freezero() the key block; simpler code and less of it.

diff --git a/lib/libssl/t1_enc.c b/lib/libssl/t1_enc.c
index e3ffe04..ce57235 100644 (file)
--- a/lib/libssl/t1_enc.c
+++ b/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.107 2017/03/25 13:42:29 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.108 2017/04/10 16:48:43 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -152,12 +152,8 @@ int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
 void
 tls1_cleanup_key_block(SSL *s)
 {
-       if (S3I(s)->tmp.key_block != NULL) {
-               explicit_bzero(S3I(s)->tmp.key_block,
-                   S3I(s)->tmp.key_block_length);
-               free(S3I(s)->tmp.key_block);
-               S3I(s)->tmp.key_block = NULL;
-       }
+       freezero(S3I(s)->tmp.key_block, S3I(s)->tmp.key_block_length);
+       S3I(s)->tmp.key_block = NULL;
        S3I(s)->tmp.key_block_length = 0;
 }