Upgrade chrome's OpenSSL to same version Android ships with.

openssl/crypto/rsa/rsa_oaep.c

 /* crypto/rsa/rsa_oaep.c */
 /* Written by Ulf Moeller. This software is distributed on an "AS IS"
    basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
 
 /* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
 
 /* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
  * <URL: http://www.shoup.net/papers/oaep.ps.Z>
  * for problems with the security proof for the
  * original OAEP scheme, which EME-OAEP is based on.
@@ skipping 10 matching lines @@
 
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
-int MGF1(unsigned char *mask, long len,
+static int MGF1(unsigned char *mask, long len,
         const unsigned char *seed, long seedlen);
 
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
         const unsigned char *from, int flen,
         const unsigned char *param, int plen)
         {
         int i, emlen = tlen - 1;
         unsigned char *db, *seed;
         unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
 
@@ skipping 27 matching lines @@
            20);
 #endif
 
         dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
         if (dbmask == NULL)
                 {
                 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
                 return 0;
                 }
 
-        MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+        if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH) < 0)
+                return 0;
         for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
                 db[i] ^= dbmask[i];
 
-        MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+        if (MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH) < 0)
+                return 0;
         for (i = 0; i < SHA_DIGEST_LENGTH; i++)
                 seed[i] ^= seedmask[i];
 
         OPENSSL_free(dbmask);
         return 1;
         }
 
 int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
         const unsigned char *from, int flen, int num,
         const unsigned char *param, int plen)
@@ skipping 32 matching lines @@
                 }
 
         /* Always do this zero-padding copy (even when lzero == 0)
          * to avoid leaking timing info about the value of lzero. */
         padded_from = db + dblen;
         memset(padded_from, 0, lzero);
         memcpy(padded_from + lzero, from, flen);
 
         maskeddb = padded_from + SHA_DIGEST_LENGTH;
 
-        MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+        if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen))
+                return -1;
         for (i = 0; i < SHA_DIGEST_LENGTH; i++)
                 seed[i] ^= padded_from[i];
   
-        MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+        if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH))
+                return -1;
         for (i = 0; i < dblen; i++)
                 db[i] ^= maskeddb[i];
 
         EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
 
         if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
                 goto decoding_err;
         else
                 {
                 for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
@@ skipping 27 matching lines @@
         }
 
 int PKCS1_MGF1(unsigned char *mask, long len,
         const unsigned char *seed, long seedlen, const EVP_MD *dgst)
         {
         long i, outlen = 0;
         unsigned char cnt[4];
         EVP_MD_CTX c;
         unsigned char md[EVP_MAX_MD_SIZE];
         int mdlen;
+        int rv = -1;
 
         EVP_MD_CTX_init(&c);
-        mdlen = M_EVP_MD_size(dgst);
+        mdlen = EVP_MD_size(dgst);
+        if (mdlen < 0)
+                goto err;
         for (i = 0; outlen < len; i++)
                 {
                 cnt[0] = (unsigned char)((i >> 24) & 255);
                 cnt[1] = (unsigned char)((i >> 16) & 255);
                 cnt[2] = (unsigned char)((i >> 8)) & 255;
                 cnt[3] = (unsigned char)(i & 255);
-                EVP_DigestInit_ex(&c,dgst, NULL);
-                EVP_DigestUpdate(&c, seed, seedlen);
-                EVP_DigestUpdate(&c, cnt, 4);
+                if (!EVP_DigestInit_ex(&c,dgst, NULL)
+                        || !EVP_DigestUpdate(&c, seed, seedlen)
+                        || !EVP_DigestUpdate(&c, cnt, 4))
+                        goto err;
                 if (outlen + mdlen <= len)
                         {
-                        EVP_DigestFinal_ex(&c, mask + outlen, NULL);
+                        if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL))
+                                goto err;
                         outlen += mdlen;
                         }
                 else
                         {
-                        EVP_DigestFinal_ex(&c, md, NULL);
+                        if (!EVP_DigestFinal_ex(&c, md, NULL))
+                                goto err;
                         memcpy(mask + outlen, md, len - outlen);
                         outlen = len;
                         }
                 }
+        rv = 0;
+        err:
         EVP_MD_CTX_cleanup(&c);
-        return 0;
+        return rv;
         }
 
-int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
+static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
+                 long seedlen)
         {
         return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
         }
 #endif