Lines 45-50
Link Here
|
45 |
// StartComAndWoSignData.inc |
45 |
// StartComAndWoSignData.inc |
46 |
#include "StartComAndWoSignData.inc" |
46 |
#include "StartComAndWoSignData.inc" |
47 |
|
47 |
|
|
|
48 |
#include <openssl/bn.h> |
49 |
#include <openssl/dh.h> |
50 |
#include <openssl/rsa.h> |
51 |
|
48 |
#include <errno.h> |
52 |
#include <errno.h> |
49 |
#include <limits.h> // INT_MAX |
53 |
#include <limits.h> // INT_MAX |
50 |
#include <math.h> |
54 |
#include <math.h> |
Lines 547-552
Link Here
|
547 |
new SecureContext(env, args.This()); |
551 |
new SecureContext(env, args.This()); |
548 |
} |
552 |
} |
549 |
|
553 |
|
|
|
554 |
static void set_protocol_version(const SSL_METHOD *m, int version) |
555 |
{ |
556 |
SSL_CTX *ctx = SSL_CTX_new(m); |
557 |
SSL_CTX_set_min_proto_version(ctx, version); |
558 |
SSL_CTX_set_max_proto_version(ctx, version); |
559 |
SSL_CTX_free(ctx); |
560 |
} |
550 |
|
561 |
|
551 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
562 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
552 |
SecureContext* sc; |
563 |
SecureContext* sc; |
Lines 581-603
Link Here
|
581 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
592 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
582 |
method = SSLv23_client_method(); |
593 |
method = SSLv23_client_method(); |
583 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
594 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
584 |
method = TLSv1_method(); |
595 |
method = TLS_method(); |
|
|
596 |
set_protocol_version(method, TLS1_VERSION); |
585 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
597 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
586 |
method = TLSv1_server_method(); |
598 |
method = TLS_server_method(); |
|
|
599 |
set_protocol_version(method, TLS1_VERSION); |
587 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
600 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
588 |
method = TLSv1_client_method(); |
601 |
method = TLS_client_method(); |
|
|
602 |
set_protocol_version(method, TLS1_VERSION); |
589 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
603 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
590 |
method = TLSv1_1_method(); |
604 |
method = TLS_method(); |
|
|
605 |
set_protocol_version(method, TLS1_1_VERSION); |
591 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
606 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
592 |
method = TLSv1_1_server_method(); |
607 |
method = TLS_server_method(); |
|
|
608 |
set_protocol_version(method, TLS1_1_VERSION); |
593 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
609 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
594 |
method = TLSv1_1_client_method(); |
610 |
method = TLS_client_method(); |
|
|
611 |
set_protocol_version(method, TLS1_1_VERSION); |
595 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
612 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
596 |
method = TLSv1_2_method(); |
613 |
method = TLS_method(); |
|
|
614 |
set_protocol_version(method, TLS1_2_VERSION); |
597 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
615 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
598 |
method = TLSv1_2_server_method(); |
616 |
method = TLS_server_method(); |
|
|
617 |
set_protocol_version(method, TLS1_2_VERSION); |
599 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
618 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
600 |
method = TLSv1_2_client_method(); |
619 |
method = TLS_client_method(); |
|
|
620 |
set_protocol_version(method, TLS1_2_VERSION); |
601 |
} else { |
621 |
} else { |
602 |
return env->ThrowError("Unknown method"); |
622 |
return env->ThrowError("Unknown method"); |
603 |
} |
623 |
} |
Lines 1826-1839
Link Here
|
1826 |
rsa = nullptr; |
1846 |
rsa = nullptr; |
1827 |
} |
1847 |
} |
1828 |
|
1848 |
|
1829 |
ASN1_TIME_print(bio, X509_get_notBefore(cert)); |
1849 |
ASN1_TIME_print(bio, X509_get0_notBefore(cert)); |
1830 |
BIO_get_mem_ptr(bio, &mem); |
1850 |
BIO_get_mem_ptr(bio, &mem); |
1831 |
info->Set(env->valid_from_string(), |
1851 |
info->Set(env->valid_from_string(), |
1832 |
String::NewFromUtf8(env->isolate(), mem->data, |
1852 |
String::NewFromUtf8(env->isolate(), mem->data, |
1833 |
String::kNormalString, mem->length)); |
1853 |
String::kNormalString, mem->length)); |
1834 |
(void) BIO_reset(bio); |
1854 |
(void) BIO_reset(bio); |
1835 |
|
1855 |
|
1836 |
ASN1_TIME_print(bio, X509_get_notAfter(cert)); |
1856 |
ASN1_TIME_print(bio, X509_get0_notAfter(cert)); |
1837 |
BIO_get_mem_ptr(bio, &mem); |
1857 |
BIO_get_mem_ptr(bio, &mem); |
1838 |
info->Set(env->valid_to_string(), |
1858 |
info->Set(env->valid_to_string(), |
1839 |
String::NewFromUtf8(env->isolate(), mem->data, |
1859 |
String::NewFromUtf8(env->isolate(), mem->data, |
Lines 3011-3017
Link Here
|
3011 |
return true; |
3031 |
return true; |
3012 |
|
3032 |
|
3013 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
3033 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
3014 |
if (X509_cmp_time(X509_get_notBefore(cert), &october_21_2016) < 0) |
3034 |
if (X509_cmp_time(X509_get0_notBefore(cert), &october_21_2016) < 0) |
3015 |
return true; |
3035 |
return true; |
3016 |
|
3036 |
|
3017 |
return false; |
3037 |
return false; |
Lines 3918-3924
Link Here
|
3918 |
void Hmac::HmacInit(const char* hash_type, const char* key, int key_len) { |
3938 |
void Hmac::HmacInit(const char* hash_type, const char* key, int key_len) { |
3919 |
HandleScope scope(env()->isolate()); |
3939 |
HandleScope scope(env()->isolate()); |
3920 |
|
3940 |
|
3921 |
CHECK_EQ(initialised_, false); |
3941 |
CHECK_EQ(ctx_, nullptr); |
3922 |
const EVP_MD* md = EVP_get_digestbyname(hash_type); |
3942 |
const EVP_MD* md = EVP_get_digestbyname(hash_type); |
3923 |
if (md == nullptr) { |
3943 |
if (md == nullptr) { |
3924 |
return env()->ThrowError("Unknown message digest"); |
3944 |
return env()->ThrowError("Unknown message digest"); |
Lines 4066-4072
Link Here
|
4066 |
|
4086 |
|
4067 |
|
4087 |
|
4068 |
bool Hash::HashInit(const char* hash_type) { |
4088 |
bool Hash::HashInit(const char* hash_type) { |
4069 |
CHECK_EQ(initialised_, false); |
4089 |
CHECK_EQ(mdctx_, nullptr); |
4070 |
const EVP_MD* md = EVP_get_digestbyname(hash_type); |
4090 |
const EVP_MD* md = EVP_get_digestbyname(hash_type); |
4071 |
if (md == nullptr) |
4091 |
if (md == nullptr) |
4072 |
return false; |
4092 |
return false; |
Lines 4098-4104
Link Here
|
4098 |
|
4118 |
|
4099 |
THROW_AND_RETURN_IF_NOT_STRING_OR_BUFFER(args[0], "Data"); |
4119 |
THROW_AND_RETURN_IF_NOT_STRING_OR_BUFFER(args[0], "Data"); |
4100 |
|
4120 |
|
4101 |
if (!hash->initialised_) { |
4121 |
if (hash->mdctx_ == nullptr) { |
4102 |
return env->ThrowError("Not initialized"); |
4122 |
return env->ThrowError("Not initialized"); |
4103 |
} |
4123 |
} |
4104 |
if (hash->finalized_) { |
4124 |
if (hash->finalized_) { |
Lines 4130-4136
Link Here
|
4130 |
Hash* hash; |
4150 |
Hash* hash; |
4131 |
ASSIGN_OR_RETURN_UNWRAP(&hash, args.Holder()); |
4151 |
ASSIGN_OR_RETURN_UNWRAP(&hash, args.Holder()); |
4132 |
|
4152 |
|
4133 |
if (!hash->initialised_) { |
4153 |
if (hash->mdctx_ == nullptr) { |
4134 |
return env->ThrowError("Not initialized"); |
4154 |
return env->ThrowError("Not initialized"); |
4135 |
} |
4155 |
} |
4136 |
if (hash->finalized_) { |
4156 |
if (hash->finalized_) { |
Lines 5154-5160
Link Here
|
5154 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
5174 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
5155 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
5175 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
5156 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
5176 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
5157 |
#error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
5177 |
#warning "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
5158 |
#endif |
5178 |
#endif |
5159 |
SetKey(args, [](DH* dh, BIGNUM* num) { DH_set0_key(dh, nullptr, num); }, |
5179 |
SetKey(args, [](DH* dh, BIGNUM* num) { DH_set0_key(dh, nullptr, num); }, |
5160 |
"Private key"); |
5180 |
"Private key"); |
Lines 6209-6216
Link Here
|
6209 |
} |
6229 |
} |
6210 |
|
6230 |
|
6211 |
void InitCryptoOnce() { |
6231 |
void InitCryptoOnce() { |
6212 |
SSL_load_error_strings(); |
6232 |
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); |
6213 |
OPENSSL_no_config(); |
6233 |
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_NO_LOAD_CONFIG, NULL); |
6214 |
|
6234 |
|
6215 |
// --openssl-config=... |
6235 |
// --openssl-config=... |
6216 |
if (!openssl_config.empty()) { |
6236 |
if (!openssl_config.empty()) { |
Lines 6232-6239
Link Here
|
6232 |
} |
6252 |
} |
6233 |
} |
6253 |
} |
6234 |
|
6254 |
|
6235 |
SSL_library_init(); |
6255 |
OPENSSL_init_ssl(0, NULL); |
6236 |
OpenSSL_add_all_algorithms(); |
|
|
6237 |
|
6256 |
|
6238 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
6257 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
6239 |
crypto_lock_init(); |
6258 |
crypto_lock_init(); |