From d5ba1c03278eb079438bb038266d80d7477d49cb Mon Sep 17 00:00:00 2001
From: "jsg@openbsd.org" <jsg@openbsd.org>
Date: Wed, 26 Feb 2020 13:40:09 +0000
Subject: upstream: change explicit_bzero();free() to freezero()

While freezero() returns early if the pointer is NULL the tests for
NULL in callers are left to avoid warnings about passing an
uninitialised size argument across a function boundry.

ok deraadt@ djm@

OpenBSD-Commit-ID: 2660fa334fcc7cd05ec74dd99cb036f9ade6384a
---
 ssh-dss.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

(limited to 'ssh-dss.c')

diff --git a/ssh-dss.c b/ssh-dss.c
index a23c383dc..fddc29cc9 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-dss.c,v 1.37 2018/02/07 02:06:51 jsing Exp $ */
+/* $OpenBSD: ssh-dss.c,v 1.39 2020/02/26 13:40:09 jsg Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -200,10 +200,8 @@ ssh_dss_verify(const struct sshkey *key,
 	BN_clear_free(sig_s);
 	sshbuf_free(b);
 	free(ktype);
-	if (sigblob != NULL) {
-		explicit_bzero(sigblob, len);
-		free(sigblob);
-	}
+	if (sigblob != NULL)
+		freezero(sigblob, len);
 	return ret;
 }
 #endif /* WITH_OPENSSL */
-- 
cgit v1.2.3