clear/cleanse cleanup

Where we called openssl_cleanse, make sure we do it on all error
paths.  Be consistent in use of sizeof(foo) when possible.

Reviewed-by: Andy Polyakov <appro@openssl.org>

ssl/s3_enc.c

@@ -206,7 +206,7 @@ static int ssl3_generate_key_block(SSL *s, unsigned char *km, int num)
 
         km += MD5_DIGEST_LENGTH;
     }
-    OPENSSL_cleanse(smd, SHA_DIGEST_LENGTH);
+    OPENSSL_cleanse(smd, sizeof(smd));
     EVP_MD_CTX_cleanup(&m5);
     EVP_MD_CTX_cleanup(&s1);
     return 1;
@@ -388,13 +388,15 @@ int ssl3_change_cipher_state(SSL *s, int which)
     }
 #endif
 
-    OPENSSL_cleanse(&(exp_key[0]), sizeof(exp_key));
-    OPENSSL_cleanse(&(exp_iv[0]), sizeof(exp_iv));
+    OPENSSL_cleanse(exp_key, sizeof(exp_key));
+    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     EVP_MD_CTX_cleanup(&md);
     return (1);
  err:
     SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
  err2:
+    OPENSSL_cleanse(exp_key, sizeof(exp_key));
+    OPENSSL_cleanse(exp_iv, sizeof(exp_iv));
     return (0);
 }
 
@@ -687,7 +689,7 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
                         s, s->msg_callback_arg);
     }
 #endif
-    OPENSSL_cleanse(buf, sizeof buf);
+    OPENSSL_cleanse(buf, sizeof(buf));
     return (ret);
 }
 

ssl/s3_srvr.c

@@ -2238,7 +2238,6 @@ int ssl3_get_client_key_exchange(SSL *s)
     BIGNUM *pub = NULL;
     DH *dh_srvr, *dh_clnt = NULL;
 #endif
-
 #ifndef OPENSSL_NO_EC
     EC_KEY *srvr_ecdh = NULL;
     EVP_PKEY *clnt_pub_pkey = NULL;
@@ -2676,7 +2675,7 @@ int ssl3_get_client_key_exchange(SSL *s)
         psk_len = s->psk_server_callback(s, tmp_id,
                                          psk_or_pre_ms,
                                          sizeof(psk_or_pre_ms));
-        OPENSSL_cleanse(tmp_id, PSK_MAX_IDENTITY_LEN + 1);
+        OPENSSL_cleanse(tmp_id, sizeof(tmp_id));
 
         if (psk_len > PSK_MAX_PSK_LEN) {
             SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);

ssl/t1_enc.c

@@ -563,6 +563,10 @@ int tls1_change_cipher_state(SSL *s, int which)
  err:
     SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE, ERR_R_MALLOC_FAILURE);
  err2:
+    OPENSSL_cleanse(tmp1, sizeof(tmp1));
+    OPENSSL_cleanse(tmp2, sizeof(tmp1));
+    OPENSSL_cleanse(iv1, sizeof(iv1));
+    OPENSSL_cleanse(iv2, sizeof(iv2));
     return (0);
 }
 
@@ -721,7 +725,7 @@ int tls1_final_finish_mac(SSL *s, const char *str, int slen,
         return 0;
     OPENSSL_cleanse(hash, hashlen);
     OPENSSL_cleanse(buf2, sizeof(buf2));
-    return sizeof buf2;
+    return sizeof(buf2);
 }
 
 int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p,
@@ -871,8 +875,6 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
                   NULL, 0,
                   s->session->master_key, s->session->master_key_length,
                   out, buff, olen);
-    OPENSSL_cleanse(val, vallen);
-    OPENSSL_cleanse(buff, olen);
 
     goto ret;
  err1:
@@ -884,8 +886,8 @@ int tls1_export_keying_material(SSL *s, unsigned char *out, size_t olen,
     SSLerr(SSL_F_TLS1_EXPORT_KEYING_MATERIAL, ERR_R_MALLOC_FAILURE);
     rv = 0;
  ret:
-    OPENSSL_free(buff);
-    OPENSSL_free(val);
+    CRYPTO_clear_free(val, vallen);
+    CRYPTO_clear_free(buff, olen);
     return (rv);
 }