openssl: Update to pristine 1.0.2n (security update)

author: Rémi Verschelde <rverschelde@gmail.com> 2018-01-13 13:39:08 +0100
committer: Rémi Verschelde <rverschelde@gmail.com> 2018-01-13 13:39:08 +0100
commit: 00abb1f201cbe1e40c2eef30819be115d3d04d10 (patch)
tree: 7eb36871dd7af02db7d2f59482644a56bc79d7bb /thirdparty/openssl/crypto/rsa/rsa_pk1.c
parent: de0b31edd5b36b8c8016b7ca50c1823f2efbfa74 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/thirdparty/openssl/crypto/rsa/rsa_pk1.c b/thirdparty/openssl/crypto/rsa/rsa_pk1.c
index efa1fd3e99..50397c335a 100644
--- a/thirdparty/openssl/crypto/rsa/rsa_pk1.c
+++ b/thirdparty/openssl/crypto/rsa/rsa_pk1.c
@@ -255,8 +255,6 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
      * We can't continue in constant-time because we need to copy the result
      * and we cannot fake its length. This unavoidably leaks timing
      * information at the API boundary.
-     * TODO(emilia): this could be addressed at the call site,
-     * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
      */
     if (!good) {
         mlen = -1;
@@ -266,8 +264,10 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
     memcpy(to, em + msg_index, mlen);
 
  err:
-    if (em != NULL)
+    if (em != NULL) {
+        OPENSSL_cleanse(em, num);
         OPENSSL_free(em);
+    }
     if (mlen == -1)
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
                RSA_R_PKCS_DECODING_ERROR);
author	Rémi Verschelde <rverschelde@gmail.com>	2018-01-13 13:39:08 +0100
committer	Rémi Verschelde <rverschelde@gmail.com>	2018-01-13 13:39:08 +0100
commit	00abb1f201cbe1e40c2eef30819be115d3d04d10 (patch)
tree	7eb36871dd7af02db7d2f59482644a56bc79d7bb /thirdparty/openssl/crypto/rsa/rsa_pk1.c
parent	de0b31edd5b36b8c8016b7ca50c1823f2efbfa74 (diff)