src: add node_crypto_common and refactor

Two things in one on this commit:

(a) For the QUIC implementation, we need to separate out various bits
    from node_crypto.cc to allow them to be reused. That's where this
    commit starts.

(b) Quite a bit of the node_crypto.cc code was just messy in terms of
    it's organization and lack of error handling and use of Local vs.
    MaybeLocal. This cleans that up a bit and hopefully makes certain
    parts a bit more manageable also.

Signed-off-by: James M Snell <jasnell@gmail.com>

PR-URL: #32016
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>

Author: jasnell

node.gyp

@@ -822,9 +822,11 @@
         [ 'node_use_openssl=="true"', {
           'sources': [
             'src/node_crypto.cc',
+            'src/node_crypto_common.cc',
             'src/node_crypto_bio.cc',
             'src/node_crypto_clienthello.cc',
             'src/node_crypto.h',
+            'src/node_crypto_common.h',
             'src/node_crypto_bio.h',
             'src/node_crypto_clienthello.h',
             'src/node_crypto_clienthello-inl.h',

src/env.h

@@ -206,6 +206,7 @@ constexpr size_t kFsStatsBufferLength =
   V(dest_string, "dest")                                                       \
   V(destroyed_string, "destroyed")                                             \
   V(detached_string, "detached")                                               \
+  V(dh_string, "DH")                                                           \
   V(dns_a_string, "A")                                                         \
   V(dns_aaaa_string, "AAAA")                                                   \
   V(dns_cname_string, "CNAME")                                                 \
@@ -219,6 +220,7 @@ constexpr size_t kFsStatsBufferLength =
   V(done_string, "done")                                                       \
   V(dot_string, ".")                                                           \
   V(duration_string, "duration")                                               \
+  V(ecdh_string, "ECDH")                                                       \
   V(emit_warning_string, "emitWarning")                                        \
   V(empty_object_string, "{}")                                                 \
   V(encoding_string, "encoding")                                               \

src/node_crypto.cc

@@ -90,6 +90,8 @@ class SecureContext final : public BaseObject {
 
   static void Initialize(Environment* env, v8::Local<v8::Object> target);
 
+  SSL_CTX* operator*() const { return ctx_.get(); }
+
   // TODO(joyeecheung): track the memory used by OpenSSL types
   SET_NO_MEMORY_INFO()
   SET_MEMORY_INFO_NAME(SecureContext)
@@ -779,6 +781,17 @@ void SetEngine(const v8::FunctionCallbackInfo<v8::Value>& args);
 #endif  // !OPENSSL_NO_ENGINE
 void InitCrypto(v8::Local<v8::Object> target);
 
+void ThrowCryptoError(Environment* env,
+                      unsigned long err,  // NOLINT(runtime/int)
+                      const char* message = nullptr);
+
+template <typename T>
+inline T* MallocOpenSSL(size_t count) {
+  void* mem = OPENSSL_malloc(MultiplyWithOverflowCheck(count, sizeof(T)));
+  CHECK_IMPLIES(mem == nullptr, count == 0);
+  return static_cast<T*>(mem);
+}
+
 }  // namespace crypto
 }  // namespace node
 

src/node_crypto.h

@@ -0,0 +1,139 @@
+#ifndef SRC_NODE_CRYPTO_COMMON_H_
+#define SRC_NODE_CRYPTO_COMMON_H_
+
+#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
+
+#include "env.h"
+#include "node_crypto.h"
+#include "v8.h"
+#include <openssl/ssl.h>
+#include <openssl/x509v3.h>
+
+#include <string>
+#include <unordered_map>
+
+namespace node {
+namespace crypto {
+
+// OPENSSL_free is a macro, so we need a wrapper function.
+struct OpenSSLBufferDeleter {
+  void operator()(char* pointer) const { OPENSSL_free(pointer); }
+};
+using OpenSSLBuffer = std::unique_ptr<char[], OpenSSLBufferDeleter>;
+
+struct StackOfX509Deleter {
+  void operator()(STACK_OF(X509)* p) const { sk_X509_pop_free(p, X509_free); }
+};
+using StackOfX509 = std::unique_ptr<STACK_OF(X509), StackOfX509Deleter>;
+
+struct StackOfXASN1Deleter {
+  void operator()(STACK_OF(ASN1_OBJECT)* p) const {
+    sk_ASN1_OBJECT_pop_free(p, ASN1_OBJECT_free);
+  }
+};
+using StackOfASN1 = std::unique_ptr<STACK_OF(ASN1_OBJECT), StackOfXASN1Deleter>;
+
+int SSL_CTX_get_issuer(SSL_CTX* ctx, X509* cert, X509** issuer);
+
+void LogSecret(
+    const SSLPointer& ssl,
+    const char* name,
+    const unsigned char* secret,
+    size_t secretlen);
+
+bool SetALPN(const SSLPointer& ssl, const std::string& alpn);
+
+bool SetALPN(const SSLPointer& ssl, v8::Local<v8::Value> alpn);
+
+v8::MaybeLocal<v8::Value> GetSSLOCSPResponse(
+    Environment* env,
+    SSL* ssl,
+    v8::Local<v8::Value> default_value);
+
+bool SetTLSSession(
+    const SSLPointer& ssl,
+    const unsigned char* buf,
+    size_t length);
+
+bool SetTLSSession(
+    const SSLPointer& ssl,
+    const SSLSessionPointer& session);
+
+SSLSessionPointer GetTLSSession(v8::Local<v8::Value> val);
+
+SSLSessionPointer GetTLSSession(const unsigned char* buf, size_t length);
+
+std::unordered_multimap<std::string, std::string>
+GetCertificateAltNames(X509* cert);
+
+std::string GetCertificateCN(X509* cert);
+
+long VerifyPeerCertificate(  // NOLINT(runtime/int)
+    const SSLPointer& ssl,
+    long def = X509_V_ERR_UNSPECIFIED);  // NOLINT(runtime/int)
+
+int UseSNIContext(const SSLPointer& ssl, SecureContext* context);
+
+const char* GetClientHelloALPN(const SSLPointer& ssl);
+
+const char* GetClientHelloServerName(const SSLPointer& ssl);
+
+const char* GetServerName(SSL* ssl);
+
+v8::MaybeLocal<v8::Array> GetClientHelloCiphers(
+    Environment* env,
+    const SSLPointer& ssl);
+
+bool SetGroups(SecureContext* sc, const char* groups);
+
+const char* X509ErrorCode(long err);  // NOLINT(runtime/int)
+
+v8::MaybeLocal<v8::Value> GetValidationErrorReason(Environment* env, int err);
+
+v8::MaybeLocal<v8::Value> GetValidationErrorCode(Environment* env, int err);
+
+v8::MaybeLocal<v8::Value> GetCert(Environment* env, const SSLPointer& ssl);
+
+v8::MaybeLocal<v8::Value> GetCipherName(
+    Environment* env,
+    const SSLPointer& ssl);
+
+v8::MaybeLocal<v8::Value> GetCipherStandardName(
+    Environment* env,
+    const SSLPointer& ssl);
+
+v8::MaybeLocal<v8::Value> GetCipherVersion(
+    Environment* env,
+    const SSLPointer& ssl);
+
+v8::MaybeLocal<v8::Object> GetCipherInfo(
+    Environment* env,
+    const SSLPointer& ssl);
+
+v8::MaybeLocal<v8::Object> GetEphemeralKey(
+    Environment* env,
+    const SSLPointer& ssl);
+
+v8::MaybeLocal<v8::Value> GetPeerCert(
+    Environment* env,
+    const SSLPointer& ssl,
+    bool abbreviated = false,
+    bool is_server = false);
+
+v8::MaybeLocal<v8::Object> ECPointToBuffer(
+    Environment* env,
+    const EC_GROUP* group,
+    const EC_POINT* point,
+    point_conversion_form_t form,
+    const char** error);
+
+v8::MaybeLocal<v8::Object> X509ToObject(
+    Environment* env,
+    X509* cert);
+
+}  // namespace crypto
+}  // namespace node
+
+#endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
+
+#endif  // SRC_NODE_CRYPTO_COMMON_H_

src/node_crypto_common.cc

@@ -587,7 +587,11 @@ static void force_ascii(const char* src, char* dst, size_t len) {
 }
 
 
-static size_t hex_encode(const char* src, size_t slen, char* dst, size_t dlen) {
+size_t StringBytes::hex_encode(
+    const char* src,
+    size_t slen,
+    char* dst,
+    size_t dlen) {
   // We know how much we'll write, just make sure that there's space.
   CHECK(dlen >= slen * 2 &&
       "not enough space provided for hex encode");
@@ -603,6 +607,12 @@ static size_t hex_encode(const char* src, size_t slen, char* dst, size_t dlen) {
   return dlen;
 }
 
+std::string StringBytes::hex_encode(const char* src, size_t slen) {
+  size_t dlen = slen * 2;
+  std::string dst(dlen, '\0');
+  hex_encode(src, slen, &dst[0], dlen);
+  return dst;
+}
 
 #define CHECK_BUFLEN_IN_RANGE(len)                                    \
   do {                                                                \

src/node_crypto_common.h

@@ -29,6 +29,8 @@
 #include "v8.h"
 #include "env-inl.h"
 
+#include <string>
+
 namespace node {
 
 class StringBytes {
@@ -97,6 +99,13 @@ class StringBytes {
                                           enum encoding encoding,
                                           v8::Local<v8::Value>* error);
 
+  static size_t hex_encode(const char* src,
+                           size_t slen,
+                           char* dst,
+                           size_t dlen);
+
+  static std::string hex_encode(const char* src, size_t slen);
+
  private:
   static size_t WriteUCS2(v8::Isolate* isolate,
                           char* buf,