summaryrefslogtreecommitdiff
path: root/indra/newview
diff options
context:
space:
mode:
authorAndrey Kleshchev <andreykproductengine@lindenlab.com>2021-05-27 00:04:08 +0300
committerAndrey Kleshchev <andreykproductengine@lindenlab.com>2021-05-27 12:56:35 +0300
commitb91561e982dcf836e44a924018899a220c03cd9d (patch)
treee29644db5143afbe66c9d8ed87e2bc8bcadbfeb6 /indra/newview
parent933b98880e836b74f65b8535fed6da3519b72cf4 (diff)
SL-15211 Update OpenSSL library
Diffstat (limited to 'indra/newview')
-rw-r--r--indra/newview/CMakeLists.txt8
-rw-r--r--indra/newview/llsecapi.h2
-rw-r--r--indra/newview/llsechandler_basic.cpp48
-rw-r--r--indra/newview/llsechandler_basic.h4
-rw-r--r--indra/newview/tests/llsecapi_test.cpp2
-rwxr-xr-xindra/newview/viewer_manifest.py10
6 files changed, 43 insertions, 31 deletions
diff --git a/indra/newview/CMakeLists.txt b/indra/newview/CMakeLists.txt
index 63045502c9..41b3b1d30f 100644
--- a/indra/newview/CMakeLists.txt
+++ b/indra/newview/CMakeLists.txt
@@ -1828,10 +1828,6 @@ if (WINDOWS)
${CMAKE_CURRENT_SOURCE_DIR}/licenses-win32.txt
${CMAKE_CURRENT_SOURCE_DIR}/featuretable.txt
${CMAKE_CURRENT_SOURCE_DIR}/featuretable_xp.txt
- ${ARCH_PREBUILT_DIRS_RELEASE}/libeay32.dll
- ${ARCH_PREBUILT_DIRS_RELEASE}/ssleay32.dll
- ${ARCH_PREBUILT_DIRS_DEBUG}/libeay32.dll
- ${ARCH_PREBUILT_DIRS_DEBUG}/ssleay32.dll
${viewer_APPSETTINGS_FILES}
SLPlugin
media_plugin_cef
@@ -1844,11 +1840,15 @@ if (WINDOWS)
list(APPEND COPY_INPUT_DEPENDENCIES
${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk_x64.dll
${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp_x64.dll
+ ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1-x64.dll
+ ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1-x64.dll
)
else (ADDRESS_SIZE EQUAL 64)
list(APPEND COPY_INPUT_DEPENDENCIES
${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk.dll
${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp.dll
+ ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1.dll
+ ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1.dll
)
endif (ADDRESS_SIZE EQUAL 64)
diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h
index 14059f828a..1e6f2154bc 100644
--- a/indra/newview/llsecapi.h
+++ b/indra/newview/llsecapi.h
@@ -452,7 +452,7 @@ public:
virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert)=0;
// instantiate a chain from an X509_STORE_CTX
- virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain)=0;
+ virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain)=0;
// instantiate a cert store given it's id. if a persisted version
// exists, it'll be loaded. If not, one will be created (but not
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 737ef30ada..94331fddfa 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -95,7 +95,7 @@ LLBasicCertificate::LLBasicCertificate(const std::string& pem_cert,
LLBasicCertificate::LLBasicCertificate(X509* pCert,
const LLSD* validation_params)
{
- if (!pCert || !pCert->cert_info)
+ if (!pCert)
{
LLTHROW(LLInvalidCertificate(LLSD::emptyMap()));
}
@@ -355,8 +355,8 @@ LLSD cert_name_from_X509_NAME(X509_NAME* name)
char buffer[32];
X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, entry_index);
- std::string name_value = std::string((const char*)M_ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)),
- M_ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
+ std::string name_value = std::string((const char*)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)),
+ ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
ASN1_OBJECT* name_obj = X509_NAME_ENTRY_get_object(entry);
OBJ_obj2txt(buffer, sizeof(buffer), name_obj, 0);
@@ -683,29 +683,29 @@ std::string LLBasicCertificateStore::storeId() const
// LLBasicCertificateChain
// This class represents a chain of certs, each cert being signed by the next cert
// in the chain. Certs must be properly signed by the parent
-LLBasicCertificateChain::LLBasicCertificateChain(const X509_STORE_CTX* store)
+LLBasicCertificateChain::LLBasicCertificateChain(X509_STORE_CTX* store)
{
// we're passed in a context, which contains a cert, and a blob of untrusted
// certificates which compose the chain.
- if((store == NULL) || (store->cert == NULL))
+ if((store == NULL) || X509_STORE_CTX_get0_cert(store) == NULL)
{
LL_WARNS("SECAPI") << "An invalid store context was passed in when trying to create a certificate chain" << LL_ENDL;
return;
}
// grab the child cert
- LLPointer<LLCertificate> current = new LLBasicCertificate(store->cert);
+ LLPointer<LLCertificate> current = new LLBasicCertificate(X509_STORE_CTX_get0_cert(store));
add(current);
- if(store->untrusted != NULL)
+ if(X509_STORE_CTX_get0_untrusted(store) != NULL)
{
// if there are other certs in the chain, we build up a vector
// of untrusted certs so we can search for the parents of each
// consecutive cert.
LLBasicCertificateVector untrusted_certs;
- for(int i = 0; i < sk_X509_num(store->untrusted); i++)
+ for(int i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++)
{
- LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(store->untrusted, i));
+ LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i));
untrusted_certs.add(cert);
}
@@ -1340,9 +1340,10 @@ void LLSecAPIBasicHandler::_readProtectedData()
// read in the rest of the file.
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit(&ctx, EVP_rc4(), salt, NULL);
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ // todo: ctx error handling
+
+ EVP_DecryptInit(ctx, EVP_rc4(), salt, NULL);
// allocate memory:
std::string decrypted_data;
@@ -1350,14 +1351,14 @@ void LLSecAPIBasicHandler::_readProtectedData()
// read data as a block:
protected_data_stream.read((char *)buffer, BUFFER_READ_SIZE);
- EVP_DecryptUpdate(&ctx, decrypted_buffer, &decrypted_length,
+ EVP_DecryptUpdate(ctx, decrypted_buffer, &decrypted_length,
buffer, protected_data_stream.gcount());
decrypted_data.append((const char *)decrypted_buffer, protected_data_stream.gcount());
}
// RC4 is a stream cipher, so we don't bother to EVP_DecryptFinal, as there is
// no block padding.
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
std::istringstream parse_stream(decrypted_data);
if (parser->parse(parse_stream, mProtectedDataMap,
LLSDSerialize::SIZE_UNLIMITED) == LLSDParser::PARSE_FAILURE)
@@ -1393,12 +1394,14 @@ void LLSecAPIBasicHandler::_writeProtectedData()
llofstream protected_data_stream(tmp_filename.c_str(),
std::ios_base::binary);
+ EVP_CIPHER_CTX *ctx = NULL;
try
{
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit(&ctx, EVP_rc4(), salt, NULL);
+ ctx = EVP_CIPHER_CTX_new();
+ // todo: ctx error handling
+
+ EVP_EncryptInit(ctx, EVP_rc4(), salt, NULL);
unsigned char unique_id[MAC_ADDRESS_BYTES];
LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
LLXORCipher cipher(unique_id, sizeof(unique_id));
@@ -1413,13 +1416,13 @@ void LLSecAPIBasicHandler::_writeProtectedData()
break;
}
int encrypted_length;
- EVP_EncryptUpdate(&ctx, encrypted_buffer, &encrypted_length,
+ EVP_EncryptUpdate(ctx, encrypted_buffer, &encrypted_length,
buffer, formatted_data_istream.gcount());
protected_data_stream.write((const char *)encrypted_buffer, encrypted_length);
}
// no EVP_EncrypteFinal, as this is a stream cipher
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
protected_data_stream.close();
}
@@ -1431,6 +1434,11 @@ void LLSecAPIBasicHandler::_writeProtectedData()
// it may be, however.
LLFile::remove(tmp_filename);
+ if (ctx)
+ {
+ EVP_CIPHER_CTX_free(ctx);
+ }
+
// EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData()
// Decided throwing an exception here was overkill until we figure out why this happens
//LLTHROW(LLProtectedDataException("Error writing Protected Data Store"));
@@ -1483,7 +1491,7 @@ LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert
}
// instantiate a chain from an X509_STORE_CTX
-LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain)
+LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain)
{
LLPointer<LLCertificateChain> result = new LLBasicCertificateChain(chain);
return result;
diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h
index 0bc7f5230f..82670f9083 100644
--- a/indra/newview/llsechandler_basic.h
+++ b/indra/newview/llsechandler_basic.h
@@ -197,7 +197,7 @@ class LLBasicCertificateChain : virtual public LLBasicCertificateVector, public
{
public:
- LLBasicCertificateChain(const X509_STORE_CTX * store);
+ LLBasicCertificateChain(X509_STORE_CTX * store);
virtual ~LLBasicCertificateChain() {}
@@ -241,7 +241,7 @@ public:
virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert);
// instantiate a chain from an X509_STORE_CTX
- virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain);
+ virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain);
// instantiate a cert store given it's id. if a persisted version
// exists, it'll be loaded. If not, one will be created (but not
diff --git a/indra/newview/tests/llsecapi_test.cpp b/indra/newview/tests/llsecapi_test.cpp
index caa3016d2e..37fbbb449b 100644
--- a/indra/newview/tests/llsecapi_test.cpp
+++ b/indra/newview/tests/llsecapi_test.cpp
@@ -57,7 +57,7 @@ void LLSecAPIBasicHandler::init() {}
LLSecAPIBasicHandler::~LLSecAPIBasicHandler() {}
LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(const std::string& pem_cert) { return NULL; }
LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert) { return NULL; }
-LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain) { return NULL; }
+LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain) { return NULL; }
LLPointer<LLCertificateStore> LLSecAPIBasicHandler::getCertificateStore(const std::string& store_id) { return NULL; }
void LLSecAPIBasicHandler::setProtectedData(const std::string& data_type, const std::string& data_id, const LLSD& data) {}
void LLSecAPIBasicHandler::addToProtectedMap(const std::string& data_type, const std::string& data_id, const std::string& map_elem, const LLSD& data) {}
diff --git a/indra/newview/viewer_manifest.py b/indra/newview/viewer_manifest.py
index 80f6b2aa9f..c0a0a7ec46 100755
--- a/indra/newview/viewer_manifest.py
+++ b/indra/newview/viewer_manifest.py
@@ -553,9 +553,13 @@ class WindowsManifest(ViewerManifest):
self.path("vivoxsdk.dll")
self.path("ortp.dll")
- # Security
- self.path("ssleay32.dll")
- self.path("libeay32.dll")
+ # OpenSSL
+ if (self.address_size == 64):
+ self.path("libcrypto-1_1-x64.dll")
+ self.path("libssl-1_1-x64.dll")
+ else:
+ self.path("libcrypto-1_1.dll")
+ self.path("libssl-1_1.dll")
# HTTP/2
self.path("nghttp2.dll")