From 2a6b7f1d923175ad963c8dfa5a8eae46ddf6705a Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Fri, 14 Apr 2017 15:20:55 +0000
Subject: [PATCH] Use freezero(3) in the CBB clean up path, since this could
 hold sensitive information (such as master keys).

---
 lib/libssl/bs_cbb.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/libssl/bs_cbb.c b/lib/libssl/bs_cbb.c
index a84299f8a20..154a7964e6d 100644
--- a/lib/libssl/bs_cbb.c
+++ b/lib/libssl/bs_cbb.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: bs_cbb.c,v 1.14 2017/03/10 15:16:20 jsing Exp $	*/
+/*	$OpenBSD: bs_cbb.c,v 1.15 2017/04/14 15:20:55 jsing Exp $	*/
 /*
  * Copyright (c) 2014, Google Inc.
  *
@@ -80,8 +80,7 @@ CBB_cleanup(CBB *cbb)
 {
 	if (cbb->base) {
 		if (cbb->base->can_resize)
-			free(cbb->base->buf);
-
+			freezero(cbb->base->buf, cbb->base->cap);
 		free(cbb->base);
 	}
 	cbb->base = NULL;
-- 
2.20.1