From 3e2b5db005df2af699a2dc06fd7f65ee7264bf8c Mon Sep 17 00:00:00 2001
From: tb <>
Date: Tue, 9 Jul 2024 17:29:51 +0000
Subject: Replace explicit_bzero() plus free() with freezero()

This is simpler, if slightly more expensive
---
 src/lib/libcrypto/kdf/tls1_prf.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/lib/libcrypto/kdf/tls1_prf.c b/src/lib/libcrypto/kdf/tls1_prf.c
index ab21644d7a..7f6939adda 100644
--- a/src/lib/libcrypto/kdf/tls1_prf.c
+++ b/src/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls1_prf.c,v 1.32 2024/07/09 17:05:46 tb Exp $ */
+/*	$OpenBSD: tls1_prf.c,v 1.33 2024/07/09 17:29:51 tb Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
  * 2016.
@@ -97,8 +97,7 @@ pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
 	struct tls1_prf_ctx *kctx = ctx->data;
 
 	freezero(kctx->secret, kctx->secret_len);
-	explicit_bzero(kctx->seed, kctx->seed_len);
-	free(kctx);
+	freezero(kctx, sizeof(*kctx));
 }
 
 static int
-- 
cgit v1.2.3-55-g6feb