Index: head/sys/crypto/aesni/aesni.c
===================================================================
--- head/sys/crypto/aesni/aesni.c
+++ head/sys/crypto/aesni/aesni.c
@@ -808,18 +808,12 @@
crp->crp_payload_length, outbuf);
out:
- if (allocated) {
- explicit_bzero(buf, crp->crp_payload_length);
- free(buf, M_AESNI);
- }
- if (authallocated) {
- explicit_bzero(authbuf, crp->crp_aad_length);
- free(authbuf, M_AESNI);
- }
- if (outallocated) {
- explicit_bzero(outbuf, crp->crp_payload_length);
- free(outbuf, M_AESNI);
- }
+ if (allocated)
+ zfree(buf, M_AESNI);
+ if (authallocated)
+ zfree(authbuf, M_AESNI);
+ if (outallocated)
+ zfree(outbuf, M_AESNI);
explicit_bzero(iv, sizeof(iv));
explicit_bzero(tag, sizeof(tag));
return (error);
Index: head/sys/crypto/via/padlock_cipher.c
===================================================================
--- head/sys/crypto/via/padlock_cipher.c
+++ head/sys/crypto/via/padlock_cipher.c
@@ -234,8 +234,7 @@
crypto_copyback(crp, crp->crp_payload_start,
crp->crp_payload_length, abuf);
- explicit_bzero(buf, crp->crp_payload_length + 16);
- free(buf, M_PADLOCK);
+ zfree(buf, M_PADLOCK);
}
return (0);
}
Index: head/sys/dev/cxgbe/crypto/t4_kern_tls.c
===================================================================
--- head/sys/dev/cxgbe/crypto/t4_kern_tls.c
+++ head/sys/dev/cxgbe/crypto/t4_kern_tls.c
@@ -2337,8 +2337,7 @@
if (tlsp->tx_key_addr >= 0)
free_keyid(tlsp, tlsp->tx_key_addr);
- explicit_bzero(&tlsp->keyctx, sizeof(&tlsp->keyctx));
- free(tlsp, M_CXGBE);
+ zfree(tlsp, M_CXGBE);
}
void
Index: head/sys/dev/random/randomdev.c
===================================================================
--- head/sys/dev/random/randomdev.c
+++ head/sys/dev/random/randomdev.c
@@ -241,8 +241,7 @@
if (error == ERESTART || error == EINTR)
error = 0;
- explicit_bzero(random_buf, bufsize);
- free(random_buf, M_ENTROPY);
+ zfree(random_buf, M_ENTROPY);
return (error);
}
Index: head/sys/geom/eli/g_eli.c
===================================================================
--- head/sys/geom/eli/g_eli.c
+++ head/sys/geom/eli/g_eli.c
@@ -388,10 +388,7 @@
}
iofail:
explicit_bzero(&md, sizeof(md));
- if (sector != NULL) {
- explicit_bzero(sector, pp->sectorsize);
- free(sector, M_ELI);
- }
+ zfree(sector, M_ELI);
}
oldsize = sc->sc_mediasize;
Index: head/sys/geom/eli/g_eli_ctl.c
===================================================================
--- head/sys/geom/eli/g_eli_ctl.c
+++ head/sys/geom/eli/g_eli_ctl.c
@@ -655,8 +655,7 @@
prov, error);
}
explicit_bzero(&md, sizeof(md));
- explicit_bzero(sector, pp->sectorsize);
- free(sector, M_ELI);
+ zfree(sector, M_ELI);
}
}
@@ -759,8 +758,7 @@
explicit_bzero(&md, sizeof(md));
error = g_write_data(cp, pp->mediasize - pp->sectorsize, sector,
pp->sectorsize);
- explicit_bzero(sector, pp->sectorsize);
- free(sector, M_ELI);
+ zfree(sector, M_ELI);
if (error != 0) {
gctl_error(req, "Cannot store metadata on %s (error=%d).",
pp->name, error);
@@ -875,8 +873,7 @@
(void)g_io_flush(cp);
}
explicit_bzero(&md, sizeof(md));
- explicit_bzero(sector, pp->sectorsize);
- free(sector, M_ELI);
+ zfree(sector, M_ELI);
if (*all)
G_ELI_DEBUG(1, "All keys removed from %s.", pp->name);
else
Index: head/sys/geom/eli/g_eli_key_cache.c
===================================================================
--- head/sys/geom/eli/g_eli_key_cache.c
+++ head/sys/geom/eli/g_eli_key_cache.c
@@ -118,8 +118,7 @@
keysearch.gek_keyno = keyno;
ekey = RB_FIND(g_eli_key_tree, &sc->sc_ekeys_tree, &keysearch);
if (ekey != NULL) {
- explicit_bzero(key, sizeof(*key));
- free(key, M_ELI);
+ zfree(key, M_ELI);
key = ekey;
TAILQ_REMOVE(&sc->sc_ekeys_queue, key, gek_next);
} else {
@@ -175,8 +174,7 @@
RB_REMOVE(g_eli_key_tree, &sc->sc_ekeys_tree, key);
TAILQ_REMOVE(&sc->sc_ekeys_queue, key, gek_next);
sc->sc_ekeys_allocated--;
- explicit_bzero(key, sizeof(*key));
- free(key, M_ELI);
+ zfree(key, M_ELI);
}
void
Index: head/sys/geom/geom_dev.c
===================================================================
--- head/sys/geom/geom_dev.c
+++ head/sys/geom/geom_dev.c
@@ -614,10 +614,7 @@
kda->kda_encryptedkey = encryptedkey;
error = g_dev_setdumpdev(dev, kda);
}
- if (encryptedkey != NULL) {
- explicit_bzero(encryptedkey, kda->kda_encryptedkeysize);
- free(encryptedkey, M_TEMP);
- }
+ zfree(encryptedkey, M_TEMP);
explicit_bzero(kda, sizeof(*kda));
break;
}
Index: head/sys/kern/kern_environment.c
===================================================================
--- head/sys/kern/kern_environment.c
+++ head/sys/kern/kern_environment.c
@@ -607,8 +607,7 @@
kenvp[i++] = kenvp[j];
kenvp[i] = NULL;
mtx_unlock(&kenv_lock);
- explicit_bzero(oldenv, strlen(oldenv));
- free(oldenv, M_KENV);
+ zfree(oldenv, M_KENV);
return (0);
}
mtx_unlock(&kenv_lock);
Index: head/sys/kern/kern_shutdown.c
===================================================================
--- head/sys/kern/kern_shutdown.c
+++ head/sys/kern/kern_shutdown.c
@@ -1058,8 +1058,7 @@
return (kdc);
failed:
- explicit_bzero(kdc, sizeof(*kdc) + dumpkeysize);
- free(kdc, M_EKCD);
+ zfree(kdc, M_EKCD);
return (NULL);
}
@@ -1156,8 +1155,7 @@
if (kdcomp == NULL)
return;
compressor_fini(kdcomp->kdc_stream);
- explicit_bzero(kdcomp->kdc_buf, di->maxiosize);
- free(kdcomp->kdc_buf, M_DUMPER);
+ zfree(kdcomp->kdc_buf, M_DUMPER);
free(kdcomp, M_DUMPER);
}
@@ -1171,23 +1169,14 @@
if (di == NULL)
return;
- if (di->blockbuf != NULL) {
- explicit_bzero(di->blockbuf, di->blocksize);
- free(di->blockbuf, M_DUMPER);
- }
+ zfree(di->blockbuf, M_DUMPER);
kerneldumpcomp_destroy(di);
#ifdef EKCD
- if (di->kdcrypto != NULL) {
- explicit_bzero(di->kdcrypto, sizeof(*di->kdcrypto) +
- di->kdcrypto->kdc_dumpkeysize);
- free(di->kdcrypto, M_EKCD);
- }
+ zfree(di->kdcrypto, M_EKCD);
#endif
-
- explicit_bzero(di, sizeof(*di));
- free(di, M_DUMPER);
+ zfree(di, M_DUMPER);
}
/* Registration of dumpers */
Index: head/sys/kern/uipc_ktls.c
===================================================================
--- head/sys/kern/uipc_ktls.c
+++ head/sys/kern/uipc_ktls.c
@@ -682,15 +682,12 @@
#endif
}
if (tls->params.auth_key != NULL) {
- explicit_bzero(tls->params.auth_key, tls->params.auth_key_len);
- free(tls->params.auth_key, M_KTLS);
+ zfree(tls->params.auth_key, M_KTLS);
tls->params.auth_key = NULL;
tls->params.auth_key_len = 0;
}
if (tls->params.cipher_key != NULL) {
- explicit_bzero(tls->params.cipher_key,
- tls->params.cipher_key_len);
- free(tls->params.cipher_key, M_KTLS);
+ zfree(tls->params.cipher_key, M_KTLS);
tls->params.cipher_key = NULL;
tls->params.cipher_key_len = 0;
}
Index: head/sys/netinet/netdump/netdump_client.c
===================================================================
--- head/sys/netinet/netdump/netdump_client.c
+++ head/sys/netinet/netdump/netdump_client.c
@@ -642,11 +642,7 @@
dumper.mediasize = 0;
error = dumper_insert(&dumper, conf->kda_iface, conf);
- if (encryptedkey != NULL) {
- explicit_bzero(encryptedkey,
- conf->kda_encryptedkeysize);
- free(encryptedkey, M_TEMP);
- }
+ zfree(encryptedkey, M_TEMP);
if (error != 0)
netdump_unconfigure();
break;
Index: head/sys/opencrypto/crypto.c
===================================================================
--- head/sys/opencrypto/crypto.c
+++ head/sys/opencrypto/crypto.c
@@ -897,8 +897,7 @@
cap = cses->cap;
- explicit_bzero(cses->softc, cap->cc_session_size);
- free(cses->softc, M_CRYPTO_DATA);
+ zfree(cses->softc, M_CRYPTO_DATA);
uma_zfree(cryptoses_zone, cses);
CRYPTO_DRIVER_LOCK();
Index: head/sys/opencrypto/cryptosoft.c
===================================================================
--- head/sys/opencrypto/cryptosoft.c
+++ head/sys/opencrypto/cryptosoft.c
@@ -1428,27 +1428,14 @@
swcr_freesession(device_t dev, crypto_session_t cses)
{
struct swcr_session *ses;
- struct swcr_auth *swa;
- struct auth_hash *axf;
ses = crypto_get_driver_session(cses);
mtx_destroy(&ses->swcr_lock);
zfree(ses->swcr_encdec.sw_kschedule, M_CRYPTO_DATA);
-
- axf = ses->swcr_auth.sw_axf;
- if (axf != NULL) {
- swa = &ses->swcr_auth;
- if (swa->sw_ictx != NULL) {
- explicit_bzero(swa->sw_ictx, axf->ctxsize);
- free(swa->sw_ictx, M_CRYPTO_DATA);
- }
- if (swa->sw_octx != NULL) {
- explicit_bzero(swa->sw_octx, axf->ctxsize);
- free(swa->sw_octx, M_CRYPTO_DATA);
- }
- }
+ zfree(ses->swcr_auth.sw_ictx, M_CRYPTO_DATA);
+ zfree(ses->swcr_auth.sw_octx, M_CRYPTO_DATA);
}
/*
Index: head/sys/opencrypto/ktls_ocf.c
===================================================================
--- head/sys/opencrypto/ktls_ocf.c
+++ head/sys/opencrypto/ktls_ocf.c
@@ -343,8 +343,7 @@
os = tls->cipher;
crypto_freesession(os->sid);
mtx_destroy(&os->lock);
- explicit_bzero(os, sizeof(*os));
- free(os, M_KTLS_OCF);
+ zfree(os, M_KTLS_OCF);
}
static int