X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=ssl%2Fs3_enc.c;h=dd93e251ae727fc4139f2d3224c873e06bcb1ef5;hb=b8b12aadd8edfd3bd327157c8899b1cf3403177f;hp=df86f5b9f38e8e408bb830e2c6c6a68ea29d8f44;hpb=4b45c6e52b208deff7da333d1c7f84bcd3986609;p=oweals%2Fopenssl.git

diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index df86f5b9f3..dd93e251ae 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -206,7 +206,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 
         km += MD5_DIGEST_LENGTH;
     }
-    OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH);
+    OPENSSL_cleanse(smd, sizeof(smd));
     EVP_MD_CTX_cleanup(&m5);
     EVP_MD_CTX_cleanup(&s1);
     return 1;
@@ -244,7 +244,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
         if (s->enc_read_ctx != NULL)
             reuse_dd = 1;
         else if ((s->enc_read_ctx =
-                  OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+                  OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL)
             goto err;
         else
             /*
@@ -259,10 +259,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
         }
 #ifndef OPENSSL_NO_COMP
         /* COMPRESS */
-        if (s->expand != NULL) {
-            COMP_CTX_free(s->expand);
-            s->expand = NULL;
-        }
+        COMP_CTX_free(s->expand);
+        s->expand = NULL;
         if (comp != NULL) {
             s->expand = COMP_CTX_new(comp);
             if (s->expand == NULL) {
@@ -280,7 +278,7 @@ int ssl3_change_cipher_state(SSL *s, int which)
         if (s->enc_write_ctx != NULL)
             reuse_dd = 1;
         else if ((s->enc_write_ctx =
-                  OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+                  OPENSSL_malloc(sizeof(*s->enc_write_ctx))) == NULL)
             goto err;
         else
             /*
@@ -294,10 +292,8 @@ int ssl3_change_cipher_state(SSL *s, int which)
         }
 #ifndef OPENSSL_NO_COMP
         /* COMPRESS */
-        if (s->compress != NULL) {
-            COMP_CTX_free(s->compress);
-            s->compress = NULL;
-        }
+        COMP_CTX_free(s->compress);
+        s->compress = NULL;
         if (comp != NULL) {
             s->compress = COMP_CTX_new(comp);
             if (s->compress == NULL) {
@@ -392,13 +388,15 @@ int ssl3_change_cipher_state(SSL *s, int which)
     }
 #endif
 
-    OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key));
-    OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv));
+    OPENSSL_cleanse(exp_key, sizeof(exp_key));
+    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     EVP_MD_CTX_cleanup(&md);
     return (1);
  err:
     SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
  err2:
+    OPENSSL_cleanse(exp_key, sizeof(exp_key));
+    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     return (0);
 }
 
@@ -523,12 +521,13 @@ int ssl3_digest_cached_records(SSL *s)
     /* Allocate handshake_dgst array */
     ssl3_free_digest_list(s);
     s->s3->handshake_dgst =
-        OPENSSL_malloc(SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
+        OPENSSL_malloc(sizeof(*s->s3->handshake_dgst) * SSL_MAX_DIGEST);
     if (s->s3->handshake_dgst == NULL) {
         SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    memset(s->s3->handshake_dgst, 0, SSL_MAX_DIGEST * sizeof(EVP_MD_CTX *));
+    memset(s->s3->handshake_dgst, 0,
+           sizeof(*s->s3->handshake_dgst) * SSL_MAX_DIGEST);
     hdatalen = BIO_get_mem_data(s->s3->handshake_buffer, &hdata);
     if (hdatalen <= 0) {
         SSLerr(SSL_F_SSL3_DIGEST_CACHED_RECORDS, SSL_R_BAD_HANDSHAKE_LENGTH);
@@ -690,7 +689,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                         s, s->msg_callback_arg);
     }
 #endif
-    OPENSSL_cleanse(buf, sizeof buf);
+    OPENSSL_cleanse(buf, sizeof(buf));
     return (ret);
 }