Use safer sizeof variant in malloc

For a local variable:
        TYPE *p;
Allocations like this are "risky":
        p = OPENSSL_malloc(sizeof(TYPE));
if the type of p changes, and the malloc call isn't updated, you
could get memory corruption.  Instead do this:
        p = OPENSSL_malloc(sizeof(*p));
Also fixed a few memset() calls that I noticed while doing this.

Reviewed-by: Richard Levitte <levitte@openssl.org>
diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index 284d3ad..18e7074 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -101,9 +101,8 @@
 
 static int ssl_new(BIO *bi)
 {
-    BIO_SSL *bs;
+    BIO_SSL *bs = OPENSSL_malloc(sizeof(*bs));
 
-    bs = OPENSSL_malloc(sizeof(BIO_SSL));
     if (bs == NULL) {
         BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
         return (0);
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index 3af3ba1..65a3a18 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -170,7 +170,7 @@
     unsigned char *buf = NULL;
     unsigned char *bitmask = NULL;
 
-    frag = OPENSSL_malloc(sizeof(hm_fragment));
+    frag = OPENSSL_malloc(sizeof(*frag));
     if (frag == NULL)
         return NULL;
 
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index 81d532c..3441fc5 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -136,11 +136,11 @@
     
     if (!ssl3_new(s))
         return (0);
-    if ((d1 = OPENSSL_malloc(sizeof *d1)) == NULL) {
+    if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL) {
         ssl3_free(s);
         return (0);
     }
-    memset(d1, 0, sizeof *d1);
+    memset(d1, 0, sizeof(*d1));
 
     d1->buffered_messages = pqueue_new();
     d1->sent_messages = pqueue_new();
diff --git a/ssl/record/rec_layer_d1.c b/ssl/record/rec_layer_d1.c
index a484c97..2635894 100644
--- a/ssl/record/rec_layer_d1.c
+++ b/ssl/record/rec_layer_d1.c
@@ -127,9 +127,8 @@
 {
     DTLS_RECORD_LAYER *d;
     
-    if ((d = OPENSSL_malloc(sizeof *d)) == NULL) {
+    if ((d = OPENSSL_malloc(sizeof(*d))) == NULL)
         return (0);
-    }
 
 
     rl->d = d;
@@ -196,7 +195,7 @@
     unprocessed_rcds = d->unprocessed_rcds.q;
     processed_rcds = d->processed_rcds.q;
     buffered_app_data = d->buffered_app_data.q;
-    memset(d, 0, sizeof *d);
+    memset(d, 0, sizeof(*d));
     d->unprocessed_rcds.q = unprocessed_rcds;
     d->processed_rcds.q = processed_rcds;
     d->buffered_app_data.q = buffered_app_data;
@@ -259,7 +258,7 @@
     if (pqueue_size(queue->q) >= 100)
         return 0;
 
-    rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
+    rdata = OPENSSL_malloc(sizeof(*rdata));
     item = pitem_new(priority, rdata);
     if (rdata == NULL || item == NULL) {
         OPENSSL_free(rdata);
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 45de404..d968a1c 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -244,7 +244,7 @@
         if (s->enc_read_ctx != NULL)
             reuse_dd = 1;
         else if ((s->enc_read_ctx =
-                  OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+                  OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL)
             goto err;
         else
             /*
@@ -278,7 +278,7 @@
         if (s->enc_write_ctx != NULL)
             reuse_dd = 1;
         else if ((s->enc_write_ctx =
-                  OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+                  OPENSSL_malloc(sizeof(*s->enc_write_ctx))) == NULL)
             goto err;
         else
             /*
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index e346c22..a962b5c 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3098,9 +3098,9 @@
 {
     SSL3_STATE *s3;
 
-    if ((s3 = OPENSSL_malloc(sizeof *s3)) == NULL)
+    if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL)
         goto err;
-    memset(s3, 0, sizeof *s3);
+    memset(s3, 0, sizeof(*s3));
     s->s3 = s3;
     
 #ifndef OPENSSL_NO_SRP
@@ -3137,7 +3137,7 @@
 #ifndef OPENSSL_NO_SRP
     SSL_SRP_CTX_free(s);
 #endif
-    OPENSSL_clear_free(s->s3, sizeof *s->s3);
+    OPENSSL_clear_free(s->s3, sizeof(*s->s3));
     s->s3 = NULL;
 }
 
@@ -3174,7 +3174,7 @@
         s->s3->alpn_selected = NULL;
     }
 #endif
-    memset(s->s3, 0, sizeof *s->s3);
+    memset(s->s3, 0, sizeof(*s->s3));
     s->s3->init_extra = init_extra;
 
     ssl_free_wbio_buffer(s);
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index cce7f15..c7a2aa9 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -182,9 +182,8 @@
 
 CERT *ssl_cert_new(void)
 {
-    CERT *ret;
+    CERT *ret = OPENSSL_malloc(sizeof(*ret));
 
-    ret = OPENSSL_malloc(sizeof(CERT));
     if (ret == NULL) {
         SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
         return (NULL);
@@ -202,10 +201,9 @@
 
 CERT *ssl_cert_dup(CERT *cert)
 {
-    CERT *ret;
+    CERT *ret = OPENSSL_malloc(sizeof(*ret));
     int i;
 
-    ret = OPENSSL_malloc(sizeof(CERT));
     if (ret == NULL) {
         SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE);
         return (NULL);
@@ -577,13 +575,13 @@
 {
     SESS_CERT *ret;
 
-    ret = OPENSSL_malloc(sizeof *ret);
+    ret = OPENSSL_malloc(sizeof(*ret));
     if (ret == NULL) {
         SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
 
-    memset(ret, 0, sizeof *ret);
+    memset(ret, 0, sizeof(*ret));
     ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]);
     ret->references = 1;
 
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index a3dca18..0ddb56b 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -499,7 +499,7 @@
             MemCheck_off();
             ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
             if (ssl_comp_methods != NULL) {
-                comp = OPENSSL_malloc(sizeof(SSL_COMP));
+                comp = OPENSSL_malloc(sizeof(*comp));
                 if (comp != NULL) {
                     comp->method = COMP_zlib();
                     if (comp->method && comp->method->type == NID_undef)
@@ -1452,7 +1452,7 @@
     fprintf(stderr, "ssl_create_cipher_list() for %d ciphers\n",
             num_of_ciphers);
 #endif                          /* KSSL_DEBUG */
-    co_list = OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers);
+    co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
     if (co_list == NULL) {
         SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
         return (NULL);          /* Failure */
@@ -1533,7 +1533,7 @@
      */
     num_of_group_aliases = OSSL_NELEM(cipher_aliases);
     num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
-    ca_list = OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max);
+    ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
     if (ca_list == NULL) {
         OPENSSL_free(co_list);
         SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST, ERR_R_MALLOC_FAILURE);
@@ -1933,7 +1933,7 @@
     }
 
     MemCheck_off();
-    comp = OPENSSL_malloc(sizeof(SSL_COMP));
+    comp = OPENSSL_malloc(sizeof(*comp));
     if (comp == NULL) {
         MemCheck_on();
         SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD, ERR_R_MALLOC_FAILURE);
diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
index 2d96b11..a14f564 100644
--- a/ssl/ssl_conf.c
+++ b/ssl/ssl_conf.c
@@ -609,9 +609,9 @@
 
 SSL_CONF_CTX *SSL_CONF_CTX_new(void)
 {
-    SSL_CONF_CTX *ret;
+    SSL_CONF_CTX *ret = OPENSSL_malloc(sizeof(*ret));
     size_t i;
-    ret = OPENSSL_malloc(sizeof(SSL_CONF_CTX));
+
     if (ret) {
         ret->flags = 0;
         ret->prefix = NULL;
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 4dfd7ab..56d7e6c 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -272,7 +272,7 @@
         return (NULL);
     }
 
-    s = OPENSSL_malloc(sizeof(SSL));
+    s = OPENSSL_malloc(sizeof(*s));
     if (s == NULL)
         goto err;
     memset(s, 0, sizeof(SSL));
@@ -1844,7 +1844,7 @@
         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
         goto err;
     }
-    ret = OPENSSL_malloc(sizeof(SSL_CTX));
+    ret = OPENSSL_malloc(sizeof(*ret));
     if (ret == NULL)
         goto err;
 
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 1a00c38..b592da4 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -193,7 +193,7 @@
 {
     SSL_SESSION *ss;
 
-    ss = OPENSSL_malloc(sizeof(SSL_SESSION));
+    ss = OPENSSL_malloc(sizeof(*ss));
     if (ss == NULL) {
         SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
         return (0);
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 5c7fb86..47bab99 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -375,7 +375,7 @@
         if (s->enc_read_ctx != NULL)
             reuse_dd = 1;
         else if ((s->enc_read_ctx =
-                  OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)
+                  OPENSSL_malloc(sizeof(*s->enc_read_ctx))) == NULL)
             goto err;
         else
             /*