Update openssl to 1.0.2d

Also update Cryptlib to edk2 r17731 Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
author: Gary Ching-Pang Lin <glin@suse.com> 2015-07-28 11:46:38 -0400
committer: Peter Jones <pjones@redhat.com> 2015-07-28 11:46:38 -0400
commit: 5ce38c90cf43ee79cd999716ea83a5a44eeb819e (patch)
tree: 2fb3d9dd667c772fae5f87fa61e1501cf12da0ce /Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
parent: 69ba24ff72921ecabbb47178de40dc5a79350040 (diff)
download: efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.tar.gz
efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.zip
1 files changed, 14 insertions, 6 deletions
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
index b50f1b64..5ab4bf29 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
@@ -60,6 +60,7 @@
 #ifndef OPENSSL_NO_HMAC
 # include <stdio.h>
 # include "cryptlib.h"
+# include <openssl/crypto.h>
 # include <openssl/hmac.h>
 # include <openssl/rand.h>
 # include <openssl/pkcs12.h>
@@ -72,6 +73,7 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
     HMAC_CTX hmac;
     unsigned char key[EVP_MAX_MD_SIZE], *salt;
     int saltlen, iter;
+    int md_size;
 
     if (!PKCS7_type_is_data(p12->authsafes)) {
         PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
@@ -88,16 +90,22 @@ int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
         PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
         return 0;
     }
+    md_size = EVP_MD_size(md_type);
+    if (md_size < 0)
+        return 0;
     if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-                        EVP_MD_size(md_type), key, md_type)) {
+                        md_size, key, md_type)) {
         PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
         return 0;
     }
     HMAC_CTX_init(&hmac);
-    HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
-    HMAC_Update(&hmac, p12->authsafes->d.data->data,
-                p12->authsafes->d.data->length);
-    HMAC_Final(&hmac, mac, maclen);
+    if (!HMAC_Init_ex(&hmac, key, md_size, md_type, NULL)
+        || !HMAC_Update(&hmac, p12->authsafes->d.data->data,
+                        p12->authsafes->d.data->length)
+        || !HMAC_Final(&hmac, mac, maclen)) {
+        HMAC_CTX_cleanup(&hmac);
+        return 0;
+    }
     HMAC_CTX_cleanup(&hmac);
     return 1;
 }
@@ -116,7 +124,7 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
         return 0;
     }
     if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
-        || memcmp(mac, p12->mac->dinfo->digest->data, maclen))
+        || CRYPTO_memcmp(mac, p12->mac->dinfo->digest->data, maclen))
         return 0;
     return 1;
 }
author	Gary Ching-Pang Lin <glin@suse.com>	2015-07-28 11:46:38 -0400
committer	Peter Jones <pjones@redhat.com>	2015-07-28 11:46:38 -0400
commit	5ce38c90cf43ee79cd999716ea83a5a44eeb819e (patch)
tree	2fb3d9dd667c772fae5f87fa61e1501cf12da0ce /Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
parent	69ba24ff72921ecabbb47178de40dc5a79350040 (diff)
download	efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.tar.gz efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.zip