freezero() the key block; simpler code and less of it.

author: jsing <jsing@openbsd.org> 2017-04-10 16:48:43 +0000
committer: jsing <jsing@openbsd.org> 2017-04-10 16:48:43 +0000
commit: 56dcd57b57dad8b070841b90ce5a824b6ae461af (patch)
tree: e902e541b1c9d5b92b70bc01c534e8227dc4ce9e /lib/libssl/t1_enc.c
parent: Use freezero() for i2d_SSL_SESSION() - one line of code instead of three. (diff)
download: wireguard-openbsd-56dcd57b57dad8b070841b90ce5a824b6ae461af.tar.xz
wireguard-openbsd-56dcd57b57dad8b070841b90ce5a824b6ae461af.zip
1 files changed, 3 insertions, 7 deletions
diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index e3ffe0472ee..ce57235cea8 100644
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.107 2017/03/25 13:42:29 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.108 2017/04/10 16:48:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -152,12 +152,8 @@ int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
 void
 tls1_cleanup_key_block(SSL *s)
 {
-	if (S3I(s)->tmp.key_block != NULL) {
-		explicit_bzero(S3I(s)->tmp.key_block,
-		    S3I(s)->tmp.key_block_length);
-		free(S3I(s)->tmp.key_block);
-		S3I(s)->tmp.key_block = NULL;
-	}
+	freezero(S3I(s)->tmp.key_block, S3I(s)->tmp.key_block_length);
+	S3I(s)->tmp.key_block = NULL;
 	S3I(s)->tmp.key_block_length = 0;
 }
author	jsing <jsing@openbsd.org>	2017-04-10 16:48:43 +0000
committer	jsing <jsing@openbsd.org>	2017-04-10 16:48:43 +0000
commit	56dcd57b57dad8b070841b90ce5a824b6ae461af (patch)
tree	e902e541b1c9d5b92b70bc01c534e8227dc4ce9e /lib/libssl/t1_enc.c
parent	Use freezero() for i2d_SSL_SESSION() - one line of code instead of three. (diff)
download	wireguard-openbsd-56dcd57b57dad8b070841b90ce5a824b6ae461af.tar.xz wireguard-openbsd-56dcd57b57dad8b070841b90ce5a824b6ae461af.zip