Backport of 5b8fa43 and remove resolved TODO: see PR#3924.

Make RSA key exchange code actually constant-time. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3935)
author: Bernd Edlinger <bernd.edlinger@hotmail.de> 2017-07-14 17:05:37 +0200
committer: Bernd Edlinger <bernd.edlinger@hotmail.de> 2017-07-16 17:21:03 +0200
commit: c63a5ea848cf0ccd3c991198ddff08b36c312340 (patch)
tree: f75f89159fcc24b8ac69748be7bd928b0b716a65 /crypto/rsa
parent: b83265697cae0e211c55a58078c0650bc78b0908 (diff)
1 files changed, 0 insertions, 2 deletions
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index efa1fd3e99..017766ce71 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -255,8 +255,6 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
      * We can't continue in constant-time because we need to copy the result
      * and we cannot fake its length. This unavoidably leaks timing
      * information at the API boundary.
-     * TODO(emilia): this could be addressed at the call site,
-     * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
      */
     if (!good) {
         mlen = -1;
author	Bernd Edlinger <bernd.edlinger@hotmail.de>	2017-07-14 17:05:37 +0200
committer	Bernd Edlinger <bernd.edlinger@hotmail.de>	2017-07-16 17:21:03 +0200
commit	c63a5ea848cf0ccd3c991198ddff08b36c312340 (patch)
tree	f75f89159fcc24b8ac69748be7bd928b0b716a65 /crypto/rsa
parent	b83265697cae0e211c55a58078c0650bc78b0908 (diff)