From 9b17e135d02d61f0799bf88a83642be82e02660f Mon Sep 17 00:00:00 2001
From: jsing <>
Date: Sun, 11 Aug 2019 10:43:57 +0000
Subject: Use freezero() rather than OPENSSL_clear_free().

---
 src/lib/libcrypto/cms/cms_asn1.c | 6 +++---
 src/lib/libcrypto/cms/cms_enc.c  | 8 ++++----
 src/lib/libcrypto/cms/cms_env.c  | 6 +++---
 src/lib/libcrypto/cms/cms_kari.c | 4 ++--
 src/lib/libcrypto/cms/cms_pwri.c | 6 +++---
 5 files changed, 15 insertions(+), 15 deletions(-)

(limited to 'src')

diff --git a/src/lib/libcrypto/cms/cms_asn1.c b/src/lib/libcrypto/cms/cms_asn1.c
index ab884dcf6e..ac53fec154 100644
--- a/src/lib/libcrypto/cms/cms_asn1.c
+++ b/src/lib/libcrypto/cms/cms_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_asn1.c,v 1.17 2019/08/11 10:26:04 jsing Exp $ */
+/* $OpenBSD: cms_asn1.c,v 1.18 2019/08/11 10:43:57 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -932,10 +932,10 @@ cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 			EVP_PKEY_CTX_free(ktri->pctx);
 		} else if (ri->type == CMS_RECIPINFO_KEK) {
 			CMS_KEKRecipientInfo *kekri = ri->d.kekri;
-			OPENSSL_clear_free(kekri->key, kekri->keylen);
+			freezero(kekri->key, kekri->keylen);
 		} else if (ri->type == CMS_RECIPINFO_PASS) {
 			CMS_PasswordRecipientInfo *pwri = ri->d.pwri;
-			OPENSSL_clear_free(pwri->pass, pwri->passlen);
+			freezero(pwri->pass, pwri->passlen);
 		}
 	}
 	return 1;
diff --git a/src/lib/libcrypto/cms/cms_enc.c b/src/lib/libcrypto/cms/cms_enc.c
index a032c801f5..5bcae3c1ee 100644
--- a/src/lib/libcrypto/cms/cms_enc.c
+++ b/src/lib/libcrypto/cms/cms_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_enc.c,v 1.16 2019/08/11 10:41:49 jsing Exp $ */
+/* $OpenBSD: cms_enc.c,v 1.17 2019/08/11 10:43:57 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -160,7 +160,7 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 			    goto err;
 			} else {
 			    /* Use random key */
-			    OPENSSL_clear_free(ec->key, ec->keylen);
+			    freezero(ec->key, ec->keylen);
 			    ec->key = tkey;
 			    ec->keylen = tkeylen;
 			    tkey = NULL;
@@ -193,10 +193,10 @@ cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec)
 
  err:
 	if (!keep_key || !ok) {
-		OPENSSL_clear_free(ec->key, ec->keylen);
+		freezero(ec->key, ec->keylen);
 		ec->key = NULL;
 	}
-	OPENSSL_clear_free(tkey, tkeylen);
+	freezero(tkey, tkeylen);
 	if (ok)
 		return b;
 	BIO_free(b);
diff --git a/src/lib/libcrypto/cms/cms_env.c b/src/lib/libcrypto/cms/cms_env.c
index a27c27f726..c1426b457b 100644
--- a/src/lib/libcrypto/cms/cms_env.c
+++ b/src/lib/libcrypto/cms/cms_env.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_env.c,v 1.19 2019/08/11 10:43:24 jsing Exp $ */
+/* $OpenBSD: cms_env.c,v 1.20 2019/08/11 10:43:57 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -469,7 +469,7 @@ cms_RecipientInfo_ktri_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri)
 
 	ret = 1;
 
-	OPENSSL_clear_free(ec->key, ec->keylen);
+	freezero(ec->key, ec->keylen);
 	ec->key = ek;
 	ec->keylen = eklen;
 
@@ -932,7 +932,7 @@ cms_EnvelopedData_init_bio(CMS_ContentInfo *cms)
 
  err:
 	ec->cipher = NULL;
-	OPENSSL_clear_free(ec->key, ec->keylen);
+	freezero(ec->key, ec->keylen);
 	ec->key = NULL;
 	ec->keylen = 0;
 	if (ok)
diff --git a/src/lib/libcrypto/cms/cms_kari.c b/src/lib/libcrypto/cms/cms_kari.c
index ca3e6d75de..04bca9dce5 100644
--- a/src/lib/libcrypto/cms/cms_kari.c
+++ b/src/lib/libcrypto/cms/cms_kari.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_kari.c,v 1.9 2019/08/11 10:43:24 jsing Exp $ */
+/* $OpenBSD: cms_kari.c,v 1.10 2019/08/11 10:43:57 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -296,7 +296,7 @@ CMS_RecipientInfo_kari_decrypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 	if (!cms_kek_cipher(&cek, &ceklen, enckey, enckeylen, ri->d.kari, 0))
 		goto err;
 	ec = cms->d.envelopedData->encryptedContentInfo;
-	OPENSSL_clear_free(ec->key, ec->keylen);
+	freezero(ec->key, ec->keylen);
 	ec->key = cek;
 	ec->keylen = ceklen;
 	cek = NULL;
diff --git a/src/lib/libcrypto/cms/cms_pwri.c b/src/lib/libcrypto/cms/cms_pwri.c
index 30c5ce0618..918e37c88d 100644
--- a/src/lib/libcrypto/cms/cms_pwri.c
+++ b/src/lib/libcrypto/cms/cms_pwri.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cms_pwri.c,v 1.21 2019/08/11 10:41:49 jsing Exp $ */
+/* $OpenBSD: cms_pwri.c,v 1.22 2019/08/11 10:43:57 jsing Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
@@ -268,7 +268,7 @@ kek_unwrap_key(unsigned char *out, size_t *outlen, const unsigned char *in,
 	rv = 1;
 
  err:
-	OPENSSL_clear_free(tmp, inlen);
+	freezero(tmp, inlen);
 
 	return rv;
 }
@@ -411,7 +411,7 @@ cms_RecipientInfo_pwri_crypt(CMS_ContentInfo *cms, CMS_RecipientInfo *ri,
 			goto err;
 		}
 
-		OPENSSL_clear_free(ec->key, ec->keylen);
+		freezero(ec->key, ec->keylen);
 		ec->key = key;
 		ec->keylen = keylen;
 	}
-- 
cgit v1.2.3-55-g6feb