upstream: change explicit_bzero();free() to freezero()

While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.

ok deraadt@ djm@

OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a

1 files changed, 7 insertions, 13 deletions

diff --git a/ssh-xmss.c b/ssh-xmss.c
index 4c734fd7d..ccd4c7600 100644
--- a/ssh-xmss.c
+++ b/ssh-xmss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-xmss.c,v 1.1 2018/02/23 15:58:38 markus Exp $*/
+/* $OpenBSD: ssh-xmss.c,v 1.2 2020/02/26 13:40:09 jsg Exp $*/
 /*
  * Copyright (c) 2017 Stefan-Lukas Gazdag.
  * Copyright (c) 2017 Markus Friedl.
@@ -103,10 +103,8 @@ ssh_xmss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
                 r = ret;
         }
         sshbuf_free(b);
-        if (sig != NULL) {
-                explicit_bzero(sig, slen);
-                free(sig);
-        }
+        if (sig != NULL)
+                freezero(sig, slen);
 
         return r;
 }
@@ -177,14 +175,10 @@ ssh_xmss_verify(const struct sshkey *key,
         /* success */
         r = 0;
  out:
-        if (sm != NULL) {
-                explicit_bzero(sm, smlen);
-                free(sm);
-        }
-        if (m != NULL) {
-                explicit_bzero(m, smlen); /* NB mlen may be invalid if r != 0 */
-                free(m);
-        }
+        if (sm != NULL)
+                freezero(sm, smlen);
+        if (m != NULL)
+                freezero(m, smlen);
         sshbuf_free(b);
         free(ktype);
         return r;