Porting SecureSocket to use BoringSSL on OSX

runtime/bin/secure_socket.h

Index: runtime/bin/secure_socket.h
diff --git a/runtime/bin/secure_socket.h b/runtime/bin/secure_socket.h
index 83bf34d0ae83b32e765cff5c738df8a0cd6c6af5..023442da507abe9c9484d5cb6cf5cf44ebe6d307 100644
--- a/runtime/bin/secure_socket.h
+++ b/runtime/bin/secure_socket.h
@@ -23,4 +23,130 @@
 #error Unknown target os.
 #endif
 
+#include <openssl/bio.h>

[zra, 2017/05/26 18:11:12]

These should go after platform/globals.h but before the includes under bin/

[bkonyi, 2017/05/26 23:35:30]

cpplint will complain if we do that. I get this output when trying to upload the
CL: "Found C system header after other header. Should be: secure_socket.h, c
system, c++ system, other.  [build/include_order] [4]"

+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <openssl/x509.h>
+
+
+namespace dart {
+namespace bin {
+
+/* These are defined in root_certificates.cc. */
+extern const unsigned char* root_certificates_pem;
+extern unsigned int root_certificates_pem_length;
+
+const bool SSL_LOG_STATUS = false;
+const bool SSL_LOG_DATA = false;
+const bool SSL_LOG_CERTS = false;
+
+void ThrowIOException(int status,

[zra, 2017/05/26 18:11:12]

I'd make these statics of an SSLUtils class.

[bkonyi, 2017/05/26 23:35:30]

Done.

+                      const char* exception_type,
+                      const char* message,
+                      const SSL* ssl);
+
+void CheckStatusSSL(int status,
+                    const char* type,
+                    const char* message,
+                    const SSL* ssl);
+
+void CheckStatus(int status, const char* type, const char* message);

[zra, 2017/05/26 18:11:12]

"CheckStatus" in particular is probably not a great top-level name to introduce
into the dart::bin namespace

[bkonyi, 2017/05/26 23:35:30]

Yeah, I wasn't sure about this. I'll add it to the utils class.

+
+class SSLFilter : public ReferenceCounted<SSLFilter> {
+ public:
+  // These enums must agree with those in sdk/lib/io/secure_socket.dart.
+  enum BufferIndex {
+    kReadPlaintext,
+    kWritePlaintext,
+    kReadEncrypted,
+    kWriteEncrypted,
+    kNumBuffers,
+    kFirstEncrypted = kReadEncrypted
+  };
+
+  static const intptr_t kApproximateSize;
+
+  SSLFilter()
+      : callback_error(NULL),
+        ssl_(NULL),
+        socket_side_(NULL),
+        string_start_(NULL),
+        string_length_(NULL),
+        handshake_complete_(NULL),
+        bad_certificate_callback_(NULL),
+        in_handshake_(false),
+        hostname_(NULL) {}
+
+  ~SSLFilter();
+
+  Dart_Handle Init(Dart_Handle dart_this);
+  void Connect(const char* hostname,
+               SSLCertContext* context,
+               bool is_server,
+               bool request_client_certificate,
+               bool require_client_certificate,
+               Dart_Handle protocols_handle);
+  void Destroy();
+  void FreeResources();
+  void Handshake();
+  void GetSelectedProtocol(Dart_NativeArguments args);
+  void Renegotiate(bool use_session_cache,
+                   bool request_client_certificate,
+                   bool require_client_certificate);
+  void RegisterHandshakeCompleteCallback(Dart_Handle handshake_complete);
+  void RegisterBadCertificateCallback(Dart_Handle callback);
+  Dart_Handle bad_certificate_callback() {
+    return Dart_HandleFromPersistent(bad_certificate_callback_);
+  }
+  int ProcessReadPlaintextBuffer(int start, int end);
+  int ProcessWritePlaintextBuffer(int start, int end);
+  int ProcessReadEncryptedBuffer(int start, int end);
+  int ProcessWriteEncryptedBuffer(int start, int end);
+  bool ProcessAllBuffers(int starts[kNumBuffers],
+                         int ends[kNumBuffers],
+                         bool in_handshake);
+  Dart_Handle PeerCertificate();
+  static void InitializeLibrary();
+  Dart_Handle callback_error;
+
+  static CObject* ProcessFilterRequest(const CObjectArray& request);
+
+  // The index of the external data field in _ssl that points to the SSLFilter.
+  static int filter_ssl_index;
+
+  // TODO(whesse): make private:

[zra, 2017/05/26 18:11:12]

Maybe now is a good time to try to take care of this TODO.

[bkonyi, 2017/05/26 23:35:30]

Done.

+  SSL* ssl_;
+  BIO* socket_side_;
+
+ private:
+  void RegisterCallbacks(SSLCertContext* cert_ctx);
+
+  static const intptr_t kInternalBIOSize;
+  static bool library_initialized_;
+  static Mutex* mutex_;  // To protect library initialization.
+
+  uint8_t* buffers_[kNumBuffers];
+  int buffer_size_;
+  int encrypted_buffer_size_;
+  Dart_PersistentHandle string_start_;
+  Dart_PersistentHandle string_length_;
+  Dart_PersistentHandle dart_buffer_objects_[kNumBuffers];
+  Dart_PersistentHandle handshake_complete_;
+  Dart_PersistentHandle bad_certificate_callback_;
+  bool in_handshake_;
+  bool is_server_;
+  char* hostname_;
+
+  static bool isBufferEncrypted(int i) {

[zra, 2017/05/26 18:11:12]

IsBufferEncrypted

[bkonyi, 2017/05/26 23:35:30]

Done.

+    return static_cast<BufferIndex>(i) >= kFirstEncrypted;
+  }
+  Dart_Handle InitializeBuffers(Dart_Handle dart_this);
+  void InitializePlatformData();
+
+  DISALLOW_COPY_AND_ASSIGN(SSLFilter);
+};
+
+}  // namespace bin
+}  // namespace dart
+
 #endif  // RUNTIME_BIN_SECURE_SOCKET_H_