diff options
author | Ramon Fernandez <ramon@mongodb.com> | 2018-01-31 11:37:12 -0500 |
---|---|---|
committer | Ramon Fernandez <ramon@mongodb.com> | 2018-01-31 11:37:12 -0500 |
commit | b5a16bea867890da4c649d791e79113fc29999ac (patch) | |
tree | 260c018094ce7e99ba23a3f944d230fc2de399e6 /src/mongo/gotools | |
parent | da5520555faef9a2ba9b6c9ec80539ae95ad88a5 (diff) | |
download | mongo-b5a16bea867890da4c649d791e79113fc29999ac.tar.gz |
Import tools: 4ec067b2ad33ffc54a558270f8506f8405382379 from branch master
ref: 49d61f9a36..4ec067b2ad
for: 3.7.2
TOOLS-1765 mongoreplay crashes with out of memory recording from 8GB pcap file
TOOLS-1773 Change mongoreplay encoding format
TOOLS-1776 mongoreplay hangs on open connection when finishing playback
TOOLS-1794 Add ability to filter a certain duration in mongoreplay
TOOLS-1905 Need to update spacemonkeygo/openssl fork to support newer OpenSSL libraries
TOOLS-1932 Incorrect shebang line for build.sh
TOOLS-1938 Rationalize Evergreen build variants
Diffstat (limited to 'src/mongo/gotools')
-rw-r--r-- | src/mongo/gotools/Godeps | 2 | ||||
-rwxr-xr-x | src/mongo/gotools/build.sh | 2 | ||||
-rw-r--r-- | src/mongo/gotools/common.yml | 316 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/openssl/openssl.go | 2 | ||||
-rw-r--r-- | src/mongo/gotools/common/db/openssl/openssl_fips.go | 16 | ||||
-rw-r--r-- | src/mongo/gotools/common/options/options_ssl.go | 2 | ||||
-rw-r--r-- | src/mongo/gotools/import.data | 2 | ||||
-rw-r--r-- | src/mongo/gotools/mongoreplay/filter.go | 85 | ||||
-rw-r--r-- | src/mongo/gotools/mongoreplay/filter_test.go | 132 | ||||
-rw-r--r-- | src/mongo/gotools/mongoreplay/mongo_op_handler.go | 1 | ||||
-rw-r--r-- | src/mongo/gotools/mongoreplay/packet_handler.go | 18 | ||||
-rw-r--r-- | src/mongo/gotools/mongoreplay/parallel_file_read_manager.go | 138 | ||||
-rw-r--r-- | src/mongo/gotools/mongoreplay/play.go | 2 | ||||
-rw-r--r-- | src/mongo/gotools/mongoreplay/playbackfile.go | 28 | ||||
-rw-r--r-- | src/mongo/gotools/mongoreplay/record.go | 8 | ||||
-rwxr-xr-x | src/mongo/gotools/test.sh | 2 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/.gitignore | 1 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/AUTHORS | 22 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/LICENSE (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/LICENSE) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/README.md (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/README.md) | 6 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/bio.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/bio.go) | 110 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/build.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/build.go) | 14 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/build_static.go | 24 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert.go) | 53 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert_test.go) | 2 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers.go) | 56 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_gcm.go | 154 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers_test.go) | 4 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/conn.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/conn.go) | 48 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx.go) | 121 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx_test.go) | 2 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh.go | 68 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh_test.go | 48 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/dhparam.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/dhparam.go) | 31 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/digest.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/digest.go) | 8 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/engine.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/engine.go) | 4 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips.go | 66 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go | 35 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/hmac.go | 91 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/hmac_test.go | 74 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.c (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.c) | 22 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.go) | 21 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/http.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/http.go) | 2 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/init.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init.go) | 43 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_posix.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_posix.go) | 8 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_windows.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_windows.go) | 15 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/key.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key.go) | 247 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_0_9.go | 58 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0.go | 132 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0_test.go | 145 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key_test.go) | 4 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/mapping.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/mapping.go) | 4 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/net.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/net.go) | 37 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/nid.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/nid.go) | 9 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/password.c (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/password.c) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/pem.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/pem.go) | 2 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1.go) | 31 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1_test.go) | 8 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256.go) | 31 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256_test.go) | 8 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.c | 737 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.h | 172 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni.c (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni.c) | 2 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni_test.go) | 2 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl.go) | 41 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl_test.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl_test.go) | 27 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.c (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.c) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/tickets.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.go) | 31 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/errors.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/errors.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/future.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/future.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/10gen/openssl/version.go (renamed from src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/version.go) | 0 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/fips.go | 22 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/oracle_stubs.go | 162 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.c | 27 | ||||
-rw-r--r-- | src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/verify.c | 31 |
76 files changed, 2774 insertions, 1105 deletions
diff --git a/src/mongo/gotools/Godeps b/src/mongo/gotools/Godeps index 8a0702bafda..42f56e7f8c0 100644 --- a/src/mongo/gotools/Godeps +++ b/src/mongo/gotools/Godeps @@ -6,7 +6,7 @@ github.com/smartystreets/assertions 287b4346dc4e71a038c346375a9d572453bc469b github.com/smartystreets/goconvey bf58a9a1291224109919756b4dcc469c670cc7e4 github.com/jessevdk/go-flags 97448c91aac742cbca3d020b3e769013a420a06f github.com/3rf/mongo-lint 3550fdcf1f43b89aaeabaa4559eaae6dc4407e42 -github.com/spacemonkeygo/openssl 2869e8ca1a6eb35fb727f41611fd52b55cd0f49c github.com/10gen/openssl +github.com/10gen/openssl e5c6dda7b7f225dfdfe0ebb966789017457e6afe github.com/spacemonkeygo/spacelog f936fb050dc6b5fe4a96b485a6f069e8bdc59aeb github.com/howeyc/gopass 44476384cd4721b68705e72f19e95d1a3a504370 github.com/nsf/termbox-go 0723e7c3d0a317dea811f0fbe4d6edd81908c971 diff --git a/src/mongo/gotools/build.sh b/src/mongo/gotools/build.sh index 5c8fba2b1b4..9ca53c4f429 100755 --- a/src/mongo/gotools/build.sh +++ b/src/mongo/gotools/build.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -o errexit tags="" if [ ! -z "$1" ] diff --git a/src/mongo/gotools/common.yml b/src/mongo/gotools/common.yml index 3f66412c12c..0c51c8ca668 100644 --- a/src/mongo/gotools/common.yml +++ b/src/mongo/gotools/common.yml @@ -1595,11 +1595,47 @@ tasks: - func: "upload timeseries" buildvariants: + +####################################### +# Debian Buildvariants # +####################################### + +- name: debian71 + display_name: Debian 7.1 + run_on: + - debian71-test + expansions: + gorootvars: PATH="/opt/go/bin:$PATH" + build_tags: "sasl ssl" + tasks: + - name: dist + +- name: debian81 + display_name: Debian 8.1 + run_on: + - debian81-test + expansions: + gorootvars: PATH="/opt/go/bin:$PATH" + build_tags: "sasl ssl" + tasks: + - name: dist + +- name: debian92 + display_name: Debian 9.2 + run_on: + - debian92-test + expansions: + gorootvars: PATH="/opt/go/bin:$PATH" + build_tags: "sasl ssl" + tasks: + - name: dist + ####################################### # macOS Buildvariant # ####################################### + - name: macOS-1012 - display_name: macOS 10.12 64-bit + display_name: MacOS 10.12 run_on: - macos-1012 expansions: @@ -1613,7 +1649,7 @@ buildvariants: tasks: *macos_1012_tasks - name: macOS-1012-ssl - display_name: macOS 10.12 64-bit SSL + display_name: MacOS 10.12 SSL run_on: - macos-1012 expansions: @@ -1622,18 +1658,72 @@ buildvariants: mongo_os: "osx" mongo_target: "osx-ssl" arch: "osx/x86_64" - build_tags: "ssl" - edition: ssl + build_tags: "ssl openssl_pre_1.0" excludes: requires_many_files gorootvars: CGO_CPPFLAGS=-I/opt/mongodbtoolchain/v2/include CGO_CFLAGS=-mmacosx-version-min=10.10 CGO_LDFLAGS=-mmacosx-version-min=10.10 tasks: *macos_1012_ssl_tasks ####################################### +# RHEL Buildvariants # +####################################### + +- name: rhel62 + display_name: RHEL 6.2 + run_on: + - rhel62-test + expansions: + gorootvars: PATH="/opt/go/bin:$PATH" + build_tags: "sasl ssl" + tasks: + - name: dist + +- name: rhel70 + display_name: RHEL 7.0 + run_on: + - rhel70 + expansions: + gorootvars: PATH="/opt/go/bin:$PATH" + build_tags: "sasl ssl" + tasks: + - name: dist + +####################################### +# SUSE Buildvariants # +####################################### + +- name: suse11 + display_name: SUSE 11 + run_on: + - suse11-test + expansions: + build_tags: "sasl ssl openssl_pre_1.0" + tasks: + - name: dist + +- name: suse12 + display_name: SUSE 12 + run_on: + - suse12-test + expansions: + build_tags: "sasl ssl" + tasks: + - name: dist + +####################################### # Ubuntu Buildvariants # ####################################### -- name: ubuntu - display_name: Linux 64-bit +- name: ubuntu1204 + display_name: Ubuntu 12.04 + run_on: + - ubuntu1204-test + expansions: + build_tags: "sasl ssl" + tasks: + - name: dist + +- name: ubuntu1404 + display_name: Ubuntu 14.04 run_on: - ubuntu1404-test expansions: @@ -1641,14 +1731,14 @@ buildvariants: <<: *mongo_default_startup_args mongo_os: "ubuntu1404" mongo_edition: "targeted" - build_tags: "ssl" + build_tags: "sasl ssl" arch: "linux/x86_64" integration_test_args: integration resmoke_args: --jobs $(grep -c ^processor /proc/cpuinfo) tasks: *ubuntu1404_tasks -- name: ubuntu-ssl - display_name: Linux 64-bit SSL +- name: ubuntu1404-ssl + display_name: Ubuntu 14.04 SSL run_on: - ubuntu1404-test expansions: @@ -1656,7 +1746,7 @@ buildvariants: <<: *mongo_ssl_startup_args mongo_os: "ubuntu1404" mongo_edition: "enterprise" - build_tags: "ssl" + build_tags: "sasl ssl" edition: ssl arch: "linux/x86_64" smoke_use_ssl: --use-ssl @@ -1666,7 +1756,7 @@ buildvariants: tasks: *ubuntu1404_ssl_tasks - name: ubuntu-enterprise - display_name: Linux 64-bit Enterprise + display_name: Ubuntu 14.04 Enterprise run_on: - ubuntu1404-test expansions: @@ -1684,79 +1774,19 @@ buildvariants: resmoke_args: --jobs $(grep -c ^processor /proc/cpuinfo) tasks: *ubuntu1404_enterprise_tasks -- name: rhel71-ppc64le-enterprise - display_name: Linux PPC64LE RHEL 7.1 Enterprise +- name: ubuntu1604 + display_name: Ubuntu 16.04 run_on: - - rhel71-power8-test + - ubuntu1604-test expansions: - <<: *mongod_default_startup_args - <<: *mongo_default_startup_args - mongo_os: "rhel71" - mongo_edition: "enterprise" - mongo_arch: "ppc64le" - # RHEL 7.1 PPC64LE machines kerberos setup does not work for mongo-tools - #args: ... libsasl2; build_tags "sasl ssl" - args: -gccgoflags "$(pkg-config --libs --cflags libssl)" - build_tags: 'ssl' - resmoke_use_ssl: _ssl - gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" - resmoke_args: -j 4 - excludes: requires_mmap_available,requires_large_ram,requires_mongo_24,requires_mongo_26,requires_mongo_30 - multiversion_override: "skip" - arch: "linux/ppc64le" - edition: enterprise - run_kinit: true - integration_test_args: integration - tasks: *rhel71_enterprise_tasks - -- name: rhel72-s390x-enterprise - display_name: Linux s390x RHEL 7.2 Enterprise - run_on: - - rhel72-zseries-test - expansions: - <<: *mongod_default_startup_args - <<: *mongo_default_startup_args - mongo_os: "rhel72" - mongo_edition: "enterprise" - mongo_arch: "s390x" - args: -gccgoflags "$(pkg-config --libs --cflags libssl libsasl2)" build_tags: "sasl ssl" - resmoke_use_ssl: _ssl - gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" - excludes: requires_mmap_available,requires_mongo_24,requires_mongo_26,requires_mongo_30 - resmoke_args: -j 2 - multiversion_override: "skip" - arch: "linux/s390x" - edition: enterprise - run_kinit: true - integration_test_args: integration - tasks: *rhel72_enterprise_tasks - -- name: ubuntu1604-arm64 - display_name: Linux ARM64 Ubuntu 16.04 SSL - run_on: - - ubuntu1604-arm64-small - expansions: - <<: *mongod_default_startup_args - <<: *mongo_default_startup_args - mongo_os: "ubuntu1604" - mongo_edition: "targeted" - mongo_arch: "arm64" - args: -gccgoflags "$(pkg-config --libs --cflags libcrypto libssl)" - build_tags: "ssl" - resmoke_use_ssl: _ssl - gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" - excludes: requires_mmap_available,requires_large_ram,requires_mongo_24,requires_mongo_26,requires_mongo_30 - resmoke_args: -j 2 - multiversion_override: "skip" - arch: "linux/arm64" - edition: ssl - integration_test_args: integration - tasks: *ubuntu1604_ssl_tasks + tasks: + - name: dist ####################################### # Windows Buildvariants # ####################################### + - name: windows-64 display_name: Windows 64-bit run_on: @@ -1822,84 +1852,98 @@ buildvariants: tasks: *windows_64_enterprise_tasks ####################################### -# Experimental Buildvariants # +# ZAP Buildvariants # ####################################### -- name: ubuntu-race - stepback: false - batchtime: 1440 # daily - display_name: z Race Detector Linux 64-bit +- name: rhel71-ppc64le-enterprise + display_name: ZAP PPC64LE RHEL 7.1 Enterprise run_on: - - ubuntu1404-test + - rhel71-power8-test expansions: <<: *mongod_default_startup_args <<: *mongo_default_startup_args - mongo_os: "ubuntu1404" + mongo_os: "rhel71" mongo_edition: "enterprise" - build_tags: "ssl" - arch: "linux/x86_64" - args: "-race" - excludes: requires_large_ram + mongo_arch: "ppc64le" + # RHEL 7.1 PPC64LE machines kerberos setup does not work for mongo-tools + #args: ... libsasl2; build_tags "sasl ssl" + args: -gccgoflags "$(pkg-config --libs --cflags libssl)" + build_tags: 'ssl' + resmoke_use_ssl: _ssl + gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" + resmoke_args: -j 4 + excludes: requires_mmap_available,requires_large_ram,requires_mongo_24,requires_mongo_26,requires_mongo_30 + multiversion_override: "skip" + arch: "linux/ppc64le" + edition: enterprise + run_kinit: true integration_test_args: integration - tasks: *ubuntu1404_race_tasks - -####################################### -# Dist only Buildvariants # -####################################### - -- name: suse11 - display_name: SUSE 11 SSL - run_on: - - suse11-test - expansions: - build_tags: "sasl ssl" - tasks: - - name: dist + tasks: *rhel71_enterprise_tasks -- name: suse12 - display_name: SUSE 12 SSL +- name: rhel72-s390x-enterprise + display_name: ZAP s390x RHEL 7.2 Enterprise run_on: - - suse12-test + - rhel72-zseries-test expansions: + <<: *mongod_default_startup_args + <<: *mongo_default_startup_args + mongo_os: "rhel72" + mongo_edition: "enterprise" + mongo_arch: "s390x" + args: -gccgoflags "$(pkg-config --libs --cflags libssl libsasl2)" build_tags: "sasl ssl" - tasks: - - name: dist + resmoke_use_ssl: _ssl + gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" + excludes: requires_mmap_available,requires_mongo_24,requires_mongo_26,requires_mongo_30 + resmoke_args: -j 2 + multiversion_override: "skip" + arch: "linux/s390x" + edition: enterprise + run_kinit: true + integration_test_args: integration + tasks: *rhel72_enterprise_tasks -- name: rhel62 - display_name: RHEL 6.2 SSL +- name: ubuntu1604-arm64 + display_name: ZAP ARM64 Ubuntu 16.04 SSL run_on: - - rhel62-test + - ubuntu1604-arm64-small expansions: - gorootvars: PATH="/opt/go/bin:$PATH" - build_tags: "sasl ssl" - tasks: - - name: dist + <<: *mongod_default_startup_args + <<: *mongo_default_startup_args + mongo_os: "ubuntu1604" + mongo_edition: "targeted" + mongo_arch: "arm64" + args: -gccgoflags "$(pkg-config --libs --cflags libcrypto libssl)" + build_tags: "ssl" + resmoke_use_ssl: _ssl + gorootvars: PATH="/opt/mongodbtoolchain/v2/bin/:$PATH" + excludes: requires_mmap_available,requires_large_ram,requires_mongo_24,requires_mongo_26,requires_mongo_30 + resmoke_args: -j 2 + multiversion_override: "skip" + arch: "linux/arm64" + edition: ssl + integration_test_args: integration + tasks: *ubuntu1604_ssl_tasks -- name: rhel70 - display_name: RHEL 7.0 SSL - run_on: - - rhel70 - expansions: - gorootvars: PATH="/opt/go/bin:$PATH" - build_tags: "sasl ssl" - tasks: - - name: dist +####################################### +# Experimental Buildvariants # +####################################### -- name: ubuntu1404 - display_name: Ubuntu 14.04 SSL +- name: ubuntu-race + stepback: false + batchtime: 1440 # daily + display_name: z Race Detector Ubuntu 14.04 run_on: - ubuntu1404-test expansions: + <<: *mongod_default_startup_args + <<: *mongo_default_startup_args + mongo_os: "ubuntu1404" + mongo_edition: "enterprise" build_tags: "sasl ssl" - tasks: - - name: dist + arch: "linux/x86_64" + args: "-race" + excludes: requires_large_ram + integration_test_args: integration + tasks: *ubuntu1404_race_tasks -- name: debian71 - display_name: Debian 7.1 SSL - run_on: - - debian71-test - expansions: - gorootvars: PATH="/opt/go/bin:$PATH" - build_tags: "sasl ssl" - tasks: - - name: dist diff --git a/src/mongo/gotools/common/db/openssl/openssl.go b/src/mongo/gotools/common/db/openssl/openssl.go index a3474e5276c..ce98204ff7e 100644 --- a/src/mongo/gotools/common/db/openssl/openssl.go +++ b/src/mongo/gotools/common/db/openssl/openssl.go @@ -12,11 +12,11 @@ import ( "net" "time" + "github.com/10gen/openssl" "github.com/mongodb/mongo-tools/common/db/kerberos" "github.com/mongodb/mongo-tools/common/log" "github.com/mongodb/mongo-tools/common/options" "github.com/mongodb/mongo-tools/common/util" - "github.com/spacemonkeygo/openssl" "gopkg.in/mgo.v2" ) diff --git a/src/mongo/gotools/common/db/openssl/openssl_fips.go b/src/mongo/gotools/common/db/openssl/openssl_fips.go index 0d92d94919f..eb7fc5ff7e6 100644 --- a/src/mongo/gotools/common/db/openssl/openssl_fips.go +++ b/src/mongo/gotools/common/db/openssl/openssl_fips.go @@ -5,15 +5,23 @@ // a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 // +build ssl -// +build -darwin package openssl -import "github.com/spacemonkeygo/openssl" +import ( + "fmt" -func init() { sslInitializationFunctions = append(sslInitializationFunctions, SetUpFIPSMode) } + "github.com/10gen/openssl" + "github.com/mongodb/mongo-tools/common/options" +) -func SetUpFIPSMode(opts *ToolOptions) error { +func init() { + if openssl.FIPSModeDefined() { + sslInitializationFunctions = append(sslInitializationFunctions, SetUpFIPSMode) + } +} + +func SetUpFIPSMode(opts options.ToolOptions) error { if err := openssl.FIPSModeSet(opts.SSLFipsMode); err != nil { return fmt.Errorf("couldn't set FIPS mode to %v: %v", opts.SSLFipsMode, err) } diff --git a/src/mongo/gotools/common/options/options_ssl.go b/src/mongo/gotools/common/options/options_ssl.go index 003550133f5..e65f7e81cce 100644 --- a/src/mongo/gotools/common/options/options_ssl.go +++ b/src/mongo/gotools/common/options/options_ssl.go @@ -8,7 +8,7 @@ package options -import "github.com/spacemonkeygo/openssl" +import "github.com/10gen/openssl" func init() { ConnectionOptFunctions = append(ConnectionOptFunctions, registerSSLOptions) diff --git a/src/mongo/gotools/import.data b/src/mongo/gotools/import.data index 44c72b566ba..2e8a9a3eb69 100644 --- a/src/mongo/gotools/import.data +++ b/src/mongo/gotools/import.data @@ -1,5 +1,5 @@ { - "commit": "49d61f9a366a073a3d5a48c69bd1523f0b24f4ee", + "commit": "4ec067b2ad33ffc54a558270f8506f8405382379", "github": "mongodb/mongo-tools.git", "vendor": "tools", "branch": "master" diff --git a/src/mongo/gotools/mongoreplay/filter.go b/src/mongo/gotools/mongoreplay/filter.go index 8ba38e2de7f..de8927a50c4 100644 --- a/src/mongo/gotools/mongoreplay/filter.go +++ b/src/mongo/gotools/mongoreplay/filter.go @@ -21,13 +21,34 @@ type FilterCommand struct { OutFile string `description:"path to the output file to write to" short:"o" long:"outputFile"` SplitFilePrefix string `description:"prefix file name to use for the output files being written when splitting traffic" long:"outfilePrefix"` StartTime string `description:"ISO 8601 timestamp to remove all operations before" long:"startAt"` + Duration string `description:"truncate the end of the file after a certain duration from the time of the first seen operation" long:"duration"` Split int `description:"split the traffic into n files with roughly equal numbers of connecitons in each" default:"1" long:"split"` RemoveDriverOps bool `description:"remove driver issued operations from the playback" long:"removeDriverOps"` Gzip bool `long:"gzip" description:"decompress gzipped input"` + duration time.Duration startTime time.Time } +type skipConfig struct { + firstOpTime, lastOpTime *time.Time + truncateDuration *time.Duration + removeDriverOps bool +} + +func newSkipConfig(removeDriverOps bool, startTime time.Time, truncateDuration time.Duration) *skipConfig { + skipConf := &skipConfig{ + removeDriverOps: removeDriverOps, + } + if !startTime.IsZero() { + skipConf.firstOpTime = &startTime + } + if truncateDuration.Nanoseconds() != 0 { + skipConf.truncateDuration = &truncateDuration + } + return skipConf +} + // Execute runs the program for the 'filter' subcommand func (filter *FilterCommand) Execute(args []string) error { err := filter.ValidateParams(args) @@ -65,7 +86,9 @@ func (filter *FilterCommand) Execute(args []string) error { } } - if err := Filter(opChan, outfiles, filter.RemoveDriverOps, filter.startTime); err != nil { + skipConf := newSkipConfig(filter.RemoveDriverOps, filter.startTime, filter.duration) + + if err := Filter(opChan, outfiles, skipConf); err != nil { userInfoLogger.Logvf(Always, "Filter: %v\n", err) } @@ -79,8 +102,7 @@ func (filter *FilterCommand) Execute(args []string) error { func Filter(opChan <-chan *RecordedOp, outfiles []*PlaybackFileWriter, - removeDriverOps bool, - truncateTime time.Time) error { + skipConf *skipConfig) error { opWriters := make([]chan<- *RecordedOp, len(outfiles)) errChan := make(chan error) @@ -89,26 +111,19 @@ func Filter(opChan <-chan *RecordedOp, for i := range outfiles { opWriters[i] = newParallelPlaybackWriter(outfiles[i], errChan, wg) } + for op := range opChan { - // if specified, bypass driver operations - if removeDriverOps { - parsedOp, err := op.RawOp.Parse() - if err != nil { - return err - } - if IsDriverOp(parsedOp) { - continue - } + shouldSkip, err := skipConf.shouldFilterOp(op) + if err != nil { + return err } - // if specified, ignore ops before the given timestamp - // if truncateTime not specified, it will be time zero and all - // operation times will be greater than it - if op.Seen.Time.Before(truncateTime) { + if shouldSkip { continue } fileNum := op.SeenConnectionNum % int64(len(outfiles)) opWriters[fileNum] <- op } + for _, opWriter := range opWriters { close(opWriter) } @@ -175,5 +190,43 @@ func (filter *FilterCommand) ValidateParams(args []string) error { } filter.startTime = t } + + if filter.Duration != "" { + d, err := time.ParseDuration(filter.Duration) + if err != nil { + return fmt.Errorf("error parsing duration argument: %v", err) + } + filter.duration = d + } + return nil } + +func (sc *skipConfig) shouldFilterOp(op *RecordedOp) (bool, error) { + // Skip ops until the target first time if specified + if sc.firstOpTime != nil && op.Seen.Before(*sc.firstOpTime) { + return true, nil + } + + // Initialize target last op time based on first op kept after initial truncation + if sc.lastOpTime == nil && sc.truncateDuration != nil { + lastOpTime := op.Seen.Add(*sc.truncateDuration) + sc.lastOpTime = &lastOpTime + } + + // Skip ops after a target last time if specified + if sc.lastOpTime != nil && op.Seen.After(*sc.lastOpTime) { + return true, nil + } + + // Check if driver op + if sc.removeDriverOps { + parsedOp, err := op.RawOp.Parse() + if err != nil { + return true, err + } + return IsDriverOp(parsedOp), nil + } + + return false, nil +} diff --git a/src/mongo/gotools/mongoreplay/filter_test.go b/src/mongo/gotools/mongoreplay/filter_test.go index 0bb916125ed..5155f1556ee 100644 --- a/src/mongo/gotools/mongoreplay/filter_test.go +++ b/src/mongo/gotools/mongoreplay/filter_test.go @@ -82,8 +82,11 @@ func TestRemoveDriverOpsFromFile(t *testing.T) { } }() + skipConf := newSkipConfig(c.shouldRemoveDriverOps, time.Time{}, 0*time.Second) + // run Filter to remove the driver op from the file - if err := Filter(generator.opChan, []*PlaybackFileWriter{playbackWriter}, c.shouldRemoveDriverOps, time.Time{}); err != nil { + if err := Filter(generator.opChan, []*PlaybackFileWriter{playbackWriter}, + skipConf); err != nil { t.Error(err) } @@ -180,8 +183,9 @@ func TestSplitInputFile(t *testing.T) { close(opChan) }() + skipConf := newSkipConfig(false, time.Time{}, 0*time.Second) // run the main filter routine with the given input - if err := Filter(opChan, outfiles, false, time.Time{}); err != nil { + if err := Filter(opChan, outfiles, skipConf); err != nil { t.Error(err) } @@ -277,8 +281,10 @@ func TestRemoveOpsBeforeTime(t *testing.T) { close(inputOpChan) }() + skipConf := newSkipConfig(false, c.timeToTruncateBefore, 0*time.Second) + // run the main filter routine with the given input - if err := Filter(inputOpChan, []*PlaybackFileWriter{playbackWriter}, false, c.timeToTruncateBefore); err != nil { + if err := Filter(inputOpChan, []*PlaybackFileWriter{playbackWriter}, skipConf); err != nil { t.Error(err) } @@ -308,6 +314,126 @@ func TestRemoveOpsBeforeTime(t *testing.T) { } } +func TestRemoveOpsAfterDuration(t *testing.T) { + // array of times to use for testing + timesForTest := make([]time.Time, 16) + now := time.Now() + for i := range timesForTest { + timesForTest[i] = now.Add(time.Second * time.Duration(i)) + } + + cases := []struct { + name string + + durationToTruncateAfter time.Duration + timeToTruncateBefore time.Time + timesOfRecordedOps []time.Time + + numOpsExpectedAfterFilter int + }{ + { + "no truncation", + + time.Second * 0, + time.Time{}, + timesForTest, + 16, + }, + { + "truncate all but one", + + time.Nanosecond * 1, + time.Time{}, + timesForTest, + 1, + }, + { + "truncate half", + + (time.Second * time.Duration(len(timesForTest)/2-1)), + time.Time{}, + timesForTest, + + 8, + }, + { + "truncate after duration with initial truncation", + + (time.Second * time.Duration(len(timesForTest)/2-1)), + timesForTest[3], + timesForTest, + + 8, + }, + } + for _, c := range cases { + t.Logf("running case: %s\n", c.name) + t.Logf("initial time is: %v\n", now) + t.Logf("duration is %v\n", c.durationToTruncateAfter) + t.Logf("time to truncate before is %v\n", c.timeToTruncateBefore) + + // create a bytes buffer to write output into + b := &bytes.Buffer{} + bufferFile := NopWriteCloser(b) + + playbackWriter, err := playbackFileWriterFromWriteCloser(bufferFile, "file", PlaybackFileMetadata{}) + if err != nil { + t.Fatalf("couldn't create playbackfile writer %v", err) + } + + //create a recorded op for each time specified + inputOpChan := make(chan *RecordedOp) + go func() { + generator := newRecordedOpGenerator() + generator.generateInsertHelper("insert", 0, len(c.timesOfRecordedOps)) + close(generator.opChan) + i := 0 + for recordedOp := range generator.opChan { + recordedOp.Seen = &PreciseTime{c.timesOfRecordedOps[i]} + inputOpChan <- recordedOp + i++ + } + close(inputOpChan) + }() + + skipConf := newSkipConfig(false, c.timeToTruncateBefore, c.durationToTruncateAfter) + // run the main filter routine with the given input + if err := Filter(inputOpChan, []*PlaybackFileWriter{playbackWriter}, skipConf); err != nil { + t.Error(err) + } + + rs := bytes.NewReader(b.Bytes()) + playbackReader, err := playbackFileReaderFromReadSeeker(rs, "") + if err != nil { + t.Fatalf("couldn't create playbackfile reader %v", err) + } + resultOpChan, errChan := playbackReader.OpChan(1) + + numOpsSeen := 0 + for op := range resultOpChan { + numOpsSeen++ + var endTime time.Time + if c.timeToTruncateBefore.After(now) { + endTime = c.timeToTruncateBefore.Add(c.durationToTruncateAfter) + } else { + endTime = now.Add(c.durationToTruncateAfter) + } + if c.durationToTruncateAfter.Nanoseconds() != 0 && op.Seen.Time.After(endTime) { + t.Errorf("execpected op with time %v to be truncated", op.Seen.Time) + } + } + + if numOpsSeen != c.numOpsExpectedAfterFilter { + t.Errorf("expected to see %d ops but instead saw %d", c.numOpsExpectedAfterFilter, numOpsSeen) + } + + err = <-errChan + if err != io.EOF { + t.Errorf("should have eof at end, but got %v", err) + } + } +} + // convienence function for adding a close method to an io.Writer func NopWriteCloser(w io.Writer) io.WriteCloser { return &nopWriteCloser{w} diff --git a/src/mongo/gotools/mongoreplay/mongo_op_handler.go b/src/mongo/gotools/mongoreplay/mongo_op_handler.go index c1a50603b30..776b1eca2d7 100644 --- a/src/mongo/gotools/mongoreplay/mongo_op_handler.go +++ b/src/mongo/gotools/mongoreplay/mongo_op_handler.go @@ -24,6 +24,7 @@ type OpStreamSettings struct { CaptureBufSize int `long:"capSize" description:"Size in KiB of the PCAP capture buffer"` Expression string `short:"e" long:"expr" description:"BPF filter expression to apply to packets"` NetworkInterface string `short:"i" description:"network interface to listen on"` + MaxBufferedPages int `long:"maxBufferedPages" description:"maximum number of memory pages to store when buffering packets. The cache size is unlimited if not set"` } // tcpassembly.Stream implementation. diff --git a/src/mongo/gotools/mongoreplay/packet_handler.go b/src/mongo/gotools/mongoreplay/packet_handler.go index d38b1540847..86fa4e0adde 100644 --- a/src/mongo/gotools/mongoreplay/packet_handler.go +++ b/src/mongo/gotools/mongoreplay/packet_handler.go @@ -18,17 +18,19 @@ import ( // PacketHandler wraps pcap.Handle to maintain other useful information. type PacketHandler struct { - Verbose bool - pcap *pcap.Handle - numDropped int64 - stop chan struct{} + Verbose bool + pcap *pcap.Handle + assemblerOptions AssemblerOptions + numDropped int64 + stop chan struct{} } // NewPacketHandler initializes a new PacketHandler -func NewPacketHandler(pcapHandle *pcap.Handle) *PacketHandler { +func NewPacketHandler(pcapHandle *pcap.Handle, assemblerOptions AssemblerOptions) *PacketHandler { return &PacketHandler{ - pcap: pcapHandle, - stop: make(chan struct{}), + pcap: pcapHandle, + assemblerOptions: assemblerOptions, + stop: make(chan struct{}), } } @@ -66,6 +68,8 @@ func (p *PacketHandler) Handle(streamHandler StreamHandler, numToHandle int) err source := gopacket.NewPacketSource(p.pcap, p.pcap.LinkType()) streamPool := NewStreamPool(streamHandler) assembler := NewAssembler(streamPool) + assembler.AssemblerOptions = p.assemblerOptions + defer func() { if userInfoLogger.isInVerbosity(DebugLow) { userInfoLogger.Logv(DebugLow, "flushing assembler.") diff --git a/src/mongo/gotools/mongoreplay/parallel_file_read_manager.go b/src/mongo/gotools/mongoreplay/parallel_file_read_manager.go new file mode 100644 index 00000000000..f87f0c2fab3 --- /dev/null +++ b/src/mongo/gotools/mongoreplay/parallel_file_read_manager.go @@ -0,0 +1,138 @@ +// Copyright (C) MongoDB, Inc. 2014-present. +// +// Licensed under the Apache License, Version 2.0 (the "License"); you may +// not use this file except in compliance with the License. You may obtain +// a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 + +package mongoreplay + +import ( + "io" + "sync" + + "github.com/10gen/llmgo/bson" +) + +type parallelFileReadManager struct { + fileReadErr error + parseJobsChan chan *parseJob + workerResultManagers []workerResultManager + stopChan chan struct{} + currentWorkerResultManagerIndex int +} + +type parseJob struct { + rawDoc []byte + workerResultManager workerResultManager +} + +type workerResultManager struct { + resultChan chan *recordedOpResult + available chan struct{} +} + +type recordedOpResult struct { + recordedOp *RecordedOp + err error +} + +func (pm *parallelFileReadManager) runFileReader(numWorkers int, reader io.Reader) { + currentWorkerResultManagerIndex := 0 + go func() { + defer close(pm.parseJobsChan) + for { + currentWorkerResultManager := pm.workerResultManagers[currentWorkerResultManagerIndex] + currentWorkerResultManagerIndex = (currentWorkerResultManagerIndex + 1) % numWorkers + nextDoc, err := ReadDocument(reader) + if err != nil { + if err == io.EOF { + return + } + pm.fileReadErr = err + close(pm.stopChan) + return + } + + <-currentWorkerResultManager.available + pm.parseJobsChan <- &parseJob{ + rawDoc: nextDoc, + workerResultManager: currentWorkerResultManager, + } + } + }() +} + +func (pm *parallelFileReadManager) runParsePool(numWorkers int) { + wg := &sync.WaitGroup{} + for i := 0; i < numWorkers; i++ { + wg.Add(1) + go runParseWorker(pm.parseJobsChan, wg, pm.stopChan) + } + go func() { + wg.Wait() + for _, workerResultManager := range pm.workerResultManagers { + close(workerResultManager.resultChan) + close(workerResultManager.available) + } + }() +} + +func runParseWorker(parseJobsChan chan *parseJob, wg *sync.WaitGroup, stop chan struct{}) { + defer wg.Done() + for parseJob := range parseJobsChan { + doc := new(RecordedOp) + err := bson.Unmarshal(parseJob.rawDoc, doc) + + result := &recordedOpResult{ + err: err, + recordedOp: doc, + } + + select { + case parseJob.workerResultManager.resultChan <- result: + parseJob.workerResultManager.available <- struct{}{} + case <-stop: + return + } + } + +} + +// begin initiates all aspects of the parallelFileReadManager. begin sets up the +// channels that work will be communicated on, starts the goroutine that will +// read through the file, and spawns the pool of goroutines that will parse +// the file in parallel. +func (pm *parallelFileReadManager) begin(numWorkers int, reader io.Reader) { + pm.workerResultManagers = make([]workerResultManager, numWorkers) + for i := 0; i < numWorkers; i++ { + pm.workerResultManagers[i] = workerResultManager{ + resultChan: make(chan *recordedOpResult), + available: make(chan struct{}, 1), + } + pm.workerResultManagers[i].available <- struct{}{} + } + + pm.parseJobsChan = make(chan *parseJob, numWorkers) + pm.stopChan = make(chan struct{}) + + pm.runFileReader(numWorkers, reader) + pm.runParsePool(numWorkers) +} + +// next is the function to be called to fetch each document from the file reader. +// It returns the next document parsed from the input file. next is not safe to +// call from a multi-threaded context. +func (pm *parallelFileReadManager) next() (*RecordedOp, error) { + currentWorkerResultManager := pm.workerResultManagers[pm.currentWorkerResultManagerIndex] + recordedOpResult := <-currentWorkerResultManager.resultChan + if recordedOpResult == nil { + return nil, io.EOF + } + + pm.currentWorkerResultManagerIndex = (pm.currentWorkerResultManagerIndex + 1) % len(pm.workerResultManagers) + return recordedOpResult.recordedOp, recordedOpResult.err +} + +func (pm *parallelFileReadManager) err() error { + return pm.fileReadErr +} diff --git a/src/mongo/gotools/mongoreplay/play.go b/src/mongo/gotools/mongoreplay/play.go index 440f25be858..6eb3617f874 100644 --- a/src/mongo/gotools/mongoreplay/play.go +++ b/src/mongo/gotools/mongoreplay/play.go @@ -77,6 +77,8 @@ func (play *PlayCommand) Execute(args []string) error { context := NewExecutionContext(statColl, session, &ExecutionOptions{fullSpeed: play.FullSpeed, driverOpsFiltered: playbackFileReader.metadata.DriverOpsFiltered}) + session.SetPoolLimit(-1) + var opChan <-chan *RecordedOp var errChan <-chan error diff --git a/src/mongo/gotools/mongoreplay/playbackfile.go b/src/mongo/gotools/mongoreplay/playbackfile.go index ca028eeaaf3..a5224d27f56 100644 --- a/src/mongo/gotools/mongoreplay/playbackfile.go +++ b/src/mongo/gotools/mongoreplay/playbackfile.go @@ -11,6 +11,7 @@ import ( "fmt" "io" "os" + "runtime" "time" "github.com/10gen/llmgo/bson" @@ -28,9 +29,9 @@ type PlaybackFileMetadata struct { // which is just an io.ReadCloser. type PlaybackFileReader struct { io.ReadSeeker - fname string - - metadata PlaybackFileMetadata + fname string + parallelFileReadManager *parallelFileReadManager + metadata PlaybackFileMetadata } // PlaybackFileWriter stores the necessary information for a playback destination, @@ -68,7 +69,6 @@ func NewPlaybackFileReader(filename string, gzip bool) (*PlaybackFileReader, err } func playbackFileReaderFromReadSeeker(rs io.ReadSeeker, filename string) (*PlaybackFileReader, error) { - // read the metadata from the file metadata := new(PlaybackFileMetadata) err := bsonFromReader(rs, metadata) @@ -84,18 +84,16 @@ func playbackFileReaderFromReadSeeker(rs io.ReadSeeker, filename string) (*Playb }, nil } +func (pfReader *PlaybackFileReader) beginParallelRead() { + pfReader.parallelFileReadManager = ¶llelFileReadManager{} + numWorkers := runtime.NumCPU() + pfReader.parallelFileReadManager.begin(numWorkers, pfReader.ReadSeeker) +} + // NextRecordedOp iterates through the PlaybackFileReader to yield the next // RecordedOp. It returns io.EOF when successfully complete. func (file *PlaybackFileReader) NextRecordedOp() (*RecordedOp, error) { - doc := new(RecordedOp) - err := bsonFromReader(file, doc) - if err != nil { - if err != io.EOF { - err = fmt.Errorf("ReadDocument Error: %v", err) - } - return nil, err - } - return doc, nil + return file.parallelFileReadManager.next() } // NewPlaybackFileWriter initializes a new PlaybackFileWriter @@ -196,8 +194,12 @@ func (pfReader *PlaybackFileReader) OpChan(repeat int) (<-chan *RecordedOp, <-ch return fmt.Errorf("bson read error: %v", err) } + pfReader.beginParallelRead() var order int64 for { + if err = pfReader.parallelFileReadManager.err(); err != nil { + return err + } recordedOp, err := pfReader.NextRecordedOp() if err != nil { if err == io.EOF { diff --git a/src/mongo/gotools/mongoreplay/record.go b/src/mongo/gotools/mongoreplay/record.go index e79ac136443..125e2893843 100644 --- a/src/mongo/gotools/mongoreplay/record.go +++ b/src/mongo/gotools/mongoreplay/record.go @@ -94,8 +94,11 @@ func getOpstream(cfg OpStreamSettings) (*packetHandlerContext, error) { return nil, fmt.Errorf("error setting packet filter expression: %v", err) } } + assemblerOptions := AssemblerOptions{ + MaxBufferedPagesTotal: cfg.MaxBufferedPages, + } - h := NewPacketHandler(pcapHandle) + h := NewPacketHandler(pcapHandle, assemblerOptions) h.Verbose = userInfoLogger.isInVerbosity(DebugLow) toolDebugLogger.Logvf(Info, "Created packet buffer size %d", cfg.PacketBufSize) @@ -119,6 +122,9 @@ func (record *RecordCommand) ValidateParams(args []string) error { // default capture buffer size to 2 MiB (same as libpcap) record.OpStreamSettings.CaptureBufSize = 2 * 1024 } + if record.OpStreamSettings.MaxBufferedPages < 0 { + return fmt.Errorf("bufferedPagesMax cannot be less than 0") + } return nil } diff --git a/src/mongo/gotools/test.sh b/src/mongo/gotools/test.sh index 6cbf06fb438..6ea8bafebab 100755 --- a/src/mongo/gotools/test.sh +++ b/src/mongo/gotools/test.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash set -o errexit tags="" if [ ! -z "$1" ] diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/.gitignore b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/.gitignore new file mode 100644 index 00000000000..805d350b7e5 --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/.gitignore @@ -0,0 +1 @@ +openssl.test diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/AUTHORS b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/AUTHORS new file mode 100644 index 00000000000..ad3a8ae8153 --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/AUTHORS @@ -0,0 +1,22 @@ +Andrew Brampton <github@bramp.net> +Anton Baklanov <antonbaklanov@gmail.com> +Carlos MartÃn Nieto <cmn@dwim.me> +Charles Strahan <charles@cstrahan.com> +Christopher Dudley <chris@github.chrisdudley.xyz> +Christopher Fredericks <cfredmakecode@gmail.com> +Colin Misare +dequis <dx@dxzone.com.ar> +Gabriel Russell <gabriel.russell@mongodb.com> +Giulio <programmatore@ditieri.it> +Jakob Unterwurzacher <jakobunt@gmail.com> +Juuso Haavisto <juuso@mail.com> +kujenga <ataylor0123@gmail.com> +Phus Lu <phuslu@hotmail.com> +Russ Egan <russ@safemonk.com> +Ryan Hileman <lunixbochs@gmail.com> +Scott J. Goldman <scottjg@github.com> +Scott Kidder <skidder@brightcove.com> +Space Monkey, Inc <hello@spacemonkey.com> +Stephen Gallagher <sgallagh@redhat.com> +Viacheslav Biriukov <v.v.biriukov@gmail.com> +Zack Owens <zowens2009@gmail.com>
\ No newline at end of file diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/LICENSE b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/LICENSE index 37ec93a14fd..37ec93a14fd 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/LICENSE +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/LICENSE diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/README.md b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/README.md index 6bd3383a0e8..854df05ae92 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/README.md +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/README.md @@ -4,7 +4,7 @@ Please see http://godoc.org/github.com/spacemonkeygo/openssl for more info ### License -Copyright (C) 2014 Space Monkey, Inc. +Copyright (C) 2017. See AUTHORS. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -18,6 +18,10 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. +### Using on macOS +1. Install [homebrew](http://brew.sh/) +2. `$ brew install openssl` or `$ brew install openssl@1.1` + ### Using on Windows 1. Install [mingw-w64](http://mingw-w64.sourceforge.net/) 2. Install [pkg-config-lite](http://sourceforge.net/projects/pkgconfiglite) diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/bio.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/bio.go index 8d0da8998eb..9fe32aa8032 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/bio.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/bio.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,56 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl -/* -#include <string.h> -#include <openssl/bio.h> - -extern int cbioNew(BIO *b); -static int cbioFree(BIO *b) { - return 1; -} - -extern int writeBioWrite(BIO *b, char *buf, int size); -extern long writeBioCtrl(BIO *b, int cmd, long arg1, void *arg2); -static int writeBioPuts(BIO *b, const char *str) { - return writeBioWrite(b, (char*)str, (int)strlen(str)); -} - -extern int readBioRead(BIO *b, char *buf, int size); -extern long readBioCtrl(BIO *b, int cmd, long arg1, void *arg2); - -static BIO_METHOD writeBioMethod = { - BIO_TYPE_SOURCE_SINK, - "Go Write BIO", - (int (*)(BIO *, const char *, int))writeBioWrite, - NULL, - writeBioPuts, - NULL, - writeBioCtrl, - cbioNew, - cbioFree, - NULL}; - -static BIO_METHOD* BIO_s_writeBio() { return &writeBioMethod; } - -static BIO_METHOD readBioMethod = { - BIO_TYPE_SOURCE_SINK, - "Go Read BIO", - NULL, - readBioRead, - NULL, - NULL, - readBioCtrl, - cbioNew, - cbioFree, - NULL}; - -static BIO_METHOD* BIO_s_readBio() { return &readBioMethod; } -*/ +// #include "shim.h" import "C" import ( @@ -89,16 +42,6 @@ func nonCopyCString(data *C.char, size C.int) []byte { return nonCopyGoBytes(uintptr(unsafe.Pointer(data)), int(size)) } -//export cbioNew -func cbioNew(b *C.BIO) C.int { - b.shutdown = 1 - b.init = 1 - b.num = -1 - b.ptr = nil - b.flags = 0 - return 1 -} - var writeBioMapping = newMapping() type writeBio struct { @@ -109,21 +52,20 @@ type writeBio struct { } func loadWritePtr(b *C.BIO) *writeBio { - return (*writeBio)(writeBioMapping.Get(token(b.ptr))) + t := token(C.X_BIO_get_data(b)) + return (*writeBio)(writeBioMapping.Get(t)) } func bioClearRetryFlags(b *C.BIO) { - // from BIO_clear_retry_flags and BIO_clear_flags - b.flags &= ^(C.BIO_FLAGS_RWS | C.BIO_FLAGS_SHOULD_RETRY) + C.X_BIO_clear_flags(b, C.BIO_FLAGS_RWS|C.BIO_FLAGS_SHOULD_RETRY) } func bioSetRetryRead(b *C.BIO) { - // from BIO_set_retry_read and BIO_set_flags - b.flags |= (C.BIO_FLAGS_READ | C.BIO_FLAGS_SHOULD_RETRY) + C.X_BIO_set_flags(b, C.BIO_FLAGS_READ|C.BIO_FLAGS_SHOULD_RETRY) } -//export writeBioWrite -func writeBioWrite(b *C.BIO, data *C.char, size C.int) (rc C.int) { +//export go_write_bio_write +func go_write_bio_write(b *C.BIO, data *C.char, size C.int) (rc C.int) { defer func() { if err := recover(); err != nil { logger.Critf("openssl: writeBioWrite panic'd: %v", err) @@ -141,8 +83,8 @@ func writeBioWrite(b *C.BIO, data *C.char, size C.int) (rc C.int) { return size } -//export writeBioCtrl -func writeBioCtrl(b *C.BIO, cmd C.int, arg1 C.long, arg2 unsafe.Pointer) ( +//export go_write_bio_ctrl +func go_write_bio_ctrl(b *C.BIO, cmd C.int, arg1 C.long, arg2 unsafe.Pointer) ( rc C.long) { defer func() { if err := recover(); err != nil { @@ -197,15 +139,15 @@ func (b *writeBio) WriteTo(w io.Writer) (rv int64, err error) { func (self *writeBio) Disconnect(b *C.BIO) { if loadWritePtr(b) == self { - writeBioMapping.Del(token(b.ptr)) - b.ptr = nil + writeBioMapping.Del(token(C.X_BIO_get_data(b))) + C.X_BIO_set_data(b, nil) } } func (b *writeBio) MakeCBIO() *C.BIO { - rv := C.BIO_new(C.BIO_s_writeBio()) + rv := C.X_BIO_new_write_bio() token := writeBioMapping.Add(unsafe.Pointer(b)) - rv.ptr = unsafe.Pointer(token) + C.X_BIO_set_data(rv, unsafe.Pointer(token)) return rv } @@ -220,14 +162,14 @@ type readBio struct { } func loadReadPtr(b *C.BIO) *readBio { - return (*readBio)(readBioMapping.Get(token(b.ptr))) + return (*readBio)(readBioMapping.Get(token(C.X_BIO_get_data(b)))) } -//export readBioRead -func readBioRead(b *C.BIO, data *C.char, size C.int) (rc C.int) { +//export go_read_bio_read +func go_read_bio_read(b *C.BIO, data *C.char, size C.int) (rc C.int) { defer func() { if err := recover(); err != nil { - logger.Critf("openssl: readBioRead panic'd: %v", err) + logger.Critf("openssl: go_read_bio_read panic'd: %v", err) rc = -1 } }() @@ -256,8 +198,8 @@ func readBioRead(b *C.BIO, data *C.char, size C.int) (rc C.int) { return C.int(n) } -//export readBioCtrl -func readBioCtrl(b *C.BIO, cmd C.int, arg1 C.long, arg2 unsafe.Pointer) ( +//export go_read_bio_ctrl +func go_read_bio_ctrl(b *C.BIO, cmd C.int, arg1 C.long, arg2 unsafe.Pointer) ( rc C.long) { defer func() { @@ -316,16 +258,16 @@ func (b *readBio) ReadFromOnce(r io.Reader) (n int, err error) { } func (b *readBio) MakeCBIO() *C.BIO { - rv := C.BIO_new(C.BIO_s_readBio()) + rv := C.X_BIO_new_read_bio() token := readBioMapping.Add(unsafe.Pointer(b)) - rv.ptr = unsafe.Pointer(token) + C.X_BIO_set_data(rv, unsafe.Pointer(token)) return rv } func (self *readBio) Disconnect(b *C.BIO) { if loadReadPtr(b) == self { - readBioMapping.Del(token(b.ptr)) - b.ptr = nil + readBioMapping.Del(token(C.X_BIO_get_data(b))) + C.X_BIO_set_data(b, nil) } } @@ -343,7 +285,7 @@ func (b *anyBio) Read(buf []byte) (n int, err error) { if len(buf) == 0 { return 0, nil } - n = int(C.BIO_read((*C.BIO)(b), unsafe.Pointer(&buf[0]), C.int(len(buf)))) + n = int(C.X_BIO_read((*C.BIO)(b), unsafe.Pointer(&buf[0]), C.int(len(buf)))) if n <= 0 { return 0, io.EOF } @@ -354,7 +296,7 @@ func (b *anyBio) Write(buf []byte) (written int, err error) { if len(buf) == 0 { return 0, nil } - n := int(C.BIO_write((*C.BIO)(b), unsafe.Pointer(&buf[0]), + n := int(C.X_BIO_write((*C.BIO)(b), unsafe.Pointer(&buf[0]), C.int(len(buf)))) if n != len(buf) { return n, errors.New("BIO write failed") diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/build.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/build.go index 0425aa5f368..d286163ffcb 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/build.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/build.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,13 +12,13 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo +// +build !openssl_static package openssl -// #cgo linux pkg-config: openssl -// #cgo windows CFLAGS: -DWIN32_LEAN_AND_MEAN -// #cgo windows LDFLAGS: -lcrypt32 -// #cgo darwin CFLAGS: -Wno-deprecated-declarations -// #cgo darwin LDFLAGS: -lssl -lcrypto -framework CoreFoundation -framework Foundation -framework Security +// #cgo linux darwin pkg-config: openssl +// #cgo CFLAGS: -Wno-deprecated-declarations +// #cgo windows CFLAGS: -DWIN32_LEAN_AND_MEAN -I"c:/openssl/include" +// #cgo windows LDFLAGS: -lssleay32 -llibeay32 -lcrypt32 -L "c:/openssl/bin" +// #cgo darwin LDFLAGS: -framework CoreFoundation -framework Foundation -framework Security import "C" diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/build_static.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/build_static.go new file mode 100644 index 00000000000..1450d52e1a9 --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/build_static.go @@ -0,0 +1,24 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build openssl_static + +package openssl + +// #cgo linux windows darwin pkg-config: --static libssl libcrypto +// #cgo CFLAGS: -Wno-deprecated-declarations +// #cgo windows CFLAGS: -DWIN32_LEAN_AND_MEAN -I"c:/openssl/include" +// #cgo windows LDFLAGS: -lssleay32 -llibeay32 -lcrypt32 -L "c:/openssl/bin" +// #cgo darwin LDFLAGS: -framework CoreFoundation -framework Foundation -framework Security +import "C" diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert.go index 61637c649fa..d3df63507e3 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,16 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl -// #include <openssl/conf.h> -// #include <openssl/ssl.h> -// #include <openssl/x509v3.h> -// -// void OPENSSL_free_not_a_macro(void *ref) { OPENSSL_free(ref); } -// +// #include "shim.h" import "C" import ( @@ -229,7 +222,7 @@ func (c *Certificate) SetSerial(serial *big.Int) error { // SetIssueDate sets the certificate issue date relative to the current time. func (c *Certificate) SetIssueDate(when time.Duration) error { offset := C.long(when / time.Second) - result := C.X509_gmtime_adj(c.x.cert_info.validity.notBefore, offset) + result := C.X509_gmtime_adj(C.X_X509_get0_notBefore(c.x), offset) if result == nil { return errors.New("failed to set issue date") } @@ -239,7 +232,7 @@ func (c *Certificate) SetIssueDate(when time.Duration) error { // SetExpireDate sets the certificate issue date relative to the current time. func (c *Certificate) SetExpireDate(when time.Duration) error { offset := C.long(when / time.Second) - result := C.X509_gmtime_adj(c.x.cert_info.validity.notAfter, offset) + result := C.X509_gmtime_adj(C.X_X509_get0_notAfter(c.x), offset) if result == nil { return errors.New("failed to set expire date") } @@ -270,37 +263,41 @@ func (c *Certificate) Sign(privKey PrivateKey, digest EVP_MD) error { } func (c *Certificate) insecureSign(privKey PrivateKey, digest EVP_MD) error { - var md *C.EVP_MD + var md *C.EVP_MD = getDigestFunction(digest) + if C.X509_sign(c.x, privKey.evpPKey(), md) <= 0 { + return errors.New("failed to sign certificate") + } + return nil +} + +func getDigestFunction(digest EVP_MD) (md *C.EVP_MD) { switch digest { // please don't use these digest functions case EVP_NULL: - md = C.EVP_md_null() + md = C.X_EVP_md_null() case EVP_MD5: - md = C.EVP_md5() + md = C.X_EVP_md5() case EVP_SHA: - md = C.EVP_sha() + md = C.X_EVP_sha() case EVP_SHA1: - md = C.EVP_sha1() + md = C.X_EVP_sha1() case EVP_DSS: - md = C.EVP_dss() + md = C.X_EVP_dss() case EVP_DSS1: - md = C.EVP_dss1() + md = C.X_EVP_dss1() case EVP_RIPEMD160: - md = C.EVP_ripemd160() + md = C.X_EVP_ripemd160() case EVP_SHA224: - md = C.EVP_sha224() + md = C.X_EVP_sha224() // you actually want one of these case EVP_SHA256: - md = C.EVP_sha256() + md = C.X_EVP_sha256() case EVP_SHA384: - md = C.EVP_sha384() + md = C.X_EVP_sha384() case EVP_SHA512: - md = C.EVP_sha512() - } - if C.X509_sign(c.x, privKey.evpPKey(), md) <= 0 { - return errors.New("failed to sign certificate") + md = C.X_EVP_sha512() } - return nil + return md } // Add an extension to a certificate. @@ -388,7 +385,7 @@ func (c *Certificate) GetSerialNumberHex() (serial string) { hex := C.BN_bn2hex(bignum) serial = C.GoString(hex) C.BN_free(bignum) - C.OPENSSL_free_not_a_macro(unsafe.Pointer(hex)) + C.X_OPENSSL_free(unsafe.Pointer(hex)) return } diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert_test.go index c32883ba4eb..96083260507 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/cert_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/cert_test.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Ryan Hileman +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers.go index 12662707f54..e4f5771f8dc 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,43 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl -// #include <openssl/evp.h> -// -// int EVP_CIPHER_block_size_not_a_macro(EVP_CIPHER *c) { -// return EVP_CIPHER_block_size(c); -// } -// -// int EVP_CIPHER_key_length_not_a_macro(EVP_CIPHER *c) { -// return EVP_CIPHER_key_length(c); -// } -// -// int EVP_CIPHER_iv_length_not_a_macro(EVP_CIPHER *c) { -// return EVP_CIPHER_iv_length(c); -// } -// -// int EVP_CIPHER_nid_not_a_macro(EVP_CIPHER *c) { -// return EVP_CIPHER_nid(c); -// } -// -// int EVP_CIPHER_CTX_block_size_not_a_macro(EVP_CIPHER_CTX *ctx) { -// return EVP_CIPHER_CTX_block_size(ctx); -// } -// -// int EVP_CIPHER_CTX_key_length_not_a_macro(EVP_CIPHER_CTX *ctx) { -// return EVP_CIPHER_CTX_key_length(ctx); -// } -// -// int EVP_CIPHER_CTX_iv_length_not_a_macro(EVP_CIPHER_CTX *ctx) { -// return EVP_CIPHER_CTX_iv_length(ctx); -// } -// -// const EVP_CIPHER *EVP_CIPHER_CTX_cipher_not_a_macro(EVP_CIPHER_CTX *ctx) { -// return EVP_CIPHER_CTX_cipher(ctx); -// } +// #include "shim.h" import "C" import ( @@ -74,7 +40,7 @@ type Cipher struct { } func (c *Cipher) Nid() NID { - return NID(C.EVP_CIPHER_nid_not_a_macro(c.ptr)) + return NID(C.X_EVP_CIPHER_nid(c.ptr)) } func (c *Cipher) ShortName() (string, error) { @@ -82,15 +48,15 @@ func (c *Cipher) ShortName() (string, error) { } func (c *Cipher) BlockSize() int { - return int(C.EVP_CIPHER_block_size_not_a_macro(c.ptr)) + return int(C.X_EVP_CIPHER_block_size(c.ptr)) } func (c *Cipher) KeySize() int { - return int(C.EVP_CIPHER_key_length_not_a_macro(c.ptr)) + return int(C.X_EVP_CIPHER_key_length(c.ptr)) } func (c *Cipher) IVSize() int { - return int(C.EVP_CIPHER_iv_length_not_a_macro(c.ptr)) + return int(C.X_EVP_CIPHER_iv_length(c.ptr)) } func Nid2ShortName(nid NID) (string, error) { @@ -154,7 +120,7 @@ func (ctx *cipherCtx) applyKeyAndIV(key, iv []byte) error { } if kptr != nil || iptr != nil { var res C.int - if ctx.ctx.encrypt != 0 { + if C.X_EVP_CIPHER_CTX_encrypting(ctx.ctx) != 0 { res = C.EVP_EncryptInit_ex(ctx.ctx, nil, nil, kptr, iptr) } else { res = C.EVP_DecryptInit_ex(ctx.ctx, nil, nil, kptr, iptr) @@ -167,19 +133,19 @@ func (ctx *cipherCtx) applyKeyAndIV(key, iv []byte) error { } func (ctx *cipherCtx) Cipher() *Cipher { - return &Cipher{ptr: C.EVP_CIPHER_CTX_cipher_not_a_macro(ctx.ctx)} + return &Cipher{ptr: C.X_EVP_CIPHER_CTX_cipher(ctx.ctx)} } func (ctx *cipherCtx) BlockSize() int { - return int(C.EVP_CIPHER_CTX_block_size_not_a_macro(ctx.ctx)) + return int(C.X_EVP_CIPHER_CTX_block_size(ctx.ctx)) } func (ctx *cipherCtx) KeySize() int { - return int(C.EVP_CIPHER_CTX_key_length_not_a_macro(ctx.ctx)) + return int(C.X_EVP_CIPHER_CTX_key_length(ctx.ctx)) } func (ctx *cipherCtx) IVSize() int { - return int(C.EVP_CIPHER_CTX_iv_length_not_a_macro(ctx.ctx)) + return int(C.X_EVP_CIPHER_CTX_iv_length(ctx.ctx)) } func (ctx *cipherCtx) setCtrl(code, arg int) error { diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_gcm.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_gcm.go new file mode 100644 index 00000000000..e184c95e5df --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_gcm.go @@ -0,0 +1,154 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !openssl_pre_1.0 + +package openssl + +// #include <openssl/evp.h> +import "C" + +import ( + "errors" + "fmt" +) + +type AuthenticatedEncryptionCipherCtx interface { + EncryptionCipherCtx + + // data passed in to ExtraData() is part of the final output; it is + // not encrypted itself, but is part of the authenticated data. when + // decrypting or authenticating, pass back with the decryption + // context's ExtraData() + ExtraData([]byte) error + + // use after finalizing encryption to get the authenticating tag + GetTag() ([]byte, error) +} + +type AuthenticatedDecryptionCipherCtx interface { + DecryptionCipherCtx + + // pass in any extra data that was added during encryption with the + // encryption context's ExtraData() + ExtraData([]byte) error + + // use before finalizing decryption to tell the library what the + // tag is expected to be + SetTag([]byte) error +} + +type authEncryptionCipherCtx struct { + *encryptionCipherCtx +} + +type authDecryptionCipherCtx struct { + *decryptionCipherCtx +} + +func getGCMCipher(blocksize int) (*Cipher, error) { + var cipherptr *C.EVP_CIPHER + switch blocksize { + case 256: + cipherptr = C.EVP_aes_256_gcm() + case 192: + cipherptr = C.EVP_aes_192_gcm() + case 128: + cipherptr = C.EVP_aes_128_gcm() + default: + return nil, fmt.Errorf("unknown block size %d", blocksize) + } + return &Cipher{ptr: cipherptr}, nil +} + +func NewGCMEncryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) ( + AuthenticatedEncryptionCipherCtx, error) { + cipher, err := getGCMCipher(blocksize) + if err != nil { + return nil, err + } + ctx, err := newEncryptionCipherCtx(cipher, e, key, nil) + if err != nil { + return nil, err + } + if len(iv) > 0 { + err := ctx.setCtrl(C.EVP_CTRL_GCM_SET_IVLEN, len(iv)) + if err != nil { + return nil, fmt.Errorf("could not set IV len to %d: %s", + len(iv), err) + } + if 1 != C.EVP_EncryptInit_ex(ctx.ctx, nil, nil, nil, + (*C.uchar)(&iv[0])) { + return nil, errors.New("failed to apply IV") + } + } + return &authEncryptionCipherCtx{encryptionCipherCtx: ctx}, nil +} + +func NewGCMDecryptionCipherCtx(blocksize int, e *Engine, key, iv []byte) ( + AuthenticatedDecryptionCipherCtx, error) { + cipher, err := getGCMCipher(blocksize) + if err != nil { + return nil, err + } + ctx, err := newDecryptionCipherCtx(cipher, e, key, nil) + if err != nil { + return nil, err + } + if len(iv) > 0 { + err := ctx.setCtrl(C.EVP_CTRL_GCM_SET_IVLEN, len(iv)) + if err != nil { + return nil, fmt.Errorf("could not set IV len to %d: %s", + len(iv), err) + } + if 1 != C.EVP_DecryptInit_ex(ctx.ctx, nil, nil, nil, + (*C.uchar)(&iv[0])) { + return nil, errors.New("failed to apply IV") + } + } + return &authDecryptionCipherCtx{decryptionCipherCtx: ctx}, nil +} + +func (ctx *authEncryptionCipherCtx) ExtraData(aad []byte) error { + if aad == nil { + return nil + } + var outlen C.int + if 1 != C.EVP_EncryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), + C.int(len(aad))) { + return errors.New("failed to add additional authenticated data") + } + return nil +} + +func (ctx *authDecryptionCipherCtx) ExtraData(aad []byte) error { + if aad == nil { + return nil + } + var outlen C.int + if 1 != C.EVP_DecryptUpdate(ctx.ctx, nil, &outlen, (*C.uchar)(&aad[0]), + C.int(len(aad))) { + return errors.New("failed to add additional authenticated data") + } + return nil +} + +func (ctx *authEncryptionCipherCtx) GetTag() ([]byte, error) { + return ctx.getCtrlBytes(C.EVP_CTRL_GCM_GET_TAG, GCM_TAG_MAXLEN, + GCM_TAG_MAXLEN) +} + +func (ctx *authDecryptionCipherCtx) SetTag(tag []byte) error { + return ctx.setCtrlBytes(C.EVP_CTRL_GCM_SET_TAG, len(tag), tag) +} diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_test.go index d1d430b1e15..96b16817f9d 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ciphers_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ciphers_test.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build !darwin +// +build !openssl_pre_1.0 package openssl diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/conn.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/conn.go index 992033d2a30..2d2f208489d 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/conn.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/conn.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,30 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl -/* -#include <stdlib.h> -#include <openssl/ssl.h> -#include <openssl/conf.h> -#include <openssl/err.h> - -int sk_X509_num_not_a_macro(STACK_OF(X509) *sk) { return sk_X509_num(sk); } -X509 *sk_X509_value_not_a_macro(STACK_OF(X509)* sk, int i) { - return sk_X509_value(sk, i); -} -long SSL_set_tlsext_host_name_not_a_macro(SSL *ssl, const char *name) { - return SSL_set_tlsext_host_name(ssl, name); -} -const char * SSL_get_cipher_name_not_a_macro(const SSL *ssl) { - return SSL_get_cipher_name(ssl); -} -static int SSL_session_reused_not_a_macro(SSL *ssl) { - return SSL_session_reused(ssl); -} -*/ +// #include "shim.h" import "C" import ( @@ -48,7 +27,7 @@ import ( "time" "unsafe" - "github.com/spacemonkeygo/openssl/utils" + "github.com/10gen/openssl/utils" ) var ( @@ -59,8 +38,9 @@ var ( ) type Conn struct { + *SSL + conn net.Conn - ssl *C.SSL ctx *Ctx // for gc into_ssl *readBio from_ssl *writeBio @@ -156,9 +136,13 @@ func newConn(conn net.Conn, ctx *Ctx) (*Conn, error) { // the ssl object takes ownership of these objects now C.SSL_set_bio(ssl, into_ssl_cbio, from_ssl_cbio) + s := &SSL{ssl: ssl} + C.SSL_set_ex_data(s.ssl, get_ssl_idx(), unsafe.Pointer(s)) + c := &Conn{ + SSL: s, + conn: conn, - ssl: ssl, ctx: ctx, into_ssl: into_ssl, from_ssl: from_ssl} @@ -203,8 +187,10 @@ func Server(conn net.Conn, ctx *Ctx) (*Conn, error) { return c, nil } +func (c *Conn) GetCtx() *Ctx { return c.ctx } + func (c *Conn) CurrentCipher() (string, error) { - p := C.SSL_get_cipher_name_not_a_macro(c.ssl) + p := C.X_SSL_get_cipher_name(c.ssl) if p == nil { return "", errors.New("Session not established") } @@ -358,10 +344,10 @@ func (c *Conn) PeerCertificateChain() (rv []*Certificate, err error) { if sk == nil { return nil, errors.New("no peer certificates found") } - sk_num := int(C.sk_X509_num_not_a_macro(sk)) + sk_num := int(C.X_sk_X509_num(sk)) rv = make([]*Certificate, 0, sk_num) for i := 0; i < sk_num; i++ { - x := C.sk_X509_value_not_a_macro(sk, C.int(i)) + x := C.X_sk_X509_value(sk, C.int(i)) // ref holds on to the underlying connection memory so we don't need to // worry about incrementing refcounts manually or freeing the X509 rv = append(rv, &Certificate{x: x, ref: c}) @@ -578,7 +564,7 @@ func (c *Conn) SetTlsExtHostName(name string) error { defer C.free(unsafe.Pointer(cname)) runtime.LockOSThread() defer runtime.UnlockOSThread() - if C.SSL_set_tlsext_host_name_not_a_macro(c.ssl, cname) == 0 { + if C.X_SSL_set_tlsext_host_name(c.ssl, cname) == 0 { return errorFromErrorQueue() } return nil @@ -589,7 +575,7 @@ func (c *Conn) VerifyResult() VerifyResult { } func (c *Conn) SessionReused() bool { - return C.SSL_session_reused_not_a_macro(c.ssl) == 1 + return C.X_SSL_session_reused(c.ssl) == 1 } func (c *Conn) GetSession() ([]byte, error) { diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx.go index 8daa1bbbb1f..a092c3aae72 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,83 +12,11 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl /* -#include <openssl/crypto.h> -#include <openssl/ssl.h> +#include "shim.h" #include <openssl/err.h> -#include <openssl/conf.h> -#include <openssl/x509.h> - -static long SSL_CTX_set_options_not_a_macro(SSL_CTX* ctx, long options) { - return SSL_CTX_set_options(ctx, options); -} - -static long SSL_CTX_clear_options_not_a_macro(SSL_CTX* ctx, long options) { - return SSL_CTX_clear_options(ctx, options); -} - -static long SSL_CTX_get_options_not_a_macro(SSL_CTX* ctx) { - return SSL_CTX_get_options(ctx); -} - -static long SSL_CTX_set_mode_not_a_macro(SSL_CTX* ctx, long modes) { - return SSL_CTX_set_mode(ctx, modes); -} - -static long SSL_CTX_get_mode_not_a_macro(SSL_CTX* ctx) { - return SSL_CTX_get_mode(ctx); -} - -static long SSL_CTX_set_session_cache_mode_not_a_macro(SSL_CTX* ctx, long modes) { - return SSL_CTX_set_session_cache_mode(ctx, modes); -} - -static long SSL_CTX_sess_set_cache_size_not_a_macro(SSL_CTX* ctx, long t) { - return SSL_CTX_sess_set_cache_size(ctx, t); -} - -static long SSL_CTX_sess_get_cache_size_not_a_macro(SSL_CTX* ctx) { - return SSL_CTX_sess_get_cache_size(ctx); -} - -static long SSL_CTX_set_timeout_not_a_macro(SSL_CTX* ctx, long t) { - return SSL_CTX_set_timeout(ctx, t); -} - -static long SSL_CTX_get_timeout_not_a_macro(SSL_CTX* ctx) { - return SSL_CTX_get_timeout(ctx); -} - -static int CRYPTO_add_not_a_macro(int *pointer,int amount,int type) { - return CRYPTO_add(pointer, amount, type); -} - -static long SSL_CTX_add_extra_chain_cert_not_a_macro(SSL_CTX* ctx, X509 *cert) { - return SSL_CTX_add_extra_chain_cert(ctx, cert); -} - -static long SSL_CTX_set_tlsext_servername_callback_not_a_macro( - SSL_CTX* ctx, int (*cb)(SSL *con, int *ad, void *args)) { - return SSL_CTX_set_tlsext_servername_callback(ctx, cb); -} - -#ifndef SSL_MODE_RELEASE_BUFFERS -#define SSL_MODE_RELEASE_BUFFERS 0 -#endif - -#ifndef SSL_OP_NO_COMPRESSION -#define SSL_OP_NO_COMPRESSION 0 -#endif - -#if defined SSL_CTRL_SET_TLSEXT_HOSTNAME - extern int sni_cb(SSL *ssl_conn, int *ad, void *arg); -#endif - -extern int verify_cb(int ok, X509_STORE_CTX* store); typedef STACK_OF(X509_NAME) *STACK_OF_X509_NAME_not_a_macro; @@ -97,6 +25,7 @@ static void sk_X509_NAME_pop_free_not_a_macro(STACK_OF_X509_NAME_not_a_macro st) } extern int password_cb(char *buf, int size, int rwflag, void *password); + */ import "C" @@ -114,7 +43,7 @@ import ( ) var ( - ssl_ctx_idx = C.SSL_CTX_get_ex_new_index(0, nil, nil, nil, nil) + ssl_ctx_idx = C.X_SSL_CTX_new_index() logger = spacelog.GetLogger() ) @@ -169,10 +98,10 @@ const ( func NewCtxWithVersion(version SSLVersion) (*Ctx, error) { var method *C.SSL_METHOD switch version { - case TLSv1: - method = C.TLSv1_method() + case SSLv3: + method = C.X_SSLv3_method() case AnyVersion: - method = C.SSLv23_method() + method = C.X_SSLv23_method() } if method == nil { return nil, errors.New("unknown ssl/tls version") @@ -255,6 +184,8 @@ const ( Prime256v1 EllipticCurve = C.NID_X9_62_prime256v1 // P-384: NIST/SECG curve over a 384 bit prime field Secp384r1 EllipticCurve = C.NID_secp384r1 + // P-521: NIST/SECG curve over a 521 bit prime field + Secp521r1 EllipticCurve = C.NID_secp521r1 ) // UseCertificate configures the context to present the given certificate to @@ -386,7 +317,7 @@ func (c *Ctx) AddChainCertificate(cert *Certificate) error { runtime.LockOSThread() defer runtime.UnlockOSThread() c.chain = append(c.chain, cert) - if int(C.SSL_CTX_add_extra_chain_cert_not_a_macro(c.ctx, cert.x)) != 1 { + if int(C.X_SSL_CTX_add_extra_chain_cert(c.ctx, cert.x)) != 1 { return errorFromErrorQueue() } // OpenSSL takes ownership via SSL_CTX_add_extra_chain_cert @@ -581,7 +512,9 @@ func (self *CertificateStoreCtx) GetCurrentCert() *Certificate { return nil } // add a ref - C.CRYPTO_add_not_a_macro(&x509.references, 1, C.CRYPTO_LOCK_X509) + if 1 != C.X_X509_add_ref(x509) { + return nil + } cert := &Certificate{ x: x509, } @@ -630,19 +563,19 @@ const ( // SetOptions sets context options. See // http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html func (c *Ctx) SetOptions(options Options) Options { - return Options(C.SSL_CTX_set_options_not_a_macro( + return Options(C.X_SSL_CTX_set_options( c.ctx, C.long(options))) } func (c *Ctx) ClearOptions(options Options) Options { - return Options(C.SSL_CTX_clear_options_not_a_macro( + return Options(C.X_SSL_CTX_clear_options( c.ctx, C.long(options))) } // GetOptions returns context options. See // https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html func (c *Ctx) GetOptions() Options { - return Options(C.SSL_CTX_get_options_not_a_macro(c.ctx)) + return Options(C.X_SSL_CTX_get_options(c.ctx)) } type Modes int @@ -656,13 +589,13 @@ const ( // SetMode sets context modes. See // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html func (c *Ctx) SetMode(modes Modes) Modes { - return Modes(C.SSL_CTX_set_mode_not_a_macro(c.ctx, C.long(modes))) + return Modes(C.X_SSL_CTX_set_mode(c.ctx, C.long(modes))) } // GetMode returns context modes. See // http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html func (c *Ctx) GetMode() Modes { - return Modes(C.SSL_CTX_get_mode_not_a_macro(c.ctx)) + return Modes(C.X_SSL_CTX_get_mode(c.ctx)) } type VerifyOptions int @@ -683,8 +616,8 @@ const ( type VerifyCallback func(ok bool, store *CertificateStoreCtx) bool -//export verify_cb_thunk -func verify_cb_thunk(p unsafe.Pointer, ok C.int, ctx *C.X509_STORE_CTX) C.int { +//export go_ssl_ctx_verify_cb_thunk +func go_ssl_ctx_verify_cb_thunk(p unsafe.Pointer, ok C.int, ctx *C.X509_STORE_CTX) C.int { defer func() { if err := recover(); err != nil { logger.Critf("openssl: verify callback panic'd: %v", err) @@ -709,7 +642,7 @@ func verify_cb_thunk(p unsafe.Pointer, ok C.int, ctx *C.X509_STORE_CTX) C.int { func (c *Ctx) SetVerify(options VerifyOptions, verify_cb VerifyCallback) { c.verify_cb = verify_cb if verify_cb != nil { - C.SSL_CTX_set_verify(c.ctx, C.int(options), (*[0]byte)(C.verify_cb)) + C.SSL_CTX_set_verify(c.ctx, C.int(options), (*[0]byte)(C.X_SSL_CTX_verify_cb)) } else { C.SSL_CTX_set_verify(c.ctx, C.int(options), nil) } @@ -752,7 +685,7 @@ type TLSExtServernameCallback func(ssl *SSL) SSLTLSExtErr // http://stackoverflow.com/questions/22373332/serving-multiple-domains-in-one-box-with-sni func (c *Ctx) SetTLSExtServernameCallback(sni_cb TLSExtServernameCallback) { c.sni_cb = sni_cb - C.SSL_CTX_set_tlsext_servername_callback_not_a_macro(c.ctx, (*[0]byte)(C.sni_cb)) + C.X_SSL_CTX_set_tlsext_servername_callback(c.ctx, (*[0]byte)(C.sni_cb)) } func (c *Ctx) SetSessionId(session_id []byte) error { @@ -800,30 +733,30 @@ const ( // http://www.openssl.org/docs/ssl/SSL_CTX_set_session_cache_mode.html func (c *Ctx) SetSessionCacheMode(modes SessionCacheModes) SessionCacheModes { return SessionCacheModes( - C.SSL_CTX_set_session_cache_mode_not_a_macro(c.ctx, C.long(modes))) + C.X_SSL_CTX_set_session_cache_mode(c.ctx, C.long(modes))) } // Set session cache timeout. Returns previously set value. // See https://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html func (c *Ctx) SetTimeout(t time.Duration) time.Duration { - prev := C.SSL_CTX_set_timeout_not_a_macro(c.ctx, C.long(t/time.Second)) + prev := C.X_SSL_CTX_set_timeout(c.ctx, C.long(t/time.Second)) return time.Duration(prev) * time.Second } // Get session cache timeout. // See https://www.openssl.org/docs/ssl/SSL_CTX_set_timeout.html func (c *Ctx) GetTimeout() time.Duration { - return time.Duration(C.SSL_CTX_get_timeout_not_a_macro(c.ctx)) * time.Second + return time.Duration(C.X_SSL_CTX_get_timeout(c.ctx)) * time.Second } // Set session cache size. Returns previously set value. // https://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html func (c *Ctx) SessSetCacheSize(t int) int { - return int(C.SSL_CTX_sess_set_cache_size_not_a_macro(c.ctx, C.long(t))) + return int(C.X_SSL_CTX_sess_set_cache_size(c.ctx, C.long(t))) } // Get session cache size. // https://www.openssl.org/docs/ssl/SSL_CTX_sess_set_cache_size.html func (c *Ctx) SessGetCacheSize() int { - return int(C.SSL_CTX_sess_get_cache_size_not_a_macro(c.ctx)) + return int(C.X_SSL_CTX_sess_get_cache_size(c.ctx)) } diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx_test.go index 9644e518bf3..cd2a82a5a66 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ctx_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ctx_test.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Ryan Hileman +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh.go new file mode 100644 index 00000000000..7d0cc703985 --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh.go @@ -0,0 +1,68 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !openssl_pre_1.0 + +package openssl + +// #include "shim.h" +import "C" +import ( + "errors" + "unsafe" +) + +// DeriveSharedSecret derives a shared secret using a private key and a peer's +// public key. +// The specific algorithm that is used depends on the types of the +// keys, but it is most commonly a variant of Diffie-Hellman. +func DeriveSharedSecret(private PrivateKey, public PublicKey) ([]byte, error) { + // Create context for the shared secret derivation + dhCtx := C.EVP_PKEY_CTX_new(private.evpPKey(), nil) + if dhCtx == nil { + return nil, errors.New("failed creating shared secret derivation context") + } + defer C.EVP_PKEY_CTX_free(dhCtx) + + // Initialize the context + if int(C.EVP_PKEY_derive_init(dhCtx)) != 1 { + return nil, errors.New("failed initializing shared secret derivation context") + } + + // Provide the peer's public key + if int(C.EVP_PKEY_derive_set_peer(dhCtx, public.evpPKey())) != 1 { + return nil, errors.New("failed adding peer public key to context") + } + + // Determine how large of a buffer we need for the shared secret + var buffLen C.size_t + if int(C.EVP_PKEY_derive(dhCtx, nil, &buffLen)) != 1 { + return nil, errors.New("failed determining shared secret length") + } + + // Allocate a buffer + buffer := C.X_OPENSSL_malloc(buffLen) + if buffer == nil { + return nil, errors.New("failed allocating buffer for shared secret") + } + defer C.X_OPENSSL_free(buffer) + + // Derive the shared secret + if int(C.EVP_PKEY_derive(dhCtx, (*C.uchar)(buffer), &buffLen)) != 1 { + return nil, errors.New("failed deriving the shared secret") + } + + secret := C.GoBytes(unsafe.Pointer(buffer), C.int(buffLen)) + return secret, nil +} diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh_test.go new file mode 100644 index 00000000000..ce8e644940c --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dh_test.go @@ -0,0 +1,48 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !openssl_pre_1.0 + +package openssl + +import ( + "bytes" + "testing" +) + +func TestECDH(t *testing.T) { + t.Parallel() + + myKey, err := GenerateECKey(Prime256v1) + if err != nil { + t.Fatal(err) + } + peerKey, err := GenerateECKey(Prime256v1) + if err != nil { + t.Fatal(err) + } + + mySecret, err := DeriveSharedSecret(myKey, peerKey) + if err != nil { + t.Fatal(err) + } + theirSecret, err := DeriveSharedSecret(peerKey, myKey) + if err != nil { + t.Fatal(err) + } + + if bytes.Compare(mySecret, theirSecret) != 0 { + t.Fatal("shared secrets are different") + } +} diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/dhparam.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dhparam.go index a698645c1ec..294d0645c03 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/dhparam.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/dhparam.go @@ -1,21 +1,20 @@ -// +build cgo +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. package openssl -/* -#include <openssl/crypto.h> -#include <openssl/ssl.h> -#include <openssl/err.h> -#include <openssl/conf.h> -#include <openssl/dh.h> - -static long SSL_CTX_set_tmp_dh_not_a_macro(SSL_CTX* ctx, DH *dh) { - return SSL_CTX_set_tmp_dh(ctx, dh); -} -static long PEM_read_DHparams_not_a_macro(SSL_CTX* ctx, DH *dh) { - return SSL_CTX_set_tmp_dh(ctx, dh); -} -*/ +// #include "shim.h" import "C" import ( @@ -58,7 +57,7 @@ func (c *Ctx) SetDHParameters(dh *DH) error { runtime.LockOSThread() defer runtime.UnlockOSThread() - if int(C.SSL_CTX_set_tmp_dh_not_a_macro(c.ctx, dh.dh)) != 1 { + if int(C.X_SSL_CTX_set_tmp_dh(c.ctx, dh.dh)) != 1 { return errorFromErrorQueue() } return nil diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/digest.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/digest.go index 44d4d001b13..6d8d2635aee 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/digest.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/digest.go @@ -1,4 +1,4 @@ -// Copyright (C) 2015 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,11 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl -// #include <openssl/evp.h> +// #include "shim.h" import "C" import ( @@ -34,7 +32,7 @@ type Digest struct { func GetDigestByName(name string) (*Digest, error) { cname := C.CString(name) defer C.free(unsafe.Pointer(cname)) - p := C.EVP_get_digestbyname(cname) + p := C.X_EVP_get_digestbyname(cname) if p == nil { return nil, fmt.Errorf("Digest %v not found", name) } diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/engine.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/engine.go index 7a175b70f7c..78aef956fca 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/engine.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/engine.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,8 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl /* diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips.go new file mode 100644 index 00000000000..77e1dc3eddf --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips.go @@ -0,0 +1,66 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build cgo + +package openssl + +/* +#include "shim.h" + +static int X_FIPS_defined() { +#ifdef OPENSSL_FIPS + return 1; +#else + return 0; +#endif +} + +*/ +import "C" +import "runtime" + +// FIPSModeDefined indicates if the openssl library has the FIPS +// module complied in, specifically if the "OPENSSL_FIPS" macro is defined. +func FIPSModeDefined() bool { + if C.X_FIPS_defined() == 1 { + return true + } + return false +} + +// FIPSModeSet enables a FIPS 140-2 validated mode of operation. +// https://wiki.openssl.org/index.php/FIPS_mode_set() +func FIPSModeSet(mode bool) error { + runtime.LockOSThread() + defer runtime.UnlockOSThread() + + var r C.int + if mode { + r = C.X_FIPS_mode_set(1) + } else { + r = C.X_FIPS_mode_set(0) + } + if r != 1 { + return errorFromErrorQueue() + } + return nil +} + +func FIPSMode() bool { + if FIPSModeDefined() && C.X_FIPS_mode() != 0 { + return true + } + return false +} diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go new file mode 100644 index 00000000000..7c8ec3a8c40 --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/fips_test.go @@ -0,0 +1,35 @@ +package openssl_test + +import ( + "testing" + + "github.com/10gen/openssl" +) + +func TestSetFIPSMode(t *testing.T) { + if !openssl.FIPSModeDefined() { + t.Skip() + } + + if openssl.FIPSMode() { + t.Fatal("Expected FIPS mode to be disabled, but was enabled") + } + + err := openssl.FIPSModeSet(true) + if err != nil { + t.Fatal(err) + } + + if !openssl.FIPSMode() { + t.Fatal("Expected FIPS mode to be enabled, but was disabled") + } + + err = openssl.FIPSModeSet(false) + if err != nil { + t.Fatal(err) + } + + if openssl.FIPSMode() { + t.Fatal("Expected FIPS mode to be disabled, but was enabled") + } +} diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hmac.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hmac.go new file mode 100644 index 00000000000..a8640cfac63 --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hmac.go @@ -0,0 +1,91 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package openssl + +// #include "shim.h" +import "C" + +import ( + "errors" + "runtime" + "unsafe" +) + +type HMAC struct { + ctx *C.HMAC_CTX + engine *Engine + md *C.EVP_MD +} + +func NewHMAC(key []byte, digestAlgorithm EVP_MD) (*HMAC, error) { + return NewHMACWithEngine(key, digestAlgorithm, nil) +} + +func NewHMACWithEngine(key []byte, digestAlgorithm EVP_MD, e *Engine) (*HMAC, error) { + var md *C.EVP_MD = getDigestFunction(digestAlgorithm) + h := &HMAC{engine: e, md: md} + h.ctx = C.X_HMAC_CTX_new() + if h.ctx == nil { + return nil, errors.New("unable to allocate HMAC_CTX") + } + + var c_e *C.ENGINE + if e != nil { + c_e = e.e + } + if rc := C.X_HMAC_Init_ex(h.ctx, + unsafe.Pointer(&key[0]), + C.int(len(key)), + md, + c_e); rc != 1 { + C.X_HMAC_CTX_free(h.ctx) + return nil, errors.New("failed to initialize HMAC_CTX") + } + + runtime.SetFinalizer(h, func(h *HMAC) { h.Close() }) + return h, nil +} + +func (h *HMAC) Close() { + C.X_HMAC_CTX_free(h.ctx) +} + +func (h *HMAC) Write(data []byte) (n int, err error) { + if len(data) == 0 { + return 0, nil + } + if rc := C.X_HMAC_Update(h.ctx, (*C.uchar)(unsafe.Pointer(&data[0])), + C.size_t(len(data))); rc != 1 { + return 0, errors.New("failed to update HMAC") + } + return len(data), nil +} + +func (h *HMAC) Reset() error { + if 1 != C.X_HMAC_Init_ex(h.ctx, nil, 0, nil, nil) { + return errors.New("failed to reset HMAC_CTX") + } + return nil +} + +func (h *HMAC) Final() (result []byte, err error) { + mdLength := C.X_EVP_MD_size(h.md) + result = make([]byte, mdLength) + if rc := C.X_HMAC_Final(h.ctx, (*C.uchar)(unsafe.Pointer(&result[0])), + (*C.uint)(unsafe.Pointer(&mdLength))); rc != 1 { + return nil, errors.New("failed to finalized HMAC") + } + return result, h.Reset() +} diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hmac_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hmac_test.go new file mode 100644 index 00000000000..424720e2171 --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hmac_test.go @@ -0,0 +1,74 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !openssl_pre_1.0 + +package openssl + +import ( + "crypto/hmac" + "crypto/sha256" + "encoding/hex" + "testing" +) + +func TestSHA256HMAC(t *testing.T) { + key := []byte("d741787cc61851af045ccd37") + data := []byte("5912EEFD-59EC-43E3-ADB8-D5325AEC3271") + + h, err := NewHMAC(key, EVP_SHA256) + if err != nil { + t.Fatalf("Unable to create new HMAC: %s", err) + } + if _, err := h.Write(data); err != nil { + t.Fatalf("Unable to write data into HMAC: %s", err) + } + + var actualHMACBytes []byte + if actualHMACBytes, err = h.Final(); err != nil { + t.Fatalf("Error while finalizing HMAC: %s", err) + } + actualString := hex.EncodeToString(actualHMACBytes) + + // generate HMAC with built-in crypto lib + mac := hmac.New(sha256.New, key) + mac.Write(data) + expectedString := hex.EncodeToString(mac.Sum(nil)) + + if expectedString != actualString { + t.Errorf("HMAC was incorrect: expected=%s, actual=%s", expectedString, actualString) + } +} + +func BenchmarkSHA256HMAC(b *testing.B) { + key := []byte("d741787cc61851af045ccd37") + data := []byte("5912EEFD-59EC-43E3-ADB8-D5325AEC3271") + + h, err := NewHMAC(key, EVP_SHA256) + if err != nil { + b.Fatalf("Unable to create new HMAC: %s", err) + } + + b.ResetTimer() + for i := 0; i < b.N; i++ { + if _, err := h.Write(data); err != nil { + b.Fatalf("Unable to write data into HMAC: %s", err) + } + + var err error + if _, err = h.Final(); err != nil { + b.Fatalf("Error while finalizing HMAC: %s", err) + } + } +} diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.c index 9a610292067..aef33355262 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.c +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.c @@ -1,7 +1,8 @@ -/* Go-OpenSSL notice: - This file is required for all OpenSSL versions prior to 1.1.0. This simply - provides the new 1.1.0 X509_check_* methods for hostname validation if they - don't already exist. +/* + * Go-OpenSSL notice: + * This file is required for all OpenSSL versions prior to 1.1.0. This simply + * provides the new 1.1.0 X509_check_* methods for hostname validation if they + * don't already exist. */ #include <openssl/x509.h> @@ -67,6 +68,7 @@ */ /* X509 v3 extension utilities */ +#include <string.h> #include <stdlib.h> #include <openssl/ssl.h> #include <openssl/conf.h> @@ -346,22 +348,26 @@ static int do_x509_check(X509 *x, const unsigned char *chk, size_t chklen, return 0; } -int _X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags) +#if OPENSSL_VERSION_NUMBER < 0x1000200fL + +int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags, char **peername) { return do_x509_check(x, chk, chklen, flags, GEN_DNS); } -int _X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, +int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { return do_x509_check(x, chk, chklen, flags, GEN_EMAIL); } -int _X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, +int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags) { return do_x509_check(x, chk, chklen, flags, GEN_IPADD); } +#endif /* OPENSSL_VERSION_NUMBER */ + #endif diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.go index c1d1202fb65..f0b36db678d 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/hostname.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/hostname.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,8 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl /* @@ -25,11 +23,11 @@ package openssl #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT 0x1 #define X509_CHECK_FLAG_NO_WILDCARDS 0x2 -extern int _X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, - unsigned int flags); -extern int _X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, +extern int X509_check_host(X509 *x, const unsigned char *chk, size_t chklen, + unsigned int flags, char **peername); +extern int X509_check_email(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags); -extern int _X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, +extern int X509_check_ip(X509 *x, const unsigned char *chk, size_t chklen, unsigned int flags); #endif */ @@ -60,8 +58,9 @@ const ( func (c *Certificate) CheckHost(host string, flags CheckFlags) error { chost := unsafe.Pointer(C.CString(host)) defer C.free(chost) - rv := C._X509_check_host(c.x, (*C.uchar)(chost), C.size_t(len(host)), - C.uint(flags)) + + rv := C.X509_check_host(c.x, (*C.uchar)(chost), C.size_t(len(host)), + C.uint(flags), nil) if rv > 0 { return nil } @@ -79,7 +78,7 @@ func (c *Certificate) CheckHost(host string, flags CheckFlags) error { func (c *Certificate) CheckEmail(email string, flags CheckFlags) error { cemail := unsafe.Pointer(C.CString(email)) defer C.free(cemail) - rv := C._X509_check_email(c.x, (*C.uchar)(cemail), C.size_t(len(email)), + rv := C.X509_check_email(c.x, (*C.uchar)(cemail), C.size_t(len(email)), C.uint(flags)) if rv > 0 { return nil @@ -97,7 +96,7 @@ func (c *Certificate) CheckEmail(email string, flags CheckFlags) error { // there was no internal error. func (c *Certificate) CheckIP(ip net.IP, flags CheckFlags) error { cip := unsafe.Pointer(&ip[0]) - rv := C._X509_check_ip(c.x, (*C.uchar)(cip), C.size_t(len(ip)), + rv := C.X509_check_ip(c.x, (*C.uchar)(cip), C.size_t(len(ip)), C.uint(flags)) if rv > 0 { return nil diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/http.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/http.go index e3be32c264a..39bd5a28b5f 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/http.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/http.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init.go index 314e5415c18..17dc6f38751 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,8 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - /* Package openssl is a light wrapper around OpenSSL for Go. @@ -86,33 +84,7 @@ supported the generality needed to use OpenSSL instead of crypto/tls. */ package openssl -/* -#include <openssl/ssl.h> -#include <openssl/conf.h> -#include <openssl/err.h> -#include <openssl/evp.h> -#include <openssl/engine.h> - -extern int Goopenssl_init_locks(); -extern unsigned long Goopenssl_thread_id_callback(); -extern void Goopenssl_thread_locking_callback(int, int, const char*, int); - -static int Goopenssl_init_threadsafety() { - // Set up OPENSSL thread safety callbacks. - // TOOLS-1694 added setting of thread id callback for compatibility with openssl 0.9.8 - int rc = Goopenssl_init_locks(); - if (rc == 0) { - CRYPTO_set_locking_callback(Goopenssl_thread_locking_callback); - } - CRYPTO_set_id_callback(Goopenssl_thread_id_callback); - return rc; -} - -static void OpenSSL_add_all_algorithms_not_a_macro() { - OpenSSL_add_all_algorithms(); -} - -*/ +// #include "shim.h" import "C" import ( @@ -122,15 +94,8 @@ import ( ) func init() { - C.ERR_load_crypto_strings() - C.OPENSSL_config(nil) - C.ENGINE_load_builtin_engines() - C.SSL_load_error_strings() - C.SSL_library_init() - C.OpenSSL_add_all_algorithms_not_a_macro() - rc := C.Goopenssl_init_threadsafety() - if rc != 0 { - panic(fmt.Errorf("Goopenssl_init_locks failed with %d", rc)) + if rc := C.X_shim_init(); rc != 0 { + panic(fmt.Errorf("X_shim_init failed with %d", rc)) } } diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_posix.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_posix.go index 99558298e3a..d485893bb6e 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_posix.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_posix.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -24,7 +24,7 @@ package openssl pthread_mutex_t* goopenssl_locks; -int Goopenssl_init_locks() { +int go_init_locks() { int rc = 0; int nlock; int i; @@ -53,7 +53,7 @@ int Goopenssl_init_locks() { } #if OPENSSL_VERSION_NUMBER < 0x10100000L -void Goopenssl_thread_locking_callback(int mode, int n, const char *file, +void go_thread_locking_callback(int mode, int n, const char *file, int line) { if (mode & CRYPTO_LOCK) { pthread_mutex_lock(&goopenssl_locks[n]); @@ -61,7 +61,7 @@ void Goopenssl_thread_locking_callback(int mode, int n, const char *file, pthread_mutex_unlock(&goopenssl_locks[n]); } } -unsigned long Goopenssl_thread_id_callback() { +unsigned long go_thread_id_callback() { return (unsigned long) pthread_self(); } #endif diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_windows.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_windows.go index ec817926b7a..55079a271cd 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/init_windows.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/init_windows.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -17,20 +17,13 @@ package openssl /* - -#cgo windows LDFLAGS: -lssleay32 -llibeay32 -L c:/openssl/bin -#cgo windows CFLAGS: -I"c:/openssl/include" - -#ifndef WIN32_LEAN_AND_MEAN -#define WIN32_LEAN_AND_MEAN -#endif #include <errno.h> #include <openssl/crypto.h> #include <windows.h> CRITICAL_SECTION* goopenssl_locks; -int Goopenssl_init_locks() { +int go_init_locks() { int rc = 0; int nlock; int i; @@ -48,7 +41,7 @@ int Goopenssl_init_locks() { return 0; } -void Goopenssl_thread_locking_callback(int mode, int n, const char *file, +void go_thread_locking_callback(int mode, int n, const char *file, int line) { if (mode & CRYPTO_LOCK) { EnterCriticalSection(&goopenssl_locks[n]); @@ -57,7 +50,7 @@ void Goopenssl_thread_locking_callback(int mode, int n, const char *file, } } #if OPENSSL_VERSION_NUMBER < 0x10100000L -unsigned long Goopenssl_thread_id_callback() { +unsigned long go_thread_id_callback() { return (unsigned long) GetCurrentThreadId(); } #endif diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key.go index cc17f5fcf7d..4e39a38a579 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,35 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl -// #include <openssl/evp.h> -// #include <openssl/ssl.h> -// #include <openssl/conf.h> -// -// int EVP_SignInit_not_a_macro(EVP_MD_CTX *ctx, const EVP_MD *type) { -// return EVP_SignInit(ctx, type); -// } -// -// int EVP_SignUpdate_not_a_macro(EVP_MD_CTX *ctx, const void *d, -// unsigned int cnt) { -// return EVP_SignUpdate(ctx, d, cnt); -// } -// -// int EVP_VerifyInit_not_a_macro(EVP_MD_CTX *ctx, const EVP_MD *type) { -// return EVP_VerifyInit(ctx, type); -// } -// -// int EVP_VerifyUpdate_not_a_macro(EVP_MD_CTX *ctx, const void *d, -// unsigned int cnt) { -// return EVP_VerifyUpdate(ctx, d, cnt); -// } -// -// int EVP_PKEY_assign_charp(EVP_PKEY *pkey, int type, char *key) { -// return EVP_PKEY_assign(pkey, type, key); -// } +// #include "shim.h" import "C" import ( @@ -53,25 +27,30 @@ import ( type Method *C.EVP_MD var ( - SHA1_Method Method = C.EVP_sha1() - SHA256_Method Method = C.EVP_sha256() - SHA512_Method Method = C.EVP_sha512() + SHA1_Method Method = C.X_EVP_sha1() + SHA256_Method Method = C.X_EVP_sha256() + SHA512_Method Method = C.X_EVP_sha512() ) -type PublicKey interface { - // Verifies the data signature using PKCS1.15 - VerifyPKCS1v15(method Method, data, sig []byte) error - - // MarshalPKIXPublicKeyPEM converts the public key to PEM-encoded PKIX - // format - MarshalPKIXPublicKeyPEM() (pem_block []byte, err error) - - // MarshalPKIXPublicKeyDER converts the public key to DER-encoded PKIX - // format - MarshalPKIXPublicKeyDER() (der_block []byte, err error) - - evpPKey() *C.EVP_PKEY -} +// Constants for the various key types. +// Mapping of name -> NID taken from openssl/evp.h +const ( + KeyTypeNone = NID_undef + KeyTypeRSA = NID_rsaEncryption + KeyTypeRSA2 = NID_rsa + KeyTypeDSA = NID_dsa + KeyTypeDSA1 = NID_dsa_2 + KeyTypeDSA2 = NID_dsaWithSHA + KeyTypeDSA3 = NID_dsaWithSHA1 + KeyTypeDSA4 = NID_dsaWithSHA1_2 + KeyTypeDH = NID_dhKeyAgreement + KeyTypeDHX = NID_dhpublicnumber + KeyTypeEC = NID_X9_62_id_ecPublicKey + KeyTypeHMAC = NID_hmac + KeyTypeCMAC = NID_cmac + KeyTypeTLS1PRF = NID_tls1_prf + KeyTypeHKDF = NID_hkdf +) type PrivateKey interface { PublicKey @@ -95,22 +74,21 @@ type pKey struct { func (key *pKey) evpPKey() *C.EVP_PKEY { return key.key } func (key *pKey) SignPKCS1v15(method Method, data []byte) ([]byte, error) { - var ctx C.EVP_MD_CTX - C.EVP_MD_CTX_init(&ctx) - defer C.EVP_MD_CTX_cleanup(&ctx) + ctx := C.X_EVP_MD_CTX_new() + defer C.X_EVP_MD_CTX_free(ctx) - if 1 != C.EVP_SignInit_not_a_macro(&ctx, method) { + if 1 != C.X_EVP_SignInit(ctx, method) { return nil, errors.New("signpkcs1v15: failed to init signature") } if len(data) > 0 { - if 1 != C.EVP_SignUpdate_not_a_macro( - &ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) { + if 1 != C.X_EVP_SignUpdate( + ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) { return nil, errors.New("signpkcs1v15: failed to update signature") } } - sig := make([]byte, C.EVP_PKEY_size(key.key)) + sig := make([]byte, C.X_EVP_PKEY_size(key.key)) var sigblen C.uint - if 1 != C.EVP_SignFinal(&ctx, + if 1 != C.X_EVP_SignFinal(ctx, ((*C.uchar)(unsafe.Pointer(&sig[0]))), &sigblen, key.key) { return nil, errors.New("signpkcs1v15: failed to finalize signature") } @@ -118,45 +96,25 @@ func (key *pKey) SignPKCS1v15(method Method, data []byte) ([]byte, error) { } func (key *pKey) VerifyPKCS1v15(method Method, data, sig []byte) error { - var ctx C.EVP_MD_CTX - C.EVP_MD_CTX_init(&ctx) - defer C.EVP_MD_CTX_cleanup(&ctx) + ctx := C.X_EVP_MD_CTX_new() + defer C.X_EVP_MD_CTX_free(ctx) - if 1 != C.EVP_VerifyInit_not_a_macro(&ctx, method) { + if 1 != C.X_EVP_VerifyInit(ctx, method) { return errors.New("verifypkcs1v15: failed to init verify") } if len(data) > 0 { - if 1 != C.EVP_VerifyUpdate_not_a_macro( - &ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) { + if 1 != C.X_EVP_VerifyUpdate( + ctx, unsafe.Pointer(&data[0]), C.uint(len(data))) { return errors.New("verifypkcs1v15: failed to update verify") } } - if 1 != C.EVP_VerifyFinal(&ctx, + if 1 != C.X_EVP_VerifyFinal(ctx, ((*C.uchar)(unsafe.Pointer(&sig[0]))), C.uint(len(sig)), key.key) { return errors.New("verifypkcs1v15: failed to finalize verify") } return nil } -func (key *pKey) MarshalPKCS1PrivateKeyPEM() (pem_block []byte, - err error) { - bio := C.BIO_new(C.BIO_s_mem()) - if bio == nil { - return nil, errors.New("failed to allocate memory BIO") - } - defer C.BIO_free(bio) - rsa := (*C.RSA)(C.EVP_PKEY_get1_RSA(key.key)) - if rsa == nil { - return nil, errors.New("failed getting rsa key") - } - defer C.RSA_free(rsa) - if int(C.PEM_write_bio_RSAPrivateKey(bio, rsa, nil, nil, C.int(0), nil, - nil)) != 1 { - return nil, errors.New("failed dumping private key") - } - return ioutil.ReadAll(asAnyBio(bio)) -} - func (key *pKey) MarshalPKCS1PrivateKeyDER() (der_block []byte, err error) { bio := C.BIO_new(C.BIO_s_mem()) @@ -164,14 +122,11 @@ func (key *pKey) MarshalPKCS1PrivateKeyDER() (der_block []byte, return nil, errors.New("failed to allocate memory BIO") } defer C.BIO_free(bio) - rsa := (*C.RSA)(C.EVP_PKEY_get1_RSA(key.key)) - if rsa == nil { - return nil, errors.New("failed getting rsa key") - } - defer C.RSA_free(rsa) - if int(C.i2d_RSAPrivateKey_bio(bio, rsa)) != 1 { + + if int(C.i2d_PrivateKey_bio(bio, key.key)) != 1 { return nil, errors.New("failed dumping private key der") } + return ioutil.ReadAll(asAnyBio(bio)) } @@ -182,14 +137,11 @@ func (key *pKey) MarshalPKIXPublicKeyPEM() (pem_block []byte, return nil, errors.New("failed to allocate memory BIO") } defer C.BIO_free(bio) - rsa := (*C.RSA)(C.EVP_PKEY_get1_RSA(key.key)) - if rsa == nil { - return nil, errors.New("failed getting rsa key") - } - defer C.RSA_free(rsa) - if int(C.PEM_write_bio_RSA_PUBKEY(bio, rsa)) != 1 { + + if int(C.PEM_write_bio_PUBKEY(bio, key.key)) != 1 { return nil, errors.New("failed dumping public key pem") } + return ioutil.ReadAll(asAnyBio(bio)) } @@ -200,14 +152,11 @@ func (key *pKey) MarshalPKIXPublicKeyDER() (der_block []byte, return nil, errors.New("failed to allocate memory BIO") } defer C.BIO_free(bio) - rsa := (*C.RSA)(C.EVP_PKEY_get1_RSA(key.key)) - if rsa == nil { - return nil, errors.New("failed getting rsa key") - } - defer C.RSA_free(rsa) - if int(C.i2d_RSA_PUBKEY_bio(bio, rsa)) != 1 { + + if int(C.i2d_PUBKEY_bio(bio, key.key)) != 1 { return nil, errors.New("failed dumping public key der") } + return ioutil.ReadAll(asAnyBio(bio)) } @@ -223,31 +172,20 @@ func LoadPrivateKeyFromPEM(pem_block []byte) (PrivateKey, error) { } defer C.BIO_free(bio) - rsakey := C.PEM_read_bio_RSAPrivateKey(bio, nil, nil, nil) - if rsakey == nil { - return nil, errors.New("failed reading rsa key") - } - defer C.RSA_free(rsakey) - - // convert to PKEY - key := C.EVP_PKEY_new() + key := C.PEM_read_bio_PrivateKey(bio, nil, nil, nil) if key == nil { - return nil, errors.New("failed converting to evp_pkey") - } - if C.EVP_PKEY_set1_RSA(key, (*C.struct_rsa_st)(rsakey)) != 1 { - C.EVP_PKEY_free(key) - return nil, errors.New("failed converting to evp_pkey") + return nil, errors.New("failed reading private key") } p := &pKey{key: key} runtime.SetFinalizer(p, func(p *pKey) { - C.EVP_PKEY_free(p.key) + C.X_EVP_PKEY_free(p.key) }) return p, nil } -// LoadPrivateKeyFromPEM loads a private key from a PEM-encoded block. -func LoadPrivateKeyFromPEMWidthPassword(pem_block []byte, password string) ( +// LoadPrivateKeyFromPEMWithPassword loads a private key from a PEM-encoded block. +func LoadPrivateKeyFromPEMWithPassword(pem_block []byte, password string) ( PrivateKey, error) { if len(pem_block) == 0 { return nil, errors.New("empty pem block") @@ -260,25 +198,14 @@ func LoadPrivateKeyFromPEMWidthPassword(pem_block []byte, password string) ( defer C.BIO_free(bio) cs := C.CString(password) defer C.free(unsafe.Pointer(cs)) - rsakey := C.PEM_read_bio_RSAPrivateKey(bio, nil, nil, unsafe.Pointer(cs)) - if rsakey == nil { - return nil, errors.New("failed reading rsa key") - } - defer C.RSA_free(rsakey) - - // convert to PKEY - key := C.EVP_PKEY_new() + key := C.PEM_read_bio_PrivateKey(bio, nil, nil, unsafe.Pointer(cs)) if key == nil { - return nil, errors.New("failed converting to evp_pkey") - } - if C.EVP_PKEY_set1_RSA(key, (*C.struct_rsa_st)(rsakey)) != 1 { - C.EVP_PKEY_free(key) - return nil, errors.New("failed converting to evp_pkey") + return nil, errors.New("failed reading private key") } p := &pKey{key: key} runtime.SetFinalizer(p, func(p *pKey) { - C.EVP_PKEY_free(p.key) + C.X_EVP_PKEY_free(p.key) }) return p, nil } @@ -295,29 +222,25 @@ func LoadPrivateKeyFromDER(der_block []byte) (PrivateKey, error) { } defer C.BIO_free(bio) - rsakey := C.d2i_RSAPrivateKey_bio(bio, nil) - if rsakey == nil { - return nil, errors.New("failed reading rsa key") - } - defer C.RSA_free(rsakey) - - // convert to PKEY - key := C.EVP_PKEY_new() + key := C.d2i_PrivateKey_bio(bio, nil) if key == nil { - return nil, errors.New("failed converting to evp_pkey") - } - if C.EVP_PKEY_set1_RSA(key, (*C.struct_rsa_st)(rsakey)) != 1 { - C.EVP_PKEY_free(key) - return nil, errors.New("failed converting to evp_pkey") + return nil, errors.New("failed reading private key der") } p := &pKey{key: key} runtime.SetFinalizer(p, func(p *pKey) { - C.EVP_PKEY_free(p.key) + C.X_EVP_PKEY_free(p.key) }) return p, nil } +// LoadPrivateKeyFromPEMWidthPassword loads a private key from a PEM-encoded block. +// Backwards-compatible with typo +func LoadPrivateKeyFromPEMWidthPassword(pem_block []byte, password string) ( + PrivateKey, error) { + return LoadPrivateKeyFromPEMWithPassword(pem_block, password) +} + // LoadPublicKeyFromPEM loads a public key from a PEM-encoded block. func LoadPublicKeyFromPEM(pem_block []byte) (PublicKey, error) { if len(pem_block) == 0 { @@ -330,25 +253,14 @@ func LoadPublicKeyFromPEM(pem_block []byte) (PublicKey, error) { } defer C.BIO_free(bio) - rsakey := C.PEM_read_bio_RSA_PUBKEY(bio, nil, nil, nil) - if rsakey == nil { - return nil, errors.New("failed reading rsa key") - } - defer C.RSA_free(rsakey) - - // convert to PKEY - key := C.EVP_PKEY_new() + key := C.PEM_read_bio_PUBKEY(bio, nil, nil, nil) if key == nil { - return nil, errors.New("failed converting to evp_pkey") - } - if C.EVP_PKEY_set1_RSA(key, (*C.struct_rsa_st)(rsakey)) != 1 { - C.EVP_PKEY_free(key) - return nil, errors.New("failed converting to evp_pkey") + return nil, errors.New("failed reading public key der") } p := &pKey{key: key} runtime.SetFinalizer(p, func(p *pKey) { - C.EVP_PKEY_free(p.key) + C.X_EVP_PKEY_free(p.key) }) return p, nil } @@ -365,25 +277,14 @@ func LoadPublicKeyFromDER(der_block []byte) (PublicKey, error) { } defer C.BIO_free(bio) - rsakey := C.d2i_RSA_PUBKEY_bio(bio, nil) - if rsakey == nil { - return nil, errors.New("failed reading rsa key") - } - defer C.RSA_free(rsakey) - - // convert to PKEY - key := C.EVP_PKEY_new() + key := C.d2i_PUBKEY_bio(bio, nil) if key == nil { - return nil, errors.New("failed converting to evp_pkey") - } - if C.EVP_PKEY_set1_RSA(key, (*C.struct_rsa_st)(rsakey)) != 1 { - C.EVP_PKEY_free(key) - return nil, errors.New("failed converting to evp_pkey") + return nil, errors.New("failed reading public key der") } p := &pKey{key: key} runtime.SetFinalizer(p, func(p *pKey) { - C.EVP_PKEY_free(p.key) + C.X_EVP_PKEY_free(p.key) }) return p, nil } @@ -399,17 +300,17 @@ func GenerateRSAKeyWithExponent(bits int, exponent int) (PrivateKey, error) { if rsa == nil { return nil, errors.New("failed to generate RSA key") } - key := C.EVP_PKEY_new() + key := C.X_EVP_PKEY_new() if key == nil { return nil, errors.New("failed to allocate EVP_PKEY") } - if C.EVP_PKEY_assign_charp(key, C.EVP_PKEY_RSA, (*C.char)(unsafe.Pointer(rsa))) != 1 { - C.EVP_PKEY_free(key) + if C.X_EVP_PKEY_assign_charp(key, C.EVP_PKEY_RSA, (*C.char)(unsafe.Pointer(rsa))) != 1 { + C.X_EVP_PKEY_free(key) return nil, errors.New("failed to assign RSA key") } p := &pKey{key: key} runtime.SetFinalizer(p, func(p *pKey) { - C.EVP_PKEY_free(p.key) + C.X_EVP_PKEY_free(p.key) }) return p, nil } diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_0_9.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_0_9.go new file mode 100644 index 00000000000..ed17ef08a40 --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_0_9.go @@ -0,0 +1,58 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build openssl_pre_1.0 + +package openssl + +// #include "shim.h" +import "C" +import ( + "errors" + "io/ioutil" +) + +type PublicKey interface { + // Verifies the data signature using PKCS1.15 + VerifyPKCS1v15(method Method, data, sig []byte) error + + // MarshalPKIXPublicKeyPEM converts the public key to PEM-encoded PKIX + // format + MarshalPKIXPublicKeyPEM() (pem_block []byte, err error) + + // MarshalPKIXPublicKeyDER converts the public key to DER-encoded PKIX + // format + MarshalPKIXPublicKeyDER() (der_block []byte, err error) + + evpPKey() *C.EVP_PKEY +} + +func (key *pKey) MarshalPKCS1PrivateKeyPEM() (pem_block []byte, + err error) { + bio := C.BIO_new(C.BIO_s_mem()) + if bio == nil { + return nil, errors.New("failed to allocate memory BIO") + } + defer C.BIO_free(bio) + rsa := (*C.RSA)(C.EVP_PKEY_get1_RSA(key.key)) + if rsa == nil { + return nil, errors.New("failed getting rsa key") + } + defer C.RSA_free(rsa) + if int(C.PEM_write_bio_RSAPrivateKey(bio, rsa, nil, nil, C.int(0), nil, + nil)) != 1 { + return nil, errors.New("failed dumping private key") + } + return ioutil.ReadAll(asAnyBio(bio)) +} diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0.go new file mode 100644 index 00000000000..6ea2a46e073 --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0.go @@ -0,0 +1,132 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !openssl_pre_1.0 + +package openssl + +// #include "shim.h" +import "C" + +import ( + "errors" + "io/ioutil" + "runtime" +) + +type PublicKey interface { + // Verifies the data signature using PKCS1.15 + VerifyPKCS1v15(method Method, data, sig []byte) error + + // MarshalPKIXPublicKeyPEM converts the public key to PEM-encoded PKIX + // format + MarshalPKIXPublicKeyPEM() (pem_block []byte, err error) + + // MarshalPKIXPublicKeyDER converts the public key to DER-encoded PKIX + // format + MarshalPKIXPublicKeyDER() (der_block []byte, err error) + + // KeyType returns an identifier for what kind of key is represented by this + // object. + KeyType() NID + + // BaseType returns an identifier for what kind of key is represented + // by this object. + // Keys that share same algorithm but use different legacy formats + // will have the same BaseType. + // + // For example, a key with a `KeyType() == KeyTypeRSA` and a key with a + // `KeyType() == KeyTypeRSA2` would both have `BaseType() == KeyTypeRSA`. + BaseType() NID + + evpPKey() *C.EVP_PKEY +} + +func (key *pKey) MarshalPKCS1PrivateKeyPEM() (pem_block []byte, + err error) { + bio := C.BIO_new(C.BIO_s_mem()) + if bio == nil { + return nil, errors.New("failed to allocate memory BIO") + } + defer C.BIO_free(bio) + + // PEM_write_bio_PrivateKey_traditional will use the key-specific PKCS1 + // format if one is available for that key type, otherwise it will encode + // to a PKCS8 key. + if int(C.X_PEM_write_bio_PrivateKey_traditional(bio, key.key, nil, nil, + C.int(0), nil, nil)) != 1 { + return nil, errors.New("failed dumping private key") + } + + return ioutil.ReadAll(asAnyBio(bio)) +} + +func (key *pKey) KeyType() NID { + return NID(C.EVP_PKEY_id(key.key)) +} + +func (key *pKey) BaseType() NID { + return NID(C.EVP_PKEY_base_id(key.key)) +} + +// GenerateECKey generates a new elliptic curve private key on the speicified +// curve. +func GenerateECKey(curve EllipticCurve) (PrivateKey, error) { + + // Create context for parameter generation + paramCtx := C.EVP_PKEY_CTX_new_id(C.EVP_PKEY_EC, nil) + if paramCtx == nil { + return nil, errors.New("failed creating EC parameter generation context") + } + defer C.EVP_PKEY_CTX_free(paramCtx) + + // Intialize the parameter generation + if int(C.EVP_PKEY_paramgen_init(paramCtx)) != 1 { + return nil, errors.New("failed initializing EC parameter generation context") + } + + // Set curve in EC parameter generation context + if int(C.X_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(paramCtx, C.int(curve))) != 1 { + return nil, errors.New("failed setting curve in EC parameter generation context") + } + + // Create parameter object + var params *C.EVP_PKEY + if int(C.EVP_PKEY_paramgen(paramCtx, ¶ms)) != 1 { + return nil, errors.New("failed creating EC key generation parameters") + } + defer C.EVP_PKEY_free(params) + + // Create context for the key generation + keyCtx := C.EVP_PKEY_CTX_new(params, nil) + if keyCtx == nil { + return nil, errors.New("failed creating EC key generation context") + } + defer C.EVP_PKEY_CTX_free(keyCtx) + + // Generate the key + var privKey *C.EVP_PKEY + if int(C.EVP_PKEY_keygen_init(keyCtx)) != 1 { + return nil, errors.New("failed initializing EC key generation context") + } + if int(C.EVP_PKEY_keygen(keyCtx, &privKey)) != 1 { + return nil, errors.New("failed generating EC private key") + } + + p := &pKey{key: privKey} + runtime.SetFinalizer(p, func(p *pKey) { + C.X_EVP_PKEY_free(p.key) + }) + return p, nil +} diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0_test.go new file mode 100644 index 00000000000..c7987d9156f --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_1_0_test.go @@ -0,0 +1,145 @@ +// Copyright (C) 2017. See AUTHORS. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// +build !openssl_pre_1.0 + +package openssl + +import ( + "bytes" + "crypto/ecdsa" + "crypto/tls" + "crypto/x509" + "encoding/hex" + pem_pkg "encoding/pem" + "io/ioutil" + "testing" +) + +func TestMarshalEC(t *testing.T) { + key, err := LoadPrivateKeyFromPEM(prime256v1KeyBytes) + if err != nil { + t.Fatal(err) + } + cert, err := LoadCertificateFromPEM(prime256v1CertBytes) + if err != nil { + t.Fatal(err) + } + + privateBlock, _ := pem_pkg.Decode(prime256v1KeyBytes) + key, err = LoadPrivateKeyFromDER(privateBlock.Bytes) + if err != nil { + t.Fatal(err) + } + + pem, err := cert.MarshalPEM() + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(pem, prime256v1CertBytes) { + ioutil.WriteFile("generated", pem, 0644) + ioutil.WriteFile("hardcoded", prime256v1CertBytes, 0644) + t.Fatal("invalid cert pem bytes") + } + + pem, err = key.MarshalPKCS1PrivateKeyPEM() + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(pem, prime256v1KeyBytes) { + ioutil.WriteFile("generated", pem, 0644) + ioutil.WriteFile("hardcoded", prime256v1KeyBytes, 0644) + t.Fatal("invalid private key pem bytes") + } + tls_cert, err := tls.X509KeyPair(prime256v1CertBytes, prime256v1KeyBytes) + if err != nil { + t.Fatal(err) + } + tls_key, ok := tls_cert.PrivateKey.(*ecdsa.PrivateKey) + if !ok { + t.Fatal("FASDFASDF") + } + _ = tls_key + + der, err := key.MarshalPKCS1PrivateKeyDER() + if err != nil { + t.Fatal(err) + } + tls_der, err := x509.MarshalECPrivateKey(tls_key) + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(der, tls_der) { + t.Fatalf("invalid private key der bytes: %s\n v.s. %s\n", + hex.Dump(der), hex.Dump(tls_der)) + } + + der, err = key.MarshalPKIXPublicKeyDER() + if err != nil { + t.Fatal(err) + } + tls_der, err = x509.MarshalPKIXPublicKey(&tls_key.PublicKey) + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(der, tls_der) { + ioutil.WriteFile("generated", []byte(hex.Dump(der)), 0644) + ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644) + t.Fatal("invalid public key der bytes") + } + + pem, err = key.MarshalPKIXPublicKeyPEM() + if err != nil { + t.Fatal(err) + } + tls_pem := pem_pkg.EncodeToMemory(&pem_pkg.Block{ + Type: "PUBLIC KEY", Bytes: tls_der}) + if !bytes.Equal(pem, tls_pem) { + ioutil.WriteFile("generated", pem, 0644) + ioutil.WriteFile("hardcoded", tls_pem, 0644) + t.Fatal("invalid public key pem bytes") + } + + loaded_pubkey_from_pem, err := LoadPublicKeyFromPEM(pem) + if err != nil { + t.Fatal(err) + } + + loaded_pubkey_from_der, err := LoadPublicKeyFromDER(der) + if err != nil { + t.Fatal(err) + } + + new_der_from_pem, err := loaded_pubkey_from_pem.MarshalPKIXPublicKeyDER() + if err != nil { + t.Fatal(err) + } + + new_der_from_der, err := loaded_pubkey_from_der.MarshalPKIXPublicKeyDER() + if err != nil { + t.Fatal(err) + } + + if !bytes.Equal(new_der_from_der, tls_der) { + ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_der)), 0644) + ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644) + t.Fatal("invalid public key der bytes") + } + + if !bytes.Equal(new_der_from_pem, tls_der) { + ioutil.WriteFile("generated", []byte(hex.Dump(new_der_from_pem)), 0644) + ioutil.WriteFile("hardcoded", []byte(hex.Dump(tls_der)), 0644) + t.Fatal("invalid public key der bytes") + } +} diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_test.go index 0af90128530..635ef638ec9 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/key_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/key_test.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -76,7 +76,7 @@ func TestMarshal(t *testing.T) { } tls_der := x509.MarshalPKCS1PrivateKey(tls_key) if !bytes.Equal(der, tls_der) { - t.Fatal("invalid private key der bytes: %s\n v.s. %s\n", + t.Fatalf("invalid private key der bytes: %s\n v.s. %s\n", hex.Dump(der), hex.Dump(tls_der)) } diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/mapping.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/mapping.go index 066aba6b5db..d78cc703472 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/mapping.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/mapping.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,8 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl import ( diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/net.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/net.go index 0d9d72b0e00..15c897addd1 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/net.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/net.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -80,6 +80,27 @@ func Dial(network, addr string, ctx *Ctx, flags DialFlags) (*Conn, error) { return DialSession(network, addr, ctx, flags, nil) } +// DialWithDialer will connect to network/address using the provided dialer and +// then wrap the corresponding underlying connection with an OpenSSL client +// connection using context ctx. If flags includes InsecureSkipHostVerification, +// the server certificate's hostname will not be checked to match the hostname +// in addr. Otherwise, flags should be 0. +// +// Dial probably won't work for you unless you set a verify location or add +// some certs to the certificate store of the client context you're using. +// This library is not nice enough to use the system certificate store by +// default for you yet. +func DialWithDialer(dialer *net.Dialer, network, addr string, ctx *Ctx, flags DialFlags) (*Conn, error) { + return dialSessionWithDialer( + dialer, + network, + addr, + ctx, + flags, + nil, + ) +} + // DialSession will connect to network/address and then wrap the corresponding // underlying connection with an OpenSSL client connection using context ctx. // If flags includes InsecureSkipHostVerification, the server certificate's @@ -95,6 +116,18 @@ func Dial(network, addr string, ctx *Ctx, flags DialFlags) (*Conn, error) { // can be retrieved from the GetSession method on the Conn. func DialSession(network, addr string, ctx *Ctx, flags DialFlags, session []byte) (*Conn, error) { + return dialSessionWithDialer( + new(net.Dialer), + network, + addr, + ctx, + flags, + session, + ) +} + +func dialSessionWithDialer(dialer *net.Dialer, network, addr string, ctx *Ctx, flags DialFlags, + session []byte) (*Conn, error) { host, _, err := net.SplitHostPort(addr) if err != nil { @@ -108,7 +141,7 @@ func DialSession(network, addr string, ctx *Ctx, flags DialFlags, } // TODO: use operating system default certificate chain? } - c, err := net.Dial(network, addr) + c, err := dialer.Dial(network, addr) if err != nil { return nil, err } diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/nid.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/nid.go index c80f237b605..6766b849e76 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/nid.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/nid.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Ryan Hileman +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -17,6 +17,7 @@ package openssl type NID int const ( + NID_undef NID = 0 NID_rsadsi NID = 1 NID_pkcs NID = 2 NID_md2 NID = 3 @@ -196,4 +197,10 @@ const ( NID_ad_OCSP NID = 178 NID_ad_ca_issuers NID = 179 NID_OCSP_sign NID = 180 + NID_X9_62_id_ecPublicKey NID = 408 + NID_hmac NID = 855 + NID_cmac NID = 894 + NID_dhpublicnumber NID = 920 + NID_tls1_prf NID = 1021 + NID_hkdf NID = 1036 ) diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/password.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/password.c index db9582ca726..db9582ca726 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/password.c +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/password.c diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/pem.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/pem.go index 6dad5972dbd..c8b0c1cf19d 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/pem.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/pem.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Ryan Hileman +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1.go index 2592b6627d1..c227bee8461 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,18 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl -/* -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> - -#include "openssl/evp.h" -*/ +// #include "shim.h" import "C" import ( @@ -33,7 +24,7 @@ import ( ) type SHA1Hash struct { - ctx C.EVP_MD_CTX + ctx *C.EVP_MD_CTX engine *Engine } @@ -41,7 +32,10 @@ func NewSHA1Hash() (*SHA1Hash, error) { return NewSHA1HashWithEngine(nil) } func NewSHA1HashWithEngine(e *Engine) (*SHA1Hash, error) { hash := &SHA1Hash{engine: e} - C.EVP_MD_CTX_init(&hash.ctx) + hash.ctx = C.X_EVP_MD_CTX_new() + if hash.ctx == nil { + return nil, errors.New("openssl: sha1: unable to allocate ctx") + } runtime.SetFinalizer(hash, func(hash *SHA1Hash) { hash.Close() }) if err := hash.Reset(); err != nil { return nil, err @@ -50,7 +44,10 @@ func NewSHA1HashWithEngine(e *Engine) (*SHA1Hash, error) { } func (s *SHA1Hash) Close() { - C.EVP_MD_CTX_cleanup(&s.ctx) + if s.ctx != nil { + C.X_EVP_MD_CTX_free(s.ctx) + s.ctx = nil + } } func engineRef(e *Engine) *C.ENGINE { @@ -61,7 +58,7 @@ func engineRef(e *Engine) *C.ENGINE { } func (s *SHA1Hash) Reset() error { - if 1 != C.EVP_DigestInit_ex(&s.ctx, C.EVP_sha1(), engineRef(s.engine)) { + if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha1(), engineRef(s.engine)) { return errors.New("openssl: sha1: cannot init digest ctx") } return nil @@ -71,7 +68,7 @@ func (s *SHA1Hash) Write(p []byte) (n int, err error) { if len(p) == 0 { return 0, nil } - if 1 != C.EVP_DigestUpdate(&s.ctx, unsafe.Pointer(&p[0]), + if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), C.size_t(len(p))) { return 0, errors.New("openssl: sha1: cannot update digest") } @@ -79,7 +76,7 @@ func (s *SHA1Hash) Write(p []byte) (n int, err error) { } func (s *SHA1Hash) Sum() (result [20]byte, err error) { - if 1 != C.EVP_DigestFinal_ex(&s.ctx, + if 1 != C.X_EVP_DigestFinal_ex(s.ctx, (*C.uchar)(unsafe.Pointer(&result[0])), nil) { return result, errors.New("openssl: sha1: cannot finalize ctx") } diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1_test.go index 37037e4468b..37808b5a53e 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha1_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha1_test.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,8 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl import ( @@ -37,7 +35,7 @@ func TestSHA1(t *testing.T) { } if expected != got { - t.Fatal("exp:%x got:%x", expected, got) + t.Fatalf("exp:%x got:%x", expected, got) } } } @@ -75,7 +73,7 @@ func TestSHA1Writer(t *testing.T) { } if got != exp { - t.Fatal("exp:%x got:%x", exp, got) + t.Fatalf("exp:%x got:%x", exp, got) } } } diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256.go index 6785b32f881..d25c7a959d7 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,18 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl -/* -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> - -#include "openssl/evp.h" -*/ +// #include "shim.h" import "C" import ( @@ -33,7 +24,7 @@ import ( ) type SHA256Hash struct { - ctx C.EVP_MD_CTX + ctx *C.EVP_MD_CTX engine *Engine } @@ -41,7 +32,10 @@ func NewSHA256Hash() (*SHA256Hash, error) { return NewSHA256HashWithEngine(nil) func NewSHA256HashWithEngine(e *Engine) (*SHA256Hash, error) { hash := &SHA256Hash{engine: e} - C.EVP_MD_CTX_init(&hash.ctx) + hash.ctx = C.X_EVP_MD_CTX_new() + if hash.ctx == nil { + return nil, errors.New("openssl: sha256: unable to allocate ctx") + } runtime.SetFinalizer(hash, func(hash *SHA256Hash) { hash.Close() }) if err := hash.Reset(); err != nil { return nil, err @@ -50,11 +44,14 @@ func NewSHA256HashWithEngine(e *Engine) (*SHA256Hash, error) { } func (s *SHA256Hash) Close() { - C.EVP_MD_CTX_cleanup(&s.ctx) + if s.ctx != nil { + C.X_EVP_MD_CTX_free(s.ctx) + s.ctx = nil + } } func (s *SHA256Hash) Reset() error { - if 1 != C.EVP_DigestInit_ex(&s.ctx, C.EVP_sha256(), engineRef(s.engine)) { + if 1 != C.X_EVP_DigestInit_ex(s.ctx, C.X_EVP_sha256(), engineRef(s.engine)) { return errors.New("openssl: sha256: cannot init digest ctx") } return nil @@ -64,7 +61,7 @@ func (s *SHA256Hash) Write(p []byte) (n int, err error) { if len(p) == 0 { return 0, nil } - if 1 != C.EVP_DigestUpdate(&s.ctx, unsafe.Pointer(&p[0]), + if 1 != C.X_EVP_DigestUpdate(s.ctx, unsafe.Pointer(&p[0]), C.size_t(len(p))) { return 0, errors.New("openssl: sha256: cannot update digest") } @@ -72,7 +69,7 @@ func (s *SHA256Hash) Write(p []byte) (n int, err error) { } func (s *SHA256Hash) Sum() (result [32]byte, err error) { - if 1 != C.EVP_DigestFinal_ex(&s.ctx, + if 1 != C.X_EVP_DigestFinal_ex(s.ctx, (*C.uchar)(unsafe.Pointer(&result[0])), nil) { return result, errors.New("openssl: sha256: cannot finalize ctx") } diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256_test.go index 89df88afd44..467e503ab42 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sha256_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sha256_test.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,8 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl import ( @@ -37,7 +35,7 @@ func TestSHA256(t *testing.T) { } if expected != got { - t.Fatal("exp:%x got:%x", expected, got) + t.Fatalf("exp:%x got:%x", expected, got) } } } @@ -75,7 +73,7 @@ func TestSHA256Writer(t *testing.T) { } if got != exp { - t.Fatal("exp:%x got:%x", exp, got) + t.Fatalf("exp:%x got:%x", exp, got) } } } diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.c new file mode 100644 index 00000000000..f26d75e211c --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.c @@ -0,0 +1,737 @@ +/* + * Copyright (C) 2014 Space Monkey, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <string.h> + +#include "shim.h" + +#include "_cgo_export.h" + +/* + * Functions defined in other .c files + */ +extern int go_init_locks(); +extern unsigned long go_thread_id_callback(); +extern void go_thread_locking_callback(int, int, const char*, int); +static int go_write_bio_puts(BIO *b, const char *str) { + return go_write_bio_write(b, (char*)str, (int)strlen(str)); +} + +/* + ************************************************ + * v1.1.X and later implementation + ************************************************ + */ +#if OPENSSL_VERSION_NUMBER >= 0x1010000fL + +void X_BIO_set_data(BIO* bio, void* data) { + BIO_set_data(bio, data); +} + +void* X_BIO_get_data(BIO* bio) { + return BIO_get_data(bio); +} + +EVP_MD_CTX* X_EVP_MD_CTX_new() { + return EVP_MD_CTX_new(); +} + +void X_EVP_MD_CTX_free(EVP_MD_CTX* ctx) { + EVP_MD_CTX_free(ctx); +} + +static int x_bio_create(BIO *b) { + BIO_set_shutdown(b, 1); + BIO_set_init(b, 1); + BIO_set_data(b, NULL); + BIO_clear_flags(b, ~0); + return 1; +} + +static int x_bio_free(BIO *b) { + return 1; +} + +static BIO_METHOD *writeBioMethod; +static BIO_METHOD *readBioMethod; + +BIO_METHOD* BIO_s_readBio() { return readBioMethod; } +BIO_METHOD* BIO_s_writeBio() { return writeBioMethod; } + +int x_bio_init_methods() { + writeBioMethod = BIO_meth_new(BIO_TYPE_SOURCE_SINK, "Go Write BIO"); + if (!writeBioMethod) { + return 1; + } + if (1 != BIO_meth_set_write(writeBioMethod, + (int (*)(BIO *, const char *, int))go_write_bio_write)) { + return 2; + } + if (1 != BIO_meth_set_puts(writeBioMethod, go_write_bio_puts)) { + return 3; + } + if (1 != BIO_meth_set_ctrl(writeBioMethod, go_write_bio_ctrl)) { + return 4; + } + if (1 != BIO_meth_set_create(writeBioMethod, x_bio_create)) { + return 5; + } + if (1 != BIO_meth_set_destroy(writeBioMethod, x_bio_free)) { + return 6; + } + + readBioMethod = BIO_meth_new(BIO_TYPE_SOURCE_SINK, "Go Read BIO"); + if (!readBioMethod) { + return 7; + } + if (1 != BIO_meth_set_read(readBioMethod, go_read_bio_read)) { + return 8; + } + if (1 != BIO_meth_set_ctrl(readBioMethod, go_read_bio_ctrl)) { + return 9; + } + if (1 != BIO_meth_set_create(readBioMethod, x_bio_create)) { + return 10; + } + if (1 != BIO_meth_set_destroy(readBioMethod, x_bio_free)) { + return 11; + } + + return 0; +} + +const EVP_MD *X_EVP_dss() { + return NULL; +} + +const EVP_MD *X_EVP_dss1() { + return NULL; +} + +const EVP_MD *X_EVP_sha() { + return NULL; +} + +int X_EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) { + return EVP_CIPHER_CTX_encrypting(ctx); +} + +int X_X509_add_ref(X509* x509) { + return X509_up_ref(x509); +} + +const ASN1_TIME *X_X509_get0_notBefore(const X509 *x) { + return X509_get0_notBefore(x); +} + +const ASN1_TIME *X_X509_get0_notAfter(const X509 *x) { + return X509_get0_notAfter(x); +} + +HMAC_CTX *X_HMAC_CTX_new(void) { + return HMAC_CTX_new(); +} + +void X_HMAC_CTX_free(HMAC_CTX *ctx) { + HMAC_CTX_free(ctx); +} + +int X_PEM_write_bio_PrivateKey_traditional(BIO *bio, EVP_PKEY *key, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, void *u) { + return PEM_write_bio_PrivateKey_traditional(bio, key, enc, kstr, klen, cb, u); +} + +#endif + + + +/* + ************************************************ + * v1.0.X implementation + ************************************************ + */ +#if OPENSSL_VERSION_NUMBER < 0x1010000fL + +static int x_bio_create(BIO *b) { + b->shutdown = 1; + b->init = 1; + b->num = -1; + b->ptr = NULL; + b->flags = 0; + return 1; +} + +static int x_bio_free(BIO *b) { + return 1; +} + +static BIO_METHOD writeBioMethod = { + BIO_TYPE_SOURCE_SINK, + "Go Write BIO", + (int (*)(BIO *, const char *, int))go_write_bio_write, + NULL, + go_write_bio_puts, + NULL, + go_write_bio_ctrl, + x_bio_create, + x_bio_free, + NULL}; + +static BIO_METHOD* BIO_s_writeBio() { return &writeBioMethod; } + +static BIO_METHOD readBioMethod = { + BIO_TYPE_SOURCE_SINK, + "Go Read BIO", + NULL, + go_read_bio_read, + NULL, + NULL, + go_read_bio_ctrl, + x_bio_create, + x_bio_free, + NULL}; + +static BIO_METHOD* BIO_s_readBio() { return &readBioMethod; } + +int x_bio_init_methods() { + /* statically initialized above */ + return 0; +} + +void X_BIO_set_data(BIO* bio, void* data) { + bio->ptr = data; +} + +void* X_BIO_get_data(BIO* bio) { + return bio->ptr; +} + +EVP_MD_CTX* X_EVP_MD_CTX_new() { + return EVP_MD_CTX_create(); +} + +void X_EVP_MD_CTX_free(EVP_MD_CTX* ctx) { + EVP_MD_CTX_destroy(ctx); +} + +int X_X509_add_ref(X509* x509) { + CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509); + return 1; +} + +const ASN1_TIME *X_X509_get0_notBefore(const X509 *x) { + return x->cert_info->validity->notBefore; +} + +const ASN1_TIME *X_X509_get0_notAfter(const X509 *x) { + return x->cert_info->validity->notAfter; +} + +const EVP_MD *X_EVP_dss() { + return EVP_dss(); +} + +const EVP_MD *X_EVP_dss1() { + return EVP_dss1(); +} + +const EVP_MD *X_EVP_sha() { + return EVP_sha(); +} + +int X_EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) { + return ctx->encrypt; +} + +HMAC_CTX *X_HMAC_CTX_new(void) { + /* v1.1.0 uses a OPENSSL_zalloc to allocate the memory which does not exist + * in previous versions. malloc+memset to get the same behavior */ + HMAC_CTX *ctx = (HMAC_CTX *)OPENSSL_malloc(sizeof(HMAC_CTX)); + if (ctx) { + memset(ctx, 0, sizeof(HMAC_CTX)); + HMAC_CTX_init(ctx); + } + return ctx; +} + +void X_HMAC_CTX_free(HMAC_CTX *ctx) { + if (ctx) { + HMAC_CTX_cleanup(ctx); + OPENSSL_free(ctx); + } +} + +int X_PEM_write_bio_PrivateKey_traditional(BIO *bio, EVP_PKEY *key, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, void *u) { +#if OPENSSL_VERSION_NUMBER > 0x10000000L + /* PEM_write_bio_PrivateKey always tries to use the PKCS8 format if it + * is available, instead of using the "traditional" format as stated in the + * OpenSSL man page. + * i2d_PrivateKey should give us the correct DER encoding, so we'll just + * use PEM_ASN1_write_bio directly to write the DER encoding with the correct + * type header. */ + + int ppkey_id, pkey_base_id, ppkey_flags; + const char *pinfo, *ppem_str; + char pem_type_str[80]; + + // Lookup the ASN1 method information to get the pem type + if (EVP_PKEY_asn1_get0_info(&ppkey_id, &pkey_base_id, &ppkey_flags, &pinfo, &ppem_str, key->ameth) != 1) { + return 0; + } + // Set up the PEM type string + if (BIO_snprintf(pem_type_str, 80, "%s PRIVATE KEY", ppem_str) <= 0) { + // Failed to write out the pem type string, something is really wrong. + return 0; + } + // Write out everything to the BIO + return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey, + pem_type_str, bio, key, enc, kstr, klen, cb, u); +#else + return -1; +#endif +} + +#endif + + + +/* + ************************************************ + * common implementation + ************************************************ + */ + +int X_shim_init() { + int rc = 0; + + OPENSSL_config(NULL); + ENGINE_load_builtin_engines(); + SSL_load_error_strings(); + SSL_library_init(); + OpenSSL_add_all_algorithms(); + // + // Set up OPENSSL thread safety callbacks. We only set the locking + // callback because the default id callback implementation is good + // enough for us. + rc = go_init_locks(); + if (rc != 0) { + return rc; + } + CRYPTO_set_locking_callback(go_thread_locking_callback); + + CRYPTO_set_id_callback(go_thread_id_callback); + + rc = x_bio_init_methods(); + if (rc != 0) { + return rc; + } + + return 0; +} + +void * X_OPENSSL_malloc(size_t size) { + return OPENSSL_malloc(size); +} + +void X_OPENSSL_free(void *ref) { + OPENSSL_free(ref); +} + +long X_SSL_set_options(SSL* ssl, long options) { + return SSL_set_options(ssl, options); +} + +long X_SSL_get_options(SSL* ssl) { + return SSL_get_options(ssl); +} + +long X_SSL_clear_options(SSL* ssl, long options) { + return SSL_clear_options(ssl, options); +} + +long X_SSL_set_tlsext_host_name(SSL *ssl, const char *name) { + return SSL_set_tlsext_host_name(ssl, name); +} +const char * X_SSL_get_cipher_name(const SSL *ssl) { + return SSL_get_cipher_name(ssl); +} +int X_SSL_session_reused(SSL *ssl) { + return SSL_session_reused(ssl); +} + +int X_SSL_new_index() { + return SSL_get_ex_new_index(0, NULL, NULL, NULL, NULL); +} + +int X_SSL_verify_cb(int ok, X509_STORE_CTX* store) { + SSL* ssl = (SSL *)X509_STORE_CTX_get_ex_data(store, + SSL_get_ex_data_X509_STORE_CTX_idx()); + void* p = SSL_get_ex_data(ssl, get_ssl_idx()); + // get the pointer to the go Ctx object and pass it back into the thunk + return go_ssl_verify_cb_thunk(p, ok, store); +} + +const SSL_METHOD *X_SSLv23_method() { + return SSLv23_method(); +} + +const SSL_METHOD *X_SSLv3_method() { +#ifndef OPENSSL_NO_SSL3_METHOD + return SSLv3_method(); +#else + return NULL; +#endif +} + +const SSL_METHOD *X_TLSv1_method() { + return TLSv1_method(); +} + +/* +const SSL_METHOD *X_TLSv1_1_method() { +#if defined(TLS1_1_VERSION) && !defined(OPENSSL_SYSNAME_MACOSX) + return TLSv1_1_method(); +#else + return NULL; +#endif +} + +const SSL_METHOD *X_TLSv1_2_method() { +#if defined(TLS1_2_VERSION) && !defined(OPENSSL_SYSNAME_MACOSX) + return TLSv1_2_method(); +#else + return NULL; +#endif +} + +*/ +int X_SSL_CTX_new_index() { + return SSL_CTX_get_ex_new_index(0, NULL, NULL, NULL, NULL); +} + +long X_SSL_CTX_set_options(SSL_CTX* ctx, long options) { + return SSL_CTX_set_options(ctx, options); +} + +long X_SSL_CTX_clear_options(SSL_CTX* ctx, long options) { + return SSL_CTX_clear_options(ctx, options); +} + +long X_SSL_CTX_get_options(SSL_CTX* ctx) { + return SSL_CTX_get_options(ctx); +} + +long X_SSL_CTX_set_mode(SSL_CTX* ctx, long modes) { + return SSL_CTX_set_mode(ctx, modes); +} + +long X_SSL_CTX_get_mode(SSL_CTX* ctx) { + return SSL_CTX_get_mode(ctx); +} + +long X_SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long modes) { + return SSL_CTX_set_session_cache_mode(ctx, modes); +} + +long X_SSL_CTX_sess_set_cache_size(SSL_CTX* ctx, long t) { + return SSL_CTX_sess_set_cache_size(ctx, t); +} + +long X_SSL_CTX_sess_get_cache_size(SSL_CTX* ctx) { + return SSL_CTX_sess_get_cache_size(ctx); +} + +long X_SSL_CTX_set_timeout(SSL_CTX* ctx, long t) { + return SSL_CTX_set_timeout(ctx, t); +} + +long X_SSL_CTX_get_timeout(SSL_CTX* ctx) { + return SSL_CTX_get_timeout(ctx); +} + +long X_SSL_CTX_add_extra_chain_cert(SSL_CTX* ctx, X509 *cert) { + return SSL_CTX_add_extra_chain_cert(ctx, cert); +} + +long X_SSL_CTX_set_tmp_ecdh(SSL_CTX* ctx, EC_KEY *key) { + return SSL_CTX_set_tmp_ecdh(ctx, key); +} + +long X_SSL_CTX_set_tlsext_servername_callback( + SSL_CTX* ctx, int (*cb)(SSL *con, int *ad, void *args)) { + return SSL_CTX_set_tlsext_servername_callback(ctx, cb); +} + +int X_SSL_CTX_verify_cb(int ok, X509_STORE_CTX* store) { + SSL* ssl = (SSL *)X509_STORE_CTX_get_ex_data(store, + SSL_get_ex_data_X509_STORE_CTX_idx()); + SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(ssl); + void* p = SSL_CTX_get_ex_data(ssl_ctx, get_ssl_ctx_idx()); + // get the pointer to the go Ctx object and pass it back into the thunk + return go_ssl_ctx_verify_cb_thunk(p, ok, store); +} + +long X_SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh) { + return SSL_CTX_set_tmp_dh(ctx, dh); +} + +long X_PEM_read_DHparams(SSL_CTX* ctx, DH *dh) { + return SSL_CTX_set_tmp_dh(ctx, dh); +} + +int X_SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX *sslctx, + int (*cb)(SSL *s, unsigned char key_name[16], + unsigned char iv[EVP_MAX_IV_LENGTH], + EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)) { + return SSL_CTX_set_tlsext_ticket_key_cb(sslctx, cb); +} + +int X_SSL_CTX_ticket_key_cb(SSL *s, unsigned char key_name[16], + unsigned char iv[EVP_MAX_IV_LENGTH], + EVP_CIPHER_CTX *cctx, HMAC_CTX *hctx, int enc) { + + SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(s); + void* p = SSL_CTX_get_ex_data(ssl_ctx, get_ssl_ctx_idx()); + // get the pointer to the go Ctx object and pass it back into the thunk + return go_ticket_key_cb_thunk(p, s, key_name, iv, cctx, hctx, enc); +} + +int X_BIO_get_flags(BIO *b) { + return BIO_get_flags(b); +} + +void X_BIO_set_flags(BIO *b, int flags) { + return BIO_set_flags(b, flags); +} + +void X_BIO_clear_flags(BIO *b, int flags) { + BIO_clear_flags(b, flags); +} + +int X_BIO_read(BIO *b, void *buf, int len) { + return BIO_read(b, buf, len); +} + +int X_BIO_write(BIO *b, const void *buf, int len) { + return BIO_write(b, buf, len); +} + +BIO *X_BIO_new_write_bio() { + return BIO_new(BIO_s_writeBio()); +} + +BIO *X_BIO_new_read_bio() { + return BIO_new(BIO_s_readBio()); +} + +const EVP_MD *X_EVP_get_digestbyname(const char *name) { + return EVP_get_digestbyname(name); +} + +const EVP_MD *X_EVP_md_null() { + return EVP_md_null(); +} + +const EVP_MD *X_EVP_md5() { + return EVP_md5(); +} + +const EVP_MD *X_EVP_ripemd160() { + return EVP_ripemd160(); +} + +const EVP_MD *X_EVP_sha224() { + return EVP_sha224(); +} + +const EVP_MD *X_EVP_sha1() { + return EVP_sha1(); +} + +const EVP_MD *X_EVP_sha256() { + return EVP_sha256(); +} + +const EVP_MD *X_EVP_sha384() { + return EVP_sha384(); +} + +const EVP_MD *X_EVP_sha512() { + return EVP_sha512(); +} + +int X_EVP_MD_size(const EVP_MD *md) { + return EVP_MD_size(md); +} + +int X_EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) { + return EVP_DigestInit_ex(ctx, type, impl); +} + +int X_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt) { + return EVP_DigestUpdate(ctx, d, cnt); +} + +int X_EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s) { + return EVP_DigestFinal_ex(ctx, md, s); +} + +int X_EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type) { + return EVP_SignInit(ctx, type); +} + +int X_EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt) { + return EVP_SignUpdate(ctx, d, cnt); +} + +EVP_PKEY *X_EVP_PKEY_new(void) { + return EVP_PKEY_new(); +} + +void X_EVP_PKEY_free(EVP_PKEY *pkey) { + EVP_PKEY_free(pkey); +} + +int X_EVP_PKEY_size(EVP_PKEY *pkey) { + return EVP_PKEY_size(pkey); +} + +struct rsa_st *X_EVP_PKEY_get1_RSA(EVP_PKEY *pkey) { + return EVP_PKEY_get1_RSA(pkey); +} + +int X_EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key) { + return EVP_PKEY_set1_RSA(pkey, key); +} + +int X_EVP_PKEY_assign_charp(EVP_PKEY *pkey, int type, char *key) { + return EVP_PKEY_assign(pkey, type, key); +} + + + +int X_EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, EVP_PKEY *pkey) { + return EVP_SignFinal(ctx, md, s, pkey); +} + +int X_EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type) { + return EVP_VerifyInit(ctx, type); +} + +int X_EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, + unsigned int cnt) { + return EVP_VerifyUpdate(ctx, d, cnt); +} + +int X_EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey) { + return EVP_VerifyFinal(ctx, sigbuf, siglen, pkey); +} + +int X_EVP_CIPHER_block_size(EVP_CIPHER *c) { + return EVP_CIPHER_block_size(c); +} + +int X_EVP_CIPHER_key_length(EVP_CIPHER *c) { + return EVP_CIPHER_key_length(c); +} + +int X_EVP_CIPHER_iv_length(EVP_CIPHER *c) { + return EVP_CIPHER_iv_length(c); +} + +int X_EVP_CIPHER_nid(EVP_CIPHER *c) { + return EVP_CIPHER_nid(c); +} + +int X_EVP_CIPHER_CTX_block_size(EVP_CIPHER_CTX *ctx) { + return EVP_CIPHER_CTX_block_size(ctx); +} + +int X_EVP_CIPHER_CTX_key_length(EVP_CIPHER_CTX *ctx) { + return EVP_CIPHER_CTX_key_length(ctx); +} + +int X_EVP_CIPHER_CTX_iv_length(EVP_CIPHER_CTX *ctx) { + return EVP_CIPHER_CTX_iv_length(ctx); +} + +const EVP_CIPHER *X_EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) { + return EVP_CIPHER_CTX_cipher(ctx); +} + +#if OPENSSL_VERSION_NUMBER > 0x10000000L +int X_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) { + return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid); +} +#endif + +// END HERE + +size_t X_HMAC_size(const HMAC_CTX *e) { +#if OPENSSL_VERSION_NUMBER > 0x10000000L + return HMAC_size(e); +#else + return 0; +#endif +} + +int X_HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl) { +#if OPENSSL_VERSION_NUMBER > 0x10000000L + return HMAC_Init_ex(ctx, key, len, md, impl); +#else + return -1; +#endif +} + +int X_HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len) { +#if OPENSSL_VERSION_NUMBER > 0x10000000L + return HMAC_Update(ctx, data, len); +#else + return -1; +#endif +} + +int X_HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) { +#if OPENSSL_VERSION_NUMBER > 0x10000000L + return HMAC_Final(ctx, md, len); +#else + return -1; +#endif +} + +int X_sk_X509_num(STACK_OF(X509) *sk) { + return sk_X509_num(sk); +} + +X509 *X_sk_X509_value(STACK_OF(X509)* sk, int i) { + return sk_X509_value(sk, i); +} + +#if OPENSSL_VERSION_NUMBER < 0x10000000L +int X_FIPS_mode(void) { + return 0; +} +int X_FIPS_mode_set(int r) { + return 0; +} +#else +int X_FIPS_mode(void) { + return FIPS_mode(); +} +int X_FIPS_mode_set(int r) { + return FIPS_mode_set(r); +} +#endif diff --git a/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.h b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.h new file mode 100644 index 00000000000..2dc2f5c8b0a --- /dev/null +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/shim.h @@ -0,0 +1,172 @@ +/* + * Copyright (C) 2014 Space Monkey, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +#include <stdlib.h> +#include <string.h> + +#include <openssl/opensslconf.h> + +#include <openssl/bio.h> +#include <openssl/conf.h> +#include <openssl/crypto.h> +#include <openssl/dh.h> +#include <openssl/ec.h> +#include <openssl/engine.h> +#include <openssl/err.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> +#include <openssl/pem.h> +#include <openssl/ssl.h> +#include <openssl/x509v3.h> + +#ifndef SSL_MODE_RELEASE_BUFFERS +#define SSL_MODE_RELEASE_BUFFERS 0 +#endif + +#ifndef SSL_OP_NO_COMPRESSION +#define SSL_OP_NO_COMPRESSION 0 +#endif + +/* shim methods */ +extern int X_shim_init(); + +/* Library methods */ +extern void X_OPENSSL_free(void *ref); +extern void *X_OPENSSL_malloc(size_t size); + +/* SSL methods */ +extern long X_SSL_set_options(SSL* ssl, long options); +extern long X_SSL_get_options(SSL* ssl); +extern long X_SSL_clear_options(SSL* ssl, long options); +extern long X_SSL_set_tlsext_host_name(SSL *ssl, const char *name); +extern const char * X_SSL_get_cipher_name(const SSL *ssl); +extern int X_SSL_session_reused(SSL *ssl); +extern int X_SSL_new_index(); + +extern const SSL_METHOD *X_SSLv23_method(); +extern const SSL_METHOD *X_SSLv3_method(); +extern const SSL_METHOD *X_TLSv1_method(); +extern const SSL_METHOD *X_TLSv1_1_method(); +extern const SSL_METHOD *X_TLSv1_2_method(); + +#if defined SSL_CTRL_SET_TLSEXT_HOSTNAME +extern int sni_cb(SSL *ssl_conn, int *ad, void *arg); +#endif +extern int X_SSL_verify_cb(int ok, X509_STORE_CTX* store); + +/* SSL_CTX methods */ +extern int X_SSL_CTX_new_index(); +extern long X_SSL_CTX_set_options(SSL_CTX* ctx, long options); +extern long X_SSL_CTX_clear_options(SSL_CTX* ctx, long options); +extern long X_SSL_CTX_get_options(SSL_CTX* ctx); +extern long X_SSL_CTX_set_mode(SSL_CTX* ctx, long modes); +extern long X_SSL_CTX_get_mode(SSL_CTX* ctx); +extern long X_SSL_CTX_set_session_cache_mode(SSL_CTX* ctx, long modes); +extern long X_SSL_CTX_sess_set_cache_size(SSL_CTX* ctx, long t); +extern long X_SSL_CTX_sess_get_cache_size(SSL_CTX* ctx); +extern long X_SSL_CTX_set_timeout(SSL_CTX* ctx, long t); +extern long X_SSL_CTX_get_timeout(SSL_CTX* ctx); +extern long X_SSL_CTX_add_extra_chain_cert(SSL_CTX* ctx, X509 *cert); +extern long X_SSL_CTX_set_tmp_ecdh(SSL_CTX* ctx, EC_KEY *key); +extern long X_SSL_CTX_set_tlsext_servername_callback(SSL_CTX* ctx, int (*cb)(SSL *con, int *ad, void *args)); +extern int X_SSL_CTX_verify_cb(int ok, X509_STORE_CTX* store); +extern long X_SSL_CTX_set_tmp_dh(SSL_CTX* ctx, DH *dh); +extern long X_PEM_read_DHparams(SSL_CTX* ctx, DH *dh); +extern int X_SSL_CTX_set_tlsext_ticket_key_cb(SSL_CTX *sslctx, + int (*cb)(SSL *s, unsigned char key_name[16], + unsigned char iv[EVP_MAX_IV_LENGTH], + EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)); +extern int X_SSL_CTX_ticket_key_cb(SSL *s, unsigned char key_name[16], + unsigned char iv[EVP_MAX_IV_LENGTH], + EVP_CIPHER_CTX *cctx, HMAC_CTX *hctx, int enc); + +/* BIO methods */ +extern int X_BIO_get_flags(BIO *b); +extern void X_BIO_set_flags(BIO *bio, int flags); +extern void X_BIO_clear_flags(BIO *bio, int flags); +extern void X_BIO_set_data(BIO *bio, void* data); +extern void *X_BIO_get_data(BIO *bio); +extern int X_BIO_read(BIO *b, void *buf, int len); +extern int X_BIO_write(BIO *b, const void *buf, int len); +extern BIO *X_BIO_new_write_bio(); +extern BIO *X_BIO_new_read_bio(); + +/* EVP methods */ +extern const EVP_MD *X_EVP_get_digestbyname(const char *name); +extern EVP_MD_CTX *X_EVP_MD_CTX_new(); +extern void X_EVP_MD_CTX_free(EVP_MD_CTX *ctx); +extern const EVP_MD *X_EVP_md_null(); +extern const EVP_MD *X_EVP_md5(); +extern const EVP_MD *X_EVP_sha(); +extern const EVP_MD *X_EVP_sha1(); +extern const EVP_MD *X_EVP_dss(); +extern const EVP_MD *X_EVP_dss1(); +extern const EVP_MD *X_EVP_ripemd160(); +extern const EVP_MD *X_EVP_sha224(); +extern const EVP_MD *X_EVP_sha256(); +extern const EVP_MD *X_EVP_sha384(); +extern const EVP_MD *X_EVP_sha512(); +extern int X_EVP_MD_size(const EVP_MD *md); +extern int X_EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); +extern int X_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt); +extern int X_EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s); +extern int X_EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); +extern int X_EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +extern EVP_PKEY *X_EVP_PKEY_new(void); +extern void X_EVP_PKEY_free(EVP_PKEY *pkey); +extern int X_EVP_PKEY_size(EVP_PKEY *pkey); +extern struct rsa_st *X_EVP_PKEY_get1_RSA(EVP_PKEY *pkey); +extern int X_EVP_PKEY_set1_RSA(EVP_PKEY *pkey, struct rsa_st *key); +extern int X_EVP_PKEY_assign_charp(EVP_PKEY *pkey, int type, char *key); +extern int X_EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s, EVP_PKEY *pkey); +extern int X_EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); +extern int X_EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); +extern int X_EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf, unsigned int siglen, EVP_PKEY *pkey); +extern int X_EVP_CIPHER_block_size(EVP_CIPHER *c); +extern int X_EVP_CIPHER_key_length(EVP_CIPHER *c); +extern int X_EVP_CIPHER_iv_length(EVP_CIPHER *c); +extern int X_EVP_CIPHER_nid(EVP_CIPHER *c); +extern int X_EVP_CIPHER_CTX_block_size(EVP_CIPHER_CTX *ctx); +extern int X_EVP_CIPHER_CTX_key_length(EVP_CIPHER_CTX *ctx); +extern int X_EVP_CIPHER_CTX_iv_length(EVP_CIPHER_CTX *ctx); +extern const EVP_CIPHER *X_EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx); +extern int X_EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); +#if OPENSSL_VERSION_NUMBER > 0x10000000L +extern int X_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid); +#endif + +/* HMAC methods */ +extern size_t X_HMAC_size(const HMAC_CTX *e); +extern HMAC_CTX *X_HMAC_CTX_new(void); +extern void X_HMAC_CTX_free(HMAC_CTX *ctx); +extern int X_HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md, ENGINE *impl); +extern int X_HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len); +extern int X_HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); + +/* X509 methods */ +extern int X_X509_add_ref(X509* x509); +extern const ASN1_TIME *X_X509_get0_notBefore(const X509 *x); +extern const ASN1_TIME *X_X509_get0_notAfter(const X509 *x); +extern int X_sk_X509_num(STACK_OF(X509) *sk); +extern X509 *X_sk_X509_value(STACK_OF(X509)* sk, int i); + +/* PEM methods */ +extern int X_PEM_write_bio_PrivateKey_traditional(BIO *bio, EVP_PKEY *key, const EVP_CIPHER *enc, unsigned char *kstr, int klen, pem_password_cb *cb, void *u); + +/* FIPS methods */ +extern int X_FIPS_mode(void); +extern int X_FIPS_mode_set(int r); diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni.c index 5398da869b8..f9e8d16b0e3 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni.c +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni.c @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni_test.go index ee3b1a8bbaf..09e831a45c9 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/sni_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/sni_test.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl.go index 3cc630601d3..117c30c0f99 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,30 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl -/* -#include <openssl/crypto.h> -#include <openssl/ssl.h> -#include <openssl/err.h> -#include <openssl/conf.h> - -static long SSL_set_options_not_a_macro(SSL* ssl, long options) { - return SSL_set_options(ssl, options); -} - -static long SSL_get_options_not_a_macro(SSL* ssl) { - return SSL_get_options(ssl); -} - -static long SSL_clear_options_not_a_macro(SSL* ssl, long options) { - return SSL_clear_options(ssl, options); -} - -extern int verify_ssl_cb(int ok, X509_STORE_CTX* store); -*/ +// #include "shim.h" import "C" import ( @@ -53,7 +32,7 @@ const ( ) var ( - ssl_idx = C.SSL_get_ex_new_index(0, nil, nil, nil, nil) + ssl_idx = C.X_SSL_new_index() ) //export get_ssl_idx @@ -66,8 +45,8 @@ type SSL struct { verify_cb VerifyCallback } -//export verify_ssl_cb_thunk -func verify_ssl_cb_thunk(p unsafe.Pointer, ok C.int, ctx *C.X509_STORE_CTX) C.int { +//export go_ssl_verify_cb_thunk +func go_ssl_verify_cb_thunk(p unsafe.Pointer, ok C.int, ctx *C.X509_STORE_CTX) C.int { defer func() { if err := recover(); err != nil { logger.Critf("openssl: verify callback panic'd: %v", err) @@ -96,19 +75,19 @@ func (s *SSL) GetServername() string { // GetOptions returns SSL options. See // https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html func (s *SSL) GetOptions() Options { - return Options(C.SSL_get_options_not_a_macro(s.ssl)) + return Options(C.X_SSL_get_options(s.ssl)) } // SetOptions sets SSL options. See // https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html func (s *SSL) SetOptions(options Options) Options { - return Options(C.SSL_set_options_not_a_macro(s.ssl, C.long(options))) + return Options(C.X_SSL_set_options(s.ssl, C.long(options))) } // ClearOptions clear SSL options. See // https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html func (s *SSL) ClearOptions(options Options) Options { - return Options(C.SSL_clear_options_not_a_macro(s.ssl, C.long(options))) + return Options(C.X_SSL_clear_options(s.ssl, C.long(options))) } // SetVerify controls peer verification settings. See @@ -116,7 +95,7 @@ func (s *SSL) ClearOptions(options Options) Options { func (s *SSL) SetVerify(options VerifyOptions, verify_cb VerifyCallback) { s.verify_cb = verify_cb if verify_cb != nil { - C.SSL_set_verify(s.ssl, C.int(options), (*[0]byte)(C.verify_ssl_cb)) + C.SSL_set_verify(s.ssl, C.int(options), (*[0]byte)(C.X_SSL_verify_cb)) } else { C.SSL_set_verify(s.ssl, C.int(options), nil) } @@ -131,7 +110,7 @@ func (s *SSL) SetVerifyMode(options VerifyOptions) { // SetVerifyCallback controls peer verification setting. See // http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.html func (s *SSL) SetVerifyCallback(verify_cb VerifyCallback) { - s.SetVerify(s.VerifyMode(), s.verify_cb) + s.SetVerify(s.VerifyMode(), verify_cb) } // GetVerifyCallback returns callback function. See diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl_test.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl_test.go index f83225dec97..fe2e0de4592 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/ssl_test.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/ssl_test.go @@ -1,4 +1,4 @@ -// Copyright (C) 2014 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -25,7 +25,7 @@ import ( "testing" "time" - "github.com/spacemonkeygo/openssl/utils" + "github.com/10gen/openssl/utils" ) var ( @@ -81,6 +81,29 @@ ucCCa4lOGgPtXJ0Qf1c8yq5vh4yqkQjrgUTkr+CFDGR6y4CxmNDQxEMYIajaIiSY qmgvgyRayemfO2zR0CPgC6wSoGBth+xW6g+WA8y0z76ZSaWpFi8lVM4= -----END RSA PRIVATE KEY----- `) + prime256v1KeyBytes = []byte(`-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIB/XL0zZSsAu+IQF1AI/nRneabb2S126WFlvvhzmYr1KoAoGCCqGSM49 +AwEHoUQDQgAESSFGWwF6W1hoatKGPPorh4+ipyk0FqpiWdiH+4jIiU39qtOeZGSh +1QgSbzfdHxvoYI0FXM+mqE7wec0kIvrrHw== +-----END EC PRIVATE KEY----- +`) + prime256v1CertBytes = []byte(`-----BEGIN CERTIFICATE----- +MIIChTCCAiqgAwIBAgIJAOQII2LQl4uxMAoGCCqGSM49BAMCMIGcMQswCQYDVQQG +EwJVUzEPMA0GA1UECAwGS2Fuc2FzMRAwDgYDVQQHDAdOb3doZXJlMR8wHQYDVQQK +DBZGYWtlIENlcnRpZmljYXRlcywgSW5jMUkwRwYDVQQDDEBhMWJkZDVmZjg5ZjQy +N2IwZmNiOTdlNDMyZTY5Nzg2NjI2ODJhMWUyNzM4MDhkODE0ZWJiZjY4ODBlYzA3 +NDljMB4XDTE3MTIxNTIwNDU1MVoXDTI3MTIxMzIwNDU1MVowgZwxCzAJBgNVBAYT +AlVTMQ8wDQYDVQQIDAZLYW5zYXMxEDAOBgNVBAcMB05vd2hlcmUxHzAdBgNVBAoM +FkZha2UgQ2VydGlmaWNhdGVzLCBJbmMxSTBHBgNVBAMMQGExYmRkNWZmODlmNDI3 +YjBmY2I5N2U0MzJlNjk3ODY2MjY4MmExZTI3MzgwOGQ4MTRlYmJmNjg4MGVjMDc0 +OWMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARJIUZbAXpbWGhq0oY8+iuHj6Kn +KTQWqmJZ2If7iMiJTf2q055kZKHVCBJvN90fG+hgjQVcz6aoTvB5zSQi+usfo1Mw +UTAdBgNVHQ4EFgQUfRYAFhlGM1wzvusyGrm26Vrbqm4wHwYDVR0jBBgwFoAUfRYA +FhlGM1wzvusyGrm26Vrbqm4wDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAgNJ +ADBGAiEA6PWNjm4B6zs3Wcha9qyDdfo1ILhHfk9rZEAGrnfyc2UCIQD1IDVJUkI4 +J/QVoOtP5DOdRPs/3XFy0Bk0qH+Uj5D7LQ== +-----END CERTIFICATE----- +`) ) func NetPipe(t testing.TB) (net.Conn, net.Conn) { diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.c b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.c index 056f524aa1e..056f524aa1e 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.c +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.c diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.go index 9751622f837..9751622f837 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/system_certs.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/system_certs.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/tickets.go index 23dc3e08305..a064d38592f 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/tickets.go @@ -1,4 +1,4 @@ -// Copyright (C) 2015 Space Monkey, Inc. +// Copyright (C) 2017. See AUTHORS. // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -12,26 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -// +build cgo - package openssl -/* -#include <openssl/ssl.h> -#include <openssl/evp.h> - -static int SSL_CTX_set_tlsext_ticket_key_cb_not_a_macro(SSL_CTX *sslctx, - int (*cb)(SSL *s, unsigned char key_name[16], - unsigned char iv[EVP_MAX_IV_LENGTH], - EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)) { - - return SSL_CTX_set_tlsext_ticket_key_cb(sslctx, cb); -} - -extern int ticket_key_cb(SSL *s, unsigned char key_name[16], - unsigned char iv[EVP_MAX_IV_LENGTH], - EVP_CIPHER_CTX *cctx, HMAC_CTX *hctx, int enc); -*/ +// #include "shim.h" import "C" import ( @@ -131,8 +114,8 @@ const ( ticket_req_lookupSession = 0 ) -//export ticket_key_cb_thunk -func ticket_key_cb_thunk(p unsafe.Pointer, s *C.SSL, key_name *C.uchar, +//export go_ticket_key_cb_thunk +func go_ticket_key_cb_thunk(p unsafe.Pointer, s *C.SSL, key_name *C.uchar, iv *C.uchar, cctx *C.EVP_CIPHER_CTX, hctx *C.HMAC_CTX, enc C.int) C.int { // no panic's allowed. it's super hard to guarantee any state at this point @@ -231,9 +214,9 @@ func (c *Ctx) SetTicketStore(store *TicketStore) { c.ticket_store = store if store == nil { - C.SSL_CTX_set_tlsext_ticket_key_cb_not_a_macro(c.ctx, nil) + C.X_SSL_CTX_set_tlsext_ticket_key_cb(c.ctx, nil) } else { - C.SSL_CTX_set_tlsext_ticket_key_cb_not_a_macro(c.ctx, - (*[0]byte)(C.ticket_key_cb)) + C.X_SSL_CTX_set_tlsext_ticket_key_cb(c.ctx, + (*[0]byte)(C.X_SSL_CTX_ticket_key_cb)) } } diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/errors.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/errors.go index bab314c95d7..bab314c95d7 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/errors.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/errors.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/future.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/future.go index fa1bbbfb861..fa1bbbfb861 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/utils/future.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/utils/future.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/version.go b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/version.go index 8f3d392cde8..8f3d392cde8 100644 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/version.go +++ b/src/mongo/gotools/vendor/src/github.com/10gen/openssl/version.go diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/fips.go b/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/fips.go deleted file mode 100644 index cc463f17a18..00000000000 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/fips.go +++ /dev/null @@ -1,22 +0,0 @@ -// +build cgo -// +build -darwin - -package openssl - -/* -#include <openssl/ssl.h> -*/ -import "C" - -func FIPSModeSet(mode bool) error { - var r C.int - if mode { - r = C.FIPS_mode_set(1) - } else { - r = C.FIPS_mode_set(0) - } - if r != 1 { - return errorFromErrorQueue() - } - return nil -} diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/oracle_stubs.go b/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/oracle_stubs.go deleted file mode 100644 index 30492f3b9d8..00000000000 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/oracle_stubs.go +++ /dev/null @@ -1,162 +0,0 @@ -// Copyright (C) 2014 Space Monkey, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// +build !cgo - -package openssl - -import ( - "errors" - "net" - "time" -) - -const ( - SSLRecordSize = 16 * 1024 -) - -type Conn struct{} - -func Client(conn net.Conn, ctx *Ctx) (*Conn, error) -func Server(conn net.Conn, ctx *Ctx) (*Conn, error) - -func (c *Conn) Handshake() error -func (c *Conn) PeerCertificate() (*Certificate, error) -func (c *Conn) Close() error -func (c *Conn) Read(b []byte) (n int, err error) -func (c *Conn) Write(b []byte) (written int, err error) - -func (c *Conn) VerifyHostname(host string) error - -func (c *Conn) LocalAddr() net.Addr -func (c *Conn) RemoteAddr() net.Addr -func (c *Conn) SetDeadline(t time.Time) error -func (c *Conn) SetReadDeadline(t time.Time) error -func (c *Conn) SetWriteDeadline(t time.Time) error - -type Ctx struct{} - -type SSLVersion int - -const ( - SSLv3 SSLVersion = 0x02 - TLSv1 SSLVersion = 0x03 - TLSv1_1 SSLVersion = 0x04 - TLSv1_2 SSLVersion = 0x05 - AnyVersion SSLVersion = 0x06 -) - -func NewCtxWithVersion(version SSLVersion) (*Ctx, error) -func NewCtx() (*Ctx, error) -func NewCtxFromFiles(cert_file string, key_file string) (*Ctx, error) -func (c *Ctx) UseCertificate(cert *Certificate) error -func (c *Ctx) UsePrivateKey(key PrivateKey) error - -type CertificateStore struct{} - -func (c *Ctx) GetCertificateStore() *CertificateStore - -func (s *CertificateStore) AddCertificate(cert *Certificate) error - -func (c *Ctx) LoadVerifyLocations(ca_file string, ca_path string) error - -type Options int - -const ( - NoCompression Options = 0 - NoSSLv2 Options = 0 - NoSSLv3 Options = 0 - NoTLSv1 Options = 0 - CipherServerPreference Options = 0 - NoSessionResumptionOrRenegotiation Options = 0 - NoTicket Options = 0 -) - -func (c *Ctx) SetOptions(options Options) Options - -type Modes int - -const ( - ReleaseBuffers Modes = 0 -) - -func (c *Ctx) SetMode(modes Modes) Modes - -type VerifyOptions int - -const ( - VerifyNone VerifyOptions = 0 - VerifyPeer VerifyOptions = 0 - VerifyFailIfNoPeerCert VerifyOptions = 0 - VerifyClientOnce VerifyOptions = 0 -) - -func (c *Ctx) SetVerify(options VerifyOptions) -func (c *Ctx) SetVerifyDepth(depth int) -func (c *Ctx) SetSessionId(session_id []byte) error - -func (c *Ctx) SetCipherList(list string) error - -type SessionCacheModes int - -const ( - SessionCacheOff SessionCacheModes = 0 - SessionCacheClient SessionCacheModes = 0 - SessionCacheServer SessionCacheModes = 0 - SessionCacheBoth SessionCacheModes = 0 - NoAutoClear SessionCacheModes = 0 - NoInternalLookup SessionCacheModes = 0 - NoInternalStore SessionCacheModes = 0 - NoInternal SessionCacheModes = 0 -) - -func (c *Ctx) SetSessionCacheMode(modes SessionCacheModes) SessionCacheModes - -var ( - ValidationError = errors.New("Host validation error") -) - -type CheckFlags int - -const ( - AlwaysCheckSubject CheckFlags = 0 - NoWildcards CheckFlags = 0 -) - -func (c *Certificate) CheckHost(host string, flags CheckFlags) error -func (c *Certificate) CheckEmail(email string, flags CheckFlags) error -func (c *Certificate) CheckIP(ip net.IP, flags CheckFlags) error -func (c *Certificate) VerifyHostname(host string) error - -type PublicKey interface { - MarshalPKIXPublicKeyPEM() (pem_block []byte, err error) - MarshalPKIXPublicKeyDER() (der_block []byte, err error) - evpPKey() struct{} -} - -type PrivateKey interface { - PublicKey - MarshalPKCS1PrivateKeyPEM() (pem_block []byte, err error) - MarshalPKCS1PrivateKeyDER() (der_block []byte, err error) -} - -func LoadPrivateKeyFromPEM(pem_block []byte) (PrivateKey, error) - -type Certificate struct{} - -func LoadCertificateFromPEM(pem_block []byte) (*Certificate, error) - -func (c *Certificate) MarshalPEM() (pem_block []byte, err error) - -func (c *Certificate) PublicKey() (PublicKey, error) diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.c b/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.c deleted file mode 100644 index 894c2676038..00000000000 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/tickets.c +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (C) 2015 Space Monkey, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include <openssl/ssl.h> -#include <openssl/evp.h> -#include "_cgo_export.h" - -int ticket_key_cb(SSL *s, unsigned char key_name[16], - unsigned char iv[EVP_MAX_IV_LENGTH], - EVP_CIPHER_CTX *cctx, HMAC_CTX *hctx, int enc) { - - SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(s); - void* p = SSL_CTX_get_ex_data(ssl_ctx, get_ssl_ctx_idx()); - // get the pointer to the go Ctx object and pass it back into the thunk - return ticket_key_cb_thunk(p, s, key_name, iv, cctx, hctx, enc); -} diff --git a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/verify.c b/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/verify.c deleted file mode 100644 index d55866c4cf0..00000000000 --- a/src/mongo/gotools/vendor/src/github.com/spacemonkeygo/openssl/verify.c +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright (C) 2014 Space Monkey, Inc. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -#include <openssl/ssl.h> -#include "_cgo_export.h" - -int verify_cb(int ok, X509_STORE_CTX* store) { - SSL* ssl = (SSL *)X509_STORE_CTX_get_app_data(store); - SSL_CTX* ssl_ctx = SSL_get_SSL_CTX(ssl); - void* p = SSL_CTX_get_ex_data(ssl_ctx, get_ssl_ctx_idx()); - // get the pointer to the go Ctx object and pass it back into the thunk - return verify_cb_thunk(p, ok, store); -} - -int verify_ssl_cb(int ok, X509_STORE_CTX* store) { - SSL* ssl = (SSL *)X509_STORE_CTX_get_app_data(store); - void* p = SSL_get_ex_data(ssl, get_ssl_idx()); - // get the pointer to the go Ctx object and pass it back into the thunk - return verify_ssl_cb_thunk(p, ok, store); -} |