OLD | NEW |
---|---|
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 #include "bin/secure_socket.h" | 5 #include "bin/secure_socket.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
10 #include <stdio.h> | 10 #include <stdio.h> |
(...skipping 11 matching lines...) Expand all Loading... | |
22 #include "bin/dartutils.h" | 22 #include "bin/dartutils.h" |
23 #include "bin/lockers.h" | 23 #include "bin/lockers.h" |
24 #include "bin/log.h" | 24 #include "bin/log.h" |
25 #include "bin/socket.h" | 25 #include "bin/socket.h" |
26 #include "bin/thread.h" | 26 #include "bin/thread.h" |
27 #include "bin/utils.h" | 27 #include "bin/utils.h" |
28 #include "platform/utils.h" | 28 #include "platform/utils.h" |
29 | 29 |
30 #include "include/dart_api.h" | 30 #include "include/dart_api.h" |
31 | 31 |
32 // Return the error from the containing function if handle is in error handle. | |
Bill Hesse
2016/03/01 17:02:18
"if handle is an error handle"?
zra
2016/03/01 21:19:02
Done.
| |
33 #define RETURN_IF_ERROR(handle) \ | |
34 { \ | |
35 Dart_Handle __handle = handle; \ | |
36 if (Dart_IsError((__handle))) { \ | |
37 return __handle; \ | |
38 } \ | |
39 } | |
40 | |
32 namespace dart { | 41 namespace dart { |
33 namespace bin { | 42 namespace bin { |
34 | 43 |
35 bool SSLFilter::library_initialized_ = false; | 44 bool SSLFilter::library_initialized_ = false; |
36 // To protect library initialization. | 45 // To protect library initialization. |
37 Mutex* SSLFilter::mutex_ = new Mutex(); | 46 Mutex* SSLFilter::mutex_ = new Mutex(); |
38 int SSLFilter::filter_ssl_index; | 47 int SSLFilter::filter_ssl_index; |
39 | 48 |
40 static const int kSSLFilterNativeFieldIndex = 0; | 49 static const int kSSLFilterNativeFieldIndex = 0; |
41 static const int kSecurityContextNativeFieldIndex = 0; | 50 static const int kSecurityContextNativeFieldIndex = 0; |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
96 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); | 105 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); |
97 ASSERT(Dart_IsInstance(dart_this)); | 106 ASSERT(Dart_IsInstance(dart_this)); |
98 ThrowIfError(Dart_GetNativeInstanceField( | 107 ThrowIfError(Dart_GetNativeInstanceField( |
99 dart_this, | 108 dart_this, |
100 kSSLFilterNativeFieldIndex, | 109 kSSLFilterNativeFieldIndex, |
101 reinterpret_cast<intptr_t*>(&filter))); | 110 reinterpret_cast<intptr_t*>(&filter))); |
102 return filter; | 111 return filter; |
103 } | 112 } |
104 | 113 |
105 | 114 |
106 static void SetFilter(Dart_NativeArguments args, SSLFilter* filter) { | 115 static void DeleteFilter( |
107 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); | 116 void* isolate_data, |
108 ASSERT(Dart_IsInstance(dart_this)); | 117 Dart_WeakPersistentHandle handle, |
109 ThrowIfError(Dart_SetNativeInstanceField( | 118 void* context_pointer) { |
110 dart_this, | 119 SSLFilter* filter = reinterpret_cast<SSLFilter*>(context_pointer); |
111 kSSLFilterNativeFieldIndex, | 120 delete filter; |
112 reinterpret_cast<intptr_t>(filter))); | |
113 } | 121 } |
114 | 122 |
115 | 123 |
124 static Dart_Handle SetFilter(Dart_NativeArguments args, SSLFilter* filter) { | |
125 ASSERT(filter != NULL); | |
126 Dart_Handle dart_this = Dart_GetNativeArgument(args, 0); | |
127 RETURN_IF_ERROR(dart_this); | |
128 ASSERT(Dart_IsInstance(dart_this)); | |
129 Dart_Handle err = Dart_SetNativeInstanceField( | |
130 dart_this, | |
131 kSSLFilterNativeFieldIndex, | |
132 reinterpret_cast<intptr_t>(filter)); | |
133 RETURN_IF_ERROR(err); | |
134 Dart_NewWeakPersistentHandle(dart_this, | |
135 reinterpret_cast<void*>(filter), | |
136 sizeof(*filter), | |
137 DeleteFilter); | |
138 return Dart_Null(); | |
139 } | |
140 | |
141 | |
116 static SSL_CTX* GetSecurityContext(Dart_NativeArguments args) { | 142 static SSL_CTX* GetSecurityContext(Dart_NativeArguments args) { |
117 SSL_CTX* context; | 143 SSL_CTX* context; |
118 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); | 144 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); |
119 ASSERT(Dart_IsInstance(dart_this)); | 145 ASSERT(Dart_IsInstance(dart_this)); |
120 ThrowIfError(Dart_GetNativeInstanceField( | 146 ThrowIfError(Dart_GetNativeInstanceField( |
121 dart_this, | 147 dart_this, |
122 kSecurityContextNativeFieldIndex, | 148 kSecurityContextNativeFieldIndex, |
123 reinterpret_cast<intptr_t*>(&context))); | 149 reinterpret_cast<intptr_t*>(&context))); |
124 return context; | 150 return context; |
125 } | 151 } |
126 | 152 |
127 | 153 |
128 static void FreeSecurityContext( | 154 static void FreeSecurityContext( |
129 void* isolate_data, | 155 void* isolate_data, |
130 Dart_WeakPersistentHandle handle, | 156 Dart_WeakPersistentHandle handle, |
131 void* context_pointer) { | 157 void* context_pointer) { |
132 SSL_CTX* context = static_cast<SSL_CTX*>(context_pointer); | 158 SSL_CTX* context = static_cast<SSL_CTX*>(context_pointer); |
133 SSL_CTX_free(context); | 159 SSL_CTX_free(context); |
134 } | 160 } |
135 | 161 |
136 | 162 |
137 static void SetSecurityContext(Dart_NativeArguments args, | 163 static Dart_Handle SetSecurityContext(Dart_NativeArguments args, |
138 SSL_CTX* context) { | 164 SSL_CTX* context) { |
139 const int approximate_size_of_context = 1500; | 165 const int approximate_size_of_context = 1500; |
140 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); | 166 Dart_Handle dart_this = Dart_GetNativeArgument(args, 0); |
167 RETURN_IF_ERROR(dart_this); | |
141 ASSERT(Dart_IsInstance(dart_this)); | 168 ASSERT(Dart_IsInstance(dart_this)); |
142 ThrowIfError(Dart_SetNativeInstanceField( | 169 Dart_Handle err = Dart_SetNativeInstanceField( |
143 dart_this, | 170 dart_this, |
144 kSecurityContextNativeFieldIndex, | 171 kSecurityContextNativeFieldIndex, |
145 reinterpret_cast<intptr_t>(context))); | 172 reinterpret_cast<intptr_t>(context)); |
173 RETURN_IF_ERROR(err); | |
146 Dart_NewWeakPersistentHandle(dart_this, | 174 Dart_NewWeakPersistentHandle(dart_this, |
147 context, | 175 context, |
148 approximate_size_of_context, | 176 approximate_size_of_context, |
149 FreeSecurityContext); | 177 FreeSecurityContext); |
178 return Dart_Null(); | |
150 } | 179 } |
151 | 180 |
152 | 181 |
153 static X509* GetX509Certificate(Dart_NativeArguments args) { | 182 static X509* GetX509Certificate(Dart_NativeArguments args) { |
154 X509* certificate; | 183 X509* certificate; |
155 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); | 184 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); |
156 ASSERT(Dart_IsInstance(dart_this)); | 185 ASSERT(Dart_IsInstance(dart_this)); |
157 ThrowIfError(Dart_GetNativeInstanceField( | 186 ThrowIfError(Dart_GetNativeInstanceField( |
158 dart_this, | 187 dart_this, |
159 kX509NativeFieldIndex, | 188 kX509NativeFieldIndex, |
160 reinterpret_cast<intptr_t*>(&certificate))); | 189 reinterpret_cast<intptr_t*>(&certificate))); |
161 return certificate; | 190 return certificate; |
162 } | 191 } |
163 | 192 |
164 | 193 |
165 // Forward declaration. | 194 // Forward declaration. |
166 static void SetAlpnProtocolList(Dart_Handle protocols_handle, | 195 static void SetAlpnProtocolList(Dart_Handle protocols_handle, |
167 SSL* ssl, | 196 SSL* ssl, |
168 SSL_CTX* context, | 197 SSL_CTX* context, |
169 bool is_server); | 198 bool is_server); |
170 | 199 |
171 | 200 |
172 void FUNCTION_NAME(SecureSocket_Init)(Dart_NativeArguments args) { | 201 void FUNCTION_NAME(SecureSocket_Init)(Dart_NativeArguments args) { |
173 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); | 202 Dart_Handle dart_this = ThrowIfError(Dart_GetNativeArgument(args, 0)); |
174 SSLFilter* filter = new SSLFilter; | 203 SSLFilter* filter = new SSLFilter(); |
175 SetFilter(args, filter); | 204 Dart_Handle err = SetFilter(args, filter); |
176 filter->Init(dart_this); | 205 if (Dart_IsError(err)) { |
206 delete filter; | |
207 Dart_PropagateError(err); | |
208 } | |
209 err = filter->Init(dart_this); | |
210 if (Dart_IsError(err)) { | |
211 delete filter; | |
Bill Hesse
2016/03/01 17:02:18
Won't the delete filter from the WeakPersistentHan
zra
2016/03/01 21:19:02
Removed
| |
212 Dart_PropagateError(err); | |
213 } | |
177 } | 214 } |
178 | 215 |
179 | 216 |
180 void FUNCTION_NAME(SecureSocket_Connect)(Dart_NativeArguments args) { | 217 void FUNCTION_NAME(SecureSocket_Connect)(Dart_NativeArguments args) { |
181 Dart_Handle host_name_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); | 218 Dart_Handle host_name_object = ThrowIfError(Dart_GetNativeArgument(args, 1)); |
182 Dart_Handle context_object = ThrowIfError(Dart_GetNativeArgument(args, 2)); | 219 Dart_Handle context_object = ThrowIfError(Dart_GetNativeArgument(args, 2)); |
183 bool is_server = DartUtils::GetBooleanValue(Dart_GetNativeArgument(args, 3)); | 220 bool is_server = DartUtils::GetBooleanValue(Dart_GetNativeArgument(args, 3)); |
184 bool request_client_certificate = | 221 bool request_client_certificate = |
185 DartUtils::GetBooleanValue(Dart_GetNativeArgument(args, 4)); | 222 DartUtils::GetBooleanValue(Dart_GetNativeArgument(args, 4)); |
186 bool require_client_certificate = | 223 bool require_client_certificate = |
(...skipping 21 matching lines...) Expand all Loading... | |
208 context, | 245 context, |
209 is_server, | 246 is_server, |
210 request_client_certificate, | 247 request_client_certificate, |
211 require_client_certificate, | 248 require_client_certificate, |
212 protocols_handle); | 249 protocols_handle); |
213 } | 250 } |
214 | 251 |
215 | 252 |
216 void FUNCTION_NAME(SecureSocket_Destroy)(Dart_NativeArguments args) { | 253 void FUNCTION_NAME(SecureSocket_Destroy)(Dart_NativeArguments args) { |
217 SSLFilter* filter = GetFilter(args); | 254 SSLFilter* filter = GetFilter(args); |
218 SetFilter(args, NULL); | |
219 filter->Destroy(); | 255 filter->Destroy(); |
220 delete filter; | |
221 } | 256 } |
222 | 257 |
223 | 258 |
224 void FUNCTION_NAME(SecureSocket_Handshake)(Dart_NativeArguments args) { | 259 void FUNCTION_NAME(SecureSocket_Handshake)(Dart_NativeArguments args) { |
225 GetFilter(args)->Handshake(); | 260 GetFilter(args)->Handshake(); |
226 } | 261 } |
227 | 262 |
228 | 263 |
229 void FUNCTION_NAME(SecureSocket_GetSelectedProtocol)( | 264 void FUNCTION_NAME(SecureSocket_GetSelectedProtocol)( |
230 Dart_NativeArguments args) { | 265 Dart_NativeArguments args) { |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
264 if (!Dart_IsClosure(callback) && !Dart_IsNull(callback)) { | 299 if (!Dart_IsClosure(callback) && !Dart_IsNull(callback)) { |
265 Dart_ThrowException(DartUtils::NewDartArgumentError( | 300 Dart_ThrowException(DartUtils::NewDartArgumentError( |
266 "Illegal argument to RegisterBadCertificateCallback")); | 301 "Illegal argument to RegisterBadCertificateCallback")); |
267 } | 302 } |
268 GetFilter(args)->RegisterBadCertificateCallback(callback); | 303 GetFilter(args)->RegisterBadCertificateCallback(callback); |
269 } | 304 } |
270 | 305 |
271 | 306 |
272 void FUNCTION_NAME(SecureSocket_PeerCertificate) | 307 void FUNCTION_NAME(SecureSocket_PeerCertificate) |
273 (Dart_NativeArguments args) { | 308 (Dart_NativeArguments args) { |
274 Dart_SetReturnValue(args, GetFilter(args)->PeerCertificate()); | 309 Dart_Handle cert = ThrowIfError(GetFilter(args)->PeerCertificate()); |
310 Dart_SetReturnValue(args, cert); | |
275 } | 311 } |
276 | 312 |
277 | 313 |
278 void FUNCTION_NAME(SecureSocket_FilterPointer)(Dart_NativeArguments args) { | 314 void FUNCTION_NAME(SecureSocket_FilterPointer)(Dart_NativeArguments args) { |
279 intptr_t filter_pointer = reinterpret_cast<intptr_t>(GetFilter(args)); | 315 intptr_t filter_pointer = reinterpret_cast<intptr_t>(GetFilter(args)); |
280 Dart_SetReturnValue(args, Dart_NewInteger(filter_pointer)); | 316 Dart_SetReturnValue(args, Dart_NewInteger(filter_pointer)); |
281 } | 317 } |
282 | 318 |
283 | 319 |
320 static void ReleaseCertificate( | |
321 void* isolate_data, | |
322 Dart_WeakPersistentHandle handle, | |
323 void* context_pointer) { | |
324 X509* cert = reinterpret_cast<X509*>(context_pointer); | |
325 X509_free(cert); | |
326 } | |
327 | |
328 | |
284 static Dart_Handle WrappedX509Certificate(X509* certificate) { | 329 static Dart_Handle WrappedX509Certificate(X509* certificate) { |
330 const intptr_t approximate_size_of_certificate = 1500; | |
285 if (certificate == NULL) { | 331 if (certificate == NULL) { |
286 return Dart_Null(); | 332 return Dart_Null(); |
287 } | 333 } |
288 Dart_Handle x509_type = | 334 Dart_Handle x509_type = |
289 DartUtils::GetDartType(DartUtils::kIOLibURL, "X509Certificate"); | 335 DartUtils::GetDartType(DartUtils::kIOLibURL, "X509Certificate"); |
290 if (Dart_IsError(x509_type)) { | 336 if (Dart_IsError(x509_type)) { |
337 X509_free(certificate); | |
291 return x509_type; | 338 return x509_type; |
292 } | 339 } |
293 Dart_Handle arguments[] = { NULL }; | 340 Dart_Handle arguments[] = { NULL }; |
294 Dart_Handle result = | 341 Dart_Handle result = |
295 Dart_New(x509_type, DartUtils::NewString("_"), 0, arguments); | 342 Dart_New(x509_type, DartUtils::NewString("_"), 0, arguments); |
296 if (Dart_IsError(result)) { | 343 if (Dart_IsError(result)) { |
344 X509_free(certificate); | |
297 return result; | 345 return result; |
298 } | 346 } |
299 ASSERT(Dart_IsInstance(result)); | 347 ASSERT(Dart_IsInstance(result)); |
300 Dart_Handle status = Dart_SetNativeInstanceField( | 348 Dart_Handle status = Dart_SetNativeInstanceField( |
301 result, | 349 result, |
302 kX509NativeFieldIndex, | 350 kX509NativeFieldIndex, |
303 reinterpret_cast<intptr_t>(certificate)); | 351 reinterpret_cast<intptr_t>(certificate)); |
304 if (Dart_IsError(status)) { | 352 if (Dart_IsError(status)) { |
353 X509_free(certificate); | |
305 return status; | 354 return status; |
306 } | 355 } |
356 Dart_NewWeakPersistentHandle(result, | |
357 reinterpret_cast<void*>(certificate), | |
358 approximate_size_of_certificate, | |
359 ReleaseCertificate); | |
307 return result; | 360 return result; |
308 } | 361 } |
309 | 362 |
310 | 363 |
311 int CertificateCallback(int preverify_ok, X509_STORE_CTX* store_ctx) { | 364 int CertificateCallback(int preverify_ok, X509_STORE_CTX* store_ctx) { |
312 if (preverify_ok == 1) { | 365 if (preverify_ok == 1) { |
313 return 1; | 366 return 1; |
314 } | 367 } |
315 Dart_Isolate isolate = Dart_CurrentIsolate(); | 368 Dart_Isolate isolate = Dart_CurrentIsolate(); |
316 if (isolate == NULL) { | 369 if (isolate == NULL) { |
317 FATAL("CertificateCallback called with no current isolate\n"); | 370 FATAL("CertificateCallback called with no current isolate\n"); |
318 } | 371 } |
319 X509* certificate = X509_STORE_CTX_get_current_cert(store_ctx); | 372 X509* certificate = X509_STORE_CTX_get_current_cert(store_ctx); |
320 int ssl_index = SSL_get_ex_data_X509_STORE_CTX_idx(); | 373 int ssl_index = SSL_get_ex_data_X509_STORE_CTX_idx(); |
321 SSL* ssl = static_cast<SSL*>( | 374 SSL* ssl = static_cast<SSL*>( |
322 X509_STORE_CTX_get_ex_data(store_ctx, ssl_index)); | 375 X509_STORE_CTX_get_ex_data(store_ctx, ssl_index)); |
323 SSLFilter* filter = static_cast<SSLFilter*>( | 376 SSLFilter* filter = static_cast<SSLFilter*>( |
324 SSL_get_ex_data(ssl, SSLFilter::filter_ssl_index)); | 377 SSL_get_ex_data(ssl, SSLFilter::filter_ssl_index)); |
325 Dart_Handle callback = filter->bad_certificate_callback(); | 378 Dart_Handle callback = filter->bad_certificate_callback(); |
326 if (Dart_IsNull(callback)) { | 379 if (Dart_IsNull(callback)) { |
327 return 0; | 380 return 0; |
328 } | 381 } |
382 | |
383 // Upref since the Dart X509 object may outlive the SecurityContext. | |
384 if (certificate != NULL) { | |
385 X509_up_ref(certificate); | |
Bill Hesse
2016/03/01 17:02:18
Can't we move this inside the call to WrappedX509C
zra
2016/03/01 21:19:02
Scared to dec the refcount in PeerCertificate. It
| |
386 } | |
329 Dart_Handle args[1]; | 387 Dart_Handle args[1]; |
330 args[0] = WrappedX509Certificate(certificate); | 388 args[0] = WrappedX509Certificate(certificate); |
331 if (Dart_IsError(args[0])) { | 389 if (Dart_IsError(args[0])) { |
332 filter->callback_error = args[0]; | 390 filter->callback_error = args[0]; |
333 return 0; | 391 return 0; |
334 } | 392 } |
335 Dart_Handle result = Dart_InvokeClosure(callback, 1, args); | 393 Dart_Handle result = Dart_InvokeClosure(callback, 1, args); |
336 if (!Dart_IsError(result) && !Dart_IsBoolean(result)) { | 394 if (!Dart_IsError(result) && !Dart_IsBoolean(result)) { |
337 result = Dart_NewUnhandledExceptionError(DartUtils::NewDartIOException( | 395 result = Dart_NewUnhandledExceptionError(DartUtils::NewDartIOException( |
338 "HandshakeException", | 396 "HandshakeException", |
339 "BadCertificateCallback returned a value that was not a boolean", | 397 "BadCertificateCallback returned a value that was not a boolean", |
340 Dart_Null())); | 398 Dart_Null())); |
341 } | 399 } |
342 if (Dart_IsError(result)) { | 400 if (Dart_IsError(result)) { |
343 filter->callback_error = result; | 401 filter->callback_error = result; |
344 return 0; | 402 return 0; |
345 } | 403 } |
346 return DartUtils::GetBooleanValue(result); | 404 return DartUtils::GetBooleanValue(result); |
347 } | 405 } |
348 | 406 |
349 | 407 |
350 void FUNCTION_NAME(SecurityContext_Allocate)(Dart_NativeArguments args) { | 408 void FUNCTION_NAME(SecurityContext_Allocate)(Dart_NativeArguments args) { |
351 SSLFilter::InitializeLibrary(); | 409 SSLFilter::InitializeLibrary(); |
352 SSL_CTX* context = SSL_CTX_new(TLS_method()); | 410 SSL_CTX* context = SSL_CTX_new(TLS_method()); |
353 SSL_CTX_set_verify(context, SSL_VERIFY_PEER, CertificateCallback); | 411 SSL_CTX_set_verify(context, SSL_VERIFY_PEER, CertificateCallback); |
354 SSL_CTX_set_min_version(context, TLS1_VERSION); | 412 SSL_CTX_set_min_version(context, TLS1_VERSION); |
355 SSL_CTX_set_cipher_list(context, "HIGH:MEDIUM"); | 413 SSL_CTX_set_cipher_list(context, "HIGH:MEDIUM"); |
356 SSL_CTX_set_cipher_list_tls11(context, "HIGH:MEDIUM"); | 414 SSL_CTX_set_cipher_list_tls11(context, "HIGH:MEDIUM"); |
357 SetSecurityContext(args, context); | 415 Dart_Handle err = SetSecurityContext(args, context); |
416 if (Dart_IsError(err)) { | |
417 SSL_CTX_free(context); | |
418 Dart_PropagateError(err); | |
419 } | |
358 } | 420 } |
359 | 421 |
360 | 422 |
361 int PasswordCallback(char* buf, int size, int rwflag, void* userdata) { | 423 int PasswordCallback(char* buf, int size, int rwflag, void* userdata) { |
362 char* password = static_cast<char*>(userdata); | 424 char* password = static_cast<char*>(userdata); |
363 ASSERT(size == PEM_BUFSIZE); | 425 ASSERT(size == PEM_BUFSIZE); |
364 strncpy(buf, password, size); | 426 strncpy(buf, password, size); |
365 return strlen(password); | 427 return strlen(password); |
366 } | 428 } |
367 | 429 |
(...skipping 779 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1147 starts[i] = start; | 1209 starts[i] = start; |
1148 break; | 1210 break; |
1149 default: | 1211 default: |
1150 UNREACHABLE(); | 1212 UNREACHABLE(); |
1151 } | 1213 } |
1152 } | 1214 } |
1153 return true; | 1215 return true; |
1154 } | 1216 } |
1155 | 1217 |
1156 | 1218 |
1157 void SSLFilter::Init(Dart_Handle dart_this) { | 1219 Dart_Handle SSLFilter::Init(Dart_Handle dart_this) { |
1158 if (!library_initialized_) { | 1220 if (!library_initialized_) { |
1159 InitializeLibrary(); | 1221 InitializeLibrary(); |
1160 } | 1222 } |
1161 ASSERT(string_start_ == NULL); | 1223 ASSERT(string_start_ == NULL); |
1162 string_start_ = Dart_NewPersistentHandle(DartUtils::NewString("start")); | 1224 string_start_ = Dart_NewPersistentHandle(DartUtils::NewString("start")); |
1163 ASSERT(string_start_ != NULL); | 1225 ASSERT(string_start_ != NULL); |
1164 ASSERT(string_length_ == NULL); | 1226 ASSERT(string_length_ == NULL); |
1165 string_length_ = Dart_NewPersistentHandle(DartUtils::NewString("length")); | 1227 string_length_ = Dart_NewPersistentHandle(DartUtils::NewString("length")); |
1166 ASSERT(string_length_ != NULL); | 1228 ASSERT(string_length_ != NULL); |
1167 ASSERT(bad_certificate_callback_ == NULL); | 1229 ASSERT(bad_certificate_callback_ == NULL); |
1168 bad_certificate_callback_ = Dart_NewPersistentHandle(Dart_Null()); | 1230 bad_certificate_callback_ = Dart_NewPersistentHandle(Dart_Null()); |
1169 ASSERT(bad_certificate_callback_ != NULL); | 1231 ASSERT(bad_certificate_callback_ != NULL); |
1170 | 1232 |
1171 InitializeBuffers(dart_this); | 1233 Dart_Handle err = InitializeBuffers(dart_this); |
1234 if (Dart_IsError(err)) { | |
1235 Dart_DeletePersistentHandle(string_start_); | |
Bill Hesse
2016/03/01 17:02:18
If we put a check for null on buffers[i] in Destro
zra
2016/03/01 21:19:02
Done.
| |
1236 string_start_ = NULL; | |
1237 Dart_DeletePersistentHandle(string_length_); | |
1238 string_length_ = NULL; | |
1239 Dart_DeletePersistentHandle(bad_certificate_callback_); | |
1240 bad_certificate_callback_ = NULL; | |
1241 } | |
1242 return err; | |
1172 } | 1243 } |
1173 | 1244 |
1174 | 1245 |
1175 void SSLFilter::InitializeBuffers(Dart_Handle dart_this) { | 1246 Dart_Handle SSLFilter::InitializeBuffers(Dart_Handle dart_this) { |
1176 // Create SSLFilter buffers as ExternalUint8Array objects. | 1247 // Create SSLFilter buffers as ExternalUint8Array objects. |
1177 Dart_Handle dart_buffers_object = ThrowIfError( | 1248 Dart_Handle buffers_string = DartUtils::NewString("buffers"); |
1178 Dart_GetField(dart_this, DartUtils::NewString("buffers"))); | 1249 RETURN_IF_ERROR(buffers_string); |
1179 Dart_Handle secure_filter_impl_type = | 1250 Dart_Handle dart_buffers_object = Dart_GetField(dart_this, buffers_string); |
1180 Dart_InstanceGetType(dart_this); | 1251 RETURN_IF_ERROR(dart_buffers_object); |
1181 Dart_Handle dart_buffer_size = ThrowIfError( | 1252 Dart_Handle secure_filter_impl_type = Dart_InstanceGetType(dart_this); |
1182 Dart_GetField(secure_filter_impl_type, DartUtils::NewString("SIZE"))); | 1253 RETURN_IF_ERROR(secure_filter_impl_type); |
1183 int64_t buffer_size = DartUtils::GetIntegerValue(dart_buffer_size); | 1254 Dart_Handle size_string = DartUtils::NewString("SIZE"); |
1184 Dart_Handle dart_encrypted_buffer_size = ThrowIfError( | 1255 RETURN_IF_ERROR(size_string); |
1185 Dart_GetField(secure_filter_impl_type, | 1256 Dart_Handle dart_buffer_size = Dart_GetField( |
1186 DartUtils::NewString("ENCRYPTED_SIZE"))); | 1257 secure_filter_impl_type, size_string); |
1187 int64_t encrypted_buffer_size = | 1258 RETURN_IF_ERROR(dart_buffer_size); |
1188 DartUtils::GetIntegerValue(dart_encrypted_buffer_size); | 1259 |
1260 int64_t buffer_size = 0; | |
1261 Dart_Handle err = Dart_IntegerToInt64(dart_buffer_size, &buffer_size); | |
1262 RETURN_IF_ERROR(err); | |
1263 | |
1264 Dart_Handle encrypted_size_string = DartUtils::NewString("ENCRYPTED_SIZE"); | |
1265 RETURN_IF_ERROR(encrypted_size_string); | |
1266 | |
1267 Dart_Handle dart_encrypted_buffer_size = Dart_GetField( | |
1268 secure_filter_impl_type, encrypted_size_string); | |
1269 RETURN_IF_ERROR(dart_encrypted_buffer_size); | |
1270 | |
1271 int64_t encrypted_buffer_size = 0; | |
1272 err = Dart_IntegerToInt64(dart_encrypted_buffer_size, &encrypted_buffer_size); | |
1273 RETURN_IF_ERROR(err); | |
1274 | |
1189 if (buffer_size <= 0 || buffer_size > 1 * MB) { | 1275 if (buffer_size <= 0 || buffer_size > 1 * MB) { |
1190 FATAL("Invalid buffer size in _ExternalBuffer"); | 1276 FATAL("Invalid buffer size in _ExternalBuffer"); |
1191 } | 1277 } |
1192 if (encrypted_buffer_size <= 0 || encrypted_buffer_size > 1 * MB) { | 1278 if (encrypted_buffer_size <= 0 || encrypted_buffer_size > 1 * MB) { |
1193 FATAL("Invalid encrypted buffer size in _ExternalBuffer"); | 1279 FATAL("Invalid encrypted buffer size in _ExternalBuffer"); |
1194 } | 1280 } |
1195 buffer_size_ = static_cast<int>(buffer_size); | 1281 buffer_size_ = static_cast<int>(buffer_size); |
1196 encrypted_buffer_size_ = static_cast<int>(encrypted_buffer_size); | 1282 encrypted_buffer_size_ = static_cast<int>(encrypted_buffer_size); |
1197 | 1283 |
1284 Dart_Handle data_identifier = DartUtils::NewString("data"); | |
1285 RETURN_IF_ERROR(data_identifier); | |
1198 | 1286 |
1199 Dart_Handle data_identifier = DartUtils::NewString("data"); | 1287 for (int i = 0; i < kNumBuffers; i++) { |
1288 int size = isBufferEncrypted(i) ? encrypted_buffer_size_ : buffer_size_; | |
1289 buffers_[i] = new uint8_t[size]; | |
1290 ASSERT(buffers_[i] != NULL); | |
1291 dart_buffer_objects_[i] = NULL; | |
1292 } | |
1293 | |
1294 Dart_Handle result = Dart_Null(); | |
1200 for (int i = 0; i < kNumBuffers; ++i) { | 1295 for (int i = 0; i < kNumBuffers; ++i) { |
1201 int size = isBufferEncrypted(i) ? encrypted_buffer_size_ : buffer_size_; | 1296 int size = isBufferEncrypted(i) ? encrypted_buffer_size_ : buffer_size_; |
1202 dart_buffer_objects_[i] = | 1297 result = Dart_ListGetAt(dart_buffers_object, i); |
1203 Dart_NewPersistentHandle(Dart_ListGetAt(dart_buffers_object, i)); | 1298 if (Dart_IsError(result)) { |
1299 break; | |
1300 } | |
1301 | |
1302 dart_buffer_objects_[i] = Dart_NewPersistentHandle(result); | |
1204 ASSERT(dart_buffer_objects_[i] != NULL); | 1303 ASSERT(dart_buffer_objects_[i] != NULL); |
1205 buffers_[i] = new uint8_t[size]; | 1304 Dart_Handle data = |
1206 Dart_Handle data = ThrowIfError( | 1305 Dart_NewExternalTypedData(Dart_TypedData_kUint8, buffers_[i], size); |
1207 Dart_NewExternalTypedData(Dart_TypedData_kUint8, buffers_[i], size)); | 1306 if (Dart_IsError(data)) { |
1208 ThrowIfError( | 1307 result = data; |
1209 Dart_SetField(Dart_HandleFromPersistent(dart_buffer_objects_[i]), | 1308 break; |
1210 data_identifier, | 1309 } |
1211 data)); | 1310 result = Dart_HandleFromPersistent(dart_buffer_objects_[i]); |
1311 if (Dart_IsError(result)) { | |
1312 break; | |
1313 } | |
1314 result = Dart_SetField(result, data_identifier, data); | |
1315 if (Dart_IsError(result)) { | |
1316 break; | |
1317 } | |
1212 } | 1318 } |
1319 | |
1320 // Clean up if there was an error. | |
1321 if (Dart_IsError(result)) { | |
1322 for (int i = 0; i < kNumBuffers; i++) { | |
1323 if (dart_buffer_objects_[i] != NULL) { | |
Bill Hesse
2016/03/01 17:02:18
Can we add this checked cleanup to Destroy, and ju
zra
2016/03/01 21:19:02
Done.
| |
1324 Dart_DeletePersistentHandle(dart_buffer_objects_[i]); | |
1325 } | |
1326 delete buffers_[i]; | |
1327 buffers_[i] = NULL; | |
1328 } | |
1329 return result; | |
1330 } | |
1331 return Dart_Null(); | |
1213 } | 1332 } |
1214 | 1333 |
1215 | 1334 |
1216 void SSLFilter::RegisterHandshakeCompleteCallback(Dart_Handle complete) { | 1335 void SSLFilter::RegisterHandshakeCompleteCallback(Dart_Handle complete) { |
1217 ASSERT(NULL == handshake_complete_); | 1336 ASSERT(NULL == handshake_complete_); |
1218 handshake_complete_ = Dart_NewPersistentHandle(complete); | 1337 handshake_complete_ = Dart_NewPersistentHandle(complete); |
1219 | 1338 |
1220 ASSERT(handshake_complete_ != NULL); | 1339 ASSERT(handshake_complete_ != NULL); |
1221 } | 1340 } |
1222 | 1341 |
(...skipping 11 matching lines...) Expand all Loading... | |
1234 if (!library_initialized_) { | 1353 if (!library_initialized_) { |
1235 SSL_library_init(); | 1354 SSL_library_init(); |
1236 filter_ssl_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); | 1355 filter_ssl_index = SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); |
1237 ASSERT(filter_ssl_index >= 0); | 1356 ASSERT(filter_ssl_index >= 0); |
1238 library_initialized_ = true; | 1357 library_initialized_ = true; |
1239 } | 1358 } |
1240 } | 1359 } |
1241 | 1360 |
1242 | 1361 |
1243 Dart_Handle SSLFilter::PeerCertificate() { | 1362 Dart_Handle SSLFilter::PeerCertificate() { |
1363 // SSL_get_peer_certificate incs the refcount of certificate. X509_free is | |
1364 // called by the finalizer set up by WrappedX509Certificate. | |
1244 X509* certificate = SSL_get_peer_certificate(ssl_); | 1365 X509* certificate = SSL_get_peer_certificate(ssl_); |
1245 Dart_Handle x509_object = WrappedX509Certificate(certificate); | 1366 return WrappedX509Certificate(certificate); |
1246 if (Dart_IsError(x509_object)) { | |
1247 Dart_PropagateError(x509_object); | |
1248 } | |
1249 return x509_object; | |
1250 } | 1367 } |
1251 | 1368 |
1252 | 1369 |
1253 int AlpnCallback(SSL *ssl, | 1370 int AlpnCallback(SSL *ssl, |
1254 const uint8_t **out, | 1371 const uint8_t **out, |
1255 uint8_t *outlen, | 1372 uint8_t *outlen, |
1256 const uint8_t *in, | 1373 const uint8_t *in, |
1257 unsigned int inlen, | 1374 unsigned int inlen, |
1258 void *arg) { | 1375 void *arg) { |
1259 // 'in' and 'arg' are sequences of (length, data) strings with 1-byte lengths. | 1376 // 'in' and 'arg' are sequences of (length, data) strings with 1-byte lengths. |
(...skipping 217 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1477 bool require_client_certificate) { | 1594 bool require_client_certificate) { |
1478 // The SSL_REQUIRE_CERTIFICATE option only takes effect if the | 1595 // The SSL_REQUIRE_CERTIFICATE option only takes effect if the |
1479 // SSL_REQUEST_CERTIFICATE option is also set, so set it. | 1596 // SSL_REQUEST_CERTIFICATE option is also set, so set it. |
1480 request_client_certificate = | 1597 request_client_certificate = |
1481 request_client_certificate || require_client_certificate; | 1598 request_client_certificate || require_client_certificate; |
1482 // TODO(24070, 24069): Implement setting the client certificate parameters, | 1599 // TODO(24070, 24069): Implement setting the client certificate parameters, |
1483 // and triggering rehandshake. | 1600 // and triggering rehandshake. |
1484 } | 1601 } |
1485 | 1602 |
1486 | 1603 |
1487 void SSLFilter::Destroy() { | 1604 SSLFilter::~SSLFilter() { |
1488 if (ssl_ != NULL) { | 1605 if (ssl_ != NULL) { |
1489 SSL_free(ssl_); | 1606 SSL_free(ssl_); |
1490 ssl_ = NULL; | 1607 ssl_ = NULL; |
1491 } | 1608 } |
1492 if (socket_side_ != NULL) { | 1609 if (socket_side_ != NULL) { |
1493 BIO_free(socket_side_); | 1610 BIO_free(socket_side_); |
1494 socket_side_ = NULL; | 1611 socket_side_ = NULL; |
1495 } | 1612 } |
1496 if (hostname_ != NULL) { | 1613 if (hostname_ != NULL) { |
1497 free(hostname_); | 1614 free(hostname_); |
1498 hostname_ = NULL; | 1615 hostname_ = NULL; |
1499 } | 1616 } |
1500 for (int i = 0; i < kNumBuffers; ++i) { | 1617 for (int i = 0; i < kNumBuffers; ++i) { |
1501 Dart_DeletePersistentHandle(dart_buffer_objects_[i]); | |
1502 delete[] buffers_[i]; | 1618 delete[] buffers_[i]; |
1619 buffers_[i] = NULL; | |
1503 } | 1620 } |
1504 Dart_DeletePersistentHandle(string_start_); | |
1505 Dart_DeletePersistentHandle(string_length_); | |
1506 Dart_DeletePersistentHandle(handshake_complete_); | |
1507 Dart_DeletePersistentHandle(bad_certificate_callback_); | |
1508 } | 1621 } |
1509 | 1622 |
1510 | 1623 |
1624 void SSLFilter::Destroy() { | |
1625 for (int i = 0; i < kNumBuffers; ++i) { | |
1626 Dart_DeletePersistentHandle(dart_buffer_objects_[i]); | |
1627 dart_buffer_objects_[i] = NULL; | |
1628 } | |
1629 Dart_DeletePersistentHandle(string_start_); | |
1630 string_start_ = NULL; | |
1631 Dart_DeletePersistentHandle(string_length_); | |
1632 string_length_ = NULL; | |
1633 Dart_DeletePersistentHandle(handshake_complete_); | |
1634 handshake_complete_ = NULL; | |
1635 Dart_DeletePersistentHandle(bad_certificate_callback_); | |
1636 bad_certificate_callback_ = NULL; | |
1637 } | |
1638 | |
1639 | |
1511 /* Read decrypted data from the filter to the circular buffer */ | 1640 /* Read decrypted data from the filter to the circular buffer */ |
1512 int SSLFilter::ProcessReadPlaintextBuffer(int start, int end) { | 1641 int SSLFilter::ProcessReadPlaintextBuffer(int start, int end) { |
1513 int length = end - start; | 1642 int length = end - start; |
1514 int bytes_processed = 0; | 1643 int bytes_processed = 0; |
1515 if (length > 0) { | 1644 if (length > 0) { |
1516 bytes_processed = SSL_read( | 1645 bytes_processed = SSL_read( |
1517 ssl_, | 1646 ssl_, |
1518 reinterpret_cast<char*>((buffers_[kReadPlaintext] + start)), | 1647 reinterpret_cast<char*>((buffers_[kReadPlaintext] + start)), |
1519 length); | 1648 length); |
1520 if (bytes_processed < 0) { | 1649 if (bytes_processed < 0) { |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1579 } else { | 1708 } else { |
1580 if (SSL_LOG_DATA) Log::Print( | 1709 if (SSL_LOG_DATA) Log::Print( |
1581 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); | 1710 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); |
1582 } | 1711 } |
1583 } | 1712 } |
1584 return bytes_processed; | 1713 return bytes_processed; |
1585 } | 1714 } |
1586 | 1715 |
1587 } // namespace bin | 1716 } // namespace bin |
1588 } // namespace dart | 1717 } // namespace dart |
OLD | NEW |