|
Lines 45-50
Link Here
|
| 45 |
// StartComAndWoSignData.inc |
45 |
// StartComAndWoSignData.inc |
| 46 |
#include "StartComAndWoSignData.inc" |
46 |
#include "StartComAndWoSignData.inc" |
| 47 |
|
47 |
|
|
|
48 |
#include <openssl/bn.h> |
| 49 |
#include <openssl/dh.h> |
| 50 |
#include <openssl/rsa.h> |
| 51 |
|
| 48 |
#include <errno.h> |
52 |
#include <errno.h> |
| 49 |
#include <limits.h> // INT_MAX |
53 |
#include <limits.h> // INT_MAX |
| 50 |
#include <math.h> |
54 |
#include <math.h> |
|
Lines 547-552
Link Here
|
| 547 |
new SecureContext(env, args.This()); |
551 |
new SecureContext(env, args.This()); |
| 548 |
} |
552 |
} |
| 549 |
|
553 |
|
|
|
554 |
static void set_protocol_version(const SSL_METHOD *m, int version) |
| 555 |
{ |
| 556 |
SSL_CTX *ctx = SSL_CTX_new(m); |
| 557 |
SSL_CTX_set_min_proto_version(ctx, version); |
| 558 |
SSL_CTX_set_max_proto_version(ctx, version); |
| 559 |
SSL_CTX_free(ctx); |
| 560 |
} |
| 550 |
|
561 |
|
| 551 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
562 |
void SecureContext::Init(const FunctionCallbackInfo<Value>& args) { |
| 552 |
SecureContext* sc; |
563 |
SecureContext* sc; |
|
Lines 581-603
Link Here
|
| 581 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
592 |
} else if (strcmp(*sslmethod, "SSLv23_client_method") == 0) { |
| 582 |
method = SSLv23_client_method(); |
593 |
method = SSLv23_client_method(); |
| 583 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
594 |
} else if (strcmp(*sslmethod, "TLSv1_method") == 0) { |
| 584 |
method = TLSv1_method(); |
595 |
method = TLS_method(); |
|
|
596 |
set_protocol_version(method, TLS1_VERSION); |
| 585 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
597 |
} else if (strcmp(*sslmethod, "TLSv1_server_method") == 0) { |
| 586 |
method = TLSv1_server_method(); |
598 |
method = TLS_server_method(); |
|
|
599 |
set_protocol_version(method, TLS1_VERSION); |
| 587 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
600 |
} else if (strcmp(*sslmethod, "TLSv1_client_method") == 0) { |
| 588 |
method = TLSv1_client_method(); |
601 |
method = TLS_client_method(); |
|
|
602 |
set_protocol_version(method, TLS1_VERSION); |
| 589 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
603 |
} else if (strcmp(*sslmethod, "TLSv1_1_method") == 0) { |
| 590 |
method = TLSv1_1_method(); |
604 |
method = TLS_method(); |
|
|
605 |
set_protocol_version(method, TLS1_1_VERSION); |
| 591 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
606 |
} else if (strcmp(*sslmethod, "TLSv1_1_server_method") == 0) { |
| 592 |
method = TLSv1_1_server_method(); |
607 |
method = TLS_server_method(); |
|
|
608 |
set_protocol_version(method, TLS1_1_VERSION); |
| 593 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
609 |
} else if (strcmp(*sslmethod, "TLSv1_1_client_method") == 0) { |
| 594 |
method = TLSv1_1_client_method(); |
610 |
method = TLS_client_method(); |
|
|
611 |
set_protocol_version(method, TLS1_1_VERSION); |
| 595 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
612 |
} else if (strcmp(*sslmethod, "TLSv1_2_method") == 0) { |
| 596 |
method = TLSv1_2_method(); |
613 |
method = TLS_method(); |
|
|
614 |
set_protocol_version(method, TLS1_2_VERSION); |
| 597 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
615 |
} else if (strcmp(*sslmethod, "TLSv1_2_server_method") == 0) { |
| 598 |
method = TLSv1_2_server_method(); |
616 |
method = TLS_server_method(); |
|
|
617 |
set_protocol_version(method, TLS1_2_VERSION); |
| 599 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
618 |
} else if (strcmp(*sslmethod, "TLSv1_2_client_method") == 0) { |
| 600 |
method = TLSv1_2_client_method(); |
619 |
method = TLS_client_method(); |
|
|
620 |
set_protocol_version(method, TLS1_2_VERSION); |
| 601 |
} else { |
621 |
} else { |
| 602 |
return env->ThrowError("Unknown method"); |
622 |
return env->ThrowError("Unknown method"); |
| 603 |
} |
623 |
} |
|
Lines 1826-1839
Link Here
|
| 1826 |
rsa = nullptr; |
1846 |
rsa = nullptr; |
| 1827 |
} |
1847 |
} |
| 1828 |
|
1848 |
|
| 1829 |
ASN1_TIME_print(bio, X509_get_notBefore(cert)); |
1849 |
ASN1_TIME_print(bio, X509_get0_notBefore(cert)); |
| 1830 |
BIO_get_mem_ptr(bio, &mem); |
1850 |
BIO_get_mem_ptr(bio, &mem); |
| 1831 |
info->Set(env->valid_from_string(), |
1851 |
info->Set(env->valid_from_string(), |
| 1832 |
String::NewFromUtf8(env->isolate(), mem->data, |
1852 |
String::NewFromUtf8(env->isolate(), mem->data, |
| 1833 |
String::kNormalString, mem->length)); |
1853 |
String::kNormalString, mem->length)); |
| 1834 |
(void) BIO_reset(bio); |
1854 |
(void) BIO_reset(bio); |
| 1835 |
|
1855 |
|
| 1836 |
ASN1_TIME_print(bio, X509_get_notAfter(cert)); |
1856 |
ASN1_TIME_print(bio, X509_get0_notAfter(cert)); |
| 1837 |
BIO_get_mem_ptr(bio, &mem); |
1857 |
BIO_get_mem_ptr(bio, &mem); |
| 1838 |
info->Set(env->valid_to_string(), |
1858 |
info->Set(env->valid_to_string(), |
| 1839 |
String::NewFromUtf8(env->isolate(), mem->data, |
1859 |
String::NewFromUtf8(env->isolate(), mem->data, |
|
Lines 3011-3017
Link Here
|
| 3011 |
return true; |
3031 |
return true; |
| 3012 |
|
3032 |
|
| 3013 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
3033 |
time_t october_21_2016 = static_cast<time_t>(1477008000); |
| 3014 |
if (X509_cmp_time(X509_get_notBefore(cert), &october_21_2016) < 0) |
3034 |
if (X509_cmp_time(X509_get0_notBefore(cert), &october_21_2016) < 0) |
| 3015 |
return true; |
3035 |
return true; |
| 3016 |
|
3036 |
|
| 3017 |
return false; |
3037 |
return false; |
|
Lines 3918-3924
Link Here
|
| 3918 |
void Hmac::HmacInit(const char* hash_type, const char* key, int key_len) { |
3938 |
void Hmac::HmacInit(const char* hash_type, const char* key, int key_len) { |
| 3919 |
HandleScope scope(env()->isolate()); |
3939 |
HandleScope scope(env()->isolate()); |
| 3920 |
|
3940 |
|
| 3921 |
CHECK_EQ(initialised_, false); |
3941 |
CHECK_EQ(ctx_, nullptr); |
| 3922 |
const EVP_MD* md = EVP_get_digestbyname(hash_type); |
3942 |
const EVP_MD* md = EVP_get_digestbyname(hash_type); |
| 3923 |
if (md == nullptr) { |
3943 |
if (md == nullptr) { |
| 3924 |
return env()->ThrowError("Unknown message digest"); |
3944 |
return env()->ThrowError("Unknown message digest"); |
|
Lines 4066-4072
Link Here
|
| 4066 |
|
4086 |
|
| 4067 |
|
4087 |
|
| 4068 |
bool Hash::HashInit(const char* hash_type) { |
4088 |
bool Hash::HashInit(const char* hash_type) { |
| 4069 |
CHECK_EQ(initialised_, false); |
4089 |
CHECK_EQ(mdctx_, nullptr); |
| 4070 |
const EVP_MD* md = EVP_get_digestbyname(hash_type); |
4090 |
const EVP_MD* md = EVP_get_digestbyname(hash_type); |
| 4071 |
if (md == nullptr) |
4091 |
if (md == nullptr) |
| 4072 |
return false; |
4092 |
return false; |
|
Lines 4098-4104
Link Here
|
| 4098 |
|
4118 |
|
| 4099 |
THROW_AND_RETURN_IF_NOT_STRING_OR_BUFFER(args[0], "Data"); |
4119 |
THROW_AND_RETURN_IF_NOT_STRING_OR_BUFFER(args[0], "Data"); |
| 4100 |
|
4120 |
|
| 4101 |
if (!hash->initialised_) { |
4121 |
if (hash->mdctx_ == nullptr) { |
| 4102 |
return env->ThrowError("Not initialized"); |
4122 |
return env->ThrowError("Not initialized"); |
| 4103 |
} |
4123 |
} |
| 4104 |
if (hash->finalized_) { |
4124 |
if (hash->finalized_) { |
|
Lines 4130-4136
Link Here
|
| 4130 |
Hash* hash; |
4150 |
Hash* hash; |
| 4131 |
ASSIGN_OR_RETURN_UNWRAP(&hash, args.Holder()); |
4151 |
ASSIGN_OR_RETURN_UNWRAP(&hash, args.Holder()); |
| 4132 |
|
4152 |
|
| 4133 |
if (!hash->initialised_) { |
4153 |
if (hash->mdctx_ == nullptr) { |
| 4134 |
return env->ThrowError("Not initialized"); |
4154 |
return env->ThrowError("Not initialized"); |
| 4135 |
} |
4155 |
} |
| 4136 |
if (hash->finalized_) { |
4156 |
if (hash->finalized_) { |
|
Lines 5154-5160
Link Here
|
| 5154 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
5174 |
OPENSSL_VERSION_NUMBER < 0x10100070L |
| 5155 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
5175 |
// Older versions of OpenSSL 1.1.0 have a DH_set0_key which does not work for |
| 5156 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
5176 |
// Node. See https://github.com/openssl/openssl/pull/4384. |
| 5157 |
#error "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
5177 |
#warning "OpenSSL 1.1.0 revisions before 1.1.0g are not supported" |
| 5158 |
#endif |
5178 |
#endif |
| 5159 |
SetKey(args, [](DH* dh, BIGNUM* num) { DH_set0_key(dh, nullptr, num); }, |
5179 |
SetKey(args, [](DH* dh, BIGNUM* num) { DH_set0_key(dh, nullptr, num); }, |
| 5160 |
"Private key"); |
5180 |
"Private key"); |
|
Lines 6209-6216
Link Here
|
| 6209 |
} |
6229 |
} |
| 6210 |
|
6230 |
|
| 6211 |
void InitCryptoOnce() { |
6231 |
void InitCryptoOnce() { |
| 6212 |
SSL_load_error_strings(); |
6232 |
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); |
| 6213 |
OPENSSL_no_config(); |
6233 |
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_NO_LOAD_CONFIG, NULL); |
| 6214 |
|
6234 |
|
| 6215 |
// --openssl-config=... |
6235 |
// --openssl-config=... |
| 6216 |
if (!openssl_config.empty()) { |
6236 |
if (!openssl_config.empty()) { |
|
Lines 6232-6239
Link Here
|
| 6232 |
} |
6252 |
} |
| 6233 |
} |
6253 |
} |
| 6234 |
|
6254 |
|
| 6235 |
SSL_library_init(); |
6255 |
OPENSSL_init_ssl(0, NULL); |
| 6236 |
OpenSSL_add_all_algorithms(); |
|
|
| 6237 |
|
6256 |
|
| 6238 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
6257 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 6239 |
crypto_lock_init(); |
6258 |
crypto_lock_init(); |
