Skip to content

Commit 7305ae6

Browse files
rmacnak-googlecommit-bot@chromium.org
authored andcommitted
Revert "Update BoringSSL to 4dfd5af70191b068aebe567b8e29ce108cee85ce."
This reverts commit 93f1324. Reason for revert: asm build failure for ia32 mac (e.g., simarm) Original change's description: > Update BoringSSL to 4dfd5af70191b068aebe567b8e29ce108cee85ce. > > Update usage of PKCS12_parse to PKCS12_get_key_and_certs, since the former changed behavior when the PKCS12 has no private key. > > Change-Id: I040c1a17e2994ac66cf03ad1efa80e423136cdbd > Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/116828 > Reviewed-by: Jonas Termansen <[email protected]> > Reviewed-by: Zach Anderson <[email protected]> > Commit-Queue: Ryan Macnak <[email protected]> [email protected],[email protected],[email protected] Change-Id: I85e9c4e5bd457b72c7df4986a127c169329c178c No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/117921 Reviewed-by: Ryan Macnak <[email protected]> Commit-Queue: Ryan Macnak <[email protected]>
1 parent 93793a4 commit 7305ae6

File tree

3 files changed

+56
-34
lines changed

3 files changed

+56
-34
lines changed

DEPS

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,8 +59,8 @@ vars = {
5959
"bazel_worker_tag": "bazel_worker-v0.1.20",
6060
"benchmark_harness_tag": "81641290dea44c34138a109a37e215482f405f81",
6161
"boolean_selector_tag" : "1.0.4",
62-
"boringssl_gen_rev": "b9e27cff1ff0803e97ab1f88764a83be4aa94a6d",
63-
"boringssl_rev" : "4dfd5af70191b068aebe567b8e29ce108cee85ce",
62+
"boringssl_gen_rev": "bbf52f18f425e29b1185f2f6753bec02ed8c5880",
63+
"boringssl_rev" : "702e2b6d3831486535e958f262a05c75a5cb312e",
6464
"charcode_tag": "v1.1.2",
6565
"chrome_rev" : "19997",
6666
"cli_util_rev" : "4ad7ccbe3195fd2583b30f86a86697ef61e80f41",

runtime/bin/secure_socket_utils.h

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -102,9 +102,6 @@ class ScopedMemBIO {
102102
return bio_;
103103
}
104104

105-
uint8_t* data() { return bytes_; }
106-
intptr_t length() { return bytes_len_; }
107-
108105
private:
109106
Dart_Handle object_;
110107
uint8_t* bytes_;

runtime/bin/security_context.cc

Lines changed: 54 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -165,19 +165,30 @@ Dart_Handle X509Helper::WrappedX509Certificate(X509* certificate) {
165165
}
166166

167167
static int SetTrustedCertificatesBytesPKCS12(SSL_CTX* context,
168-
ScopedMemBIO* bio,
168+
BIO* bio,
169169
const char* password) {
170-
CBS cbs;
171-
CBS_init(&cbs, bio->data(), bio->length());
170+
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
171+
if (p12.get() == NULL) {
172+
return 0;
173+
}
172174

173175
EVP_PKEY* key = NULL;
174-
ScopedX509Stack cert_stack(sk_X509_new_null());
175-
int status = PKCS12_get_key_and_certs(&key, cert_stack.get(), &cbs, password);
176+
X509* cert = NULL;
177+
STACK_OF(X509)* ca_certs = NULL;
178+
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
176179
if (status == 0) {
177180
return status;
178181
}
179182

183+
ScopedX509Stack cert_stack(ca_certs);
180184
X509_STORE* store = SSL_CTX_get_cert_store(context);
185+
status = X509_STORE_add_cert(store, cert);
186+
// X509_STORE_add_cert increments the reference count of cert on success.
187+
X509_free(cert);
188+
if (status == 0) {
189+
return status;
190+
}
191+
181192
X509* ca;
182193
while ((ca = sk_X509_shift(cert_stack.get())) != NULL) {
183194
status = X509_STORE_add_cert(store, ca);
@@ -223,7 +234,8 @@ void SSLCertContext::SetTrustedCertificatesBytes(Dart_Handle cert_bytes,
223234
if (SecureSocketUtils::NoPEMStartLine()) {
224235
ERR_clear_error();
225236
BIO_reset(bio.bio());
226-
status = SetTrustedCertificatesBytesPKCS12(context(), &bio, password);
237+
status =
238+
SetTrustedCertificatesBytesPKCS12(context(), bio.bio(), password);
227239
}
228240
} else {
229241
// The PEM file was successfully parsed.
@@ -235,14 +247,25 @@ void SSLCertContext::SetTrustedCertificatesBytes(Dart_Handle cert_bytes,
235247
}
236248

237249
static int SetClientAuthoritiesPKCS12(SSL_CTX* context,
238-
ScopedMemBIO* bio,
250+
BIO* bio,
239251
const char* password) {
240-
CBS cbs;
241-
CBS_init(&cbs, bio->data(), bio->length());
252+
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
253+
if (p12.get() == NULL) {
254+
return 0;
255+
}
242256

243257
EVP_PKEY* key = NULL;
244-
ScopedX509Stack cert_stack(sk_X509_new_null());
245-
int status = PKCS12_get_key_and_certs(&key, cert_stack.get(), &cbs, password);
258+
X509* cert = NULL;
259+
STACK_OF(X509)* ca_certs = NULL;
260+
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
261+
if (status == 0) {
262+
return status;
263+
}
264+
265+
ScopedX509Stack cert_stack(ca_certs);
266+
status = SSL_CTX_add_client_CA(context, cert);
267+
// SSL_CTX_add_client_CA increments the reference count of cert on success.
268+
X509_free(cert);
246269
if (status == 0) {
247270
return status;
248271
}
@@ -274,13 +297,13 @@ static int SetClientAuthoritiesPEM(SSL_CTX* context, BIO* bio) {
274297
}
275298

276299
static int SetClientAuthorities(SSL_CTX* context,
277-
ScopedMemBIO* bio,
300+
BIO* bio,
278301
const char* password) {
279-
int status = SetClientAuthoritiesPEM(context, bio->bio());
302+
int status = SetClientAuthoritiesPEM(context, bio);
280303
if (status == 0) {
281304
if (SecureSocketUtils::NoPEMStartLine()) {
282305
ERR_clear_error();
283-
BIO_reset(bio->bio());
306+
BIO_reset(bio);
284307
status = SetClientAuthoritiesPKCS12(context, bio, password);
285308
}
286309
} else {
@@ -296,7 +319,7 @@ void SSLCertContext::SetClientAuthoritiesBytes(
296319
int status;
297320
{
298321
ScopedMemBIO bio(client_authorities_bytes);
299-
status = SetClientAuthorities(context(), &bio, password);
322+
status = SetClientAuthorities(context(), bio.bio(), password);
300323
}
301324

302325
SecureSocketUtils::CheckStatus(status, "TlsException",
@@ -520,31 +543,35 @@ void SSLCertContext::SetAlpnProtocolList(Dart_Handle protocols_handle,
520543
}
521544

522545
static int UseChainBytesPKCS12(SSL_CTX* context,
523-
ScopedMemBIO* bio,
546+
BIO* bio,
524547
const char* password) {
525-
CBS cbs;
526-
CBS_init(&cbs, bio->data(), bio->length());
548+
ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL));
549+
if (p12.get() == NULL) {
550+
return 0;
551+
}
527552

528553
EVP_PKEY* key = NULL;
529-
ScopedX509Stack certs(sk_X509_new_null());
530-
int status = PKCS12_get_key_and_certs(&key, certs.get(), &cbs, password);
554+
X509* cert = NULL;
555+
STACK_OF(X509)* ca_certs = NULL;
556+
int status = PKCS12_parse(p12.get(), password, &key, &cert, &ca_certs);
531557
if (status == 0) {
532558
return status;
533559
}
534560

535-
X509* ca = sk_X509_shift(certs.get());
536-
status = SSL_CTX_use_certificate(context, ca);
561+
ScopedX509 x509(cert);
562+
ScopedX509Stack certs(ca_certs);
563+
status = SSL_CTX_use_certificate(context, x509.get());
537564
if (ERR_peek_error() != 0) {
538565
// Key/certificate mismatch doesn't imply status is 0.
539566
status = 0;
540567
}
541-
X509_free(ca);
542568
if (status == 0) {
543569
return status;
544570
}
545571

546572
SSL_CTX_clear_chain_certs(context);
547573

574+
X509* ca;
548575
while ((ca = sk_X509_shift(certs.get())) != NULL) {
549576
status = SSL_CTX_add0_chain_cert(context, ca);
550577
// SSL_CTX_add0_chain_cert does not inc ref count, so don't free unless the
@@ -593,14 +620,12 @@ static int UseChainBytesPEM(SSL_CTX* context, BIO* bio) {
593620
return SecureSocketUtils::NoPEMStartLine() ? status : 0;
594621
}
595622

596-
static int UseChainBytes(SSL_CTX* context,
597-
ScopedMemBIO* bio,
598-
const char* password) {
599-
int status = UseChainBytesPEM(context, bio->bio());
623+
static int UseChainBytes(SSL_CTX* context, BIO* bio, const char* password) {
624+
int status = UseChainBytesPEM(context, bio);
600625
if (status == 0) {
601626
if (SecureSocketUtils::NoPEMStartLine()) {
602627
ERR_clear_error();
603-
BIO_reset(bio->bio());
628+
BIO_reset(bio);
604629
status = UseChainBytesPKCS12(context, bio, password);
605630
}
606631
} else {
@@ -613,7 +638,7 @@ static int UseChainBytes(SSL_CTX* context,
613638
int SSLCertContext::UseCertificateChainBytes(Dart_Handle cert_chain_bytes,
614639
const char* password) {
615640
ScopedMemBIO bio(cert_chain_bytes);
616-
return UseChainBytes(context(), &bio, password);
641+
return UseChainBytes(context(), bio.bio(), password);
617642
}
618643

619644
static X509* GetX509Certificate(Dart_NativeArguments args) {

0 commit comments

Comments
 (0)