From b6404b0d5e5e7396596c7f53624fa46646e044a4 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Tue, 9 Jul 2024 16:30:28 +0000
Subject: [PATCH] OPENSSL_cleanse() -> explicit_bzero()

---
 lib/libcrypto/kdf/tls1_prf.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/libcrypto/kdf/tls1_prf.c b/lib/libcrypto/kdf/tls1_prf.c
index d08c32d270a..dae42b684f9 100644
--- a/lib/libcrypto/kdf/tls1_prf.c
+++ b/lib/libcrypto/kdf/tls1_prf.c
@@ -50,7 +50,7 @@ static void pkey_tls1_prf_cleanup(EVP_PKEY_CTX *ctx)
 {
     TLS1_PRF_PKEY_CTX *kctx = ctx->data;
     freezero(kctx->sec, kctx->seclen);
-    OPENSSL_cleanse(kctx->seed, kctx->seedlen);
+    explicit_bzero(kctx->seed, kctx->seedlen);
     OPENSSL_free(kctx);
 }
 
@@ -67,7 +67,7 @@ static int pkey_tls1_prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
             return 0;
         if (kctx->sec != NULL)
             freezero(kctx->sec, kctx->seclen);
-        OPENSSL_cleanse(kctx->seed, kctx->seedlen);
+        explicit_bzero(kctx->seed, kctx->seedlen);
         kctx->seedlen = 0;
         kctx->sec = OPENSSL_memdup(p2, p1);
         if (kctx->sec == NULL)
@@ -240,7 +240,7 @@ static int tls1_prf_P_hash(const EVP_MD *md,
     EVP_MD_CTX_free(ctx);
     EVP_MD_CTX_free(ctx_tmp);
     EVP_MD_CTX_free(ctx_init);
-    OPENSSL_cleanse(A1, sizeof(A1));
+    explicit_bzero(A1, sizeof(A1));
     return ret;
 }
 
-- 
2.20.1