OLD | NEW |
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 #include "bin/secure_socket.h" | 5 #include "bin/secure_socket.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
10 #include <stdio.h> | 10 #include <stdio.h> |
(...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
369 int error = ERR_get_error(); | 369 int error = ERR_get_error(); |
370 Log::PrintErr("Failed: %s status %d", message, status); | 370 Log::PrintErr("Failed: %s status %d", message, status); |
371 char error_string[SSL_ERROR_MESSAGE_BUFFER_SIZE]; | 371 char error_string[SSL_ERROR_MESSAGE_BUFFER_SIZE]; |
372 ERR_error_string_n(error, error_string, SSL_ERROR_MESSAGE_BUFFER_SIZE); | 372 ERR_error_string_n(error, error_string, SSL_ERROR_MESSAGE_BUFFER_SIZE); |
373 Log::PrintErr("ERROR: %d %s\n", error, error_string); | 373 Log::PrintErr("ERROR: %d %s\n", error, error_string); |
374 } | 374 } |
375 ThrowIOException(status, type, message); | 375 ThrowIOException(status, type, message); |
376 } | 376 } |
377 | 377 |
378 | 378 |
379 void FUNCTION_NAME(SecurityContext_UsePrivateKeyAsBytes)( | 379 void FUNCTION_NAME(SecurityContext_UsePrivateKeyBytes)( |
380 Dart_NativeArguments args) { | 380 Dart_NativeArguments args) { |
381 SSL_CTX* context = GetSecurityContext(args); | 381 SSL_CTX* context = GetSecurityContext(args); |
382 | 382 |
383 Dart_Handle key_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); | 383 Dart_Handle key_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); |
384 if (!Dart_IsTypedData(key_object) && !Dart_IsList(key_object)) { | 384 if (!Dart_IsTypedData(key_object) && !Dart_IsList(key_object)) { |
385 Dart_ThrowException(DartUtils::NewDartArgumentError( | 385 Dart_ThrowException(DartUtils::NewDartArgumentError( |
386 "keyBytes argument to SecurityContext.usePrivateKey " | 386 "keyBytes argument to SecurityContext.usePrivateKeyBytes " |
387 "is not a List<int>")); | 387 "is not a List<int>")); |
388 } | 388 } |
389 | 389 |
390 Dart_Handle password_object = ThrowIfError(Dart_GetNativeArgument(args, 2)); | 390 Dart_Handle password_object = ThrowIfError(Dart_GetNativeArgument(args, 2)); |
391 const char* password = NULL; | 391 const char* password = NULL; |
392 if (Dart_IsString(password_object)) { | 392 if (Dart_IsString(password_object)) { |
393 ThrowIfError(Dart_StringToCString(password_object, &password)); | 393 ThrowIfError(Dart_StringToCString(password_object, &password)); |
394 if (strlen(password) > PEM_BUFSIZE - 1) { | 394 if (strlen(password) > PEM_BUFSIZE - 1) { |
395 Dart_ThrowException(DartUtils::NewDartArgumentError( | 395 Dart_ThrowException(DartUtils::NewDartArgumentError( |
396 "SecurityContext.usePrivateKey password length is greater than" | 396 "SecurityContext.usePrivateKey password length is greater than" |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
434 BIO_free(bio); | 434 BIO_free(bio); |
435 if (is_typed_data) { | 435 if (is_typed_data) { |
436 ThrowIfError(Dart_TypedDataReleaseData(key_object)); | 436 ThrowIfError(Dart_TypedDataReleaseData(key_object)); |
437 } else { | 437 } else { |
438 delete[] key_bytes; | 438 delete[] key_bytes; |
439 } | 439 } |
440 | 440 |
441 // TODO(24184): Handle different expected errors here - file missing, | 441 // TODO(24184): Handle different expected errors here - file missing, |
442 // incorrect password, file not a PEM, and throw exceptions. | 442 // incorrect password, file not a PEM, and throw exceptions. |
443 // CheckStatus should also throw an exception in uncaught cases. | 443 // CheckStatus should also throw an exception in uncaught cases. |
444 CheckStatus(status, "TlsException", "Failure in usePrivateKey"); | 444 CheckStatus(status, "TlsException", "Failure in usePrivateKeyBytes"); |
445 } | 445 } |
446 | 446 |
447 | 447 |
448 void FUNCTION_NAME(SecurityContext_SetTrustedCertificates)( | 448 void FUNCTION_NAME(SecurityContext_SetTrustedCertificates)( |
449 Dart_NativeArguments args) { | 449 Dart_NativeArguments args) { |
450 SSL_CTX* context = GetSecurityContext(args); | 450 SSL_CTX* context = GetSecurityContext(args); |
451 Dart_Handle filename_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); | 451 Dart_Handle filename_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); |
452 const char* filename = NULL; | 452 const char* filename = NULL; |
453 if (Dart_IsString(filename_object)) { | 453 if (Dart_IsString(filename_object)) { |
454 ThrowIfError(Dart_StringToCString(filename_object, &filename)); | 454 ThrowIfError(Dart_StringToCString(filename_object, &filename)); |
(...skipping 27 matching lines...) Expand all Loading... |
482 // PEM_read_bio_X509 reads PEM-encoded certificates from a bio (in our case, | 482 // PEM_read_bio_X509 reads PEM-encoded certificates from a bio (in our case, |
483 // backed by a memory buffer), and returns X509 objects, one by one. | 483 // backed by a memory buffer), and returns X509 objects, one by one. |
484 // When the end of the bio is reached, it returns null. | 484 // When the end of the bio is reached, it returns null. |
485 while ((root_cert = PEM_read_bio_X509(roots_bio, NULL, NULL, NULL))) { | 485 while ((root_cert = PEM_read_bio_X509(roots_bio, NULL, NULL, NULL))) { |
486 X509_STORE_add_cert(store, root_cert); | 486 X509_STORE_add_cert(store, root_cert); |
487 } | 487 } |
488 BIO_free(roots_bio); | 488 BIO_free(roots_bio); |
489 } | 489 } |
490 | 490 |
491 | 491 |
492 void FUNCTION_NAME(SecurityContext_UseCertificateChain)( | 492 static int UseChainBytes( |
493 Dart_NativeArguments args) { | 493 SSL_CTX* context, uint8_t* chain_bytes, intptr_t chain_bytes_len) { |
494 SSL_CTX* context = GetSecurityContext(args); | 494 int status = 0; |
495 Dart_Handle filename_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); | 495 BIO* bio = BIO_new_mem_buf(chain_bytes, chain_bytes_len); |
496 const char* filename = NULL; | 496 if (bio == NULL) { |
497 if (Dart_IsString(filename_object)) { | 497 return 0; |
498 ThrowIfError(Dart_StringToCString(filename_object, &filename)); | 498 } |
| 499 |
| 500 X509* x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL); |
| 501 if (x509 == NULL) { |
| 502 BIO_free(bio); |
| 503 return 0; |
| 504 } |
| 505 |
| 506 status = SSL_CTX_use_certificate(context, x509); |
| 507 if (ERR_peek_error() != 0) { |
| 508 // Key/certificate mismatch doesn't imply status is 0. |
| 509 status = 0; |
| 510 } |
| 511 if (status == 0) { |
| 512 X509_free(x509); |
| 513 BIO_free(bio); |
| 514 return status; |
| 515 } |
| 516 |
| 517 SSL_CTX_clear_chain_certs(context); |
| 518 |
| 519 while (true) { |
| 520 X509* ca = PEM_read_bio_X509(bio, NULL, NULL, NULL); |
| 521 if (ca == NULL) { |
| 522 break; |
| 523 } |
| 524 status = SSL_CTX_add0_chain_cert(context, ca); |
| 525 if (status == 0) { |
| 526 X509_free(ca); |
| 527 X509_free(x509); |
| 528 BIO_free(bio); |
| 529 return status; |
| 530 } |
| 531 // Note that we must not free `ca` if it was successfully added to the |
| 532 // chain. We must free the main certificate x509, though since its reference |
| 533 // count is increased by SSL_CTX_use_certificate. |
| 534 } |
| 535 |
| 536 uint32_t err = ERR_peek_last_error(); |
| 537 if ((ERR_GET_LIB(err) == ERR_LIB_PEM) && |
| 538 (ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) { |
| 539 // Reached the end of the buffer. |
| 540 ERR_clear_error(); |
499 } else { | 541 } else { |
500 Dart_ThrowException(DartUtils::NewDartArgumentError( | 542 // Some real error happened. |
501 "file argument in SecurityContext.useCertificateChain" | 543 status = 0; |
502 " is not a String")); | |
503 } | 544 } |
504 int status = SSL_CTX_use_certificate_chain_file(context, filename); | 545 |
505 CheckStatus(status, | 546 X509_free(x509); |
506 "TlsException", | 547 BIO_free(bio); |
507 "Failure in useCertificateChain"); | 548 return status; |
508 } | 549 } |
509 | 550 |
510 | 551 |
| 552 void FUNCTION_NAME(SecurityContext_UseCertificateChainBytes)( |
| 553 Dart_NativeArguments args) { |
| 554 SSL_CTX* context = GetSecurityContext(args); |
| 555 |
| 556 Dart_Handle chain_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); |
| 557 if (!Dart_IsTypedData(chain_object) && !Dart_IsList(chain_object)) { |
| 558 Dart_ThrowException(DartUtils::NewDartArgumentError( |
| 559 "chainBytes argument to SecurityContext.useCertificateChainBytes " |
| 560 "is not a List<int>")); |
| 561 } |
| 562 |
| 563 uint8_t* chain_bytes = NULL; |
| 564 intptr_t chain_bytes_len = 0; |
| 565 bool is_typed_data = false; |
| 566 if (Dart_IsTypedData(chain_object)) { |
| 567 is_typed_data = true; |
| 568 Dart_TypedData_Type typ; |
| 569 ThrowIfError(Dart_TypedDataAcquireData( |
| 570 chain_object, |
| 571 &typ, |
| 572 reinterpret_cast<void**>(&chain_bytes), |
| 573 &chain_bytes_len)); |
| 574 } else { |
| 575 ASSERT(Dart_IsList(chain_object)); |
| 576 ThrowIfError(Dart_ListLength(chain_object, &chain_bytes_len)); |
| 577 chain_bytes = new uint8_t[chain_bytes_len]; |
| 578 Dart_Handle err = |
| 579 Dart_ListGetAsBytes(chain_object, 0, chain_bytes, chain_bytes_len); |
| 580 if (Dart_IsError(err)) { |
| 581 delete[] chain_bytes; |
| 582 Dart_PropagateError(err); |
| 583 } |
| 584 } |
| 585 ASSERT(chain_bytes != NULL); |
| 586 |
| 587 int status = UseChainBytes(context, chain_bytes, chain_bytes_len); |
| 588 |
| 589 if (is_typed_data) { |
| 590 ThrowIfError(Dart_TypedDataReleaseData(chain_object)); |
| 591 } else { |
| 592 delete[] chain_bytes; |
| 593 } |
| 594 CheckStatus(status, |
| 595 "TlsException", |
| 596 "Failure in useCertificateChainBytes"); |
| 597 } |
| 598 |
| 599 |
511 void FUNCTION_NAME(SecurityContext_SetClientAuthorities)( | 600 void FUNCTION_NAME(SecurityContext_SetClientAuthorities)( |
512 Dart_NativeArguments args) { | 601 Dart_NativeArguments args) { |
513 SSL_CTX* context = GetSecurityContext(args); | 602 SSL_CTX* context = GetSecurityContext(args); |
514 Dart_Handle filename_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); | 603 Dart_Handle filename_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); |
515 const char* filename = NULL; | 604 const char* filename = NULL; |
516 if (Dart_IsString(filename_object)) { | 605 if (Dart_IsString(filename_object)) { |
517 ThrowIfError(Dart_StringToCString(filename_object, &filename)); | 606 ThrowIfError(Dart_StringToCString(filename_object, &filename)); |
518 } else { | 607 } else { |
519 Dart_ThrowException(DartUtils::NewDartArgumentError( | 608 Dart_ThrowException(DartUtils::NewDartArgumentError( |
520 "file argument in SecurityContext.setClientAuthorities" | 609 "file argument in SecurityContext.setClientAuthorities" |
(...skipping 626 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1147 } else { | 1236 } else { |
1148 if (SSL_LOG_DATA) Log::Print( | 1237 if (SSL_LOG_DATA) Log::Print( |
1149 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); | 1238 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); |
1150 } | 1239 } |
1151 } | 1240 } |
1152 return bytes_processed; | 1241 return bytes_processed; |
1153 } | 1242 } |
1154 | 1243 |
1155 } // namespace bin | 1244 } // namespace bin |
1156 } // namespace dart | 1245 } // namespace dart |
OLD | NEW |