Breaking Change: merge BoringSSL branch into master

This replaces the NSS secure networking library from Mozilla
with the BoringSSL library from Google. This library, based
on OpenSSL, reads certificates from files in PEM format, rather
than storing certificates and keys in a SQLite database, the
way NSS does. There will be a blog post, changelog entries,
and other documentation of the breaking changes.

Review URL: https://codereview.chromium.org//1319703002 .

Author: whesse

DEPS

@@ -42,6 +42,7 @@ vars = {
   "args_tag": "@0.13.0",
   "async_tag": "@1.2.0",
   "barback_tag" : "@0.15.2+6",
+  "boringssl_rev" : "@daeafc22c66ad48f6b32fc8d3362eb9ba31b774e",
   "charcode_tag": "@1.1.0",
   "chrome_rev" : "@19997",
   "clang_rev" : "@28450",
@@ -89,6 +90,7 @@ vars = {
   "pub_cache_tag": "@v0.1.0",
   "pub_semver_tag": "@1.2.1",
   "quiver_tag": "@0.21.4",
+  "root_certificates_rev": "@c3a41df63afacec62fcb8135196177e35fe72f71",
   "scheduled_test_tag": "@0.12.1+2",
   "shelf_rev": "@1e87b79b21ac5e6fa2f93576d6c06eaa65285ef4",
   "smoke_rev" : "@f3361191cc2a85ebc1e4d4c33aec672d7915aba9",
@@ -143,6 +145,14 @@ deps = {
       Var("chromium_git") + "/chromium/src/net/third_party/nss.git" +
       Var("net_nss_rev"),
 
+  Var("dart_root") + "/third_party/boringssl/src":
+      "https://boringssl.googlesource.com/boringssl.git" +
+      Var("boringssl_rev"),
+
+  Var("dart_root") + "/third_party/root_certificates":
+      "https://github.com/dart-lang/root_certificates.git" +
+      Var("root_certificates_rev"),
+
   Var("dart_root") + "/third_party/jinja2":
       Var("chromium_git") + "/chromium/src/third_party/jinja2.git" +
       Var("jinja2_rev"),

runtime/bin/bin.gypi

@@ -222,11 +222,6 @@
         ['exclude', '_test\\.(cc|h)$'],
       ],
       'conditions': [
-        ['dart_io_support==1 and dart_io_secure_socket==1', {
-          'dependencies': [
-            'bin/net/ssl.gyp:libssl_dart',
-          ],
-        }],
         ['dart_io_secure_socket==0', {
           'defines': [
             'DART_IO_SECURE_SOCKET_DISABLED'
@@ -292,14 +287,14 @@
         'io_natives.cc',
       ],
       'conditions': [
-        ['dart_io_support==1 and dart_io_secure_socket==1', {
+        ['dart_io_support==1', {
           'dependencies': [
-            'bin/net/ssl.gyp:libssl_dart',
+            'bin/net/zlib.gyp:zlib_dart',
           ],
         }],
-        ['dart_io_support==1 and dart_io_secure_socket==0', {
+        ['dart_io_support==1 and dart_io_secure_socket==1', {
           'dependencies': [
-            'bin/net/zlib.gyp:zlib_dart',
+            '../third_party/boringssl/boringssl_dart.gyp:boringssl',
           ],
         }],
         ['dart_io_secure_socket==0', {
@@ -333,19 +328,6 @@
           },
         }],
       ],
-      'configurations': {
-        'Dart_Android_Base': {
-          'target_conditions': [
-            ['_toolset=="target"', {
-              'defines': [
-                # Needed for sources outside of nss that include pr and ssl
-                # header files.
-                'MDCPUCFG="md/_linux.cfg"',
-              ],
-            }],
-          ],
-        },
-      },
     },
     {
       'target_name': 'libdart_nosnapshot',

runtime/bin/io_impl_sources.gypi

@@ -26,9 +26,9 @@
     'filter_unsupported.cc',
     'io_service.cc',
     'io_service.h',
+    'io_service_no_ssl.cc',
+    'io_service_no_ssl.h',
     'io_service_unsupported.cc',
-    'net/nss_memio.cc',
-    'net/nss_memio.h',
     'platform.cc',
     'platform.h',
     'platform_android.cc',
@@ -41,6 +41,7 @@
     'process_linux.cc',
     'process_macos.cc',
     'process_win.cc',
+    '../../third_party/root_certificates/root_certificates.cc',
     'secure_socket.cc',
     'secure_socket.h',
     'secure_socket_unsupported.cc',
@@ -62,12 +63,15 @@
       'conditions': [
         ['dart_io_secure_socket==1', {
           'sources!' : [
+            'io_service_no_ssl.cc',
+            'io_service_no_ssl.h',
             'secure_socket_unsupported.cc',
           ],
         }, {  # else dart_io_secure_socket == 0
           'sources!' : [
-            'net/nss_memio.cc',
-            'net/nss_memio.h',
+            '../../third_party/root_certificates/root_certificates.cc',
+            'io_service.cc',
+            'io_service.h',
             'secure_socket.cc',
             'secure_socket.h',
           ],
@@ -83,8 +87,9 @@
         'filter.h',
         'io_service.cc',
         'io_service.h',
-        'net/nss_memio.cc',
-        'net/nss_memio.h',
+        'io_service_no_ssl.cc',
+        'io_service_no_ssl.h',
+        '../../third_party/root_certificates/root_certificates.cc',
         'secure_socket.cc',
         'secure_socket.h',
       ],

runtime/bin/io_natives.cc

@@ -96,17 +96,23 @@ namespace bin {
   V(Process_Pid, 1)                                                            \
   V(Process_SetSignalHandler, 1)                                               \
   V(Process_ClearSignalHandler, 1)                                             \
-  V(SecureSocket_Connect, 10)                                                  \
+  V(SecureSocket_Connect, 8)                                                   \
   V(SecureSocket_Destroy, 1)                                                   \
   V(SecureSocket_FilterPointer, 1)                                             \
   V(SecureSocket_GetSelectedProtocol, 1)                                       \
   V(SecureSocket_Handshake, 1)                                                 \
   V(SecureSocket_Init, 1)                                                      \
-  V(SecureSocket_InitializeLibrary, 3)                                         \
   V(SecureSocket_PeerCertificate, 1)                                           \
   V(SecureSocket_RegisterBadCertificateCallback, 2)                            \
   V(SecureSocket_RegisterHandshakeCompleteCallback, 2)                         \
   V(SecureSocket_Renegotiate, 4)                                               \
+  V(SecurityContext_Allocate, 1)                                               \
+  V(SecurityContext_UsePrivateKey, 3)                                          \
+  V(SecurityContext_SetAlpnProtocols, 3)                                       \
+  V(SecurityContext_SetClientAuthorities, 2)                                   \
+  V(SecurityContext_SetTrustedCertificates, 3)                                 \
+  V(SecurityContext_TrustBuiltinRoots, 1)                                      \
+  V(SecurityContext_UseCertificateChain, 2)                                    \
   V(ServerSocket_Accept, 2)                                                    \
   V(ServerSocket_CreateBindListen, 6)                                          \
   V(Socket_CreateConnect, 3)                                                   \
@@ -136,8 +142,11 @@ namespace bin {
   V(Stdin_SetLineMode, 1)                                                      \
   V(Stdout_GetTerminalSize, 1)                                                 \
   V(StringToSystemEncoding, 1)                                                 \
-  V(SystemEncodingToString, 1)
-
+  V(SystemEncodingToString, 1)                                                 \
+  V(X509_Subject, 1)                                                           \
+  V(X509_Issuer, 1)                                                            \
+  V(X509_StartValidity, 1)                                                     \
+  V(X509_EndValidity, 1)
 
 IO_NATIVE_LIST(DECLARE_FUNCTION);
 

runtime/bin/io_service_no_ssl.cc

@@ -0,0 +1,78 @@
+// Copyright (c) 2013, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+#include "bin/dartutils.h"
+#include "bin/directory.h"
+#include "bin/file.h"
+#include "bin/io_buffer.h"
+#include "bin/io_service_no_ssl.h"
+#include "bin/socket.h"
+#include "bin/utils.h"
+
+#include "platform/globals.h"
+#include "platform/utils.h"
+
+#include "include/dart_api.h"
+
+
+namespace dart {
+namespace bin {
+
+#define CASE_REQUEST(type, method, id)                                         \
+  case IOService::k##type##method##Request:                                    \
+    response = type::method##Request(data);                                    \
+    break;
+
+void IOServiceCallback(Dart_Port dest_port_id,
+                       Dart_CObject* message) {
+  Dart_Port reply_port_id = ILLEGAL_PORT;
+  CObject* response = CObject::IllegalArgumentError();
+  CObjectArray request(message);
+  if (message->type == Dart_CObject_kArray &&
+      request.Length() == 4 &&
+      request[0]->IsInt32() &&
+      request[1]->IsSendPort() &&
+      request[2]->IsInt32() &&
+      request[3]->IsArray()) {
+    CObjectInt32 message_id(request[0]);
+    CObjectSendPort reply_port(request[1]);
+    CObjectInt32 request_id(request[2]);
+    CObjectArray data(request[3]);
+    reply_port_id = reply_port.Value();
+    switch (request_id.Value()) {
+  IO_SERVICE_REQUEST_LIST(CASE_REQUEST);
+      default:
+        UNREACHABLE();
+    }
+  }
+
+  CObjectArray result(CObject::NewArray(2));
+  result.SetAt(0, request[0]);
+  result.SetAt(1, response);
+  ASSERT(reply_port_id != ILLEGAL_PORT);
+  Dart_PostCObject(reply_port_id, result.AsApiCObject());
+}
+
+
+Dart_Port IOService::GetServicePort() {
+  Dart_Port result = Dart_NewNativePort("IOService",
+                                        IOServiceCallback,
+                                        true);
+  return result;
+}
+
+
+void FUNCTION_NAME(IOService_NewServicePort)(Dart_NativeArguments args) {
+  Dart_SetReturnValue(args, Dart_Null());
+  Dart_Port service_port = IOService::GetServicePort();
+  if (service_port != ILLEGAL_PORT) {
+    // Return a send port for the service port.
+    Dart_Handle send_port = Dart_NewSendPort(service_port);
+    Dart_SetReturnValue(args, send_port);
+  }
+}
+
+
+}  // namespace bin
+}  // namespace dart

runtime/bin/io_service_no_ssl.h

@@ -0,0 +1,74 @@
+// Copyright (c) 2013, the Dart project authors.  Please see the AUTHORS file
+// for details. All rights reserved. Use of this source code is governed by a
+// BSD-style license that can be found in the LICENSE file.
+
+#ifndef BIN_IO_SERVICE_NO_SSL_H_
+#define BIN_IO_SERVICE_NO_SSL_H_
+
+#include "bin/builtin.h"
+#include "bin/utils.h"
+
+
+namespace dart {
+namespace bin {
+
+// This list must be kept in sync with the list in sdk/lib/io/io_service.dart
+// In this modified version, though, the request 39 for SSLFilter::ProcessFilter
+// is removed, for use in contexts in which secure sockets are not enabled.
+#define IO_SERVICE_REQUEST_LIST(V)                                             \
+  V(File, Exists, 0)                                                           \
+  V(File, Create, 1)                                                           \
+  V(File, Delete, 2)                                                           \
+  V(File, Rename, 3)                                                           \
+  V(File, Copy, 4)                                                             \
+  V(File, Open, 5)                                                             \
+  V(File, ResolveSymbolicLinks, 6)                                             \
+  V(File, Close, 7)                                                            \
+  V(File, Position, 8)                                                         \
+  V(File, SetPosition, 9)                                                      \
+  V(File, Truncate, 10)                                                        \
+  V(File, Length, 11)                                                          \
+  V(File, LengthFromPath, 12)                                                  \
+  V(File, LastModified, 13)                                                    \
+  V(File, Flush, 14)                                                           \
+  V(File, ReadByte, 15)                                                        \
+  V(File, WriteByte, 16)                                                       \
+  V(File, Read, 17)                                                            \
+  V(File, ReadInto, 18)                                                        \
+  V(File, WriteFrom, 19)                                                       \
+  V(File, CreateLink, 20)                                                      \
+  V(File, DeleteLink, 21)                                                      \
+  V(File, RenameLink, 22)                                                      \
+  V(File, LinkTarget, 23)                                                      \
+  V(File, Type, 24)                                                            \
+  V(File, Identical, 25)                                                       \
+  V(File, Stat, 26)                                                            \
+  V(File, Lock, 27)                                                            \
+  V(Socket, Lookup, 28)                                                        \
+  V(Socket, ListInterfaces, 29)                                                \
+  V(Socket, ReverseLookup, 30)                                                 \
+  V(Directory, Create, 31)                                                     \
+  V(Directory, Delete, 32)                                                     \
+  V(Directory, Exists, 33)                                                     \
+  V(Directory, CreateTemp, 34)                                                 \
+  V(Directory, ListStart, 35)                                                  \
+  V(Directory, ListNext, 36)                                                   \
+  V(Directory, ListStop, 37)                                                   \
+  V(Directory, Rename, 38)
+
+#define DECLARE_REQUEST(type, method, id)                                      \
+  k##type##method##Request = id,
+
+class IOService {
+ public:
+  enum {
+IO_SERVICE_REQUEST_LIST(DECLARE_REQUEST)
+  };
+
+  static Dart_Port GetServicePort();
+};
+
+}  // namespace bin
+}  // namespace dart
+
+#endif  // BIN_IO_SERVICE_NO_SSL_H_