Update openssl to 1.0.2d

Also update Cryptlib to edk2 r17731

Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>

1 files changed, 27 insertions, 43 deletions

diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c
index 0607feaa..d06ab90a 100644
--- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c
+++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c
@@ -64,42 +64,11 @@
 #include <openssl/evp.h>
 
 /*
- * PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
+ * Doesn't do anything now: Builtin PBE algorithms in static table.
  */
 
 void PKCS5_PBE_add(void)
 {
-#ifndef OPENSSL_NO_DES
-# ifndef OPENSSL_NO_MD5
-    EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
-                    PKCS5_PBE_keyivgen);
-# endif
-# ifndef OPENSSL_NO_MD2
-    EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
-                    PKCS5_PBE_keyivgen);
-# endif
-# ifndef OPENSSL_NO_SHA
-    EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
-                    PKCS5_PBE_keyivgen);
-# endif
-#endif
-#ifndef OPENSSL_NO_RC2
-# ifndef OPENSSL_NO_MD5
-    EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
-                    PKCS5_PBE_keyivgen);
-# endif
-# ifndef OPENSSL_NO_MD2
-    EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
-                    PKCS5_PBE_keyivgen);
-# endif
-# ifndef OPENSSL_NO_SHA
-    EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
-                    PKCS5_PBE_keyivgen);
-# endif
-#endif
-#ifndef OPENSSL_NO_HMAC
-    EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
-#endif
 }
 
 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
@@ -114,6 +83,9 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     int saltlen, iter;
     unsigned char *salt;
     const unsigned char *pbuf;
+    int mdsize;
+    int rv = 0;
+    EVP_MD_CTX_init(&ctx);
 
     /* Extract useful info from parameter */
     if (param == NULL || param->type != V_ASN1_SEQUENCE ||
@@ -140,26 +112,38 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
     else if (passlen == -1)
         passlen = strlen(pass);
 
-    EVP_MD_CTX_init(&ctx);
-    EVP_DigestInit_ex(&ctx, md, NULL);
-    EVP_DigestUpdate(&ctx, pass, passlen);
-    EVP_DigestUpdate(&ctx, salt, saltlen);
+    if (!EVP_DigestInit_ex(&ctx, md, NULL))
+        goto err;
+    if (!EVP_DigestUpdate(&ctx, pass, passlen))
+        goto err;
+    if (!EVP_DigestUpdate(&ctx, salt, saltlen))
+        goto err;
     PBEPARAM_free(pbe);
-    EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+    if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL))
+        goto err;
+    mdsize = EVP_MD_size(md);
+    if (mdsize < 0)
+        return 0;
     for (i = 1; i < iter; i++) {
-        EVP_DigestInit_ex(&ctx, md, NULL);
-        EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
-        EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+        if (!EVP_DigestInit_ex(&ctx, md, NULL))
+            goto err;
+        if (!EVP_DigestUpdate(&ctx, md_tmp, mdsize))
+            goto err;
+        if (!EVP_DigestFinal_ex(&ctx, md_tmp, NULL))
+            goto err;
     }
-    EVP_MD_CTX_cleanup(&ctx);
     OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
     memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
     OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
     memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
            EVP_CIPHER_iv_length(cipher));
-    EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
+    if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))
+        goto err;
     OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
     OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
     OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
-    return 1;
+    rv = 1;
+ err:
+    EVP_MD_CTX_cleanup(&ctx);
+    return rv;
 }