Update openssl to 1.0.2d

Also update Cryptlib to edk2 r17731

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>

1 files changed, 24 insertions, 14 deletions

diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
index f7b874eb..d5a55146 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
@@ -125,6 +125,7 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
     unsigned char buf[256], *zz;
     unsigned char key[EVP_MAX_KEY_LENGTH];
     EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX_init(&ctx);
 
     if (a == NULL)
         return (0);
@@ -201,24 +202,28 @@ int i2d_RSA_NET(const RSA *a, unsigned char **pp,
     i = strlen((char *)buf);
     /* If the key is used for SGC the algorithm is modified a little. */
     if (sgckey) {
-        EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+        if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
+            goto err;
         memcpy(buf + 16, "SGCKEYSALT", 10);
         i = 26;
     }
 
-    EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL);
+    if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
+        goto err;
     OPENSSL_cleanse(buf, 256);
 
     /* Encrypt private key in place */
     zz = enckey->enckey->digest->data;
-    EVP_CIPHER_CTX_init(&ctx);
-    EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL);
-    EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen);
-    EVP_EncryptFinal_ex(&ctx, zz + i, &j);
-    EVP_CIPHER_CTX_cleanup(&ctx);
+    if (!EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
+        goto err;
+    if (!EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen))
+        goto err;
+    if (!EVP_EncryptFinal_ex(&ctx, zz + i, &j))
+        goto err;
 
     ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
  err:
+    EVP_CIPHER_CTX_cleanup(&ctx);
     NETSCAPE_ENCRYPTED_PKEY_free(enckey);
     NETSCAPE_PKEY_free(pkey);
     return (ret);
@@ -282,6 +287,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
     const unsigned char *zz;
     unsigned char key[EVP_MAX_KEY_LENGTH];
     EVP_CIPHER_CTX ctx;
+    EVP_CIPHER_CTX_init(&ctx);
 
     i = cb((char *)buf, 256, "Enter Private Key password:", 0);
     if (i != 0) {
@@ -291,19 +297,22 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
 
     i = strlen((char *)buf);
     if (sgckey) {
-        EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+        if (!EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL))
+            goto err;
         memcpy(buf + 16, "SGCKEYSALT", 10);
         i = 26;
     }
 
-    EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL);
+    if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL))
+        goto err;
     OPENSSL_cleanse(buf, 256);
 
-    EVP_CIPHER_CTX_init(&ctx);
-    EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL);
-    EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length);
-    EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j);
-    EVP_CIPHER_CTX_cleanup(&ctx);
+    if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL))
+        goto err;
+    if (!EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length))
+        goto err;
+    if (!EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j))
+        goto err;
     os->length = i + j;
 
     zz = os->data;
@@ -320,6 +329,7 @@ static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
         goto err;
     }
  err:
+    EVP_CIPHER_CTX_cleanup(&ctx);
     NETSCAPE_PKEY_free(pkey);
     return (ret);
 }