Revert "Merge branch 'DRTVWR-520-apple-notarization' into DRTVWR-540-maint"

This reverts commit 681298dd726b2d00910fe71646147fadd1aba980, reversing changes made to 323f41f4892248762fc8505d8df17d70bd833cf3.
author: Andrey Lihatskiy <alihatskiy@productengine.com> 2021-06-08 05:06:21 +0300
committer: Andrey Lihatskiy <alihatskiy@productengine.com> 2021-06-08 05:06:21 +0300
commit: 0a745b47880fb16b1db8cd3327377a383dbfe6a8 (patch)
tree: e96e11b0083858ce6f70d67f3ea818c13bc43b29 /indra/newview/llsechandler_basic.cpp
parent: 4cec2d689f9a7d1791f7ea3933cc1cdc59e972ab (diff)
1 files changed, 20 insertions, 28 deletions
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 94331fddfa..737ef30ada 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -95,7 +95,7 @@ LLBasicCertificate::LLBasicCertificate(const std::string& pem_cert,
 LLBasicCertificate::LLBasicCertificate(X509* pCert,
                                        const LLSD* validation_params) 
 {
-	if (!pCert)
+	if (!pCert || !pCert->cert_info)
 	{
 		LLTHROW(LLInvalidCertificate(LLSD::emptyMap()));
 	}	
@@ -355,8 +355,8 @@ LLSD cert_name_from_X509_NAME(X509_NAME* name)
 		char buffer[32];
 		X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, entry_index);
 		
-		std::string name_value = std::string((const char*)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), 
-											 ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
+		std::string name_value = std::string((const char*)M_ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), 
+											 M_ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
 
 		ASN1_OBJECT* name_obj = X509_NAME_ENTRY_get_object(entry);		
 		OBJ_obj2txt(buffer, sizeof(buffer), name_obj, 0);
@@ -683,29 +683,29 @@ std::string LLBasicCertificateStore::storeId() const
 // LLBasicCertificateChain
 // This class represents a chain of certs, each cert being signed by the next cert
 // in the chain.  Certs must be properly signed by the parent
-LLBasicCertificateChain::LLBasicCertificateChain(X509_STORE_CTX* store)
+LLBasicCertificateChain::LLBasicCertificateChain(const X509_STORE_CTX* store)
 {
 
 	// we're passed in a context, which contains a cert, and a blob of untrusted
 	// certificates which compose the chain.
-	if((store == NULL) || X509_STORE_CTX_get0_cert(store) == NULL)
+	if((store == NULL) || (store->cert == NULL))
 	{
 		LL_WARNS("SECAPI") << "An invalid store context was passed in when trying to create a certificate chain" << LL_ENDL;
 		return;
 	}
 	// grab the child cert
-	LLPointer<LLCertificate> current = new LLBasicCertificate(X509_STORE_CTX_get0_cert(store));
+	LLPointer<LLCertificate> current = new LLBasicCertificate(store->cert);
 
 	add(current);
-	if(X509_STORE_CTX_get0_untrusted(store) != NULL)
+	if(store->untrusted != NULL)
 	{
 		// if there are other certs in the chain, we build up a vector
 		// of untrusted certs so we can search for the parents of each
 		// consecutive cert.
 		LLBasicCertificateVector untrusted_certs;
-		for(int i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++)
+		for(int i = 0; i < sk_X509_num(store->untrusted); i++)
 		{
-			LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i));
+			LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(store->untrusted, i));
 			untrusted_certs.add(cert);
 
 		}		
@@ -1340,10 +1340,9 @@ void LLSecAPIBasicHandler::_readProtectedData()
 		
 
 		// read in the rest of the file.
-		EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
-        // todo: ctx error handling
-
-		EVP_DecryptInit(ctx, EVP_rc4(), salt, NULL);
+		EVP_CIPHER_CTX ctx;
+		EVP_CIPHER_CTX_init(&ctx);
+		EVP_DecryptInit(&ctx, EVP_rc4(), salt, NULL);
 		// allocate memory:
 		std::string decrypted_data;	
 		
@@ -1351,14 +1350,14 @@ void LLSecAPIBasicHandler::_readProtectedData()
 			// read data as a block:
 			protected_data_stream.read((char *)buffer, BUFFER_READ_SIZE);
 			
-			EVP_DecryptUpdate(ctx, decrypted_buffer, &decrypted_length, 
+			EVP_DecryptUpdate(&ctx, decrypted_buffer, &decrypted_length, 
 							  buffer, protected_data_stream.gcount());
 			decrypted_data.append((const char *)decrypted_buffer, protected_data_stream.gcount());
 		}
 		
 		// RC4 is a stream cipher, so we don't bother to EVP_DecryptFinal, as there is
 		// no block padding.
-        EVP_CIPHER_CTX_free(ctx);
+		EVP_CIPHER_CTX_cleanup(&ctx);
 		std::istringstream parse_stream(decrypted_data);
 		if (parser->parse(parse_stream, mProtectedDataMap, 
 						  LLSDSerialize::SIZE_UNLIMITED) == LLSDParser::PARSE_FAILURE)
@@ -1394,14 +1393,12 @@ void LLSecAPIBasicHandler::_writeProtectedData()
 	
 	llofstream protected_data_stream(tmp_filename.c_str(), 
                                      std::ios_base::binary);
-    EVP_CIPHER_CTX *ctx = NULL;
 	try
 	{
 		
-		ctx = EVP_CIPHER_CTX_new();
-        // todo: ctx error handling
-
-		EVP_EncryptInit(ctx, EVP_rc4(), salt, NULL);
+		EVP_CIPHER_CTX ctx;
+		EVP_CIPHER_CTX_init(&ctx);
+		EVP_EncryptInit(&ctx, EVP_rc4(), salt, NULL);
 		unsigned char unique_id[MAC_ADDRESS_BYTES];
         LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
 		LLXORCipher cipher(unique_id, sizeof(unique_id));
@@ -1416,13 +1413,13 @@ void LLSecAPIBasicHandler::_writeProtectedData()
 				break;
 			}
 			int encrypted_length;
-			EVP_EncryptUpdate(ctx, encrypted_buffer, &encrypted_length, 
+			EVP_EncryptUpdate(&ctx, encrypted_buffer, &encrypted_length, 
 						  buffer, formatted_data_istream.gcount());
 			protected_data_stream.write((const char *)encrypted_buffer, encrypted_length);
 		}
 		
 		// no EVP_EncrypteFinal, as this is a stream cipher
-        EVP_CIPHER_CTX_free(ctx);
+		EVP_CIPHER_CTX_cleanup(&ctx);
 
 		protected_data_stream.close();
 	}
@@ -1434,11 +1431,6 @@ void LLSecAPIBasicHandler::_writeProtectedData()
 		// it may be, however.
 		LLFile::remove(tmp_filename);
 
-        if (ctx)
-        {
-            EVP_CIPHER_CTX_free(ctx);
-        }
-
 		// EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData()
 		// Decided throwing an exception here was overkill until we figure out why this happens
 		//LLTHROW(LLProtectedDataException("Error writing Protected Data Store"));
@@ -1491,7 +1483,7 @@ LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert
 }
 		
 // instantiate a chain from an X509_STORE_CTX
-LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain)
+LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain)
 {
 	LLPointer<LLCertificateChain> result = new LLBasicCertificateChain(chain);
 	return result;
author	Andrey Lihatskiy <alihatskiy@productengine.com>	2021-06-08 05:06:21 +0300
committer	Andrey Lihatskiy <alihatskiy@productengine.com>	2021-06-08 05:06:21 +0300
commit	0a745b47880fb16b1db8cd3327377a383dbfe6a8 (patch)
tree	e96e11b0083858ce6f70d67f3ea818c13bc43b29 /indra/newview/llsechandler_basic.cpp
parent	4cec2d689f9a7d1791f7ea3933cc1cdc59e972ab (diff)