From: jsing <jsing@openbsd.org>
Date: Fri, 14 Apr 2017 15:26:53 +0000 (+0000)
Subject: Use freezero(3) to clean up the X25519 keys - simpler, cleaner code.
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=851fcc3f1baafa65b57ff4b8e79ceb7acb4d2f14;p=openbsd

Use freezero(3) to clean up the X25519 keys - simpler, cleaner code.
---

diff --git a/lib/libssl/ssl_srvr.c b/lib/libssl/ssl_srvr.c
index aae72759981..31b869e5524 100644
--- a/lib/libssl/ssl_srvr.c
+++ b/lib/libssl/ssl_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_srvr.c,v 1.12 2017/04/14 15:19:39 jsing Exp $ */
+/* $OpenBSD: ssl_srvr.c,v 1.13 2017/04/14 15:26:53 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1989,8 +1989,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, unsigned char *p, long n)
 	if (!X25519(shared_key, S3I(s)->tmp.x25519, CBS_data(&ecpoint)))
 		goto err;
 
-	explicit_bzero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
-	free(S3I(s)->tmp.x25519);
+	freezero(S3I(s)->tmp.x25519, X25519_KEY_LENGTH);
 	S3I(s)->tmp.x25519 = NULL;
 
 	s->session->master_key_length =
@@ -2000,9 +1999,7 @@ ssl3_get_client_kex_ecdhe_ecx(SSL *s, unsigned char *p, long n)
 	ret = 1;
 
  err:
-	if (shared_key != NULL)
-		explicit_bzero(shared_key, X25519_KEY_LENGTH);
-	free(shared_key);
+	freezero(shared_key, X25519_KEY_LENGTH);
 
 	return (ret);
 }