6 files changed, 15 insertions, 10 deletions

diff --git a/src/base58.h b/src/base58.h
index c918dc0c7..a60f07fee 100644
--- a/src/base58.h
+++ b/src/base58.h
@@ -17,6 +17,8 @@
 
 #include <string>
 #include <vector>
+#include <openssl/crypto.h> // for OPENSSL_cleanse()
+
 #include "bignum.h"
 
 static const char* pszBase58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
@@ -188,7 +190,7 @@ protected:
     {
         // zero the memory, as it may contain sensitive data
         if (!vchData.empty())
-            memset(&vchData[0], 0, vchData.size());
+            OPENSSL_cleanse(&vchData[0], vchData.size());
     }
 
     void SetData(int nVersionIn, const void* pdata, size_t nSize)
@@ -219,7 +221,7 @@ public:
         vchData.resize(vchTemp.size() - 1);
         if (!vchData.empty())
             memcpy(&vchData[0], &vchTemp[1], vchData.size());
-        memset(&vchTemp[0], 0, vchTemp.size());
+        OPENSSL_cleanse(&vchTemp[0], vchData.size());
         return true;
     }
 
diff --git a/src/crypter.cpp b/src/crypter.cpp
index 72d753a9c..47e686a43 100644
--- a/src/crypter.cpp
+++ b/src/crypter.cpp
@@ -33,8 +33,8 @@ bool CCrypter::SetKeyFromPassphrase(const SecureString& strKeyData, const std::v
 
     if (i != (int)WALLET_CRYPTO_KEY_SIZE)
     {
-        memset(&chKey, 0, sizeof chKey);
-        memset(&chIV, 0, sizeof chIV);
+        OPENSSL_cleanse(chKey, sizeof(chKey));
+        OPENSSL_cleanse(chIV, sizeof(chIV));
         return false;
     }
 
diff --git a/src/crypter.h b/src/crypter.h
index d7f8a39d8..0e3a648ac 100644
--- a/src/crypter.h
+++ b/src/crypter.h
@@ -72,8 +72,8 @@ public:
 
     void CleanKey()
     {
-        memset(&chKey, 0, sizeof chKey);
-        memset(&chIV, 0, sizeof chIV);
+        OPENSSL_cleanse(chKey, sizeof(chKey));
+        OPENSSL_cleanse(chIV, sizeof(chIV));
         munlock(&chKey, sizeof chKey);
         munlock(&chIV, sizeof chIV);
         fKeySet = false;
diff --git a/src/main.cpp b/src/main.cpp
index 7e9bc4efb..460b5ddf8 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -3096,7 +3096,7 @@ public:
 
 CBlock* CreateNewBlock(CReserveKey& reservekey)
 {
-    CBlockIndex* pindexPrev = pindexBest;
+    CBlockIndex* pindexPrev;
 
     // Create new block
     auto_ptr<CBlock> pblock(new CBlock());
@@ -3118,6 +3118,7 @@ CBlock* CreateNewBlock(CReserveKey& reservekey)
     CRITICAL_BLOCK(cs_main)
     CRITICAL_BLOCK(cs_mapTransactions)
     {
+        pindexPrev = pindexBest;
         CTxDB txdb("r");
 
         // Priority order to process transactions
diff --git a/src/serialize.h b/src/serialize.h
index ed5c50135..a96ea25f7 100644
--- a/src/serialize.h
+++ b/src/serialize.h
@@ -14,6 +14,8 @@
 #include <cstring>
 #include <cstdio>
 
+#include <openssl/crypto.h> // for OPENSSL_cleanse()
+
 #include <boost/type_traits/is_fundamental.hpp>
 #include <boost/tuple/tuple.hpp>
 #include <boost/tuple/tuple_comparison.hpp>
@@ -824,7 +826,7 @@ struct secure_allocator : public std::allocator<T>
     {
         if (p != NULL)
         {
-            memset(p, 0, sizeof(T) * n);
+            OPENSSL_cleanse(p, sizeof(T) * n);
             munlock(p, sizeof(T) * n);
         }
         std::allocator<T>::deallocate(p, n);
@@ -858,7 +860,7 @@ struct zero_after_free_allocator : public std::allocator<T>
     void deallocate(T* p, std::size_t n)
     {
         if (p != NULL)
-            memset(p, 0, sizeof(T) * n);
+            OPENSSL_cleanse(p, sizeof(T) * n);
         std::allocator<T>::deallocate(p, n);
     }
 };
diff --git a/src/util.cpp b/src/util.cpp
index 61257e667..75401ada7 100644
--- a/src/util.cpp
+++ b/src/util.cpp
@@ -131,7 +131,7 @@ void RandAddSeedPerfmon()
     if (ret == ERROR_SUCCESS)
     {
         RAND_add(pdata, nSize, nSize/100.0);
-        memset(pdata, 0, nSize);
+        OPENSSL_cleanse(pdata, nSize);
         printf("%s RandAddSeed() %d bytes\n", DateTimeStrFormat("%x %H:%M", GetTime()).c_str(), nSize);
     }
 #endif