From 870695e1c1d80c9783b291994962c5895d2bfbe1 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 9 Jul 2024 17:29:51 +0000
Subject: [PATCH] Replace explicit_bzero() plus free() with freezero()

This is simpler, if slightly more expensive
---
 lib/libcrypto/kdf/tls1_prf.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/libcrypto/kdf/tls1_prf.c b/lib/libcrypto/kdf/tls1_prf.c
index ab21644d7a4..7f6939addad 100644
--- a/lib/libcrypto/kdf/tls1_prf.c
+++ b/lib/libcrypto/kdf/tls1_prf.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls1_prf.c,v 1.32 2024/07/09 17:05:46 tb Exp $ */
+/*	$OpenBSD: tls1_prf.c,v 1.33 2024/07/09 17:29:51 tb Exp $ */
 /*
  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
  * 2016.
@@ -97,8 +97,7 @@ pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
 	struct tls1_prf_ctx *kctx = ctx->data;
 
 	freezero(kctx->secret, kctx->secret_len);
-	explicit_bzero(kctx->seed, kctx->seed_len);
-	free(kctx);
+	freezero(kctx, sizeof(*kctx));
 }
 
 static int
-- 
2.20.1