handle,
}
static int UseChainBytesPKCS12(SSL_CTX* context,
ScopedMemBIO* bio,
BIO* bio,
const char* password) {
CBS cbs;
CBS_init(&cbs, bio->data(), bio->length());
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
if (p12.get() == NULL) {
return 0;
}
EVP_PKEY* key = NULL;
ScopedX509Stack certs(sk_X509_new_null());
int status = PKCS12_get_key_and_certs(&key, certs.get(), &cbs, password);
X509* cert = NULL;
STACK_OF(X509)* ca_certs = NULL;
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
if (status == 0) {
return status;
}
X509* ca = sk_X509_shift(certs.get());
status = SSL_CTX_use_certificate(context, ca);
ScopedX509 x509(cert);
ScopedX509Stack certs(ca_certs);
status = SSL_CTX_use_certificate(context, x509.get());
if (ERR_peek_error() != 0) {
// Key/certificate mismatch doesn't imply status is 0.
status = 0;
}
X509_free(ca);
if (status == 0) {
return status;
}
SSL_CTX_clear_chain_certs(context);
X509* ca;
while ((ca = sk_X509_shift(certs.get())) != NULL) {
status = SSL_CTX_add0_chain_cert(context, ca);
// SSL_CTX_add0_chain_cert does not inc ref count, so don't free unless the
@ -593,14 +620,12 @@ static int UseChainBytesPEM(SSL_CTX* context, BIO* bio) {
return SecureSocketUtils::NoPEMStartLine() ? status : 0;
}
static int UseChainBytes(SSL_CTX* context,
ScopedMemBIO* bio,
const char* password) {
int status = UseChainBytesPEM(context, bio->bio());
static int UseChainBytes(SSL_CTX* context, BIO* bio, const char* password) {
int status = UseChainBytesPEM(context, bio);
if (status == 0) {
if (SecureSocketUtils::NoPEMStartLine()) {
ERR_clear_error();
BIO_reset(bio->bio());
BIO_reset(bio);
status = UseChainBytesPKCS12(context, bio, password);
}
} else {
@ -613,7 +638,7 @@ static int UseChainBytes(SSL_CTX* context,
int SSLCertContext::UseCertificateChainBytes(Dart_Handle cert_chain_bytes,
const char* password) {
ScopedMemBIO bio(cert_chain_bytes);
return UseChainBytes(context(), &bio, password);
return UseChainBytes(context(), bio.bio(), password);
}
static X509* GetX509Certificate(Dart_NativeArguments args) {