Hi, This converts explicit_bzero+free to freezero on smtpd(8).
OK? Index: ca.c =================================================================== RCS file: /cvs/src/usr.sbin/smtpd/ca.c,v retrieving revision 1.26 diff -u -p -u -r1.26 ca.c --- ca.c 9 Jan 2017 09:53:23 -0000 1.26 +++ ca.c 11 May 2017 10:16:47 -0000 @@ -142,8 +142,7 @@ ca_init(void) pki->pki_pkey = pkey; - explicit_bzero(pki->pki_key, pki->pki_key_len); - free(pki->pki_key); + freezero(pki->pki_key, pki->pki_key_len); pki->pki_key = NULL; } } Index: config.c =================================================================== RCS file: /cvs/src/usr.sbin/smtpd/config.c,v retrieving revision 1.37 diff -u -p -u -r1.37 config.c --- config.c 1 Sep 2016 10:54:25 -0000 1.37 +++ config.c 11 May 2017 10:16:48 -0000 @@ -70,12 +70,8 @@ purge_config(uint8_t what) } if (what & PURGE_PKI) { while (dict_poproot(env->sc_pki_dict, (void **)&p)) { - explicit_bzero(p->pki_cert, p->pki_cert_len); - free(p->pki_cert); - if (p->pki_key) { - explicit_bzero(p->pki_key, p->pki_key_len); - free(p->pki_key); - } + freezero(p->pki_cert, p->pki_cert_len); + freezero(p->pki_key, p->pki_key_len); if (p->pki_pkey) EVP_PKEY_free(p->pki_pkey); free(p); @@ -86,14 +82,10 @@ purge_config(uint8_t what) iter_dict = NULL; while (dict_iter(env->sc_pki_dict, &iter_dict, &k, (void **)&p)) { - explicit_bzero(p->pki_cert, p->pki_cert_len); - free(p->pki_cert); + freezero(p->pki_cert, p->pki_cert_len); p->pki_cert = NULL; - if (p->pki_key) { - explicit_bzero(p->pki_key, p->pki_key_len); - free(p->pki_key); - p->pki_key = NULL; - } + freezero(p->pki_key, p->pki_key_len); + p->pki_key = NULL; if (p->pki_pkey) EVP_PKEY_free(p->pki_pkey); p->pki_pkey = NULL; Index: mta_session.c =================================================================== RCS file: /cvs/src/usr.sbin/smtpd/mta_session.c,v retrieving revision 1.96 diff -u -p -u -r1.96 mta_session.c --- mta_session.c 30 Nov 2016 17:43:32 -0000 1.96 +++ mta_session.c 11 May 2017 10:16:50 -0000 @@ -341,8 +341,7 @@ mta_session_imsg(struct mproc *p, struct fatal("mta: ssl_mta_init"); io_start_tls(s->io, ssl); - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len); - free(resp_ca_cert->cert); + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len); free(resp_ca_cert); return; Index: smtp_session.c =================================================================== RCS file: /cvs/src/usr.sbin/smtpd/smtp_session.c,v retrieving revision 1.302 diff -u -p -u -r1.302 smtp_session.c --- smtp_session.c 30 Nov 2016 17:43:32 -0000 1.302 +++ smtp_session.c 11 May 2017 10:16:54 -0000 @@ -962,8 +962,7 @@ smtp_session_imsg(struct mproc *p, struc io_set_read(s->io); io_start_tls(s->io, ssl); - explicit_bzero(resp_ca_cert->cert, resp_ca_cert->cert_len); - free(resp_ca_cert->cert); + freezero(resp_ca_cert->cert, resp_ca_cert->cert_len); free(resp_ca_cert); return;