diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 85ee6b60b9c..75e22fc6523 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -146,6 +146,7 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
   *phost = NULL;
   *pport = NULL;
   *ppath = NULL;
+  *pssl = 0;
 
   // Duplicate into the buffer since the contents are going to be changed.
   buffer = OPENSSL_strdup(url);
@@ -232,6 +233,7 @@ int OCSP_parse_url(const char *url, char **phost, char **pport, char **ppath,
   OPENSSL_free(buffer);
   OPENSSL_free(*ppath);
   *ppath = NULL;
+  *pssl = 0;
   OPENSSL_free(*pport);
   *pport = NULL;
   OPENSSL_free(*phost);
diff --git a/crypto/ocsp/ocsp_test.cc b/crypto/ocsp/ocsp_test.cc
index 69ab4fdb527..8624f394171 100644
--- a/crypto/ocsp/ocsp_test.cc
+++ b/crypto/ocsp/ocsp_test.cc
@@ -1632,6 +1632,7 @@ TEST_P(OCSPURLTest, OCSPParseURL) {
     EXPECT_FALSE(host);
     EXPECT_FALSE(port);
     EXPECT_FALSE(path);
+    EXPECT_EQ(is_ssl, 0);
   }
 }
 
diff --git a/crypto/pkcs7/pkcs7.c b/crypto/pkcs7/pkcs7.c
index a6b76b0b8d3..2b6fe128d3a 100644
--- a/crypto/pkcs7/pkcs7.c
+++ b/crypto/pkcs7/pkcs7.c
@@ -792,6 +792,9 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) {
       }
       xalg->parameter->type = V_ASN1_OCTET_STRING;
       xalg->parameter->value.octet_string = ASN1_OCTET_STRING_new();
+      if (xalg->parameter->value.octet_string == NULL) {
+        goto err;
+      }
       // Set |p7|'s parameter value to the IV
       if (!ASN1_OCTET_STRING_set(xalg->parameter->value.octet_string, iv,
                                  ivlen)) {
@@ -1595,7 +1598,7 @@ static int pkcs7_signature_verify(BIO *in_bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
       goto out;
     }
     if (message_digest->length != (int)md_len ||
-        OPENSSL_memcmp(message_digest->data, md_data, md_len) != 0) {
+        CRYPTO_memcmp(message_digest->data, md_data, md_len) != 0) {
       OPENSSL_PUT_ERROR(PKCS7, PKCS7_R_DIGEST_FAILURE);
       goto out;
     }