From 84cf321c3f89227084683b36ac8da406996da9da Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Mon, 10 Apr 2017 16:47:08 +0000
Subject: [PATCH] Use freezero() for i2d_SSL_SESSION() - one line of code
 instead of three. In this case the memory allocated can also be significant,
 in which case freezero() will have less overhead than explicit_bzero()
 (munmap instead of touching all of the memory to write zeros).

---
 lib/libssl/ssl_asn1.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c
index 4014bf6fe66..5110ca3cc81 100644
--- a/lib/libssl/ssl_asn1.c
+++ b/lib/libssl/ssl_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_asn1.c,v 1.49 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.50 2017/04/10 16:47:08 jsing Exp $ */
 
 /*
  * Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
@@ -205,12 +205,9 @@ i2d_SSL_SESSION(SSL_SESSION *s, unsigned char **pp)
 	rv = (int)data_len;
 
  err:
-	if (data != NULL)
-		explicit_bzero(data, data_len);
-
 	CBB_cleanup(&session);
+	freezero(data, data_len);
 	free(peer_cert_bytes);
-	free(data);
 
 	return rv;
 }
-- 
2.20.1