10 files changed, 23 insertions, 43 deletions
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index 5a23a9823d..595b88cefc 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ec_key.c,v 1.14 2017/05/02 03:59:44 deraadt Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project.
 */
@@ -122,9 +122,7 @@ EC_KEY_free(EC_KEY * r)
        EC_EX_DATA_free_all_data(&r->method_data);
-        explicit_bzero((void *) r, sizeof(EC_KEY));
+        freezero(r, sizeof(EC_KEY));
-        free(r);
 }
 EC_KEY *
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c
index baddbf6dc8..0d062111b5 100644
--- a/src/lib/libcrypto/ec/ec_lib.c
+++ b/src/lib/libcrypto/ec/ec_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_lib.c,v 1.23 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ec_lib.c,v 1.24 2017/05/02 03:59:44 deraadt Exp $ */
 /*
 * Originally written by Bodo Moeller for the OpenSSL project.
 */
@@ -151,12 +151,8 @@ EC_GROUP_clear_free(EC_GROUP * group)
        BN_clear_free(&group->order);
        BN_clear_free(&group->cofactor);
-        if (group->seed) {
+        freezero(group->seed, group->seed_len);
-                explicit_bzero(group->seed, group->seed_len);
+        freezero(group, sizeof *group);
-                free(group->seed);
-        }
-        explicit_bzero(group, sizeof *group);
-        free(group);
 }
@@ -743,8 +739,7 @@ EC_POINT_clear_free(EC_POINT * point)
                point->meth->point_clear_finish(point);
        else if (point->meth->point_finish != 0)
                point->meth->point_finish(point);
-        explicit_bzero(point, sizeof *point);
+        freezero(point, sizeof *point);
-        free(point);
 }
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
index e44104d21c..a565263bb6 100644
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_mult.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ec_mult.c,v 1.21 2017/05/02 03:59:44 deraadt Exp $ */
 /*
 * Originally written by Bodo Moeller and Nils Larsch for the OpenSSL project.
 */
@@ -177,8 +177,7 @@ ec_pre_comp_clear_free(void *pre_)
                }
                free(pre->points);
        }
-        explicit_bzero(pre, sizeof *pre);
+        freezero(pre, sizeof *pre);
-        free(pre);
 }
diff --git a/src/lib/libcrypto/ec/ecp_nistp224.c b/src/lib/libcrypto/ec/ecp_nistp224.c
index 38dd83b6d9..fce74578c7 100644
--- a/src/lib/libcrypto/ec/ecp_nistp224.c
+++ b/src/lib/libcrypto/ec/ecp_nistp224.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nistp224.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ecp_nistp224.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */
 /*
 * Written by Emilia Kasper (Google) for the OpenSSL project.
 */
@@ -1239,8 +1239,7 @@ nistp224_pre_comp_clear_free(void *pre_)
        if (i > 0)
                return;
-        explicit_bzero(pre, sizeof *pre);
+        freezero(pre, sizeof *pre);
-        free(pre);
 }
 /******************************************************************************/
diff --git a/src/lib/libcrypto/ec/ecp_nistp256.c b/src/lib/libcrypto/ec/ecp_nistp256.c
index 4771a92efd..6f3ec3c250 100644
--- a/src/lib/libcrypto/ec/ecp_nistp256.c
+++ b/src/lib/libcrypto/ec/ecp_nistp256.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nistp256.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ecp_nistp256.c,v 1.18 2017/05/02 03:59:44 deraadt Exp $ */
 /*
 * Written by Adam Langley (Google) for the OpenSSL project
 */
@@ -1788,8 +1788,7 @@ nistp256_pre_comp_clear_free(void *pre_)
        if (i > 0)
                return;
-        explicit_bzero(pre, sizeof *pre);
+        freezero(pre, sizeof *pre);
-        free(pre);
 }
 /******************************************************************************/
diff --git a/src/lib/libcrypto/ec/ecp_nistp521.c b/src/lib/libcrypto/ec/ecp_nistp521.c
index 22bafe392f..6dbc266937 100644
--- a/src/lib/libcrypto/ec/ecp_nistp521.c
+++ b/src/lib/libcrypto/ec/ecp_nistp521.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_nistp521.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ecp_nistp521.c,v 1.19 2017/05/02 03:59:44 deraadt Exp $ */
 /*
 * Written by Adam Langley (Google) for the OpenSSL project
 */
@@ -1679,8 +1679,7 @@ nistp521_pre_comp_clear_free(void *pre_)
        if (i > 0)
                return;
-        explicit_bzero(pre, sizeof(*pre));
+        freezero(pre, sizeof(*pre));
-        free(pre);
 }
 /******************************************************************************/
diff --git a/src/lib/libcrypto/ec/ecp_nistz256.c b/src/lib/libcrypto/ec/ecp_nistz256.c
index 848f15cb17..b3b8f74b14 100644
--- a/src/lib/libcrypto/ec/ecp_nistz256.c
+++ b/src/lib/libcrypto/ec/ecp_nistz256.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ecp_nistz256.c,v 1.2 2017/01/29 17:49:23 beck Exp $   */
+/*      $OpenBSD: ecp_nistz256.c,v 1.3 2017/05/02 03:59:44 deraadt Exp $        */
 /* Copyright (c) 2014, Intel Corporation.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
@@ -1118,11 +1118,9 @@ ecp_nistz256_pre_comp_clear_free(void *pre_)
                 * here, but the only place where we allocate this uses
                 * PRECOMP256_ROW (i.e. 64 P256_POINT_AFFINE) but sets w == 7.
                 */
-                explicit_bzero(pre->precomp, 37 * sizeof(PRECOMP256_ROW));
+                freezero(pre->precomp, 37 * sizeof(PRECOMP256_ROW));
-                free(pre->precomp);
        }
-        explicit_bzero(pre, sizeof *pre);
+        freezero(pre, sizeof *pre);
-        free(pre);
 }
 static int
diff --git a/src/lib/libcrypto/ecdh/ech_lib.c b/src/lib/libcrypto/ecdh/ech_lib.c
index 06e6a1ee22..2846a88612 100644
--- a/src/lib/libcrypto/ecdh/ech_lib.c
+++ b/src/lib/libcrypto/ecdh/ech_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ech_lib.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ech_lib.c,v 1.13 2017/05/02 03:59:44 deraadt Exp $ */
 /* ====================================================================
 * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
 *
@@ -182,9 +182,7 @@ ecdh_data_free(void *data)
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
-        explicit_bzero((void *)r, sizeof(ECDH_DATA));
+        freezero(r, sizeof(ECDH_DATA));
-        free(r);
 }
 ECDH_DATA *
diff --git a/src/lib/libcrypto/ecdsa/ecs_lib.c b/src/lib/libcrypto/ecdsa/ecs_lib.c
index ca0f51b366..4fbe1e060b 100644
--- a/src/lib/libcrypto/ecdsa/ecs_lib.c
+++ b/src/lib/libcrypto/ecdsa/ecs_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_lib.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ecs_lib.c,v 1.12 2017/05/02 03:59:44 deraadt Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
 *
@@ -169,9 +169,7 @@ ecdsa_data_free(void *data)
 #endif
        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
-        explicit_bzero((void *)r, sizeof(ECDSA_DATA));
+        freezero(r, sizeof(ECDSA_DATA));
-        free(r);
 }
 ECDSA_DATA *
diff --git a/src/lib/libcrypto/ecdsa/ecs_vrf.c b/src/lib/libcrypto/ecdsa/ecs_vrf.c
index a4b627ace6..270af94c0d 100644
--- a/src/lib/libcrypto/ecdsa/ecs_vrf.c
+++ b/src/lib/libcrypto/ecdsa/ecs_vrf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecs_vrf.c,v 1.5 2015/02/08 13:35:07 jsing Exp $ */
+/* $OpenBSD: ecs_vrf.c,v 1.6 2017/05/02 03:59:44 deraadt Exp $ */
 /*
 * Written by Nils Larsch for the OpenSSL project
 */
@@ -107,10 +107,7 @@ ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
        ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
 err:
-        if (derlen > 0) {
+        freezero(der, derlen);
-                explicit_bzero(der, derlen);
-                free(der);
-        }
        ECDSA_SIG_free(s);
        return (ret);
 }