commit 2e9e66ad8f35ee615e79da22ff91b0fa94607ca8
author Robert Sloan <varomodt@google.com> Mon Sep 25 09:08:29 2017 -0700
committer Robert Sloan <varomodt@google.com> Mon Sep 25 09:09:18 2017 -0700
tree 8e7fcf46cf385ba5c71296259197e207e9164370
parent db4251af0823393f084e17c67401b51536ae4cea

external/boringssl: Sync to 3a18bf04745c0ef9850efeec1a52e402c4392388.

This includes the following changes:

https://boringssl.googlesource.com/boringssl/+log/9a127b43b8b78a135d6b64a3e25b8a704c2c069f..3a18bf04745c0ef9850efeec1a52e402c4392388

Test: BoringSSL CTS Presubmits.
Change-Id: Id39a146b1a6d7483f4142a7c191796ba65f32883

src/crypto/fipsmodule/bn/bn.c

diff --git a/src/crypto/fipsmodule/bn/bn.c b/src/crypto/fipsmodule/bn/bn.c
index 9ba1913..4ed6ab0 100644
--- a/src/crypto/fipsmodule/bn/bn.c
+++ b/src/crypto/fipsmodule/bn/bn.c
@@ -108,16 +108,18 @@
   }
 
   if (bn->d != NULL) {
-    OPENSSL_cleanse(bn->d, bn->dmax * sizeof(bn->d[0]));
     if ((bn->flags & BN_FLG_STATIC_DATA) == 0) {
       OPENSSL_free(bn->d);
+    } else {
+      OPENSSL_cleanse(bn->d, bn->dmax * sizeof(bn->d[0]));
     }
   }
 
   should_free = (bn->flags & BN_FLG_MALLOCED) != 0;
-  OPENSSL_cleanse(bn, sizeof(BIGNUM));
   if (should_free) {
     OPENSSL_free(bn);
+  } else {
+    OPENSSL_cleanse(bn, sizeof(BIGNUM));
   }
 }
 

src/crypto/fipsmodule/bn/exponentiation.c

diff --git a/src/crypto/fipsmodule/bn/exponentiation.c b/src/crypto/fipsmodule/bn/exponentiation.c
index ae78ff9..f4e028b 100644
--- a/src/crypto/fipsmodule/bn/exponentiation.c
+++ b/src/crypto/fipsmodule/bn/exponentiation.c
@@ -1168,10 +1168,7 @@
 err:
   BN_MONT_CTX_free(new_mont);
   BN_clear_free(new_a);
-  if (powerbuf != NULL) {
-    OPENSSL_cleanse(powerbuf, powerbufLen);
-    OPENSSL_free(powerbufFree);
-  }
+  OPENSSL_free(powerbufFree);
   return (ret);
 }
 

src/crypto/fipsmodule/bn/mul.c

diff --git a/src/crypto/fipsmodule/bn/mul.c b/src/crypto/fipsmodule/bn/mul.c
index 7cc0e3c..a4e27f2 100644
--- a/src/crypto/fipsmodule/bn/mul.c
+++ b/src/crypto/fipsmodule/bn/mul.c
@@ -230,11 +230,13 @@
             if (--dl <= 0) {
               break;
             }
+            OPENSSL_FALLTHROUGH;
           case 2:
             r[2] = a[2];
             if (--dl <= 0) {
               break;
             }
+            OPENSSL_FALLTHROUGH;
           case 3:
             r[3] = a[3];
             if (--dl <= 0) {

src/crypto/fipsmodule/bn/random.c

diff --git a/src/crypto/fipsmodule/bn/random.c b/src/crypto/fipsmodule/bn/random.c
index 64e7605..2257da0 100644
--- a/src/crypto/fipsmodule/bn/random.c
+++ b/src/crypto/fipsmodule/bn/random.c
@@ -188,11 +188,8 @@
   ret = 1;
 
 err:
-  if (buf != NULL) {
-    OPENSSL_cleanse(buf, bytes);
-    OPENSSL_free(buf);
-  }
-  return (ret);
+  OPENSSL_free(buf);
+  return ret;
 }
 
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) {