OPENSSL_clear_free() -> freezero()

diff --git a/lib/libcrypto/kdf/tls1_prf.c b/lib/libcrypto/kdf/tls1_prf.c
index 6d3d49c..d08c32d 100644 (file)
--- a/lib/libcrypto/kdf/tls1_prf.c
+++ b/lib/libcrypto/kdf/tls1_prf.c
@@ -49,7 +49,7 @@ static int pkey_tls1_prf_init(EVP_PKEY_CTX *ctx)
 static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
 {
     TLS1_PRF_PKEY_CTX *kctx = ctx->data;
-    OPENSSL_clear_free(kctx->sec, kctx->seclen);
+    freezero(kctx->sec, kctx->seclen);
     OPENSSL_cleanse(kctx->seed, kctx->seedlen);
     OPENSSL_free(kctx);
 }
@@ -66,7 +66,7 @@ static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         if (p1 < 0)
             return 0;
         if (kctx->sec != NULL)
-            OPENSSL_clear_free(kctx->sec, kctx->seclen);
+            freezero(kctx->sec, kctx->seclen);
         OPENSSL_cleanse(kctx->seed, kctx->seedlen);
         kctx->seedlen = 0;
         kctx->sec = OPENSSL_memdup(p2, p1);
@@ -263,12 +263,12 @@ static int tls1_prf_alg(const EVP_MD *md,
         }
         if (!tls1_prf_P_hash(EVP_sha1(), sec + slen/2, slen/2 + (slen & 1),
                          seed, seed_len, tmp, olen)) {
-            OPENSSL_clear_free(tmp, olen);
+            freezero(tmp, olen);
             return 0;
         }
         for (i = 0; i < olen; i++)
             out[i] ^= tmp[i];
-        OPENSSL_clear_free(tmp, olen);
+        freezero(tmp, olen);
         return 1;
     }
     if (!tls1_prf_P_hash(md, sec, slen, seed, seed_len, out, olen))