mirror of
https://github.com/dart-lang/sdk
synced 2024-09-16 04:57:43 +00:00
Revert "Reland "Update BoringSSL to 4dfd5af70191b068aebe567b8e29ce108cee85ce.""
This reverts commit 7eeaeade6b
.
Reason for revert: This change requires some changes to he Flutter license script before it can be rolled into Flutter, Since changes on the Dart side are mounting up I am reverting this change so the roll can move forward and then we will reland this change with the right fixes to the license checking script.
Original change's description:
> Reland "Update BoringSSL to 4dfd5af70191b068aebe567b8e29ce108cee85ce."
>
> Change-Id: I7bdc0f0d55af2ecced789f1aa8f37b804641eaf4
> Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/121887
> Reviewed-by: Jonas Termansen <sortie@google.com>
> Commit-Queue: Ryan Macnak <rmacnak@google.com>
TBR=sortie@google.com,rmacnak@google.com
# Not skipping CQ checks because original CL landed > 1 day ago.
Change-Id: I548844e9d58559e6ed5796dff08f3ab0644c6dc2
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/122410
Reviewed-by: Siva Annamalai <asiva@google.com>
Commit-Queue: Siva Annamalai <asiva@google.com>
This commit is contained in:
parent
d0e35833b3
commit
e1c409792c
4
DEPS
4
DEPS
|
@ -59,8 +59,8 @@ vars = {
|
|||
"bazel_worker_tag": "bazel_worker-v0.1.20",
|
||||
"benchmark_harness_tag": "81641290dea44c34138a109a37e215482f405f81",
|
||||
"boolean_selector_tag" : "1.0.4",
|
||||
"boringssl_gen_rev": "b9e27cff1ff0803e97ab1f88764a83be4aa94a6d",
|
||||
"boringssl_rev" : "4dfd5af70191b068aebe567b8e29ce108cee85ce",
|
||||
"boringssl_gen_rev": "bbf52f18f425e29b1185f2f6753bec02ed8c5880",
|
||||
"boringssl_rev" : "702e2b6d3831486535e958f262a05c75a5cb312e",
|
||||
"charcode_tag": "v1.1.2",
|
||||
"chrome_rev" : "19997",
|
||||
"cli_util_rev" : "4ad7ccbe3195fd2583b30f86a86697ef61e80f41",
|
||||
|
|
|
@ -102,9 +102,6 @@ class ScopedMemBIO {
|
|||
return bio_;
|
||||
}
|
||||
|
||||
uint8_t* data() { return bytes_; }
|
||||
intptr_t length() { return bytes_len_; }
|
||||
|
||||
private:
|
||||
Dart_Handle object_;
|
||||
uint8_t* bytes_;
|
||||
|
|
|
@ -165,19 +165,30 @@ Dart_Handle X509Helper::WrappedX509Certificate(X509* certificate) {
|
|||
}
|
||||
|
||||
static int SetTrustedCertificatesBytesPKCS12(SSL_CTX* context,
|
||||
ScopedMemBIO* bio,
|
||||
BIO* bio,
|
||||
const char* password) {
|
||||
CBS cbs;
|
||||
CBS_init(&cbs, bio->data(), bio->length());
|
||||
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
|
||||
if (p12.get() == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
EVP_PKEY* key = NULL;
|
||||
ScopedX509Stack cert_stack(sk_X509_new_null());
|
||||
int status = PKCS12_get_key_and_certs(&key, cert_stack.get(), &cbs, password);
|
||||
X509* cert = NULL;
|
||||
STACK_OF(X509)* ca_certs = NULL;
|
||||
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
||||
ScopedX509Stack cert_stack(ca_certs);
|
||||
X509_STORE* store = SSL_CTX_get_cert_store(context);
|
||||
status = X509_STORE_add_cert(store, cert);
|
||||
// X509_STORE_add_cert increments the reference count of cert on success.
|
||||
X509_free(cert);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
||||
X509* ca;
|
||||
while ((ca = sk_X509_shift(cert_stack.get())) != NULL) {
|
||||
status = X509_STORE_add_cert(store, ca);
|
||||
|
@ -223,7 +234,8 @@ void SSLCertContext::SetTrustedCertificatesBytes(Dart_Handle cert_bytes,
|
|||
if (SecureSocketUtils::NoPEMStartLine()) {
|
||||
ERR_clear_error();
|
||||
BIO_reset(bio.bio());
|
||||
status = SetTrustedCertificatesBytesPKCS12(context(), &bio, password);
|
||||
status =
|
||||
SetTrustedCertificatesBytesPKCS12(context(), bio.bio(), password);
|
||||
}
|
||||
} else {
|
||||
// The PEM file was successfully parsed.
|
||||
|
@ -235,14 +247,25 @@ void SSLCertContext::SetTrustedCertificatesBytes(Dart_Handle cert_bytes,
|
|||
}
|
||||
|
||||
static int SetClientAuthoritiesPKCS12(SSL_CTX* context,
|
||||
ScopedMemBIO* bio,
|
||||
BIO* bio,
|
||||
const char* password) {
|
||||
CBS cbs;
|
||||
CBS_init(&cbs, bio->data(), bio->length());
|
||||
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
|
||||
if (p12.get() == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
EVP_PKEY* key = NULL;
|
||||
ScopedX509Stack cert_stack(sk_X509_new_null());
|
||||
int status = PKCS12_get_key_and_certs(&key, cert_stack.get(), &cbs, password);
|
||||
X509* cert = NULL;
|
||||
STACK_OF(X509)* ca_certs = NULL;
|
||||
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
||||
ScopedX509Stack cert_stack(ca_certs);
|
||||
status = SSL_CTX_add_client_CA(context, cert);
|
||||
// SSL_CTX_add_client_CA increments the reference count of cert on success.
|
||||
X509_free(cert);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
@ -274,13 +297,13 @@ static int SetClientAuthoritiesPEM(SSL_CTX* context, BIO* bio) {
|
|||
}
|
||||
|
||||
static int SetClientAuthorities(SSL_CTX* context,
|
||||
ScopedMemBIO* bio,
|
||||
BIO* bio,
|
||||
const char* password) {
|
||||
int status = SetClientAuthoritiesPEM(context, bio->bio());
|
||||
int status = SetClientAuthoritiesPEM(context, bio);
|
||||
if (status == 0) {
|
||||
if (SecureSocketUtils::NoPEMStartLine()) {
|
||||
ERR_clear_error();
|
||||
BIO_reset(bio->bio());
|
||||
BIO_reset(bio);
|
||||
status = SetClientAuthoritiesPKCS12(context, bio, password);
|
||||
}
|
||||
} else {
|
||||
|
@ -296,7 +319,7 @@ void SSLCertContext::SetClientAuthoritiesBytes(
|
|||
int status;
|
||||
{
|
||||
ScopedMemBIO bio(client_authorities_bytes);
|
||||
status = SetClientAuthorities(context(), &bio, password);
|
||||
status = SetClientAuthorities(context(), bio.bio(), password);
|
||||
}
|
||||
|
||||
SecureSocketUtils::CheckStatus(status, "TlsException",
|
||||
|
@ -520,31 +543,35 @@ void SSLCertContext::SetAlpnProtocolList(Dart_Handle protocols_handle,
|
|||
}
|
||||
|
||||
static int UseChainBytesPKCS12(SSL_CTX* context,
|
||||
ScopedMemBIO* bio,
|
||||
BIO* bio,
|
||||
const char* password) {
|
||||
CBS cbs;
|
||||
CBS_init(&cbs, bio->data(), bio->length());
|
||||
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
|
||||
if (p12.get() == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
EVP_PKEY* key = NULL;
|
||||
ScopedX509Stack certs(sk_X509_new_null());
|
||||
int status = PKCS12_get_key_and_certs(&key, certs.get(), &cbs, password);
|
||||
X509* cert = NULL;
|
||||
STACK_OF(X509)* ca_certs = NULL;
|
||||
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
||||
X509* ca = sk_X509_shift(certs.get());
|
||||
status = SSL_CTX_use_certificate(context, ca);
|
||||
ScopedX509 x509(cert);
|
||||
ScopedX509Stack certs(ca_certs);
|
||||
status = SSL_CTX_use_certificate(context, x509.get());
|
||||
if (ERR_peek_error() != 0) {
|
||||
// Key/certificate mismatch doesn't imply status is 0.
|
||||
status = 0;
|
||||
}
|
||||
X509_free(ca);
|
||||
if (status == 0) {
|
||||
return status;
|
||||
}
|
||||
|
||||
SSL_CTX_clear_chain_certs(context);
|
||||
|
||||
X509* ca;
|
||||
while ((ca = sk_X509_shift(certs.get())) != NULL) {
|
||||
status = SSL_CTX_add0_chain_cert(context, ca);
|
||||
// SSL_CTX_add0_chain_cert does not inc ref count, so don't free unless the
|
||||
|
@ -593,14 +620,12 @@ static int UseChainBytesPEM(SSL_CTX* context, BIO* bio) {
|
|||
return SecureSocketUtils::NoPEMStartLine() ? status : 0;
|
||||
}
|
||||
|
||||
static int UseChainBytes(SSL_CTX* context,
|
||||
ScopedMemBIO* bio,
|
||||
const char* password) {
|
||||
int status = UseChainBytesPEM(context, bio->bio());
|
||||
static int UseChainBytes(SSL_CTX* context, BIO* bio, const char* password) {
|
||||
int status = UseChainBytesPEM(context, bio);
|
||||
if (status == 0) {
|
||||
if (SecureSocketUtils::NoPEMStartLine()) {
|
||||
ERR_clear_error();
|
||||
BIO_reset(bio->bio());
|
||||
BIO_reset(bio);
|
||||
status = UseChainBytesPKCS12(context, bio, password);
|
||||
}
|
||||
} else {
|
||||
|
@ -613,7 +638,7 @@ static int UseChainBytes(SSL_CTX* context,
|
|||
int SSLCertContext::UseCertificateChainBytes(Dart_Handle cert_chain_bytes,
|
||||
const char* password) {
|
||||
ScopedMemBIO bio(cert_chain_bytes);
|
||||
return UseChainBytes(context(), &bio, password);
|
||||
return UseChainBytes(context(), bio.bio(), password);
|
||||
}
|
||||
|
||||
static X509* GetX509Certificate(Dart_NativeArguments args) {
|
||||
|
|
Loading…
Reference in a new issue