From b371a682fb67ff945a8095437b9b33cab549bb49 Mon Sep 17 00:00:00 2001
From: Gary Lin <glin@suse.com>
Date: Thu, 13 Oct 2016 15:57:25 +0800
Subject: Update to openssl 1.0.2j

Signed-off-by: Gary Lin <glin@suse.com>
---
 Cryptlib/OpenSSL/crypto/md32_common.h | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'Cryptlib/OpenSSL/crypto/md32_common.h')

diff --git a/Cryptlib/OpenSSL/crypto/md32_common.h b/Cryptlib/OpenSSL/crypto/md32_common.h
index 96828d26..b5a04bf1 100644
--- a/Cryptlib/OpenSSL/crypto/md32_common.h
+++ b/Cryptlib/OpenSSL/crypto/md32_common.h
@@ -109,6 +109,8 @@
  *                                      <appro@fy.chalmers.se>
  */
 
+#include <openssl/crypto.h>
+
 #if !defined(DATA_ORDER_IS_BIG_ENDIAN) && !defined(DATA_ORDER_IS_LITTLE_ENDIAN)
 # error "DATA_ORDER must be defined!"
 #endif
@@ -329,6 +331,12 @@ int HASH_UPDATE(HASH_CTX *c, const void *data_, size_t len)
             data += n;
             len -= n;
             c->num = 0;
+            /*
+             * We use memset rather than OPENSSL_cleanse() here deliberately.
+             * Using OPENSSL_cleanse() here could be a performance issue. It
+             * will get properly cleansed on finalisation so this isn't a
+             * security problem.
+             */
             memset(p, 0, HASH_CBLOCK); /* keep it zeroed */
         } else {
             memcpy(p + n, data, len);
@@ -384,7 +392,7 @@ int HASH_FINAL(unsigned char *md, HASH_CTX *c)
     p -= HASH_CBLOCK;
     HASH_BLOCK_DATA_ORDER(c, p, 1);
     c->num = 0;
-    memset(p, 0, HASH_CBLOCK);
+    OPENSSL_cleanse(p, HASH_CBLOCK);
 
 #ifndef HASH_MAKE_STRING
 # error "HASH_MAKE_STRING must be defined!"
-- 
cgit v1.2.3