From 8f2be08bb3450546a0413c2e8cd4b1a35d4a494b Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Mon, 10 Apr 2017 17:27:33 +0000
Subject: [PATCH] Use freezero() for the internal opaque structures, instead of
 the current explicit_bzero()/free(). Less code and potentially less overhead.

---
 lib/libssl/d1_lib.c   | 9 +++------
 lib/libssl/s3_lib.c   | 9 +++------
 lib/libssl/ssl_sess.c | 9 +++------
 3 files changed, 9 insertions(+), 18 deletions(-)

diff --git a/lib/libssl/d1_lib.c b/lib/libssl/d1_lib.c
index 8092d56a4c8..7e919a6c9bb 100644
--- a/lib/libssl/d1_lib.c
+++ b/lib/libssl/d1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_lib.c,v 1.41 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: d1_lib.c,v 1.42 2017/04/10 17:27:33 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -191,11 +191,8 @@ dtls1_free(SSL *s)
 	pqueue_free(s->d1->sent_messages);
 	pqueue_free(D1I(s)->buffered_app_data.q);
 
-	explicit_bzero(s->d1->internal, sizeof(*s->d1->internal));
-	free(s->d1->internal);
-
-	explicit_bzero(s->d1, sizeof(*s->d1));
-	free(s->d1);
+	freezero(s->d1->internal, sizeof(*s->d1->internal));
+	freezero(s->d1, sizeof(*s->d1));
 
 	s->d1 = NULL;
 }
diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index 1fd077ec6e1..d4142e743fc 100644
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.139 2017/04/10 17:25:22 jsing Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.140 2017/04/10 17:27:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1844,11 +1844,8 @@ ssl3_free(SSL *s)
 
 	free(S3I(s)->alpn_selected);
 
-	explicit_bzero(S3I(s), sizeof(*S3I(s)));
-	free(S3I(s));
-
-	explicit_bzero(s->s3, sizeof(*s->s3));
-	free(s->s3);
+	freezero(S3I(s), sizeof(*S3I(s)));
+	freezero(s->s3, sizeof(*s->s3));
 
 	s->s3 = NULL;
 }
diff --git a/lib/libssl/ssl_sess.c b/lib/libssl/ssl_sess.c
index 5d80e581962..59d7d9ec24f 100644
--- a/lib/libssl/ssl_sess.c
+++ b/lib/libssl/ssl_sess.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_sess.c,v 1.70 2017/02/07 02:08:38 beck Exp $ */
+/* $OpenBSD: ssl_sess.c,v 1.71 2017/04/10 17:27:33 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -705,11 +705,8 @@ SSL_SESSION_free(SSL_SESSION *ss)
 	free(ss->internal->tlsext_ecpointformatlist);
 	free(ss->internal->tlsext_supportedgroups);
 
-	explicit_bzero(ss->internal, sizeof(*ss->internal));
-	free(ss->internal);
-
-	explicit_bzero(ss, sizeof(*ss));
-	free(ss);
+	freezero(ss->internal, sizeof(*ss->internal));
+	freezero(ss, sizeof(*ss));
 }
 
 int
-- 
2.20.1