Add and use OPENSSL_zalloc

There are many places (nearly 50) where we malloc and then memset.
Add an OPENSSL_zalloc routine to encapsulate that.
(Missed one conversion; thanks Richard)
Also fixes GH328
Reviewed-by: NRichard Levitte <levitte@openssl.org>

crypto/asn1/ameth_lib.c

@@ -283,12 +283,11 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_get0_asn1(EVP_PKEY *pkey)
 EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags,
                                         const char *pem_str, const char *info)
 {
-    EVP_PKEY_ASN1_METHOD *ameth;
-    ameth = OPENSSL_malloc(sizeof(*ameth));
+    EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth));
+
     if (!ameth)
         return NULL;
 
-    memset(ameth, 0, sizeof(*ameth));
     ameth->pkey_id = id;
     ameth->pkey_base_id = id;
     ameth->pkey_flags = flags | ASN1_PKEY_DYNAMIC;

crypto/asn1/tasn_new.c

@@ -135,10 +135,9 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
                 return 1;
             }
         }
-        *pval = OPENSSL_malloc(it->size);
+        *pval = OPENSSL_zalloc(it->size);
         if (!*pval)
             goto memerr;
-        memset(*pval, 0, it->size);
         asn1_set_choice_selector(pval, -1, it);
         if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
             goto auxerr;
@@ -158,10 +157,9 @@ int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
                 return 1;
             }
         }
-        *pval = OPENSSL_malloc(it->size);
+        *pval = OPENSSL_zalloc(it->size);
         if (!*pval)
             goto memerr;
-        memset(*pval, 0, it->size);
         asn1_do_lock(pval, 0, it);
         asn1_enc_init(pval, it);
         for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {

crypto/asn1/x_pkey.c

@@ -66,10 +66,9 @@ X509_PKEY *X509_PKEY_new(void)
 {
     X509_PKEY *ret = NULL;
 
-    ret = OPENSSL_malloc(sizeof(*ret));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (!ret)
         goto err;
-    memset(ret, 0, sizeof(*ret));
 
     ret->version = 0;
     ret->enc_algor = X509_ALGOR_new();

crypto/bio/bss_acpt.c

@@ -137,10 +137,8 @@ static BIO_ACCEPT *BIO_ACCEPT_new(void)
 {
     BIO_ACCEPT *ret;
 
-    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
         return (NULL);
-
-    memset(ret, 0, sizeof(*ret));
     ret->accept_sock = INVALID_SOCKET;
     ret->bind_mode = BIO_BIND_NORMAL;
     return (ret);

crypto/bio/bss_conn.c

@@ -286,19 +286,12 @@ BIO_CONNECT *BIO_CONNECT_new(void)
 {
     BIO_CONNECT *ret;
 
-    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
         return (NULL);
     ret->state = BIO_CONN_S_BEFORE;
     ret->param_hostname = NULL;
     ret->param_port = NULL;
     ret->info_callback = NULL;
-    ret->nbio = 0;
-    ret->ip[0] = 0;
-    ret->ip[1] = 0;
-    ret->ip[2] = 0;
-    ret->ip[3] = 0;
-    ret->port = 0;
-    memset(&ret->them, 0, sizeof(ret->them));
     return (ret);
 }
 

crypto/bio/bss_dgram.c

@@ -221,16 +221,13 @@ BIO *BIO_new_dgram(int fd, int close_flag)
 
 static int dgram_new(BIO *bi)
 {
-    bio_dgram_data *data = NULL;
+    bio_dgram_data *data = OPENSSL_zalloc(sizeof(*data));
 
-    bi->init = 0;
-    bi->num = 0;
-    data = OPENSSL_malloc(sizeof(*data));
     if (data == NULL)
         return 0;
-    memset(data, 0, sizeof(*data));
+    bi->init = 0;
+    bi->num = 0;
     bi->ptr = data;
-
     bi->flags = 0;
     return (1);
 }
@@ -997,16 +994,13 @@ BIO *BIO_new_dgram_sctp(int fd, int close_flag)
      * connected socket won't use it.
      */
     sockopt_len = (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
-    authchunks = OPENSSL_malloc(sockopt_len);
+    authchunks = OPENSSL_zalloc(sockopt_len);
     if (!authchunks) {
         BIO_vfree(bio);
         return (NULL);
     }
-    memset(authchunks, 0, sockopt_len);
-    ret =
-        getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
+    ret = getsockopt(fd, IPPROTO_SCTP, SCTP_LOCAL_AUTH_CHUNKS, authchunks,
                    &sockopt_len);
-
     if (ret < 0) {
         OPENSSL_free(authchunks);
         BIO_vfree(bio);
@@ -1086,10 +1080,9 @@ static int dgram_sctp_new(BIO *bi)
 
     bi->init = 0;
     bi->num = 0;
-    data = OPENSSL_malloc(sizeof(*data));
+    data = OPENSSL_zalloc(sizeof(*data));
     if (data == NULL)
         return 0;
-    memset(data, 0, sizeof(*data));
 #  ifdef SCTP_PR_SCTP_NONE
     data->prinfo.pr_policy = SCTP_PR_SCTP_NONE;
 #  endif

crypto/bn/bn_blind.c

@@ -137,11 +137,10 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
 
     bn_check_top(mod);
 
-    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL) {
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
         BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
         return (NULL);
     }
-    memset(ret, 0, sizeof(*ret));
     if (A != NULL) {
         if ((ret->A = BN_dup(A)) == NULL)
             goto err;

crypto/comp/c_zlib.c

@@ -91,9 +91,7 @@ static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size)
 {
     void *p;
 
-    p = OPENSSL_malloc(no * size);
-    if (p)
-        memset(p, 0, no * size);
+    p = OPENSSL_zalloc(no * size);
     return p;
 }
 

crypto/comp/comp_lib.c

@@ -63,9 +63,8 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
 {
     COMP_CTX *ret;
 
-    if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
+    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
         return (NULL);
-    memset(ret, 0, sizeof(*ret));
     ret->meth = meth;
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
         OPENSSL_free(ret);

crypto/dso/dso_lib.c

@@ -104,12 +104,11 @@ DSO *DSO_new_method(DSO_METHOD *meth)
          */
         default_DSO_meth = DSO_METHOD_openssl();
     }
-    ret = OPENSSL_malloc(sizeof(*ret));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
         return (NULL);
     }
-    memset(ret, 0, sizeof(*ret));
     ret->meth_data = sk_void_new_null();
     if (ret->meth_data == NULL) {
         /* sk_new doesn't generate any errors so we do */

crypto/dso/dso_win32.c

@@ -304,13 +304,12 @@ static struct file_st *win32_splitter(DSO *dso, const char *filename,
         return (NULL);
     }
 
-    result = OPENSSL_malloc(sizeof(*result));
+    result = OPENSSL_zalloc(sizeof(*result));
     if (result == NULL) {
         DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE);
         return (NULL);
     }
 
-    memset(result, 0, sizeof(*result));
     position = IN_DEVICE;
 
     if ((filename[0] == '\\' && filename[1] == '\\')

crypto/ec/ecp_nistp224.c

@@ -1199,13 +1199,12 @@ static void batch_mul(felem x_out, felem y_out, felem z_out,
 
 static NISTP224_PRE_COMP *nistp224_pre_comp_new()
 {
-    NISTP224_PRE_COMP *ret = NULL;
-    ret = OPENSSL_malloc(sizeof(*ret));
+    NISTP224_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
+
     if (!ret) {
         ECerr(EC_F_NISTP224_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
         return ret;
     }
-    memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
     ret->references = 1;
     return ret;
 }
@@ -1457,8 +1456,8 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
              */
             mixed = 1;
         }
-        secrets = OPENSSL_malloc(sizeof(*secrets) * num_points);
-        pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points);
+        secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points);
         if (mixed)
             tmp_felems =
                 OPENSSL_malloc(sizeof(felem) * (num_points * 17 + 1));
@@ -1472,8 +1471,6 @@ int ec_GFp_nistp224_points_mul(const EC_GROUP *group, EC_POINT *r,
          * we treat NULL scalars as 0, and NULL points as points at infinity,
          * i.e., they contribute nothing to the linear combination
          */
-        memset(secrets, 0, sizeof(*secrets) * num_points);
-        memset(pre_comp, 0, sizeof(*pre_comp) * num_points);
         for (i = 0; i < num_points; ++i) {
             if (i == num)
                 /* the generator */

crypto/ec/ecp_nistp521.c

@@ -1644,13 +1644,12 @@ const EC_METHOD *EC_GFp_nistp521_method(void)
 
 static NISTP521_PRE_COMP *nistp521_pre_comp_new()
 {
-    NISTP521_PRE_COMP *ret = OPENSSL_malloc(sizeof(*ret));
+    NISTP521_PRE_COMP *ret = OPENSSL_zalloc(sizeof(*ret));
 
     if (!ret) {
         ECerr(EC_F_NISTP521_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
         return ret;
     }
-    memset(ret->g_pre_comp, 0, sizeof(ret->g_pre_comp));
     ret->references = 1;
     return ret;
 }
@@ -1902,8 +1901,8 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
              */
             mixed = 1;
         }
-        secrets = OPENSSL_malloc(sizeof(*secrets) * num_points);
-        pre_comp = OPENSSL_malloc(sizeof(*pre_comp) * num_points);
+        secrets = OPENSSL_zalloc(sizeof(*secrets) * num_points);
+        pre_comp = OPENSSL_zalloc(sizeof(*pre_comp) * num_points);
         if (mixed)
             tmp_felems =
                 OPENSSL_malloc(sizeof(*tmp_felems) * (num_points * 17 + 1));
@@ -1917,8 +1916,6 @@ int ec_GFp_nistp521_points_mul(const EC_GROUP *group, EC_POINT *r,
          * we treat NULL scalars as 0, and NULL points as points at infinity,
          * i.e., they contribute nothing to the linear combination
          */
-        memset(secrets, 0, sizeof(*secrets) * num_points);
-        memset(pre_comp, 0, sizeof(*pre_comp) * num_points);
         for (i = 0; i < num_points; ++i) {
             if (i == num)
                 /*

crypto/engine/eng_cryptodev.c

@@ -1020,10 +1020,9 @@ static int bn2crparam(const BIGNUM *a, struct crparam *crp)
     bits = BN_num_bits(a);
     bytes = BN_num_bytes(a);
 
-    b = OPENSSL_malloc(bytes);
+    b = OPENSSL_zalloc(bytes);
     if (b == NULL)
         return (1);
-    memset(b, 0, bytes);
 
     crp->crp_p = (caddr_t) b;
     crp->crp_nbits = bits;

crypto/engine/eng_dyn.c

@@ -202,13 +202,12 @@ static void dynamic_data_ctx_free_func(void *parent, void *ptr,
  */
 static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
 {
-    dynamic_data_ctx *c = OPENSSL_malloc(sizeof(*c));
+    dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c));
 
     if (!c) {
         ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    memset(c, 0, sizeof(*c));
     c->dynamic_dso = NULL;
     c->v_check = NULL;
     c->bind_engine = NULL;

crypto/engine/eng_lib.c

@@ -66,12 +66,11 @@ ENGINE *ENGINE_new(void)
 {
     ENGINE *ret;
 
-    ret = OPENSSL_malloc(sizeof(*ret));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL) {
         ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    memset(ret, 0, sizeof(*ret));
     ret->struct_ref = 1;
     engine_ref_debug(ret, 0, 1)
         CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);

crypto/evp/evp_enc.c

@@ -158,12 +158,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 
         ctx->cipher = cipher;
         if (ctx->cipher->ctx_size) {
-            ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
+            ctx->cipher_data = OPENSSL_zalloc(ctx->cipher->ctx_size);
             if (!ctx->cipher_data) {
                 EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
                 return 0;
             }
-            memset(ctx->cipher_data, 0, ctx->cipher->ctx_size);
         } else {
             ctx->cipher_data = NULL;
         }

crypto/evp/pmeth_lib.c

@@ -198,15 +198,12 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
 {
     EVP_PKEY_METHOD *pmeth;
 
-    pmeth = OPENSSL_malloc(sizeof(*pmeth));
+    pmeth = OPENSSL_zalloc(sizeof(*pmeth));
     if (!pmeth)
         return NULL;
 
-    memset(pmeth, 0, sizeof(*pmeth));
-
     pmeth->pkey_id = id;
     pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
-
     pmeth->init = 0;
     pmeth->copy = 0;
     pmeth->cleanup = 0;

crypto/mem.c

@@ -312,14 +312,21 @@ void *CRYPTO_malloc(int num, const char *file, int line)
     return ret;
 }
 
+void *CRYPTO_zalloc(int num, const char *file, int line)
+{
+    void *ret = CRYPTO_malloc(num, file, line);
+
+    if (ret != NULL)
+        memset(ret, 0, num);
+    return ret;
+}
+
 char *CRYPTO_strdup(const char *str, const char *file, int line)
 {
     char *ret = CRYPTO_malloc(strlen(str) + 1, file, line);
 
-    if (ret == NULL)
-        return NULL;
-
-    strcpy(ret, str);
+    if (ret != NULL)
+        strcpy(ret, str);
     return ret;
 }
 

crypto/pqueue/pqueue.c

@@ -87,11 +87,8 @@ void pitem_free(pitem *item)
 
 pqueue_s *pqueue_new()
 {
-    pqueue_s *pq = OPENSSL_malloc(sizeof(*pq));
-    if (pq == NULL)
-        return NULL;
+    pqueue_s *pq = OPENSSL_zalloc(sizeof(*pq));
 
-    memset(pq, 0, sizeof(*pq));
     return pq;
 }
 

crypto/rsa/rsa_lib.c

@@ -287,7 +287,7 @@ int RSA_memory_lock(RSA *r)
     j = 1;
     for (i = 0; i < 6; i++)
         j += bn_get_top(*t[i]);
-    if ((p = OPENSSL_malloc((off + j) * sizeof(BN_ULONG))) == NULL) {
+    if ((p = OPENSSL_malloc((off + j) * sizeof(*p))) == NULL) {
         RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE);
         return (0);
     }

crypto/rsa/rsa_pk1.c

@@ -203,12 +203,11 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
     if (num < 11)
         goto err;
 
-    em = OPENSSL_malloc(num);
+    em = OPENSSL_zalloc(num);
     if (em == NULL) {
         RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
         return -1;
     }
-    memset(em, 0, num);
     /*
      * Always do this zero-padding copy (even when num == flen) to avoid
      * leaking that information. The copy still leaks some side-channel

crypto/sec_mem.c

@@ -314,23 +314,20 @@ static int sh_init(size_t size, int minsize)
     for (i = sh.bittable_size; i; i >>= 1)
         sh.freelist_size++;
 
-    sh.freelist = OPENSSL_malloc(sh.freelist_size * sizeof (char *));
+    sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof (char *));
     OPENSSL_assert(sh.freelist != NULL);
     if (sh.freelist == NULL)
         goto err;
-    memset(sh.freelist, 0, sh.freelist_size * sizeof (char *));
 
-    sh.bittable = OPENSSL_malloc(sh.bittable_size >> 3);
+    sh.bittable = OPENSSL_zalloc(sh.bittable_size >> 3);
     OPENSSL_assert(sh.bittable != NULL);
     if (sh.bittable == NULL)
         goto err;
-    memset(sh.bittable, 0, sh.bittable_size >> 3);
 
-    sh.bitmalloc = OPENSSL_malloc(sh.bittable_size >> 3);
+    sh.bitmalloc = OPENSSL_zalloc(sh.bittable_size >> 3);
     OPENSSL_assert(sh.bitmalloc != NULL);
     if (sh.bitmalloc == NULL)
         goto err;
-    memset(sh.bitmalloc, 0, sh.bittable_size >> 3);
 
     /* Allocate space for heap, and two extra pages as guards */
 #ifdef _SC_PAGE_SIZE

crypto/store/str_lib.c

@@ -1154,9 +1154,7 @@ int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
 
 STORE_OBJECT *STORE_OBJECT_new(void)
 {
-    STORE_OBJECT *object = OPENSSL_malloc(sizeof(*object));
-    if (object)
-        memset(object, 0, sizeof(*object));
+    STORE_OBJECT *object = OPENSSL_zalloc(sizeof(*object));
     return object;
 }
 

crypto/store/str_mem.c

@@ -244,7 +244,7 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
                             OPENSSL_ITEM attributes[],
                             OPENSSL_ITEM parameters[])
 {
-    struct mem_ctx_st *context = OPENSSL_malloc(sizeof(*context));
+    struct mem_ctx_st *context = OPENSSL_zalloc(sizeof(*context));
     void *attribute_context = NULL;
     STORE_ATTR_INFO *attrs = NULL;
 
@@ -252,7 +252,6 @@ static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
         STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
         return 0;
     }
-    memset(context, 0, sizeof(*context));
 
     attribute_context = STORE_parse_attrs_start(attributes);
     if (!attribute_context) {

crypto/store/str_meth.c

@@ -63,12 +63,10 @@
 
 STORE_METHOD *STORE_create_method(char *name)
 {
-    STORE_METHOD *store_method = OPENSSL_malloc(sizeof(*store_method));
+    STORE_METHOD *store_method = OPENSSL_zalloc(sizeof(*store_method));
 
-    if (store_method) {
-        memset(store_method, 0, sizeof(*store_method));
+    if (store_method)
         store_method->name = BUF_strdup(name);
-    }
     return store_method;
 }
 

crypto/ts/ts_rsp_sign.c

@@ -169,11 +169,10 @@ TS_RESP_CTX *TS_RESP_CTX_new()
 {
     TS_RESP_CTX *ctx;
 
-    if ((ctx = OPENSSL_malloc(sizeof(*ctx))) == NULL) {
+    if ((ctx = OPENSSL_zalloc(sizeof(*ctx))) == NULL) {
         TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    memset(ctx, 0, sizeof(*ctx));
 
     /* Setting default callbacks. */
     ctx->serial_cb = def_serial_cb;

crypto/ts/ts_verify_ctx.c

@@ -63,11 +63,9 @@
 
 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void)
 {
-    TS_VERIFY_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+    TS_VERIFY_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
-    if (ctx)
-        memset(ctx, 0, sizeof(*ctx));
-    else
+    if (!ctx)
         TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE);
     return ctx;
 }

crypto/ui/ui_lib.c

@@ -582,12 +582,10 @@ const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
 
 UI_METHOD *UI_create_method(char *name)
 {
-    UI_METHOD *ui_method = OPENSSL_malloc(sizeof(*ui_method));
+    UI_METHOD *ui_method = OPENSSL_zalloc(sizeof(*ui_method));
 
-    if (ui_method) {
-        memset(ui_method, 0, sizeof(*ui_method));
+    if (ui_method)
         ui_method->name = BUF_strdup(name);
-    }
     return ui_method;
 }
 

crypto/x509/x509_vfy.c

@@ -2259,13 +2259,12 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 
 X509_STORE_CTX *X509_STORE_CTX_new(void)
 {
-    X509_STORE_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+    X509_STORE_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
 
     if (!ctx) {
         X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    memset(ctx, 0, sizeof(*ctx));
     return ctx;
 }
 

crypto/x509/x509_vpm.c

@@ -162,24 +162,14 @@ X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
     X509_VERIFY_PARAM *param;
     X509_VERIFY_PARAM_ID *paramid;
 
-    param = OPENSSL_malloc(sizeof(*param));
+    param = OPENSSL_zalloc(sizeof(*param));
     if (!param)
         return NULL;
-    memset(param, 0, sizeof(*param));
-
-    paramid = OPENSSL_malloc(sizeof(*paramid));
+    param->id = paramid = OPENSSL_zalloc(sizeof(*paramid));
     if (!paramid) {
         OPENSSL_free(param);
         return NULL;
     }
-    memset(paramid, 0, sizeof(*paramid));
-    /* Exotic platforms may have non-zero bit representation of NULL */
-    paramid->hosts = NULL;
-    paramid->peername = NULL;
-    paramid->email = NULL;
-    paramid->ip = NULL;
-
-    param->id = paramid;
     x509_verify_param_zero(param);
     return param;
 }

crypto/x509v3/pcy_tree.c

@@ -217,25 +217,18 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
     }
 
     /* If we get this far initialize the tree */
-
     tree = OPENSSL_malloc(sizeof(*tree));
-
     if (!tree)
         return 0;
-
-    tree->flags = 0;
-    tree->levels = OPENSSL_malloc(sizeof(*tree->levels) * n);
-    tree->nlevel = 0;
-    tree->extra_data = NULL;
-    tree->auth_policies = NULL;
-    tree->user_policies = NULL;
-
+    tree->levels = OPENSSL_zalloc(sizeof(*tree->levels) * n);
     if (!tree->levels) {
         OPENSSL_free(tree);
         return 0;
     }
-
-    memset(tree->levels, 0, sizeof(*tree->levels) * n);
+    tree->flags = 0;
+    tree->extra_data = NULL;
+    tree->auth_policies = NULL;
+    tree->user_policies = NULL;
     tree->nlevel = n;
     level = tree->levels;
 

engines/ccgost/gost_pmeth.c

@@ -24,10 +24,9 @@ static int pkey_gost_init(EVP_PKEY_CTX *ctx)
     struct gost_pmeth_data *data;
     EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx);
 
-    data = OPENSSL_malloc(sizeof(*data));
+    data = OPENSSL_zalloc(sizeof(*data));
     if (!data)
         return 0;
-    memset(data, 0, sizeof(*data));
     if (pkey && EVP_PKEY_get0(pkey)) {
         switch (EVP_PKEY_base_id(pkey)) {
         case NID_id_GostR3410_2001:
@@ -309,11 +308,10 @@ static int pkey_gost_derive_init(EVP_PKEY_CTX *ctx)
 /* -------- PKEY_METHOD for GOST MAC algorithm --------------------*/
 static int pkey_gost_mac_init(EVP_PKEY_CTX *ctx)
 {
-    struct gost_mac_pmeth_data *data = OPENSSL_malloc(sizeof(*data));
+    struct gost_mac_pmeth_data *data = OPENSSL_zalloc(sizeof(*data));
 
     if (!data)
         return 0;
-    memset(data, 0, sizeof(*data));
     EVP_PKEY_CTX_set_data(ctx, data);
     return 1;
 }

include/openssl/crypto.h

@@ -337,6 +337,7 @@ int CRYPTO_is_mem_check_on(void);
 # define is_MemCheck_on() CRYPTO_is_mem_check_on()
 
 # define OPENSSL_malloc(num)     CRYPTO_malloc((int)num,__FILE__,__LINE__)
+# define OPENSSL_zalloc(num)     CRYPTO_zalloc((int)num,__FILE__,__LINE__)
 # define OPENSSL_strdup(str)     CRYPTO_strdup((str),__FILE__,__LINE__)
 # define OPENSSL_realloc(addr,num) \
         CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__)
@@ -469,6 +470,7 @@ void CRYPTO_get_mem_debug_functions(void (**m)
                                     void (**so) (long), long (**go) (void));
 
 void *CRYPTO_malloc(int num, const char *file, int line);
+void *CRYPTO_zalloc(int num, const char *file, int line);
 char *CRYPTO_strdup(const char *str, const char *file, int line);
 void CRYPTO_free(void *ptr);
 void CRYPTO_clear_free(void *ptr, size_t num);

ssl/bio_ssl.c

@@ -101,13 +101,12 @@ BIO_METHOD *BIO_f_ssl(void)
 
 static int ssl_new(BIO *bi)
 {
-    BIO_SSL *bs = OPENSSL_malloc(sizeof(*bs));
+    BIO_SSL *bs = OPENSSL_zalloc(sizeof(*bs));
 
     if (bs == NULL) {
         BIOerr(BIO_F_SSL_NEW, ERR_R_MALLOC_FAILURE);
         return (0);
     }
-    memset(bs, 0, sizeof(*bs));
     bi->init = 0;
     bi->ptr = (char *)bs;
     bi->flags = 0;

ssl/d1_both.c

@@ -187,13 +187,12 @@ static hm_fragment *dtls1_hm_fragment_new(unsigned long frag_len,
 
     /* Initialize reassembly bitmask if necessary */
     if (reassembly) {
-        bitmask = OPENSSL_malloc(RSMBLY_BITMASK_SIZE(frag_len));
+        bitmask = OPENSSL_zalloc(RSMBLY_BITMASK_SIZE(frag_len));
         if (bitmask == NULL) {
             OPENSSL_free(buf);
             OPENSSL_free(frag);
             return NULL;
         }
-        memset(bitmask, 0, RSMBLY_BITMASK_SIZE(frag_len));
     }
 
     frag->reassembly = bitmask;

ssl/d1_lib.c

@@ -135,11 +135,10 @@ int dtls1_new(SSL *s)
     
     if (!ssl3_new(s))
         return (0);
-    if ((d1 = OPENSSL_malloc(sizeof(*d1))) == NULL) {
+    if ((d1 = OPENSSL_zalloc(sizeof(*d1))) == NULL) {
         ssl3_free(s);
         return (0);
     }
-    memset(d1, 0, sizeof(*d1));
 
     d1->buffered_messages = pqueue_new();
     d1->sent_messages = pqueue_new();

ssl/s3_lib.c

@@ -3836,9 +3836,8 @@ int ssl3_new(SSL *s)
 {
     SSL3_STATE *s3;
 
-    if ((s3 = OPENSSL_malloc(sizeof(*s3))) == NULL)
+    if ((s3 = OPENSSL_zalloc(sizeof(*s3))) == NULL)
         goto err;
-    memset(s3, 0, sizeof(*s3));
     s->s3 = s3;
     
 #ifndef OPENSSL_NO_SRP

ssl/ssl_cert.c

@@ -167,13 +167,12 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void)
 
 CERT *ssl_cert_new(void)
 {
-    CERT *ret = OPENSSL_malloc(sizeof(*ret));
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
 
     if (ret == NULL) {
         SSLerr(SSL_F_SSL_CERT_NEW, ERR_R_MALLOC_FAILURE);
         return (NULL);
     }
-    memset(ret, 0, sizeof(*ret));
 
     ret->key = &(ret->pkeys[SSL_PKEY_RSA_ENC]);
     ret->references = 1;
@@ -185,7 +184,7 @@ CERT *ssl_cert_new(void)
 
 CERT *ssl_cert_dup(CERT *cert)
 {
-    CERT *ret = OPENSSL_malloc(sizeof(*ret));
+    CERT *ret = OPENSSL_zalloc(sizeof(*ret));
     int i;
 
     if (ret == NULL) {
@@ -193,8 +192,6 @@ CERT *ssl_cert_dup(CERT *cert)
         return (NULL);
     }
 
-    memset(ret, 0, sizeof(*ret));
-
     ret->key = &ret->pkeys[cert->key - cert->pkeys];
 
 #ifndef OPENSSL_NO_RSA

ssl/ssl_ciph.c

@@ -1038,12 +1038,11 @@ static int ssl_cipher_strength_sort(CIPHER_ORDER **head_p,
         curr = curr->next;
     }
 
-    number_uses = OPENSSL_malloc(sizeof(int) * (max_strength_bits + 1));
+    number_uses = OPENSSL_zalloc(sizeof(int) * (max_strength_bits + 1));
     if (!number_uses) {
         SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT, ERR_R_MALLOC_FAILURE);
         return (0);
     }
-    memset(number_uses, 0, sizeof(int) * (max_strength_bits + 1));
 
     /*
      * Now find the strength_bits values actually used

ssl/ssl_lib.c

@@ -277,10 +277,9 @@ SSL *SSL_new(SSL_CTX *ctx)
         return (NULL);
     }
 
-    s = OPENSSL_malloc(sizeof(*s));
+    s = OPENSSL_zalloc(sizeof(*s));
     if (s == NULL)
         goto err;
-    memset(s, 0, sizeof(*s));
 
     RECORD_LAYER_init(&s->rlayer, s);
 
@@ -1684,14 +1683,11 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
         SSLerr(SSL_F_SSL_CTX_NEW, SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
         goto err;
     }
-    ret = OPENSSL_malloc(sizeof(*ret));
+    ret = OPENSSL_zalloc(sizeof(*ret));
     if (ret == NULL)
         goto err;
 
-    memset(ret, 0, sizeof(*ret));
-
     ret->method = meth;
-
     ret->cert_store = NULL;
     ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
     ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
@@ -1706,8 +1702,6 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth)
     ret->get_session_cb = 0;
     ret->generate_session_id = 0;
 
-    memset(&ret->stats, 0, sizeof(ret->stats));
-
     ret->references = 1;
     ret->quiet_shutdown = 0;
     ret->info_callback = NULL;

ssl/ssl_sess.c

@@ -193,12 +193,11 @@ SSL_SESSION *SSL_SESSION_new(void)
 {
     SSL_SESSION *ss;
 
-    ss = OPENSSL_malloc(sizeof(*ss));
+    ss = OPENSSL_zalloc(sizeof(*ss));
     if (ss == NULL) {
         SSLerr(SSL_F_SSL_SESSION_NEW, ERR_R_MALLOC_FAILURE);
         return (0);
     }
-    memset(ss, 0, sizeof(*ss));
 
     ss->verify_result = 1;      /* avoid 0 (= X509_V_OK) just in case */
     ss->references = 1;

test/ecdsatest.c

@@ -440,10 +440,8 @@ int test_builtin(BIO *out)
             goto builtin_err;
         }
         buf_len = 2 * bn_len;
-        if ((raw_buf = OPENSSL_malloc(buf_len)) == NULL)
+        if ((raw_buf = OPENSSL_zalloc(buf_len)) == NULL)
             goto builtin_err;
-        /* Pad the bignums with leading zeroes. */
-        memset(raw_buf, 0, buf_len);
         BN_bn2bin(ecdsa_sig->r, raw_buf + bn_len - r_len);
         BN_bn2bin(ecdsa_sig->s, raw_buf + buf_len - s_len);
 

test/ssltest.c

@@ -2116,14 +2116,11 @@ int doit(SSL *s_ssl, SSL *c_ssl, long count)
 
     bufsiz = count > 40 * 1024 ? 40 * 1024 : count;
 
-    if ((cbuf = OPENSSL_malloc(bufsiz)) == NULL)
+    if ((cbuf = OPENSSL_zalloc(bufsiz)) == NULL)
         goto err;
-    if ((sbuf = OPENSSL_malloc(bufsiz)) == NULL)
+    if ((sbuf = OPENSSL_zalloc(bufsiz)) == NULL)
         goto err;
 
-    memset(cbuf, 0, bufsiz);
-    memset(sbuf, 0, bufsiz);
-
     c_to_s = BIO_new(BIO_s_mem());
     s_to_c = BIO_new(BIO_s_mem());
     if ((s_to_c == NULL) || (c_to_s == NULL)) {

util/libeay.num

@@ -4592,6 +4592,7 @@ X509_up_ref                             4950	EXIST::FUNCTION:
 X509_REQ_get_version                    4951	EXIST::FUNCTION:
 X509_REQ_get_subject_name               4952	EXIST::FUNCTION:
 X509_CRL_up_ref                         4953	EXIST::FUNCTION:
+CRYPTO_zalloc                           4954	EXIST::FUNCTION:
 X509_get_extension_flags                4954	EXIST::FUNCTION:
 X509_get_extended_key_usage             4955	EXIST::FUNCTION:
 X509_get_key_usage                      4956	EXIST::FUNCTION: