Use freezero() for the internal opaque structures, instead of the current

explicit_bzero()/free(). Less code and potentially less overhead.
author: jsing <> 2017-04-10 17:27:33 +0000
committer: jsing <> 2017-04-10 17:27:33 +0000
commit: 8bea6e7211234af80b7a52972d3c14596a38c767 (patch)
tree: 8385526871849725f6ed77516a693d277bbdfa91
parent: c8368f35409fe0a4a05ea25108a4055d6082d923 (diff)
download: openbsd-8bea6e7211234af80b7a52972d3c14596a38c767.tar.gz
openbsd-8bea6e7211234af80b7a52972d3c14596a38c767.tar.bz2
openbsd-8bea6e7211234af80b7a52972d3c14596a38c767.zip
3 files changed, 9 insertions, 18 deletions
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
index 8092d56a4c..7e919a6c9b 100644
--- a/src/lib/libssl/d1_lib.c
+++ b/src/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.41 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.42 2017/04/10 17:27:33 jsing Exp $ */
 /*
 * DTLS implementation written by Nagendra Modadugu
 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -191,11 +191,8 @@ dtls1_free(SSL *s)
        pqueue_free(s->d1->sent_messages);
        pqueue_free(D1I(s)->buffered_app_data.q);
-        explicit_bzero(s->d1->internal, sizeof(*s->d1->internal));
+        freezero(s->d1->internal, sizeof(*s->d1->internal));
-        free(s->d1->internal);
+        freezero(s->d1, sizeof(*s->d1));
-        explicit_bzero(s->d1, sizeof(*s->d1));
-        free(s->d1);
        s->d1 = NULL;
 }
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 1fd077ec6e..d4142e743f 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.139 2017/04/10 17:25:22 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.140 2017/04/10 17:27:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1844,11 +1844,8 @@ ssl3_free(SSL *s)
        free(S3I(s)->alpn_selected);
-        explicit_bzero(S3I(s), sizeof(*S3I(s)));
+        freezero(S3I(s), sizeof(*S3I(s)));
-        free(S3I(s));
+        freezero(s->s3, sizeof(*s->s3));
-        explicit_bzero(s->s3, sizeof(*s->s3));
-        free(s->s3);
        s->s3 = NULL;
 }
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
index 5d80e58196..59d7d9ec24 100644
--- a/src/lib/libssl/ssl_sess.c
+++ b/src/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.70 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.71 2017/04/10 17:27:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -705,11 +705,8 @@ SSL_SESSION_free(SSL_SESSION *ss)
        free(ss->internal->tlsext_ecpointformatlist);
        free(ss->internal->tlsext_supportedgroups);
-        explicit_bzero(ss->internal, sizeof(*ss->internal));
+        freezero(ss->internal, sizeof(*ss->internal));
-        free(ss->internal);
+        freezero(ss, sizeof(*ss));
-        explicit_bzero(ss, sizeof(*ss));
-        free(ss);
 }
 int
author	jsing <>	2017-04-10 17:27:33 +0000
committer	jsing <>	2017-04-10 17:27:33 +0000
commit	8bea6e7211234af80b7a52972d3c14596a38c767 (patch)
tree	8385526871849725f6ed77516a693d277bbdfa91
parent	c8368f35409fe0a4a05ea25108a4055d6082d923 (diff)
download	openbsd-8bea6e7211234af80b7a52972d3c14596a38c767.tar.gz openbsd-8bea6e7211234af80b7a52972d3c14596a38c767.tar.bz2 openbsd-8bea6e7211234af80b7a52972d3c14596a38c767.zip