8 files changed, 10 insertions, 25 deletions

diff --git a/ssl/bio_ssl.c b/ssl/bio_ssl.c
index aa6d623191..639b10556a 100644
--- a/ssl/bio_ssl.c
+++ b/ssl/bio_ssl.c
@@ -101,13 +101,12 @@ BIO_METHOD *BIO_f_ssl(void)
 
 static int ssl_new(BIO *bi)
 {
-    BIO_SSL *bs = OPENSSL_malloc(sizeof(*bs));
+    BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs));
 
     if (bs == NULL) {
         BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
         return (0);
     }
-    memset(bs, 0, sizeof(*bs));
     bi->init = 0;
     bi->ptr = (char *)bs;
     bi->flags = 0;
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index d2f5defe14..52b7304af2 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -187,13 +187,12 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
 
     /* Initialize reassembly bitmask if necessary */
     if (reassembly) {
-        bitmask = OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
+        bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len));
         if (bitmask == NULL) {
             OPENSSL_free(buf);
             OPENSSL_free(frag);
             return NULL;
         }
-        memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
     }
 
     frag->reassembly = bitmask;
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index fc1887ab35..d3b582a98c 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -135,11 +135,10 @@ int dtls1_new(SSL *s)
     
     if (!ssl3_new(s))
         return (0);
-    if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL) {
+    if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) {
         ssl3_free(s);
         return (0);
     }
-    memset(d1, 0, sizeof(*d1));
 
     d1->buffered_messages = pqueue_new();
     d1->sent_messages = pqueue_new();
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 47d28e73ad..bb090efc48 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -3836,9 +3836,8 @@ int ssl3_new(SSL *s)
 {
     SSL3_STATE *s3;
 
-    if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL)
+    if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
         goto err;
-    memset(s3, 0, sizeof(*s3));
     s->s3 = s3;
     
 #ifndef OPENSSL_NO_SRP
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 11839612f2..c3e2c2ed0a 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -167,13 +167,12 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void)
 
 CERT *ssl_cert_new(void)
 {
-    CERT *ret = OPENSSL_malloc(sizeof(*ret));
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
 
     if (ret == NULL) {
         SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
         return (NULL);
     }
-    memset(ret, 0, sizeof(*ret));
 
     ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
     ret->references = 1;
@@ -185,7 +184,7 @@ CERT *ssl_cert_new(void)
 
 CERT *ssl_cert_dup(CERT *cert)
 {
-    CERT *ret = OPENSSL_malloc(sizeof(*ret));
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
     int i;
 
     if (ret == NULL) {
@@ -193,8 +192,6 @@ CERT *ssl_cert_dup(CERT *cert)
         return (NULL);
     }
 
-    memset(ret, 0, sizeof(*ret));
-
     ret->key = &ret->pkeys[cert->key - cert->pkeys];
 
 #ifndef OPENSSL_NO_RSA
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
index c048fc2a8c..2dd2379819 100644
--- a/ssl/ssl_ciph.c
+++ b/ssl/ssl_ciph.c
@@ -1038,12 +1038,11 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
         curr = curr->next;
     }
 
-    number_uses = OPENSSL_malloc(sizeof(int) * (max_strength_bits + 1));
+    number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
     if (!number_uses) {
         SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
         return (0);
     }
-    memset(number_uses, 0, sizeof(int) * (max_strength_bits + 1));
 
     /*
      * Now find the strength_bits values actually used
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index fd1561e52d..b1d4771e9a 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -277,10 +277,9 @@ SSL *SSL_new(SSL_CTX *ctx)
         return (NULL);
     }
 
-    s = OPENSSL_malloc(sizeof(*s));
+    s = OPENSSL_zalloc(sizeof(*s));
     if (s == NULL)
         goto err;
-    memset(s, 0, sizeof(*s));
 
     RECORD_LAYER_init(&s->rlayer, s);
 
@@ -1684,14 +1683,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
         goto err;
     }
-    ret = OPENSSL_malloc(sizeof(*ret));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL)
         goto err;
 
-    memset(ret, 0, sizeof(*ret));
-
     ret->method = meth;
-
     ret->cert_store = NULL;
     ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
     ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
@@ -1706,8 +1702,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
     ret->get_session_cb = 0;
     ret->generate_session_id = 0;
 
-    memset(&ret->stats, 0, sizeof(ret->stats));
-
     ret->references = 1;
     ret->quiet_shutdown = 0;
     ret->info_callback = NULL;
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index 69e6d7fea5..3e980bf5cb 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -193,12 +193,11 @@ SSL_SESSION *SSL_SESSION_new(void)
 {
     SSL_SESSION *ss;
 
-    ss = OPENSSL_malloc(sizeof(*ss));
+    ss = OPENSSL_zalloc(sizeof(*ss));
     if (ss == NULL) {
         SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
         return (0);
     }
-    memset(ss, 0, sizeof(*ss));
 
     ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
     ss->references = 1;