dart::bin::SSLFilter Class Reference

#include <secure_socket_filter.h>

Inheritance diagram for dart::bin::SSLFilter:

Public Types
enum	BufferIndex {   kReadPlaintext , kWritePlaintext , kReadEncrypted , kWriteEncrypted ,   kNumBuffers , kFirstEncrypted = kReadEncrypted }

Public Member Functions
	SSLFilter ()
	~SSLFilter ()
char *	hostname () const
bool	is_server () const
bool	is_client () const
Dart_Handle	Init (Dart_Handle dart_this)
void	Connect (const char *hostname, SSLCertContext *context, bool is_server, bool request_client_certificate, bool require_client_certificate, Dart_Handle protocols_handle)
void	Destroy ()
void	FreeResources ()
void	MarkAsTrusted (Dart_NativeArguments args)
int	Handshake (Dart_Port reply_port)
void	GetSelectedProtocol (Dart_NativeArguments args)
void	RegisterHandshakeCompleteCallback (Dart_Handle handshake_complete)
void	RegisterBadCertificateCallback (Dart_Handle callback)
void	RegisterKeyLogPort (Dart_Port key_log_port)
Dart_Port	key_log_port ()
Dart_Handle	bad_certificate_callback ()
int	ProcessReadPlaintextBuffer (int start, int end)
int	ProcessWritePlaintextBuffer (int start, int end)
int	ProcessReadEncryptedBuffer (int start, int end)
int	ProcessWriteEncryptedBuffer (int start, int end)
bool	ProcessAllBuffers (int starts[kNumBuffers], int ends[kNumBuffers], bool in_handshake)
Dart_Handle	PeerCertificate ()
const X509TrustState *	certificate_trust_state ()
Dart_Port	reply_port () const
Dart_Port	trust_evaluate_reply_port () const
Public Member Functions inherited from dart::bin::ReferenceCounted< SSLFilter >
	ReferenceCounted ()
virtual	~ReferenceCounted ()
void	Retain ()
void	Release ()

Static Public Member Functions
static void	Init ()
static void	Cleanup ()
static void	InitializeLibrary ()
static CObject *	ProcessFilterRequest (const CObjectArray &request)

Public Attributes
Dart_Handle	callback_error

Static Public Attributes
static const intptr_t	kApproximateSize
static constexpr int	kSSLFilterNativeFieldIndex = 0
static int	filter_ssl_index
static int	ssl_cert_context_index

Detailed Description

Definition at line 41 of file secure_socket_filter.h.

Member Enumeration Documentation

BufferIndex

enum dart::bin::SSLFilter::BufferIndex

Enumerator
kReadPlaintext
kWritePlaintext
kReadEncrypted
kWriteEncrypted
kNumBuffers
kFirstEncrypted

Definition at line 47 of file secure_socket_filter.h.

                   {
    kReadPlaintext,
    kWritePlaintext,
    kReadEncrypted,
    kWriteEncrypted,
    kNumBuffers,
    kFirstEncrypted = kReadEncrypted
  };

Constructor & Destructor Documentation

SSLFilter()

dart::bin::SSLFilter::SSLFilter ( )

inline

Definition at line 59 of file secure_socket_filter.h.

      : callback_error(nullptr),
        ssl_(nullptr),
        socket_side_(nullptr),
        string_start_(nullptr),
        string_length_(nullptr),
        handshake_complete_(nullptr),
        bad_certificate_callback_(nullptr),
        in_handshake_(false),
        hostname_(nullptr) {}

~SSLFilter()

dart::bin::SSLFilter::~SSLFilter

(

)

Definition at line 689 of file secure_socket_filter.cc.

                      {
  FreeResources();
}

Member Function Documentation

bad_certificate_callback()

Dart_Handle dart::bin::SSLFilter::bad_certificate_callback ( )

inline

Definition at line 92 of file secure_socket_filter.h.

                                         {
    return Dart_HandleFromPersistent(bad_certificate_callback_);
  }

certificate_trust_state()

const X509TrustState * dart::bin::SSLFilter::certificate_trust_state ( )

inline

Definition at line 114 of file secure_socket_filter.h.

                                                  {
    return certificate_trust_state_.get();
  }

Cleanup()

void dart::bin::SSLFilter::Cleanup ( )

static

Definition at line 43 of file secure_socket_filter.cc.

                        {
  ASSERT(SSLFilter::mutex_ != nullptr);
  delete SSLFilter::mutex_;
  SSLFilter::mutex_ = nullptr;
}

Connect()

void dart::bin::SSLFilter::Connect	(	const char *	hostname,
		SSLCertContext *	context,
		bool	is_server,
		bool	request_client_certificate,
		bool	require_client_certificate,
		Dart_Handle	protocols_handle
	)

Definition at line 484 of file secure_socket_filter.cc.

                                                      {
  is_server_ = is_server;
  if (in_handshake_) {
    FATAL("Connect called twice on the same _SecureFilter.");
  }
 
  int status;
  int error;
  BIO* ssl_side;
  status = BIO_new_bio_pair(&ssl_side, kInternalBIOSize, &socket_side_,
                            kInternalBIOSize);
  SecureSocketUtils::CheckStatusSSL(status, "TlsException", "BIO_new_bio_pair",
                                    ssl_);
 
  ASSERT(context != nullptr);
  ASSERT(context->context() != nullptr);
  ssl_ = SSL_new(context->context());
  SSL_set_bio(ssl_, ssl_side, ssl_side);
  SSL_set_mode(ssl_, SSL_MODE_AUTO_RETRY);  // TODO(whesse): Is this right?
  SSL_set_ex_data(ssl_, filter_ssl_index, this);
 
  if (context->allow_tls_renegotiation()) {
    SSL_set_renegotiate_mode(ssl_, ssl_renegotiate_freely);
  }
  context->RegisterCallbacks(ssl_);
  SSL_set_ex_data(ssl_, ssl_cert_context_index, context);
 
  TrustEvaluateHandlerFunc trust_evaluate_handler =
      context->GetTrustEvaluateHandler();
  if (trust_evaluate_handler != nullptr) {
    trust_evaluate_reply_port_ = Dart_NewNativePort(
        "SSLCertContextTrustEvaluate", trust_evaluate_handler,
        /*handle_concurrently=*/false);
  }
  if (is_server_) {
    int certificate_mode =
        request_client_certificate ? SSL_VERIFY_PEER : SSL_VERIFY_NONE;
    if (require_client_certificate) {
      certificate_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
    }
    SSL_set_verify(ssl_, certificate_mode, nullptr);
  } else {
    SSLCertContext::SetAlpnProtocolList(protocols_handle, ssl_, nullptr, false);
    status = SSL_set_tlsext_host_name(ssl_, hostname);
    SecureSocketUtils::CheckStatusSSL(status, "TlsException",
                                      "Set SNI host name", ssl_);
    // Sets the hostname in the certificate-checking object, so it is checked
    // against the certificate presented by the server.
    X509_VERIFY_PARAM* certificate_checking_parameters = SSL_get0_param(ssl_);
    hostname_ = Utils::StrDup(hostname);
    X509_VERIFY_PARAM_set_flags(
        certificate_checking_parameters,
        X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_TRUSTED_FIRST);
    X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters, 0);
 
    // Use different check depending on whether the hostname is an IP address
    // or a DNS name.
    if (SocketBase::IsValidAddress(hostname_)) {
      status = X509_VERIFY_PARAM_set1_ip_asc(certificate_checking_parameters,
                                             hostname_);
    } else {
      status = X509_VERIFY_PARAM_set1_host(certificate_checking_parameters,
                                           hostname_, strlen(hostname_));
    }
    SecureSocketUtils::CheckStatusSSL(
        status, "TlsException", "Set hostname for certificate checking", ssl_);
  }
  // Make the connection:
  if (is_server_) {
    status = SSL_accept(ssl_);
    if (SSL_LOG_STATUS) {
      Syslog::Print("SSL_accept status: %d\n", status);
    }
    if (status != 1) {
      // TODO(whesse): expect a needs-data error here.  Handle other errors.
      error = SSL_get_error(ssl_, status);
      if (SSL_LOG_STATUS) {
        Syslog::Print("SSL_accept error: %d\n", error);
      }
    }
  } else {
    status = SSL_connect(ssl_);
    if (SSL_LOG_STATUS) {
      Syslog::Print("SSL_connect status: %d\n", status);
    }
    if (status != 1) {
      // TODO(whesse): expect a needs-data error here.  Handle other errors.
      error = SSL_get_error(ssl_, status);
      if (SSL_LOG_STATUS) {
        Syslog::Print("SSL_connect error: %d\n", error);
      }
    }
  }
  // We don't expect certificate evaluation on first attempt,
  // we expect requests for more bytes, therefore we could get away
  // with passing illegal port.
  Handshake(ILLEGAL_PORT);
}

Destroy()

void dart::bin::SSLFilter::Destroy

(

)

Definition at line 693 of file secure_socket_filter.cc.

                        {
  for (int i = 0; i < kNumBuffers; ++i) {
    if (dart_buffer_objects_[i] != nullptr) {
      Dart_DeletePersistentHandle(dart_buffer_objects_[i]);
      dart_buffer_objects_[i] = nullptr;
    }
  }
  if (string_start_ != nullptr) {
    Dart_DeletePersistentHandle(string_start_);
    string_start_ = nullptr;
  }
  if (string_length_ != nullptr) {
    Dart_DeletePersistentHandle(string_length_);
    string_length_ = nullptr;
  }
  if (handshake_complete_ != nullptr) {
    Dart_DeletePersistentHandle(handshake_complete_);
    handshake_complete_ = nullptr;
  }
  if (bad_certificate_callback_ != nullptr) {
    Dart_DeletePersistentHandle(bad_certificate_callback_);
    bad_certificate_callback_ = nullptr;
  }
  if (trust_evaluate_reply_port_ != ILLEGAL_PORT) {
    Dart_CloseNativePort(trust_evaluate_reply_port_);
    trust_evaluate_reply_port_ = ILLEGAL_PORT;
  }
  FreeResources();
}

FreeResources()

void dart::bin::SSLFilter::FreeResources

(

)

Definition at line 668 of file secure_socket_filter.cc.

                              {
  if (ssl_ != nullptr) {
    SSL_free(ssl_);
    ssl_ = nullptr;
  }
  if (socket_side_ != nullptr) {
    BIO_free(socket_side_);
    socket_side_ = nullptr;
  }
  if (hostname_ != nullptr) {
    free(hostname_);
    hostname_ = nullptr;
  }
  for (int i = 0; i < kNumBuffers; ++i) {
    if (buffers_[i] != nullptr) {
      delete[] buffers_[i];
      buffers_[i] = nullptr;
    }
  }
}

GetSelectedProtocol()

void dart::bin::SSLFilter::GetSelectedProtocol

(

Dart_NativeArguments

args

)

Definition at line 657 of file secure_socket_filter.cc.

                                                             {
  const uint8_t* protocol;
  unsigned length;
  SSL_get0_alpn_selected(ssl_, &protocol, &length);
  if (length == 0) {
    Dart_SetReturnValue(args, Dart_Null());
  } else {
    Dart_SetReturnValue(args, Dart_NewStringFromUTF8(protocol, length));
  }
}

Handshake()

int dart::bin::SSLFilter::Handshake

(

Dart_Port

reply_port

)

Definition at line 601 of file secure_socket_filter.cc.

                                             {
  // Set reply port to be used by CertificateVerificationCallback
  // invoked by SSL_do_handshake: this is where results of
  // certificate evaluation will be communicated to.
  reply_port_ = reply_port;
 
  // Try and push handshake along.
  int status = SSL_do_handshake(ssl_);
  int error = SSL_get_error(ssl_, status);
  if (error == SSL_ERROR_WANT_CERTIFICATE_VERIFY) {
    return SSL_ERROR_WANT_CERTIFICATE_VERIFY;
  }
  if (callback_error != nullptr) {
    // The SSL_do_handshake will try performing a handshake and might call one
    // or both of:
    //   SSLCertContext::KeyLogCallback
    //   SSLCertContext::CertificateCallback
    //
    // If either of those functions fail, and this.callback_error has not
    // already been set, then they will set this.callback_error to an error
    // handle i.e. only the first error will be captured and propagated.
    Dart_PropagateError(callback_error);
  }
  if (SSL_want_write(ssl_) || SSL_want_read(ssl_)) {
    in_handshake_ = true;
    return error;
  }
  SecureSocketUtils::CheckStatusSSL(
      status, "HandshakeException",
      is_server_ ? "Handshake error in server" : "Handshake error in client",
      ssl_);
  // Handshake succeeded.
  if (in_handshake_) {
    // TODO(24071): Check return value of SSL_get_verify_result, this
    //    should give us the hostname check.
    int result = SSL_get_verify_result(ssl_);
    if (SSL_LOG_STATUS) {
      Syslog::Print("Handshake verification status: %d\n", result);
      X509* peer_certificate = SSL_get_peer_certificate(ssl_);
      if (peer_certificate == nullptr) {
        Syslog::Print("No peer certificate received\n");
      } else {
        X509_NAME* s_name = X509_get_subject_name(peer_certificate);
        printf("Peer certificate SN: ");
        X509_NAME_print_ex_fp(stdout, s_name, 4, 0);
        printf("\n");
      }
    }
    ThrowIfError(Dart_InvokeClosure(
        Dart_HandleFromPersistent(handshake_complete_), 0, nullptr));
    in_handshake_ = false;
  }
 
  return error;
}

hostname()

char * dart::bin::SSLFilter::hostname ( ) const

inline

Definition at line 72 of file secure_socket_filter.h.

{ return hostname_; }

Init() [1/2]

void dart::bin::SSLFilter::Init ( )

static

Definition at line 38 of file secure_socket_filter.cc.

                     {
  ASSERT(SSLFilter::mutex_ == nullptr);
  SSLFilter::mutex_ = new Mutex();
}

Init() [2/2]

Dart_Handle dart::bin::SSLFilter::Init

(

Dart_Handle

dart_this

)

Definition at line 348 of file secure_socket_filter.cc.

                                                 {
  if (!library_initialized_) {
    InitializeLibrary();
  }
  ASSERT(string_start_ == nullptr);
  string_start_ = Dart_NewPersistentHandle(DartUtils::NewString("start"));
  ASSERT(string_start_ != nullptr);
  ASSERT(string_length_ == nullptr);
  string_length_ = Dart_NewPersistentHandle(DartUtils::NewString("length"));
  ASSERT(string_length_ != nullptr);
  ASSERT(bad_certificate_callback_ == nullptr);
  bad_certificate_callback_ = Dart_NewPersistentHandle(Dart_Null());
  ASSERT(bad_certificate_callback_ != nullptr);
  // Caller handles cleanup on an error.
  return InitializeBuffers(dart_this);
}

InitializeLibrary()

void dart::bin::SSLFilter::InitializeLibrary ( )

static

Definition at line 470 of file secure_socket_filter.cc.

                                  {
  MutexLocker locker(mutex_);
  if (!library_initialized_) {
    SSL_library_init();
    filter_ssl_index =
        SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
    ASSERT(filter_ssl_index >= 0);
    ssl_cert_context_index =
        SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
    ASSERT(ssl_cert_context_index >= 0);
    library_initialized_ = true;
  }
}

is_client()

bool dart::bin::SSLFilter::is_client ( ) const

inline

Definition at line 74 of file secure_socket_filter.h.

{ return !is_server_; }

is_server()

bool dart::bin::SSLFilter::is_server ( ) const

inline

Definition at line 73 of file secure_socket_filter.h.

{ return is_server_; }

key_log_port()

Dart_Port dart::bin::SSLFilter::key_log_port ( )

inline

Definition at line 91 of file secure_socket_filter.h.

{ return key_log_port_; }

MarkAsTrusted()

void dart::bin::SSLFilter::MarkAsTrusted

(

Dart_NativeArguments

args

)

Definition at line 588 of file secure_socket_filter.cc.

                                                       {
  intptr_t certificate_pointer = DartUtils::GetNativeIntptrArgument(args, 1);
  ASSERT(certificate_pointer != 0);
  certificate_trust_state_.reset(
      new X509TrustState(reinterpret_cast<X509*>(certificate_pointer),
                         DartUtils::GetNativeBooleanArgument(args, 2)));
  if (SSL_LOG_STATUS) {
    Syslog::Print("Mark %p as %strusted certificate\n",
                  certificate_trust_state_->x509(),
                  certificate_trust_state_->is_trusted() ? "" : "not ");
  }
}

PeerCertificate()

Dart_Handle dart::bin::SSLFilter::PeerCertificate

(

)

Definition at line 458 of file secure_socket_filter.cc.

                                       {
  X509* ca = SSL_get_peer_certificate(ssl_);
  if (ca == nullptr) {
    return Dart_Null();
  }
  return X509Helper::WrappedX509Certificate(ca);
}

ProcessAllBuffers()

bool dart::bin::SSLFilter::ProcessAllBuffers	(	int	starts[kNumBuffers],
		int	ends[kNumBuffers],
		bool	in_handshake
	)

Definition at line 276 of file secure_socket_filter.cc.

                                                     {
  for (int i = 0; i < kNumBuffers; ++i) {
    if (in_handshake && (i == kReadPlaintext || i == kWritePlaintext)) continue;
    int start = starts[i];
    int end = ends[i];
    int size = IsBufferEncrypted(i) ? encrypted_buffer_size_ : buffer_size_;
    if (start < 0 || end < 0 || start >= size || end >= size) {
      FATAL("Out-of-bounds internal buffer access in dart:io SecureSocket");
    }
    switch (i) {
      case kReadPlaintext:
      case kWriteEncrypted:
        // Write data to the circular buffer's free space.  If the buffer
        // is full, neither if statement is executed and nothing happens.
        if (start <= end) {
          // If the free space may be split into two segments,
          // then the first is [end, size), unless start == 0.
          // Then, since the last free byte is at position start - 2,
          // the interval is [end, size - 1).
          int buffer_end = (start == 0) ? size - 1 : size;
          int bytes = (i == kReadPlaintext)
                          ? ProcessReadPlaintextBuffer(end, buffer_end)
                          : ProcessWriteEncryptedBuffer(end, buffer_end);
          if (bytes < 0) return false;
          end += bytes;
          ASSERT(end <= size);
          if (end == size) end = 0;
        }
        if (start > end + 1) {
          int bytes = (i == kReadPlaintext)
                          ? ProcessReadPlaintextBuffer(end, start - 1)
                          : ProcessWriteEncryptedBuffer(end, start - 1);
          if (bytes < 0) return false;
          end += bytes;
          ASSERT(end < start);
        }
        ends[i] = end;
        break;
      case kReadEncrypted:
      case kWritePlaintext:
        // Read/Write data from circular buffer.  If the buffer is empty,
        // neither if statement's condition is true.
        if (end < start) {
          // Data may be split into two segments.  In this case,
          // the first is [start, size).
          int bytes = (i == kReadEncrypted)
                          ? ProcessReadEncryptedBuffer(start, size)
                          : ProcessWritePlaintextBuffer(start, size);
          if (bytes < 0) return false;
          start += bytes;
          ASSERT(start <= size);
          if (start == size) start = 0;
        }
        if (start < end) {
          int bytes = (i == kReadEncrypted)
                          ? ProcessReadEncryptedBuffer(start, end)
                          : ProcessWritePlaintextBuffer(start, end);
          if (bytes < 0) return false;
          start += bytes;
          ASSERT(start <= end);
        }
        starts[i] = start;
        break;
      default:
        UNREACHABLE();
    }
  }
  return true;
}

ProcessFilterRequest()

CObject * dart::bin::SSLFilter::ProcessFilterRequest ( const CObjectArray &  request )

static

Pushes data through the SSL filter, reading and writing from circular buffers shared with Dart.

The Dart _SecureFilterImpl class contains 4 ExternalByteArrays used to pass encrypted and plaintext data to and from the C++ SSLFilter object.

ProcessFilter is called with a CObject array containing the pointer to the SSLFilter, encoded as an int, and the start and end positions of the valid data in the four circular buffers. The function only reads from the valid data area of the input buffers, and only writes to the free area of the output buffers. The function returns the new start and end positions in the buffers, but it only updates start for input buffers, and end for output buffers. Therefore, the Dart thread can simultaneously write to the free space and end pointer of input buffers, and read from the data space of output buffers, and modify the start pointer.

When ProcessFilter returns, the Dart thread is responsible for combining the updated pointers from Dart and C++, to make the new valid state of the circular buffer.

Definition at line 243 of file secure_socket_filter.cc.

                                                                    {
  CObjectIntptr filter_object(request[0]);
  SSLFilter* filter = reinterpret_cast<SSLFilter*>(filter_object.Value());
  RefCntReleaseScope<SSLFilter> rs(filter);
 
  bool in_handshake = CObjectBool(request[1]).Value();
  int starts[SSLFilter::kNumBuffers];
  int ends[SSLFilter::kNumBuffers];
  for (int i = 0; i < SSLFilter::kNumBuffers; ++i) {
    starts[i] = CObjectInt32(request[2 * i + 2]).Value();
    ends[i] = CObjectInt32(request[2 * i + 3]).Value();
  }
 
  if (filter->ProcessAllBuffers(starts, ends, in_handshake)) {
    CObjectArray* result =
        new CObjectArray(CObject::NewArray(SSLFilter::kNumBuffers * 2));
    for (int i = 0; i < SSLFilter::kNumBuffers; ++i) {
      result->SetAt(2 * i, new CObjectInt32(CObject::NewInt32(starts[i])));
      result->SetAt(2 * i + 1, new CObjectInt32(CObject::NewInt32(ends[i])));
    }
    return result;
  } else {
    int32_t error_code = static_cast<int32_t>(ERR_peek_error());
    TextBuffer error_string(SecureSocketUtils::SSL_ERROR_MESSAGE_BUFFER_SIZE);
    SecureSocketUtils::FetchErrorString(filter->ssl_, &error_string);
    CObjectArray* result = new CObjectArray(CObject::NewArray(2));
    result->SetAt(0, new CObjectInt32(CObject::NewInt32(error_code)));
    result->SetAt(1,
                  new CObjectString(CObject::NewString(error_string.buffer())));
    return result;
  }
}

ProcessReadEncryptedBuffer()

int dart::bin::SSLFilter::ProcessReadEncryptedBuffer	(	int	start,
		int	end
	)

Definition at line 779 of file secure_socket_filter.cc.

                                                            {
  int length = end - start;
  if (SSL_LOG_DATA) {
    Syslog::Print("Entering ProcessReadEncryptedBuffer with %d bytes\n",
                  length);
  }
  int bytes_processed = 0;
  if (length > 0) {
    bytes_processed =
        BIO_write(socket_side_, buffers_[kReadEncrypted] + start, length);
    if (bytes_processed <= 0) {
      bool retry = BIO_should_retry(socket_side_) != 0;
      if (!retry) {
        if (SSL_LOG_DATA) {
          Syslog::Print("BIO_write failed in ReadEncryptedBuffer\n");
        }
      }
      bytes_processed = 0;
    }
  }
  if (SSL_LOG_DATA) {
    Syslog::Print("Leaving ProcessReadEncryptedBuffer read %d bytes\n",
                  bytes_processed);
  }
  return bytes_processed;
}

ProcessReadPlaintextBuffer()

int dart::bin::SSLFilter::ProcessReadPlaintextBuffer	(	int	start,
		int	end
	)

Definition at line 724 of file secure_socket_filter.cc.

                                                            {
  int length = end - start;
  int bytes_processed = 0;
  if (SSL_LOG_DATA) {
    Syslog::Print("Entering ProcessReadPlaintextBuffer with %d bytes\n",
                  length);
  }
  if (length > 0) {
    bytes_processed = SSL_read(
        ssl_, reinterpret_cast<char*>((buffers_[kReadPlaintext] + start)),
        length);
    if (bytes_processed < 0) {
      int error = SSL_get_error(ssl_, bytes_processed);
      if (SSL_LOG_DATA) {
        Syslog::Print("SSL_read returned error %d\n", error);
      }
      switch (error) {
        case SSL_ERROR_SYSCALL:
        case SSL_ERROR_SSL:
          return -1;
        default:
          break;
      }
      bytes_processed = 0;
    }
  }
  if (SSL_LOG_DATA) {
    Syslog::Print("Leaving ProcessReadPlaintextBuffer read %d bytes\n",
                  bytes_processed);
  }
  return bytes_processed;
}

ProcessWriteEncryptedBuffer()

int dart::bin::SSLFilter::ProcessWriteEncryptedBuffer	(	int	start,
		int	end
	)

Definition at line 806 of file secure_socket_filter.cc.

                                                             {
  int length = end - start;
  int bytes_processed = 0;
  if (SSL_LOG_DATA) {
    Syslog::Print("Entering ProcessWriteEncryptedBuffer with %d bytes\n",
                  length);
  }
  if (length > 0) {
    bytes_processed =
        BIO_read(socket_side_, buffers_[kWriteEncrypted] + start, length);
    if (bytes_processed < 0) {
      if (SSL_LOG_DATA) {
        Syslog::Print("WriteEncrypted BIO_read returned error %d\n",
                      bytes_processed);
      }
      return 0;
    } else {
      if (SSL_LOG_DATA) {
        Syslog::Print("WriteEncrypted  BIO_read wrote %d bytes\n",
                      bytes_processed);
      }
    }
  }
  return bytes_processed;
}

ProcessWritePlaintextBuffer()

int dart::bin::SSLFilter::ProcessWritePlaintextBuffer	(	int	start,
		int	end
	)

Definition at line 757 of file secure_socket_filter.cc.

                                                             {
  int length = end - start;
  if (SSL_LOG_DATA) {
    Syslog::Print("Entering ProcessWritePlaintextBuffer with %d bytes\n",
                  length);
  }
  int bytes_processed =
      SSL_write(ssl_, buffers_[kWritePlaintext] + start, length);
  if (bytes_processed < 0) {
    if (SSL_LOG_DATA) {
      Syslog::Print("SSL_write returned error %d\n", bytes_processed);
    }
    return 0;
  }
  if (SSL_LOG_DATA) {
    Syslog::Print("Leaving ProcessWritePlaintextBuffer wrote %d bytes\n",
                  bytes_processed);
  }
  return bytes_processed;
}

RegisterBadCertificateCallback()

void dart::bin::SSLFilter::RegisterBadCertificateCallback

(

Dart_Handle

callback

)

Definition at line 451 of file secure_socket_filter.cc.

                                                                   {
  ASSERT(bad_certificate_callback_ != nullptr);
  Dart_DeletePersistentHandle(bad_certificate_callback_);
  bad_certificate_callback_ = Dart_NewPersistentHandle(callback);
  ASSERT(bad_certificate_callback_ != nullptr);
}

RegisterHandshakeCompleteCallback()

void dart::bin::SSLFilter::RegisterHandshakeCompleteCallback

(

Dart_Handle

handshake_complete

)

Definition at line 444 of file secure_socket_filter.cc.

                                                                      {
  ASSERT(nullptr == handshake_complete_);
  handshake_complete_ = Dart_NewPersistentHandle(complete);
 
  ASSERT(handshake_complete_ != nullptr);
}

RegisterKeyLogPort()

void dart::bin::SSLFilter::RegisterKeyLogPort

(

Dart_Port

key_log_port

)

Definition at line 466 of file secure_socket_filter.cc.

                                                         {
  key_log_port_ = key_log_port;
}

reply_port()

Dart_Port dart::bin::SSLFilter::reply_port ( ) const

inline

Definition at line 117 of file secure_socket_filter.h.

{ return reply_port_; }

trust_evaluate_reply_port()

Dart_Port dart::bin::SSLFilter::trust_evaluate_reply_port ( ) const

inline

Definition at line 118 of file secure_socket_filter.h.

                                              {
    return trust_evaluate_reply_port_;
  }

Member Data Documentation

callback_error

Dart_Handle dart::bin::SSLFilter::callback_error

Definition at line 104 of file secure_socket_filter.h.

filter_ssl_index

int dart::bin::SSLFilter::filter_ssl_index

static

Definition at line 109 of file secure_socket_filter.h.

kApproximateSize

const intptr_t dart::bin::SSLFilter::kApproximateSize

static

Initial value:

=
    sizeof(SSLFilter) + (2 * SSLFilter::kInternalBIOSize)

Definition at line 56 of file secure_socket_filter.h.

kSSLFilterNativeFieldIndex

constexpr int dart::bin::SSLFilter::kSSLFilterNativeFieldIndex = 0

staticconstexpr

Definition at line 57 of file secure_socket_filter.h.

ssl_cert_context_index

int dart::bin::SSLFilter::ssl_cert_context_index

static

Definition at line 112 of file secure_socket_filter.h.

---

The documentation for this class was generated from the following files:

• third_party/dart-lang/sdk/runtime/bin/secure_socket_filter.h
• third_party/dart-lang/sdk/runtime/bin/secure_socket_filter.cc