| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2017, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. |
| 4 |
| 5 #ifndef RUNTIME_BIN_SECURE_SOCKET_UTILS_H_ |
| 6 #define RUNTIME_BIN_SECURE_SOCKET_UTILS_H_ |
| 7 |
| 8 #include <openssl/bio.h> |
| 9 #include <openssl/err.h> |
| 10 #include <openssl/pkcs12.h> |
| 11 #include <openssl/ssl.h> |
| 12 #include <openssl/x509.h> |
| 13 |
| 14 #include "platform/globals.h" |
| 15 |
| 16 #include "bin/dartutils.h" |
| 17 #include "platform/text_buffer.h" |
| 18 |
| 19 namespace dart { |
| 20 namespace bin { |
| 21 |
| 22 const bool SSL_LOG_STATUS = false; |
| 23 const bool SSL_LOG_DATA = false; |
| 24 const bool SSL_LOG_CERTS = false; |
| 25 |
| 26 class SecureSocketUtils : public AllStatic { |
| 27 public: |
| 28 static const int SSL_ERROR_MESSAGE_BUFFER_SIZE = 1000; |
| 29 |
| 30 static void ThrowIOException(int status, |
| 31 const char* exception_type, |
| 32 const char* message, |
| 33 const SSL* ssl); |
| 34 |
| 35 static void CheckStatusSSL(int status, |
| 36 const char* type, |
| 37 const char* message, |
| 38 const SSL* ssl); |
| 39 |
| 40 static void CheckStatus(int status, const char* type, const char* message); |
| 41 |
| 42 static bool NoPEMStartLine() { |
| 43 uint32_t last_error = ERR_peek_last_error(); |
| 44 return (ERR_GET_LIB(last_error) == ERR_LIB_PEM) && |
| 45 (ERR_GET_REASON(last_error) == PEM_R_NO_START_LINE); |
| 46 } |
| 47 |
| 48 static void FetchErrorString(const SSL* ssl, TextBuffer* text_buffer); |
| 49 |
| 50 private: |
| 51 DISALLOW_ALLOCATION(); |
| 52 DISALLOW_IMPLICIT_CONSTRUCTORS(SecureSocketUtils); |
| 53 }; |
| 54 |
| 55 |
| 56 // Where the argument to the constructor is the handle for an object |
| 57 // implementing List<int>, this class creates a scope in which a memory-backed |
| 58 // BIO is allocated. Leaving the scope cleans up the BIO and the buffer that |
| 59 // was used to create it. |
| 60 // |
| 61 // Do not make Dart_ API calls while in a ScopedMemBIO. |
| 62 // Do not call Dart_PropagateError while in a ScopedMemBIO. |
| 63 class ScopedMemBIO { |
| 64 public: |
| 65 explicit ScopedMemBIO(Dart_Handle object) { |
| 66 if (!Dart_IsTypedData(object) && !Dart_IsList(object)) { |
| 67 Dart_ThrowException( |
| 68 DartUtils::NewDartArgumentError("Argument is not a List<int>")); |
| 69 } |
| 70 |
| 71 uint8_t* bytes = NULL; |
| 72 intptr_t bytes_len = 0; |
| 73 bool is_typed_data = false; |
| 74 if (Dart_IsTypedData(object)) { |
| 75 is_typed_data = true; |
| 76 Dart_TypedData_Type typ; |
| 77 ThrowIfError(Dart_TypedDataAcquireData( |
| 78 object, &typ, reinterpret_cast<void**>(&bytes), &bytes_len)); |
| 79 } else { |
| 80 ASSERT(Dart_IsList(object)); |
| 81 ThrowIfError(Dart_ListLength(object, &bytes_len)); |
| 82 bytes = Dart_ScopeAllocate(bytes_len); |
| 83 ASSERT(bytes != NULL); |
| 84 ThrowIfError(Dart_ListGetAsBytes(object, 0, bytes, bytes_len)); |
| 85 } |
| 86 |
| 87 object_ = object; |
| 88 bytes_ = bytes; |
| 89 bytes_len_ = bytes_len; |
| 90 bio_ = BIO_new_mem_buf(bytes, bytes_len); |
| 91 ASSERT(bio_ != NULL); |
| 92 is_typed_data_ = is_typed_data; |
| 93 } |
| 94 |
| 95 ~ScopedMemBIO() { |
| 96 ASSERT(bio_ != NULL); |
| 97 if (is_typed_data_) { |
| 98 BIO_free(bio_); |
| 99 ThrowIfError(Dart_TypedDataReleaseData(object_)); |
| 100 } else { |
| 101 BIO_free(bio_); |
| 102 } |
| 103 } |
| 104 |
| 105 BIO* bio() { |
| 106 ASSERT(bio_ != NULL); |
| 107 return bio_; |
| 108 } |
| 109 |
| 110 private: |
| 111 Dart_Handle object_; |
| 112 uint8_t* bytes_; |
| 113 intptr_t bytes_len_; |
| 114 BIO* bio_; |
| 115 bool is_typed_data_; |
| 116 |
| 117 DISALLOW_ALLOCATION(); |
| 118 DISALLOW_COPY_AND_ASSIGN(ScopedMemBIO); |
| 119 }; |
| 120 |
| 121 template <typename T, void (*free_func)(T*)> |
| 122 class ScopedSSLType { |
| 123 public: |
| 124 explicit ScopedSSLType(T* obj) : obj_(obj) {} |
| 125 |
| 126 ~ScopedSSLType() { |
| 127 if (obj_ != NULL) { |
| 128 free_func(obj_); |
| 129 } |
| 130 } |
| 131 |
| 132 T* get() { return obj_; } |
| 133 const T* get() const { return obj_; } |
| 134 |
| 135 T* release() { |
| 136 T* result = obj_; |
| 137 obj_ = NULL; |
| 138 return result; |
| 139 } |
| 140 |
| 141 private: |
| 142 T* obj_; |
| 143 |
| 144 DISALLOW_ALLOCATION(); |
| 145 DISALLOW_COPY_AND_ASSIGN(ScopedSSLType); |
| 146 }; |
| 147 |
| 148 template <typename T, typename E, void (*func)(E*)> |
| 149 class ScopedSSLStackType { |
| 150 public: |
| 151 explicit ScopedSSLStackType(T* obj) : obj_(obj) {} |
| 152 |
| 153 ~ScopedSSLStackType() { |
| 154 if (obj_ != NULL) { |
| 155 sk_pop_free(reinterpret_cast<_STACK*>(obj_), |
| 156 reinterpret_cast<void (*)(void*)>(func)); |
| 157 } |
| 158 } |
| 159 |
| 160 T* get() { return obj_; } |
| 161 const T* get() const { return obj_; } |
| 162 |
| 163 T* release() { |
| 164 T* result = obj_; |
| 165 obj_ = NULL; |
| 166 return result; |
| 167 } |
| 168 |
| 169 private: |
| 170 T* obj_; |
| 171 |
| 172 DISALLOW_ALLOCATION(); |
| 173 DISALLOW_COPY_AND_ASSIGN(ScopedSSLStackType); |
| 174 }; |
| 175 |
| 176 |
| 177 typedef ScopedSSLType<PKCS12, PKCS12_free> ScopedPKCS12; |
| 178 typedef ScopedSSLType<X509, X509_free> ScopedX509; |
| 179 typedef ScopedSSLStackType<STACK_OF(X509), X509, X509_free> ScopedX509Stack; |
| 180 |
| 181 } // namespace bin |
| 182 } // namespace dart |
| 183 |
| 184 #endif // RUNTIME_BIN_SECURE_SOCKET_UTILS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2903743002:
Porting SecureSocket to use BoringSSL on OSX (Closed)
