use freezero() instead of 4-line conditional explicit_bzero + free

4 files changed, 10 insertions, 28 deletions

diff --git a/src/usr.bin/openssl/apps.c b/src/usr.bin/openssl/apps.c
index c6c992fe10..7594e77c19 100644
--- a/src/usr.bin/openssl/apps.c
+++ b/src/usr.bin/openssl/apps.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: apps.c,v 1.42 2017/01/21 09:29:09 deraadt Exp $ */
+/* $OpenBSD: apps.c,v 1.43 2017/04/18 02:15:50 deraadt Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -397,10 +397,7 @@ password_callback(char *buf, int bufsiz, int verify, void *arg)
                         } while (ok < 0 &&
                             UI_ctrl(ui, UI_CTRL_IS_REDOABLE, 0, 0, 0));
 
-                if (buff) {
-                        explicit_bzero(buff, (unsigned int) bufsiz);
-                        free(buff);
-                }
+                freezero(buff, (unsigned int) bufsiz);
                 if (ok >= 0)
                         res = strlen(buf);
                 if (ok == -1) {
diff --git a/src/usr.bin/openssl/dgst.c b/src/usr.bin/openssl/dgst.c
index ce50e08b53..bcc9f1c761 100644
--- a/src/usr.bin/openssl/dgst.c
+++ b/src/usr.bin/openssl/dgst.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dgst.c,v 1.10 2017/01/20 08:57:11 deraadt Exp $ */
+/* $OpenBSD: dgst.c,v 1.11 2017/04/18 02:15:50 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -448,10 +448,7 @@ mac_end:
         }
 
 end:
-        if (buf != NULL) {
-                explicit_bzero(buf, BUFSIZE);
-                free(buf);
-        }
+        freezero(buf, BUFSIZE);
         if (in != NULL)
                 BIO_free(in);
         free(passin);
diff --git a/src/usr.bin/openssl/s_client.c b/src/usr.bin/openssl/s_client.c
index 4a0a832c12..aa1c5764bd 100644
--- a/src/usr.bin/openssl/s_client.c
+++ b/src/usr.bin/openssl/s_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_client.c,v 1.31 2017/01/24 09:07:40 jsing Exp $ */
+/* $OpenBSD: s_client.c,v 1.32 2017/04/18 02:15:50 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1266,18 +1266,9 @@ end:
         free(pass);
         if (vpm)
                 X509_VERIFY_PARAM_free(vpm);
-        if (cbuf != NULL) {
-                explicit_bzero(cbuf, BUFSIZZ);
-                free(cbuf);
-        }
-        if (sbuf != NULL) {
-                explicit_bzero(sbuf, BUFSIZZ);
-                free(sbuf);
-        }
-        if (mbuf != NULL) {
-                explicit_bzero(mbuf, BUFSIZZ);
-                free(mbuf);
-        }
+        freezero(cbuf, BUFSIZZ);
+        freezero(sbuf, BUFSIZZ);
+        freezero(mbuf, BUFSIZZ);
         if (bio_c_out != NULL) {
                 BIO_free(bio_c_out);
                 bio_c_out = NULL;
diff --git a/src/usr.bin/openssl/s_server.c b/src/usr.bin/openssl/s_server.c
index d73a11799b..493dc26264 100644
--- a/src/usr.bin/openssl/s_server.c
+++ b/src/usr.bin/openssl/s_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s_server.c,v 1.25 2017/01/20 08:57:12 deraadt Exp $ */
+/* $OpenBSD: s_server.c,v 1.26 2017/04/18 02:15:50 deraadt Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1590,10 +1590,7 @@ err:
                 SSL_free(con);
         }
         BIO_printf(bio_s_out, "CONNECTION CLOSED\n");
-        if (buf != NULL) {
-                explicit_bzero(buf, bufsize);
-                free(buf);
-        }
+        freezero(buf, bufsize);
         if (ret >= 0)
                 BIO_printf(bio_s_out, "ACCEPT\n");
         return (ret);