diff options
Diffstat (limited to 'indra/newview/llsechandler_basic.cpp')
| -rw-r--r-- | indra/newview/llsechandler_basic.cpp | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 19db020a31..b4853d270a 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -95,7 +95,7 @@ LLBasicCertificate::LLBasicCertificate(const std::string& pem_cert, LLBasicCertificate::LLBasicCertificate(X509* pCert, const LLSD* validation_params) { - if (!pCert || !pCert->cert_info) + if (!pCert) { LLTHROW(LLInvalidCertificate(LLSD::emptyMap())); } @@ -355,8 +355,8 @@ LLSD cert_name_from_X509_NAME(X509_NAME* name) char buffer[32]; X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, entry_index); - std::string name_value = std::string((const char*)M_ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), - M_ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry))); + std::string name_value = std::string((const char*)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), + ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry))); ASN1_OBJECT* name_obj = X509_NAME_ENTRY_get_object(entry); OBJ_obj2txt(buffer, sizeof(buffer), name_obj, 0); @@ -683,29 +683,29 @@ std::string LLBasicCertificateStore::storeId() const // LLBasicCertificateChain // This class represents a chain of certs, each cert being signed by the next cert // in the chain. Certs must be properly signed by the parent -LLBasicCertificateChain::LLBasicCertificateChain(const X509_STORE_CTX* store) +LLBasicCertificateChain::LLBasicCertificateChain(X509_STORE_CTX* store) { // we're passed in a context, which contains a cert, and a blob of untrusted // certificates which compose the chain. - if((store == NULL) || (store->cert == NULL)) + if((store == NULL) || X509_STORE_CTX_get0_cert(store) == NULL) { LL_WARNS("SECAPI") << "An invalid store context was passed in when trying to create a certificate chain" << LL_ENDL; return; } // grab the child cert - LLPointer<LLCertificate> current = new LLBasicCertificate(store->cert); + LLPointer<LLCertificate> current = new LLBasicCertificate(X509_STORE_CTX_get0_cert(store)); add(current); - if(store->untrusted != NULL) + if(X509_STORE_CTX_get0_untrusted(store) != NULL) { // if there are other certs in the chain, we build up a vector // of untrusted certs so we can search for the parents of each // consecutive cert. LLBasicCertificateVector untrusted_certs; - for(int i = 0; i < sk_X509_num(store->untrusted); i++) + for(int i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++) { - LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(store->untrusted, i)); + LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i)); untrusted_certs.add(cert); } @@ -1348,9 +1348,10 @@ void LLSecAPIBasicHandler::_readProtectedData() // read in the rest of the file. - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit(&ctx, EVP_rc4(), salt, NULL); + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + // todo: ctx error handling + + EVP_DecryptInit(ctx, EVP_rc4(), salt, NULL); // allocate memory: std::string decrypted_data; @@ -1358,14 +1359,14 @@ void LLSecAPIBasicHandler::_readProtectedData() // read data as a block: protected_data_stream.read((char *)buffer, BUFFER_READ_SIZE); - EVP_DecryptUpdate(&ctx, decrypted_buffer, &decrypted_length, + EVP_DecryptUpdate(ctx, decrypted_buffer, &decrypted_length, buffer, protected_data_stream.gcount()); decrypted_data.append((const char *)decrypted_buffer, protected_data_stream.gcount()); } // RC4 is a stream cipher, so we don't bother to EVP_DecryptFinal, as there is // no block padding. - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); std::istringstream parse_stream(decrypted_data); if (parser->parse(parse_stream, mProtectedDataMap, LLSDSerialize::SIZE_UNLIMITED) == LLSDParser::PARSE_FAILURE) @@ -1401,12 +1402,14 @@ void LLSecAPIBasicHandler::_writeProtectedData() llofstream protected_data_stream(tmp_filename.c_str(), std::ios_base::binary); + EVP_CIPHER_CTX *ctx = NULL; try { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit(&ctx, EVP_rc4(), salt, NULL); + ctx = EVP_CIPHER_CTX_new(); + // todo: ctx error handling + + EVP_EncryptInit(ctx, EVP_rc4(), salt, NULL); unsigned char unique_id[MAC_ADDRESS_BYTES]; LLMachineID::getUniqueID(unique_id, sizeof(unique_id)); LLXORCipher cipher(unique_id, sizeof(unique_id)); @@ -1421,13 +1424,13 @@ void LLSecAPIBasicHandler::_writeProtectedData() break; } int encrypted_length; - EVP_EncryptUpdate(&ctx, encrypted_buffer, &encrypted_length, + EVP_EncryptUpdate(ctx, encrypted_buffer, &encrypted_length, buffer, formatted_data_istream.gcount()); protected_data_stream.write((const char *)encrypted_buffer, encrypted_length); } // no EVP_EncrypteFinal, as this is a stream cipher - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); protected_data_stream.close(); } @@ -1439,6 +1442,11 @@ void LLSecAPIBasicHandler::_writeProtectedData() // it may be, however. LLFile::remove(tmp_filename); + if (ctx) + { + EVP_CIPHER_CTX_free(ctx); + } + // EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData() // Decided throwing an exception here was overkill until we figure out why this happens //LLTHROW(LLProtectedDataException("Error writing Protected Data Store")); @@ -1491,7 +1499,7 @@ LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert } // instantiate a chain from an X509_STORE_CTX -LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain) +LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain) { LLPointer<LLCertificateChain> result = new LLBasicCertificateChain(chain); return result; |