Work around language and compiler bug in memcpy, etc.

Most C standard library functions are undefined if passed NULL, even
when the corresponding length is zero. This gives them (and, in turn,
all functions which call them) surprising behavior on empty arrays.
Some compilers will miscompile code due to this rule. See also
https://www.imperialviolet.org/2016/06/26/nonnull.html

Add OPENSSL_memcpy, etc., wrappers which avoid this problem.

BUG=23

Change-Id: I95f42b23e92945af0e681264fffaf578e7f8465e
Reviewed-on: https://boringssl-review.googlesource.com/12928
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/STYLE.md b/STYLE.md
index 4c88945..4b377e7 100644
--- a/STYLE.md
+++ b/STYLE.md
@@ -45,6 +45,16 @@
 Rather than `malloc()` and `free()`, use the wrappers `OPENSSL_malloc()`
 and `OPENSSL_free()`. Use the standard C `assert()` function freely.
 
+Use the following wrappers, found in `crypto/internal.h` instead of the
+corresponding C standard library functions. They behave the same but avoid
+confusing undefined behavior.
+
+* `OPENSSL_memchr`
+* `OPENSSL_memcmp`
+* `OPENSSL_memcpy`
+* `OPENSSL_memmove`
+* `OPENSSL_memset`
+
 For new constants, prefer enums when the values are sequential and typed
 constants for flags. If adding values to an existing set of `#define`s,
 continue with `#define`.
diff --git a/crypto/aes/aes_test.cc b/crypto/aes/aes_test.cc
index 4fb3a31..20a8792 100644
--- a/crypto/aes/aes_test.cc
+++ b/crypto/aes/aes_test.cc
@@ -21,6 +21,7 @@
 #include <openssl/aes.h>
 #include <openssl/crypto.h>
 
+#include "../internal.h"
 #include "../test/file_test.h"
 
 
@@ -54,7 +55,7 @@
   }
 
   // Test in-place encryption.
-  memcpy(block, plaintext.data(), AES_BLOCK_SIZE);
+  OPENSSL_memcpy(block, plaintext.data(), AES_BLOCK_SIZE);
   AES_encrypt(block, block, &aes_key);
   if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, ciphertext.data(),
                            ciphertext.size())) {
@@ -76,7 +77,7 @@
   }
 
   // Test in-place decryption.
-  memcpy(block, ciphertext.data(), AES_BLOCK_SIZE);
+  OPENSSL_memcpy(block, ciphertext.data(), AES_BLOCK_SIZE);
   AES_decrypt(block, block, &aes_key);
   if (!t->ExpectBytesEqual(block, AES_BLOCK_SIZE, plaintext.data(),
                            plaintext.size())) {
@@ -123,7 +124,7 @@
     return false;
   }
 
-  memset(buf.get(), 0, ciphertext.size());
+  OPENSSL_memset(buf.get(), 0, ciphertext.size());
   if (AES_wrap_key(&aes_key, kDefaultIV, buf.get(), plaintext.data(),
                    plaintext.size()) != static_cast<int>(ciphertext.size()) ||
       !t->ExpectBytesEqual(buf.get(), ciphertext.size(), ciphertext.data(),
@@ -146,7 +147,7 @@
     return false;
   }
 
-  memset(buf.get(), 0, plaintext.size());
+  OPENSSL_memset(buf.get(), 0, plaintext.size());
   if (AES_unwrap_key(&aes_key, kDefaultIV, buf.get(), ciphertext.data(),
                      ciphertext.size()) != static_cast<int>(plaintext.size()) ||
       !t->ExpectBytesEqual(buf.get(), plaintext.size(), plaintext.data(),
diff --git a/crypto/aes/key_wrap.c b/crypto/aes/key_wrap.c
index c8b6a03..23553b7 100644
--- a/crypto/aes/key_wrap.c
+++ b/crypto/aes/key_wrap.c
@@ -53,6 +53,8 @@
 
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 /* kDefaultIV is the default IV value given in RFC 3394, 2.2.3.1. */
 static const uint8_t kDefaultIV[] = {
@@ -73,15 +75,15 @@
     iv = kDefaultIV;
   }
 
-  memmove(out + 8, in, in_len);
+  OPENSSL_memmove(out + 8, in, in_len);
   uint8_t A[AES_BLOCK_SIZE];
-  memcpy(A, iv, 8);
+  OPENSSL_memcpy(A, iv, 8);
 
   size_t n = in_len / 8;
 
   for (unsigned j = 0; j < kBound; j++) {
     for (size_t i = 1; i <= n; i++) {
-      memcpy(A + 8, out + 8 * i, 8);
+      OPENSSL_memcpy(A + 8, out + 8 * i, 8);
       AES_encrypt(A, A, key);
 
       uint32_t t = (uint32_t)(n * j + i);
@@ -89,11 +91,11 @@
       A[6] ^= (t >> 8) & 0xff;
       A[5] ^= (t >> 16) & 0xff;
       A[4] ^= (t >> 24) & 0xff;
-      memcpy(out + 8 * i, A + 8, 8);
+      OPENSSL_memcpy(out + 8 * i, A + 8, 8);
     }
   }
 
-  memcpy(out, A, 8);
+  OPENSSL_memcpy(out, A, 8);
   return (int)in_len + 8;
 }
 
@@ -110,8 +112,8 @@
   }
 
   uint8_t A[AES_BLOCK_SIZE];
-  memcpy(A, in, 8);
-  memmove(out, in + 8, in_len - 8);
+  OPENSSL_memcpy(A, in, 8);
+  OPENSSL_memmove(out, in + 8, in_len - 8);
 
   size_t n = (in_len / 8) - 1;
 
@@ -122,9 +124,9 @@
       A[6] ^= (t >> 8) & 0xff;
       A[5] ^= (t >> 16) & 0xff;
       A[4] ^= (t >> 24) & 0xff;
-      memcpy(A + 8, out + 8 * (i - 1), 8);
+      OPENSSL_memcpy(A + 8, out + 8 * (i - 1), 8);
       AES_decrypt(A, A, key);
-      memcpy(out + 8 * (i - 1), A + 8, 8);
+      OPENSSL_memcpy(out + 8 * (i - 1), A + 8, 8);
     }
   }
 
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c
index 2705ea5..ea9da24 100644
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@@ -61,6 +61,9 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
+
 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
 {
     return M_ASN1_BIT_STRING_set(x, d, len);
@@ -115,7 +118,7 @@
 
     *(p++) = (unsigned char)bits;
     d = a->data;
-    memcpy(p, d, len);
+    OPENSSL_memcpy(p, d, len);
     p += len;
     if (len > 0)
         p[-1] &= (0xff << bits);
@@ -162,7 +165,7 @@
             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
             goto err;
         }
-        memcpy(s, p, (int)len);
+        OPENSSL_memcpy(s, p, (int)len);
         s[len - 1] &= (0xff << padding);
         p += len;
     } else
@@ -215,7 +218,7 @@
             return 0;
         }
         if (w + 1 - a->length > 0)
-            memset(c + a->length, 0, w + 1 - a->length);
+            OPENSSL_memset(c + a->length, 0, w + 1 - a->length);
         a->data = c;
         a->length = w + 1;
     }
diff --git a/crypto/asn1/a_enum.c b/crypto/asn1/a_enum.c
index 0b95fc9..cc46905 100644
--- a/crypto/asn1/a_enum.c
+++ b/crypto/asn1/a_enum.c
@@ -61,6 +61,9 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
+
 /*
  * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
  * for comments on encoding see a_int.c
@@ -79,7 +82,7 @@
             OPENSSL_free(a->data);
         if ((a->data =
              (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
-            memset((char *)a->data, 0, sizeof(long) + 1);
+            OPENSSL_memset((char *)a->data, 0, sizeof(long) + 1);
     }
     if (a->data == NULL) {
         OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c
index 38a01bc..617ba96 100644
--- a/crypto/asn1/a_int.c
+++ b/crypto/asn1/a_int.c
@@ -61,6 +61,9 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
+
 ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
 {
     return M_ASN1_INTEGER_dup(x);
@@ -157,7 +160,7 @@
     if (a->length == 0)
         *(p++) = 0;
     else if (!neg)
-        memcpy(p, a->data, (unsigned int)a->length);
+        OPENSSL_memcpy(p, a->data, (unsigned int)a->length);
     else {
         /* Begin at the end of the encoding */
         n = a->data + a->length - 1;
@@ -254,7 +257,7 @@
             p++;
             len--;
         }
-        memcpy(s, p, (int)len);
+        OPENSSL_memcpy(s, p, (int)len);
     }
 
     if (ret->data != NULL)
@@ -322,7 +325,7 @@
             p++;
             len--;
         }
-        memcpy(s, p, (int)len);
+        OPENSSL_memcpy(s, p, (int)len);
         p += len;
     }
 
@@ -354,7 +357,7 @@
             OPENSSL_free(a->data);
         if ((a->data =
              (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
-            memset((char *)a->data, 0, sizeof(long) + 1);
+            OPENSSL_memset((char *)a->data, 0, sizeof(long) + 1);
     }
     if (a->data == NULL) {
         OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c
index fef9b79..a710add 100644
--- a/crypto/asn1/a_object.c
+++ b/crypto/asn1/a_object.c
@@ -63,6 +63,9 @@
 #include <openssl/mem.h>
 #include <openssl/obj.h>
 
+#include "../internal.h"
+
+
 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
 {
     unsigned char *p;
@@ -77,7 +80,7 @@
 
     p = *pp;
     ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
-    memcpy(p, a->data, a->length);
+    OPENSSL_memcpy(p, a->data, a->length);
     p += a->length;
 
     *pp = p;
@@ -321,7 +324,7 @@
         }
         ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
     }
-    memcpy(data, p, length);
+    OPENSSL_memcpy(data, p, length);
     /* reattach data to object, after which it remains const */
     ret->data = data;
     ret->length = length;
diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c
index db5cd29..3b9d257 100644
--- a/crypto/asn1/a_utctm.c
+++ b/crypto/asn1/a_utctm.c
@@ -270,7 +270,7 @@
     struct tm tm;
     int offset;
 
-    memset(&tm, '\0', sizeof tm);
+    OPENSSL_memset(&tm, '\0', sizeof tm);
 
 # define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
     tm.tm_year = g2(s->data);
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 94553b1..774f151 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -63,6 +63,9 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
+
 /* Cross-module errors from crypto/x509/i2d_pr.c. */
 OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_PUBLIC_KEY_TYPE)
 
@@ -401,7 +404,7 @@
     }
     str->length = len;
     if (data != NULL) {
-        memcpy(str->data, data, len);
+        OPENSSL_memcpy(str->data, data, len);
         /* an allowance for strings :-) */
         str->data[len] = '\0';
     }
@@ -452,7 +455,7 @@
 
     i = (a->length - b->length);
     if (i == 0) {
-        i = memcmp(a->data, b->data, a->length);
+        i = OPENSSL_memcmp(a->data, b->data, a->length);
         if (i == 0)
             return (a->type - b->type);
         else
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
index dfbd222..40778a8 100644
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -1108,7 +1108,7 @@
             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
             return 0;
         }
-        memcpy(buf->data + len, *p, plen);
+        OPENSSL_memcpy(buf->data + len, *p, plen);
     }
     *p += plen;
     return 1;
diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c
index 7c2b365..9286ef6 100644
--- a/crypto/asn1/tasn_enc.c
+++ b/crypto/asn1/tasn_enc.c
@@ -62,6 +62,9 @@
 #include <openssl/asn1t.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
+
 static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
                                  const ASN1_ITEM *it, int tag, int aclass);
 static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
@@ -415,7 +418,7 @@
     const DER_ENC *d1 = a, *d2 = b;
     int cmplen, i;
     cmplen = (d1->length < d2->length) ? d1->length : d2->length;
-    i = memcmp(d1->data, d2->data, cmplen);
+    i = OPENSSL_memcmp(d1->data, d2->data, cmplen);
     if (i)
         return i;
     return d1->length - d2->length;
@@ -470,7 +473,7 @@
     /* Output sorted DER encoding */
     p = *out;
     for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
-        memcpy(p, tder->data, tder->length);
+        OPENSSL_memcpy(p, tder->data, tder->length);
         p += tder->length;
     }
     *out = p;
@@ -660,6 +663,6 @@
 
     }
     if (cout && len)
-        memcpy(cout, cont, len);
+        OPENSSL_memcpy(cout, cont, len);
     return len;
 }
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index 232fe46..053b732 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -63,6 +63,9 @@
 #include <openssl/mem.h>
 #include <openssl/obj.h>
 
+#include "../internal.h"
+
+
 static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
                                     int combine);
 static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
@@ -153,7 +156,7 @@
             *pval = OPENSSL_malloc(it->size);
             if (!*pval)
                 goto memerr;
-            memset(*pval, 0, it->size);
+            OPENSSL_memset(*pval, 0, it->size);
         }
         asn1_set_choice_selector(pval, -1, it);
         if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
@@ -178,7 +181,7 @@
             *pval = OPENSSL_malloc(it->size);
             if (!*pval)
                 goto memerr;
-            memset(*pval, 0, it->size);
+            OPENSSL_memset(*pval, 0, it->size);
             asn1_refcount_set_one(pval, it);
             asn1_enc_init(pval, it);
         }
diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c
index 3f53072..a7516f6 100644
--- a/crypto/asn1/tasn_utl.c
+++ b/crypto/asn1/tasn_utl.c
@@ -178,7 +178,7 @@
     if (!enc->enc) {
       return 0;
     }
-    memcpy(enc->enc, in, inlen);
+    OPENSSL_memcpy(enc->enc, in, inlen);
   }
 
   enc->len = inlen;
@@ -195,7 +195,7 @@
     return 0;
   }
   if (out) {
-    memcpy(*out, enc->enc, enc->len);
+    OPENSSL_memcpy(*out, enc->enc, enc->len);
     *out += enc->len;
   }
   if (len) {
diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c
index bc4d275..b53127a 100644
--- a/crypto/asn1/x_long.c
+++ b/crypto/asn1/x_long.c
@@ -63,6 +63,9 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
+
 /*
  * Custom primitive type for long handling. This converts between an
  * ASN1_INTEGER and a long directly.
@@ -117,7 +120,7 @@
     char *cp = (char *)pval;
 
     /* use memcpy, because we may not be long aligned */
-    memcpy(&ltmp, cp, sizeof(long));
+    OPENSSL_memcpy(&ltmp, cp, sizeof(long));
 
     if (ltmp == it->size)
         return -1;
@@ -186,7 +189,7 @@
         OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
         return 0;
     }
-    memcpy(cp, &ltmp, sizeof(long));
+    OPENSSL_memcpy(cp, &ltmp, sizeof(long));
     return 1;
 }
 
diff --git a/crypto/base64/base64.c b/crypto/base64/base64.c
index a74c3f5..7afadf7 100644
--- a/crypto/base64/base64.c
+++ b/crypto/base64/base64.c
@@ -62,6 +62,8 @@
 
 #include <openssl/type_check.h>
 
+#include "../internal.h"
+
 
 /* Encoding. */
 
@@ -95,7 +97,7 @@
 }
 
 void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) {
-  memset(ctx, 0, sizeof(EVP_ENCODE_CTX));
+  OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX));
 }
 
 void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, uint8_t *out, int *out_len,
@@ -110,14 +112,14 @@
   assert(ctx->data_used < sizeof(ctx->data));
 
   if (sizeof(ctx->data) - ctx->data_used > in_len) {
-    memcpy(&ctx->data[ctx->data_used], in, in_len);
+    OPENSSL_memcpy(&ctx->data[ctx->data_used], in, in_len);
     ctx->data_used += (unsigned)in_len;
     return;
   }
 
   if (ctx->data_used != 0) {
     const size_t todo = sizeof(ctx->data) - ctx->data_used;
-    memcpy(&ctx->data[ctx->data_used], in, todo);
+    OPENSSL_memcpy(&ctx->data[ctx->data_used], in, todo);
     in += todo;
     in_len -= todo;
 
@@ -149,7 +151,7 @@
   }
 
   if (in_len != 0) {
-    memcpy(ctx->data, in, in_len);
+    OPENSSL_memcpy(ctx->data, in, in_len);
   }
 
   ctx->data_used = (unsigned)in_len;
@@ -224,7 +226,7 @@
 }
 
 void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) {
-  memset(ctx, 0, sizeof(EVP_ENCODE_CTX));
+  OPENSSL_memset(ctx, 0, sizeof(EVP_ENCODE_CTX));
 }
 
 /* kBase64ASCIIToBinData maps characters (c < 128) to their base64 value, or
diff --git a/crypto/base64/base64_test.cc b/crypto/base64/base64_test.cc
index f8af66c..bdf3d9a 100644
--- a/crypto/base64/base64_test.cc
+++ b/crypto/base64/base64_test.cc
@@ -136,7 +136,7 @@
 
     std::string encoded(RemoveNewlines(t->encoded));
     if (len != encoded.size() ||
-        memcmp(out, encoded.data(), len) != 0) {
+        OPENSSL_memcmp(out, encoded.data(), len) != 0) {
       fprintf(stderr, "encode(\"%s\") = \"%.*s\", want \"%s\"\n",
               t->decoded, (int)len, (const char*)out, encoded.c_str());
       return false;
@@ -178,7 +178,7 @@
       }
 
       if (len != strlen(t->decoded) ||
-          memcmp(out, t->decoded, len) != 0) {
+          OPENSSL_memcmp(out, t->decoded, len) != 0) {
         fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n",
                 encoded.c_str(), (int)len, (const char*)out, t->decoded);
         return false;
@@ -217,7 +217,7 @@
       ret -= 3 - (expected_len % 3);
     }
     if (static_cast<size_t>(ret) != strlen(t->decoded) ||
-        memcmp(out, t->decoded, ret) != 0) {
+        OPENSSL_memcmp(out, t->decoded, ret) != 0) {
       fprintf(stderr, "decode(\"%s\") = \"%.*s\", want \"%s\"\n",
               t->encoded, ret, (const char*)out, t->decoded);
       return false;
@@ -258,7 +258,8 @@
       EVP_EncodeFinal(&ctx, out + total, &out_len);
       total += out_len;
 
-      if (total != strlen(t->encoded) || memcmp(out, t->encoded, total) != 0) {
+      if (total != strlen(t->encoded) ||
+          OPENSSL_memcmp(out, t->encoded, total) != 0) {
         fprintf(stderr, "#%u: EVP_EncodeUpdate produced different output: '%s' (%u)\n",
                 test_num, out, static_cast<unsigned>(total));
         return false;
@@ -287,7 +288,8 @@
           fprintf(stderr, "#%u: EVP_DecodeUpdate failed\n", test_num);
           return false;
         }
-        if (total != decoded_len || memcmp(out, t->decoded, decoded_len)) {
+        if (total != decoded_len ||
+            OPENSSL_memcmp(out, t->decoded, decoded_len)) {
           fprintf(stderr, "#%u: EVP_DecodeUpdate produced incorrect output\n",
                   test_num);
           return false;
@@ -368,7 +370,7 @@
       out_len += bytes_written;
 
       if (out_len != strlen(t->decoded) ||
-          memcmp(out.data(), t->decoded, out_len) != 0) {
+          OPENSSL_memcmp(out.data(), t->decoded, out_len) != 0) {
         fprintf(stderr, "#%u: incorrect output\n", test_num);
         return 0;
       }
diff --git a/crypto/bio/bio.c b/crypto/bio/bio.c
index 9619c22..8aad9fb 100644
--- a/crypto/bio/bio.c
+++ b/crypto/bio/bio.c
@@ -75,7 +75,7 @@
     return NULL;
   }
 
-  memset(ret, 0, sizeof(BIO));
+  OPENSSL_memset(ret, 0, sizeof(BIO));
   ret->method = method;
   ret->shutdown = 1;
   ret->references = 1;
@@ -488,7 +488,7 @@
   if (*out == NULL) {
     return 0;
   }
-  memcpy(*out, prefix, prefix_len);
+  OPENSSL_memcpy(*out, prefix, prefix_len);
   size_t done = prefix_len;
 
   for (;;) {
@@ -595,7 +595,7 @@
   if (*out == NULL) {
     return 0;
   }
-  memcpy(*out, header, header_len);
+  OPENSSL_memcpy(*out, header, header_len);
   if (BIO_read(bio, (*out) + header_len, len - header_len) !=
       (int) (len - header_len)) {
     OPENSSL_free(*out);
diff --git a/crypto/bio/bio_mem.c b/crypto/bio/bio_mem.c
index 844fba7..24ed5be 100644
--- a/crypto/bio/bio_mem.c
+++ b/crypto/bio/bio_mem.c
@@ -63,6 +63,8 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 BIO *BIO_new_mem_buf(const void *buf, int len) {
   BIO *ret;
@@ -144,12 +146,12 @@
   }
 
   if (ret > 0) {
-    memcpy(out, b->data, ret);
+    OPENSSL_memcpy(out, b->data, ret);
     b->length -= ret;
     if (bio->flags & BIO_FLAGS_MEM_RDONLY) {
       b->data += ret;
     } else {
-      memmove(b->data, &b->data[ret], b->length);
+      OPENSSL_memmove(b->data, &b->data[ret], b->length);
     }
   } else if (b->length == 0) {
     ret = bio->num;
@@ -180,7 +182,7 @@
   if (BUF_MEM_grow_clean(b, blen + inl) != ((size_t) blen) + inl) {
     goto err;
   }
-  memcpy(&b->data[blen], in, inl);
+  OPENSSL_memcpy(&b->data[blen], in, inl);
   ret = inl;
 
 err:
@@ -240,7 +242,7 @@
           b->data -= b->max - b->length;
           b->length = b->max;
         } else {
-          memset(b->data, 0, b->max);
+          OPENSSL_memset(b->data, 0, b->max);
           b->length = 0;
         }
       }
diff --git a/crypto/bio/bio_test.cc b/crypto/bio/bio_test.cc
index 4ae6c6e..fbfacf8 100644
--- a/crypto/bio/bio_test.cc
+++ b/crypto/bio/bio_test.cc
@@ -79,7 +79,7 @@
   ScopedSocket listening_sock_closer(listening_sock);
 
   struct sockaddr_in sin;
-  memset(&sin, 0, sizeof(sin));
+  OPENSSL_memset(&sin, 0, sizeof(sin));
   sin.sin_family = AF_INET;
   if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) {
     PrintSocketError("inet_pton");
@@ -128,7 +128,7 @@
     PrintSocketError("read");
     return false;
   }
-  if (memcmp(buf, kTestMessage, sizeof(kTestMessage))) {
+  if (OPENSSL_memcmp(buf, kTestMessage, sizeof(kTestMessage))) {
     return false;
   }
 
@@ -152,7 +152,7 @@
       fprintf(stderr, "Bad test string length\n");
       return false;
     }
-    memset(string, 'a', sizeof(string));
+    OPENSSL_memset(string, 'a', sizeof(string));
     string[kLengths[i]] = '\0';
 
     int ret = BIO_printf(bio.get(), "test %s", string);
@@ -198,8 +198,8 @@
     return false;
   }
 
-  if (should_succeed &&
-      (out_len != expected_len || memcmp(data, out, expected_len) != 0)) {
+  if (should_succeed && (out_len != expected_len ||
+                         OPENSSL_memcmp(data, out, expected_len) != 0)) {
     return false;
   }
 
@@ -227,8 +227,8 @@
   if (!large) {
     return false;
   }
-  memset(large.get() + sizeof(kLargePrefix), 0, kLargePayloadLen);
-  memcpy(large.get(), kLargePrefix, sizeof(kLargePrefix));
+  OPENSSL_memset(large.get() + sizeof(kLargePrefix), 0, kLargePayloadLen);
+  OPENSSL_memcpy(large.get(), kLargePrefix, sizeof(kLargePrefix));
 
   if (!ReadASN1(true, large.get(), sizeof(kLargePrefix) + kLargePayloadLen,
                 sizeof(kLargePrefix) + kLargePayloadLen,
@@ -245,7 +245,7 @@
   }
 
   static const uint8_t kIndefPrefix[] = {0x30, 0x80};
-  memcpy(large.get(), kIndefPrefix, sizeof(kIndefPrefix));
+  OPENSSL_memcpy(large.get(), kIndefPrefix, sizeof(kIndefPrefix));
   if (!ReadASN1(true, large.get(), sizeof(kLargePrefix) + kLargePayloadLen,
                 sizeof(kLargePrefix) + kLargePayloadLen,
                 kLargePayloadLen*2)) {
@@ -287,7 +287,7 @@
     if (BIO_write(bio1, "12345", 5) != 5 ||
         BIO_ctrl_get_write_guarantee(bio1) != 5 ||
         BIO_read(bio2, buf, sizeof(buf)) != 5 ||
-        memcmp(buf, "12345", 5) != 0 ||
+        OPENSSL_memcmp(buf, "12345", 5) != 0 ||
         BIO_ctrl_get_write_guarantee(bio1) != 10) {
       return false;
     }
@@ -298,7 +298,7 @@
         BIO_write(bio1, "z", 1) != -1 ||
         !BIO_should_write(bio1) ||
         BIO_read(bio2, buf, sizeof(buf)) != 10 ||
-        memcmp(buf, "1234567890", 10) != 0 ||
+        OPENSSL_memcmp(buf, "1234567890", 10) != 0 ||
         BIO_ctrl_get_write_guarantee(bio1) != 10) {
       return false;
     }
@@ -323,10 +323,10 @@
         BIO_write(bio1, "67890___", 8) != 5 ||
         BIO_ctrl_get_write_guarantee(bio1) != 0 ||
         BIO_read(bio2, buf, 3) != 3 ||
-        memcmp(buf, "123", 3) != 0 ||
+        OPENSSL_memcmp(buf, "123", 3) != 0 ||
         BIO_ctrl_get_write_guarantee(bio1) != 3 ||
         BIO_read(bio2, buf, sizeof(buf)) != 7 ||
-        memcmp(buf, "4567890", 7) != 0 ||
+        OPENSSL_memcmp(buf, "4567890", 7) != 0 ||
         BIO_ctrl_get_write_guarantee(bio1) != 10) {
       return false;
     }
@@ -341,12 +341,12 @@
     if (BIO_write(bio1, "abcdefgh", 8) != 8 ||
         BIO_ctrl_get_write_guarantee(bio1) != 2 ||
         BIO_read(bio2, buf, 3) != 3 ||
-        memcmp(buf, "abc", 3) != 0 ||
+        OPENSSL_memcmp(buf, "abc", 3) != 0 ||
         BIO_ctrl_get_write_guarantee(bio1) != 5 ||
         BIO_write(bio1, "ijklm___", 8) != 5 ||
         BIO_ctrl_get_write_guarantee(bio1) != 0 ||
         BIO_read(bio2, buf, sizeof(buf)) != 10 ||
-        memcmp(buf, "defghijklm", 10) != 0 ||
+        OPENSSL_memcmp(buf, "defghijklm", 10) != 0 ||
         BIO_ctrl_get_write_guarantee(bio1) != 10) {
       return false;
     }
@@ -355,9 +355,9 @@
     if (BIO_write(bio1, "12345", 5) != 5 ||
         BIO_write(bio2, "67890", 5) != 5 ||
         BIO_read(bio2, buf, sizeof(buf)) != 5 ||
-        memcmp(buf, "12345", 5) != 0 ||
+        OPENSSL_memcmp(buf, "12345", 5) != 0 ||
         BIO_read(bio1, buf, sizeof(buf)) != 5 ||
-        memcmp(buf, "67890", 5) != 0) {
+        OPENSSL_memcmp(buf, "67890", 5) != 0) {
       return false;
     }
 
@@ -365,7 +365,7 @@
     if (BIO_write(bio1, "12345", 5) != 5 ||
         !BIO_shutdown_wr(bio1) ||
         BIO_read(bio2, buf, sizeof(buf)) != 5 ||
-        memcmp(buf, "12345", 5) != 0 ||
+        OPENSSL_memcmp(buf, "12345", 5) != 0 ||
         BIO_read(bio2, buf, sizeof(buf)) != 0) {
       return false;
     }
@@ -385,7 +385,7 @@
     // The other end is still functional.
     if (BIO_write(bio2, "12345", 5) != 5 ||
         BIO_read(bio1, buf, sizeof(buf)) != 5 ||
-        memcmp(buf, "12345", 5) != 0) {
+        OPENSSL_memcmp(buf, "12345", 5) != 0) {
       return false;
     }
   }
diff --git a/crypto/bio/buffer.c b/crypto/bio/buffer.c
index 1557451..bf8415c 100644
--- a/crypto/bio/buffer.c
+++ b/crypto/bio/buffer.c
@@ -62,6 +62,8 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 #define DEFAULT_BUFFER_SIZE 4096
 
@@ -94,7 +96,7 @@
   if (ctx == NULL) {
     return 0;
   }
-  memset(ctx, 0, sizeof(BIO_F_BUFFER_CTX));
+  OPENSSL_memset(ctx, 0, sizeof(BIO_F_BUFFER_CTX));
 
   ctx->ibuf = OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
   if (ctx->ibuf == NULL) {
@@ -158,7 +160,7 @@
       if (i > outl) {
         i = outl;
       }
-      memcpy(out, &ctx->ibuf[ctx->ibuf_off], i);
+      OPENSSL_memcpy(out, &ctx->ibuf[ctx->ibuf_off], i);
       ctx->ibuf_off += i;
       ctx->ibuf_len -= i;
       num += i;
@@ -222,7 +224,7 @@
     i = ctx->obuf_size - (ctx->obuf_off + ctx->obuf_len);
     /* add to buffer and return */
     if (i >= inl) {
-      memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, inl);
+      OPENSSL_memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, inl);
       ctx->obuf_len += inl;
       return num + inl;
     }
@@ -230,7 +232,7 @@
     /* stuff already in buffer, so add to it first, then flush */
     if (ctx->obuf_len != 0) {
       if (i > 0) {
-        memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, i);
+        OPENSSL_memcpy(&ctx->obuf[ctx->obuf_off + ctx->obuf_len], in, i);
         in += i;
         inl -= i;
         num += i;
diff --git a/crypto/bio/connect.c b/crypto/bio/connect.c
index 7e54447..f6cc837 100644
--- a/crypto/bio/connect.c
+++ b/crypto/bio/connect.c
@@ -77,6 +77,7 @@
 #include <openssl/mem.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 enum {
@@ -298,7 +299,7 @@
   if (ret == NULL) {
     return NULL;
   }
-  memset(ret, 0, sizeof(BIO_CONNECT));
+  OPENSSL_memset(ret, 0, sizeof(BIO_CONNECT));
 
   ret->state = BIO_CONN_S_BEFORE;
   return ret;
diff --git a/crypto/bio/hexdump.c b/crypto/bio/hexdump.c
index 8c35114..d55df62 100644
--- a/crypto/bio/hexdump.c
+++ b/crypto/bio/hexdump.c
@@ -59,6 +59,8 @@
 #include <limits.h>
 #include <string.h>
 
+#include "../internal.h"
+
 
 /* hexdump_ctx contains the state of a hexdump. */
 struct hexdump_ctx {
@@ -154,7 +156,7 @@
     return 1;
   }
 
-  memset(buf, ' ', 4);
+  OPENSSL_memset(buf, ' ', 4);
   buf[4] = '|';
 
   for (; ctx->used < 16; ctx->used++) {
@@ -179,7 +181,7 @@
 
 int BIO_hexdump(BIO *bio, const uint8_t *data, size_t len, unsigned indent) {
   struct hexdump_ctx ctx;
-  memset(&ctx, 0, sizeof(ctx));
+  OPENSSL_memset(&ctx, 0, sizeof(ctx));
   ctx.bio = bio;
   ctx.indent = indent;
 
diff --git a/crypto/bio/pair.c b/crypto/bio/pair.c
index df36343..e933a1d 100644
--- a/crypto/bio/pair.c
+++ b/crypto/bio/pair.c
@@ -59,6 +59,8 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 struct bio_bio_st {
   BIO *peer; /* NULL if buf == NULL.
@@ -86,7 +88,7 @@
   if (b == NULL) {
     return 0;
   }
-  memset(b, 0, sizeof(struct bio_bio_st));
+  OPENSSL_memset(b, 0, sizeof(struct bio_bio_st));
 
   b->size = 17 * 1024; /* enough for one TLS record (just a default) */
   bio->ptr = b;
@@ -207,7 +209,7 @@
     }
     assert(peer_b->offset + chunk <= peer_b->size);
 
-    memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+    OPENSSL_memcpy(buf, peer_b->buf + peer_b->offset, chunk);
 
     peer_b->len -= chunk;
     if (peer_b->len) {
@@ -287,7 +289,7 @@
       chunk = b->size - write_offset;
     }
 
-    memcpy(b->buf + write_offset, buf, chunk);
+    OPENSSL_memcpy(b->buf + write_offset, buf, chunk);
 
     b->len += chunk;
 
diff --git a/crypto/bio/socket_helper.c b/crypto/bio/socket_helper.c
index 9500788..268405a 100644
--- a/crypto/bio/socket_helper.c
+++ b/crypto/bio/socket_helper.c
@@ -33,6 +33,7 @@
 #endif
 
 #include "internal.h"
+#include "../internal.h"
 
 
 int bio_ip_and_port_to_socket_and_addr(int *out_sock,
@@ -45,7 +46,7 @@
 
   *out_sock = -1;
 
-  memset(&hint, 0, sizeof(hint));
+  OPENSSL_memset(&hint, 0, sizeof(hint));
   hint.ai_family = AF_UNSPEC;
   hint.ai_socktype = SOCK_STREAM;
 
@@ -62,8 +63,8 @@
     if ((size_t) cur->ai_addrlen > sizeof(struct sockaddr_storage)) {
       continue;
     }
-    memset(out_addr, 0, sizeof(struct sockaddr_storage));
-    memcpy(out_addr, cur->ai_addr, cur->ai_addrlen);
+    OPENSSL_memset(out_addr, 0, sizeof(struct sockaddr_storage));
+    OPENSSL_memcpy(out_addr, cur->ai_addr, cur->ai_addrlen);
     *out_addr_length = cur->ai_addrlen;
 
     *out_sock = socket(cur->ai_family, cur->ai_socktype, cur->ai_protocol);
diff --git a/crypto/bn/add.c b/crypto/bn/add.c
index 23f9f80..cfa3bbe 100644
--- a/crypto/bn/add.c
+++ b/crypto/bn/add.c
@@ -314,7 +314,7 @@
   }
 
   if (dif > 0 && rp != ap) {
-    memcpy(rp, ap, sizeof(*rp) * dif);
+    OPENSSL_memcpy(rp, ap, sizeof(*rp) * dif);
   }
 
   r->top = max;
diff --git a/crypto/bn/bn.c b/crypto/bn/bn.c
index 87d81d2..31bb937 100644
--- a/crypto/bn/bn.c
+++ b/crypto/bn/bn.c
@@ -73,14 +73,14 @@
     return NULL;
   }
 
-  memset(bn, 0, sizeof(BIGNUM));
+  OPENSSL_memset(bn, 0, sizeof(BIGNUM));
   bn->flags = BN_FLG_MALLOCED;
 
   return bn;
 }
 
 void BN_init(BIGNUM *bn) {
-  memset(bn, 0, sizeof(BIGNUM));
+  OPENSSL_memset(bn, 0, sizeof(BIGNUM));
 }
 
 void BN_free(BIGNUM *bn) {
@@ -149,7 +149,7 @@
     return NULL;
   }
 
-  memcpy(dest->d, src->d, sizeof(src->d[0]) * src->top);
+  OPENSSL_memcpy(dest->d, src->d, sizeof(src->d[0]) * src->top);
 
   dest->top = src->top;
   dest->neg = src->neg;
@@ -158,7 +158,7 @@
 
 void BN_clear(BIGNUM *bn) {
   if (bn->d != NULL) {
-    memset(bn->d, 0, bn->dmax * sizeof(bn->d[0]));
+    OPENSSL_memset(bn->d, 0, bn->dmax * sizeof(bn->d[0]));
   }
 
   bn->top = 0;
@@ -173,7 +173,7 @@
 }
 
 void BN_with_flags(BIGNUM *out, const BIGNUM *in, int flags) {
-  memcpy(out, in, sizeof(BIGNUM));
+  OPENSSL_memcpy(out, in, sizeof(BIGNUM));
   out->flags &= ~BN_FLG_MALLOCED;
   out->flags |= BN_FLG_STATIC_DATA | flags;
 }
@@ -292,7 +292,7 @@
   if (bn_wexpand(bn, num) == NULL) {
     return 0;
   }
-  memmove(bn->d, words, num * sizeof(BN_ULONG));
+  OPENSSL_memmove(bn->d, words, num * sizeof(BN_ULONG));
   /* |bn_wexpand| verified that |num| isn't too large. */
   bn->top = (int)num;
   bn_correct_top(bn);
@@ -335,7 +335,7 @@
     return NULL;
   }
 
-  memcpy(a, bn->d, sizeof(BN_ULONG) * bn->top);
+  OPENSSL_memcpy(a, bn->d, sizeof(BN_ULONG) * bn->top);
 
   OPENSSL_free(bn->d);
   bn->d = a;
diff --git a/crypto/bn/bn_test.cc b/crypto/bn/bn_test.cc
index 75ef17a..dfca2bc 100644
--- a/crypto/bn/bn_test.cc
+++ b/crypto/bn/bn_test.cc
@@ -680,7 +680,7 @@
 static bool TestBN2BinPadded(BN_CTX *ctx) {
   uint8_t zeros[256], out[256], reference[128];
 
-  memset(zeros, 0, sizeof(zeros));
+  OPENSSL_memset(zeros, 0, sizeof(zeros));
 
   // Test edge case at 0.
   bssl::UniquePtr<BIGNUM> n(BN_new());
@@ -689,13 +689,13 @@
             "BN_bn2bin_padded failed to encode 0 in an empty buffer.\n");
     return false;
   }
-  memset(out, -1, sizeof(out));
+  OPENSSL_memset(out, -1, sizeof(out));
   if (!BN_bn2bin_padded(out, sizeof(out), n.get())) {
     fprintf(stderr,
             "BN_bn2bin_padded failed to encode 0 in a non-empty buffer.\n");
     return false;
   }
-  if (memcmp(zeros, out, sizeof(out))) {
+  if (OPENSSL_memcmp(zeros, out, sizeof(out))) {
     fprintf(stderr, "BN_bn2bin_padded did not zero buffer.\n");
     return false;
   }
@@ -724,20 +724,21 @@
     }
     // Exactly right size should encode.
     if (!BN_bn2bin_padded(out, bytes, n.get()) ||
-        memcmp(out, reference, bytes) != 0) {
+        OPENSSL_memcmp(out, reference, bytes) != 0) {
       fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n");
       return false;
     }
     // Pad up one byte extra.
     if (!BN_bn2bin_padded(out, bytes + 1, n.get()) ||
-        memcmp(out + 1, reference, bytes) || memcmp(out, zeros, 1)) {
+        OPENSSL_memcmp(out + 1, reference, bytes) ||
+        OPENSSL_memcmp(out, zeros, 1)) {
       fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n");
       return false;
     }
     // Pad up to 256.
     if (!BN_bn2bin_padded(out, sizeof(out), n.get()) ||
-        memcmp(out + sizeof(out) - bytes, reference, bytes) ||
-        memcmp(out, zeros, sizeof(out) - bytes)) {
+        OPENSSL_memcmp(out + sizeof(out) - bytes, reference, bytes) ||
+        OPENSSL_memcmp(out, zeros, sizeof(out) - bytes)) {
       fprintf(stderr, "BN_bn2bin_padded gave a bad result.\n");
       return false;
     }
@@ -922,7 +923,7 @@
     }
 
     if (mpi_len != test.mpi_len ||
-        memcmp(test.mpi, scratch, mpi_len) != 0) {
+        OPENSSL_memcmp(test.mpi, scratch, mpi_len) != 0) {
       fprintf(stderr, "MPI test #%u failed:\n", (unsigned)i);
       hexdump(stderr, "Expected: ", test.mpi, test.mpi_len);
       hexdump(stderr, "Got:      ", scratch, mpi_len);
@@ -1062,7 +1063,8 @@
     }
     bssl::UniquePtr<uint8_t> delete_der(der);
     if (der_len != test.der_len ||
-        memcmp(der, reinterpret_cast<const uint8_t*>(test.der), der_len) != 0) {
+        OPENSSL_memcmp(der, reinterpret_cast<const uint8_t *>(test.der),
+                       der_len) != 0) {
       fprintf(stderr, "Bad serialization.\n");
       return false;
     }
diff --git a/crypto/bn/convert.c b/crypto/bn/convert.c
index 8f4b964..f03de9e 100644
--- a/crypto/bn/convert.c
+++ b/crypto/bn/convert.c
@@ -162,7 +162,7 @@
 int BN_bn2bin_padded(uint8_t *out, size_t len, const BIGNUM *in) {
   /* Special case for |in| = 0. Just branch as the probability is negligible. */
   if (BN_is_zero(in)) {
-    memset(out, 0, len);
+    OPENSSL_memset(out, 0, len);
     return 1;
   }
 
@@ -532,7 +532,7 @@
     /* If we cannot represent the number then we emit zero as the interface
      * doesn't allow an error to be signalled. */
     if (out) {
-      memset(out, 0, 4);
+      OPENSSL_memset(out, 0, 4);
     }
     return 4;
   }
diff --git a/crypto/bn/ctx.c b/crypto/bn/ctx.c
index 48d9adf..bca6619 100644
--- a/crypto/bn/ctx.c
+++ b/crypto/bn/ctx.c
@@ -59,6 +59,8 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 /* How many bignums are in each "pool item"; */
 #define BN_CTX_POOL_SIZE 16
@@ -218,7 +220,7 @@
       return 0;
     }
     if (st->depth) {
-      memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int));
+      OPENSSL_memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int));
     }
     OPENSSL_free(st->indexes);
     st->indexes = newitems;
diff --git a/crypto/bn/exponentiation.c b/crypto/bn/exponentiation.c
index e05859b..3161a2a 100644
--- a/crypto/bn/exponentiation.c
+++ b/crypto/bn/exponentiation.c
@@ -961,7 +961,7 @@
   }
 
   powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
-  memset(powerbuf, 0, powerbufLen);
+  OPENSSL_memset(powerbuf, 0, powerbufLen);
 
 #ifdef alloca
   if (powerbufLen < 3072) {
diff --git a/crypto/bn/montgomery.c b/crypto/bn/montgomery.c
index 9aa04d6..70f0585 100644
--- a/crypto/bn/montgomery.c
+++ b/crypto/bn/montgomery.c
@@ -132,7 +132,7 @@
     return NULL;
   }
 
-  memset(ret, 0, sizeof(BN_MONT_CTX));
+  OPENSSL_memset(ret, 0, sizeof(BN_MONT_CTX));
   BN_init(&ret->RR);
   BN_init(&ret->N);
 
@@ -281,7 +281,7 @@
 
   /* clear the top words of T */
   if (max > r->top) {
-    memset(&rp[r->top], 0, (max - r->top) * sizeof(BN_ULONG));
+    OPENSSL_memset(&rp[r->top], 0, (max - r->top) * sizeof(BN_ULONG));
   }
 
   r->top = max;
diff --git a/crypto/bn/mul.c b/crypto/bn/mul.c
index 06e53ee..fdf2c69 100644
--- a/crypto/bn/mul.c
+++ b/crypto/bn/mul.c
@@ -312,7 +312,8 @@
   if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
     bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
     if ((dna + dnb) < 0) {
-      memset(&r[2 * n2 + dna + dnb], 0, sizeof(BN_ULONG) * -(dna + dnb));
+      OPENSSL_memset(&r[2 * n2 + dna + dnb], 0,
+                     sizeof(BN_ULONG) * -(dna + dnb));
     }
     return;
   }
@@ -358,7 +359,7 @@
     if (!zero) {
       bn_mul_comba4(&(t[n2]), t, &(t[n]));
     } else {
-      memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG));
+      OPENSSL_memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG));
     }
 
     bn_mul_comba4(r, a, b);
@@ -368,7 +369,7 @@
     if (!zero) {
       bn_mul_comba8(&(t[n2]), t, &(t[n]));
     } else {
-      memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG));
+      OPENSSL_memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG));
     }
 
     bn_mul_comba8(r, a, b);
@@ -378,7 +379,7 @@
     if (!zero) {
       bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
     } else {
-      memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+      OPENSSL_memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
     }
     bn_mul_recursive(r, a, b, n, 0, 0, p);
     bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
@@ -473,7 +474,7 @@
     bn_mul_comba8(&(t[n2]), t, &(t[n]));
     bn_mul_comba8(r, a, b);
     bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
-    memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb));
+    OPENSSL_memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb));
   } else {
     p = &(t[n2 * 2]);
     bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
@@ -489,14 +490,15 @@
 
     if (j == 0) {
       bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p);
-      memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2));
+      OPENSSL_memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2));
     } else if (j > 0) {
       /* eg, n == 16, i == 8 and tn == 11 */
       bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]), i, tna - i, tnb - i, p);
-      memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb));
+      OPENSSL_memset(&(r[n2 + tna + tnb]), 0,
+                     sizeof(BN_ULONG) * (n2 - tna - tnb));
     } else {
       /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
-      memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2);
+      OPENSSL_memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2);
       if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL &&
           tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
         bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
@@ -735,7 +737,7 @@
   if (!zero) {
     bn_sqr_recursive(&(t[n2]), t, n, p);
   } else {
-    memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+    OPENSSL_memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
   }
   bn_sqr_recursive(r, a, n, p);
   bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);
diff --git a/crypto/bn/random.c b/crypto/bn/random.c
index ecf43c1..6f922c0 100644
--- a/crypto/bn/random.c
+++ b/crypto/bn/random.c
@@ -115,6 +115,9 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
+#include "../internal.h"
+
+
 int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) {
   uint8_t *buf = NULL;
   int ret = 0, bit, bytes, mask;
@@ -298,8 +301,8 @@
     OPENSSL_PUT_ERROR(BN, BN_R_PRIVATE_KEY_TOO_LARGE);
     goto err;
   }
-  memcpy(private_bytes, priv->d, todo);
-  memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
+  OPENSSL_memcpy(private_bytes, priv->d, todo);
+  OPENSSL_memset(private_bytes + todo, 0, sizeof(private_bytes) - todo);
 
   for (attempt = 0;; attempt++) {
     for (done = 0; done < num_k_bytes;) {
@@ -318,7 +321,7 @@
       if (todo > SHA512_DIGEST_LENGTH) {
         todo = SHA512_DIGEST_LENGTH;
       }
-      memcpy(k_bytes + done, digest, todo);
+      OPENSSL_memcpy(k_bytes + done, digest, todo);
       done += todo;
     }
 
diff --git a/crypto/bn/shift.c b/crypto/bn/shift.c
index 22006d1..dc9b795 100644
--- a/crypto/bn/shift.c
+++ b/crypto/bn/shift.c
@@ -94,7 +94,7 @@
       t[nw + i] = (l << lb) & BN_MASK2;
     }
   }
-  memset(t, 0, nw * sizeof(t[0]));
+  OPENSSL_memset(t, 0, nw * sizeof(t[0]));
   r->top = a->top + nw + 1;
   bn_correct_top(r);
 
diff --git a/crypto/buf/buf.c b/crypto/buf/buf.c
index efe9952..ca1d70b 100644
--- a/crypto/buf/buf.c
+++ b/crypto/buf/buf.c
@@ -61,6 +61,8 @@
 #include <openssl/mem.h>
 #include <openssl/err.h>
 
+#include "../internal.h"
+
 
 BUF_MEM *BUF_MEM_new(void) {
   BUF_MEM *ret;
@@ -71,7 +73,7 @@
     return NULL;
   }
 
-  memset(ret, 0, sizeof(BUF_MEM));
+  OPENSSL_memset(ret, 0, sizeof(BUF_MEM));
   return ret;
 }
 
@@ -137,7 +139,7 @@
     return 0;
   }
   if (buf->length < len) {
-    memset(&buf->data[buf->length], 0, len - buf->length);
+    OPENSSL_memset(&buf->data[buf->length], 0, len - buf->length);
   }
   buf->length = len;
   return len;
@@ -193,7 +195,7 @@
     return NULL;
   }
 
-  memcpy(ret, buf, size);
+  OPENSSL_memcpy(ret, buf, size);
   ret[size] = '\0';
   return ret;
 }
@@ -234,6 +236,6 @@
     return NULL;
   }
 
-  memcpy(ret, data, dst_size);
+  OPENSSL_memcpy(ret, data, dst_size);
   return ret;
 }
diff --git a/crypto/bytestring/asn1_compat.c b/crypto/bytestring/asn1_compat.c
index b17d2d1..50df9cc 100644
--- a/crypto/bytestring/asn1_compat.c
+++ b/crypto/bytestring/asn1_compat.c
@@ -22,6 +22,7 @@
 #include <openssl/mem.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 int CBB_finish_i2d(CBB *cbb, uint8_t **outp) {
@@ -42,7 +43,7 @@
       *outp = der;
       der = NULL;
     } else {
-      memcpy(*outp, der, der_len);
+      OPENSSL_memcpy(*outp, der, der_len);
       *outp += der_len;
     }
   }
diff --git a/crypto/bytestring/ber.c b/crypto/bytestring/ber.c
index 04fcac6..ee3cd0a 100644
--- a/crypto/bytestring/ber.c
+++ b/crypto/bytestring/ber.c
@@ -18,6 +18,7 @@
 #include <string.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 /* kMaxDepth is a just a sanity limit. The code should be such that the length
@@ -100,7 +101,7 @@
  * |CBS_get_any_ber_asn1_element|, indicate an "end of contents" (EOC) value. */
 static char is_eoc(size_t header_len, CBS *contents) {
   return header_len == 2 && CBS_len(contents) == 2 &&
-         memcmp(CBS_data(contents), "\x00\x00", 2) == 0;
+         OPENSSL_memcmp(CBS_data(contents), "\x00\x00", 2) == 0;
 }
 
 /* cbs_convert_ber reads BER data from |in| and writes DER data to |out|. If
diff --git a/crypto/bytestring/bytestring_test.cc b/crypto/bytestring/bytestring_test.cc
index 12275d6..6ec6fcf 100644
--- a/crypto/bytestring/bytestring_test.cc
+++ b/crypto/bytestring/bytestring_test.cc
@@ -132,7 +132,7 @@
   }
   if (!CBS_get_asn1(&data, &contents, 0x30) ||
       CBS_len(&contents) != 2 ||
-      memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) {
+      OPENSSL_memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) {
     return false;
   }
 
@@ -193,7 +193,7 @@
       !CBS_get_optional_asn1(&data, &contents, &present, 0xa1) ||
       !present ||
       CBS_len(&contents) != 3 ||
-      memcmp(CBS_data(&contents), "\x04\x01\x01", 3) != 0) {
+      OPENSSL_memcmp(CBS_data(&contents), "\x04\x01\x01", 3) != 0) {
     return false;
   }
 
@@ -235,7 +235,7 @@
   if (!CBS_get_any_asn1(&data, &contents, &tag) ||
       tag != CBS_ASN1_SEQUENCE ||
       CBS_len(&contents) != 2 ||
-      memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) {
+      OPENSSL_memcmp(CBS_data(&contents), "\x01\x02", 2) != 0) {
     return false;
   }
 
@@ -245,7 +245,7 @@
       tag != CBS_ASN1_SEQUENCE ||
       header_len != 2 ||
       CBS_len(&contents) != 4 ||
-      memcmp(CBS_data(&contents), "\x30\x02\x01\x02", 2) != 0) {
+      OPENSSL_memcmp(CBS_data(&contents), "\x30\x02\x01\x02", 2) != 0) {
     return false;
   }
 
@@ -312,7 +312,8 @@
   }
 
   bssl::UniquePtr<uint8_t> scoper(buf);
-  return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0;
+  return buf_len == sizeof(kExpected) &&
+         OPENSSL_memcmp(buf, kExpected, buf_len) == 0;
 }
 
 static bool TestCBBFixed() {
@@ -396,7 +397,8 @@
   }
 
   bssl::UniquePtr<uint8_t> scoper(buf);
-  return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0;
+  return buf_len == sizeof(kExpected) &&
+         OPENSSL_memcmp(buf, kExpected, buf_len) == 0;
 }
 
 static bool TestCBBDiscardChild() {
@@ -445,7 +447,8 @@
         0, 0, 3, 0xdd, 0xdd, 0xdd,
         1, 0xff,
   };
-  return buf_len == sizeof(kExpected) && memcmp(buf, kExpected, buf_len) == 0;
+  return buf_len == sizeof(kExpected) &&
+         OPENSSL_memcmp(buf, kExpected, buf_len) == 0;
 }
 
 static bool TestCBBMisuse() {
@@ -484,7 +487,7 @@
   bssl::UniquePtr<uint8_t> scoper(buf);
 
   if (buf_len != 3 ||
-      memcmp(buf, "\x01\x01\x02", 3) != 0) {
+      OPENSSL_memcmp(buf, "\x01\x01\x02", 3) != 0) {
     return false;
   }
   return true;
@@ -507,7 +510,8 @@
   }
   bssl::UniquePtr<uint8_t> scoper(buf);
 
-  if (buf_len != sizeof(kExpected) || memcmp(buf, kExpected, buf_len) != 0) {
+  if (buf_len != sizeof(kExpected) ||
+      OPENSSL_memcmp(buf, kExpected, buf_len) != 0) {
     return false;
   }
 
@@ -525,8 +529,8 @@
   scoper.reset(buf);
 
   if (buf_len != 3 + 130 ||
-      memcmp(buf, "\x30\x81\x82", 3) != 0 ||
-      memcmp(buf + 3, test_data.data(), 130) != 0) {
+      OPENSSL_memcmp(buf, "\x30\x81\x82", 3) != 0 ||
+      OPENSSL_memcmp(buf + 3, test_data.data(), 130) != 0) {
     return false;
   }
 
@@ -542,8 +546,8 @@
   scoper.reset(buf);
 
   if (buf_len != 4 + 1000 ||
-      memcmp(buf, "\x30\x82\x03\xe8", 4) != 0 ||
-      memcmp(buf + 4, test_data.data(), 1000)) {
+      OPENSSL_memcmp(buf, "\x30\x82\x03\xe8", 4) != 0 ||
+      OPENSSL_memcmp(buf + 4, test_data.data(), 1000)) {
     return false;
   }
 
@@ -560,8 +564,9 @@
   scoper.reset(buf);
 
   if (buf_len != 5 + 5 + 100000 ||
-      memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) != 0 ||
-      memcmp(buf + 10, test_data.data(), 100000)) {
+      OPENSSL_memcmp(buf, "\x30\x83\x01\x86\xa5\x30\x83\x01\x86\xa0", 10) !=
+          0 ||
+      OPENSSL_memcmp(buf + 10, test_data.data(), 100000)) {
     return false;
   }
 
@@ -584,7 +589,7 @@
 
   if (out == NULL) {
     if (ber_len != der_len ||
-        memcmp(der_expected, ber, ber_len) != 0) {
+        OPENSSL_memcmp(der_expected, ber, ber_len) != 0) {
       fprintf(stderr, "%s: incorrect unconverted result.\n", name);
       return false;
     }
@@ -593,7 +598,7 @@
   }
 
   if (out_len != der_len ||
-      memcmp(out, der_expected, der_len) != 0) {
+      OPENSSL_memcmp(out, der_expected, der_len) != 0) {
     fprintf(stderr, "%s: incorrect converted result.\n", name);
     return false;
   }
@@ -702,7 +707,7 @@
     }
 
     if (ok && (CBS_len(&out) != test.out_len ||
-               memcmp(CBS_data(&out), test.out, test.out_len) != 0)) {
+               OPENSSL_memcmp(CBS_data(&out), test.out, test.out_len) != 0)) {
       fprintf(stderr, "CBS_get_asn1_implicit_string gave the wrong output\n");
       return false;
     }
@@ -772,7 +777,8 @@
       return false;
     }
     bssl::UniquePtr<uint8_t> scoper(out);
-    if (len != test->encoding_len || memcmp(out, test->encoding, len) != 0) {
+    if (len != test->encoding_len ||
+        OPENSSL_memcmp(out, test->encoding, len) != 0) {
       return false;
     }
   }
diff --git a/crypto/bytestring/cbb.c b/crypto/bytestring/cbb.c
index 2d65be8..14116be 100644
--- a/crypto/bytestring/cbb.c
+++ b/crypto/bytestring/cbb.c
@@ -19,9 +19,11 @@
 
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 void CBB_zero(CBB *cbb) {
-  memset(cbb, 0, sizeof(CBB));
+  OPENSSL_memset(cbb, 0, sizeof(CBB));
 }
 
 static int cbb_init(CBB *cbb, uint8_t *buf, size_t cap) {
@@ -252,8 +254,8 @@
       if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) {
         goto err;
       }
-      memmove(cbb->base->buf + child_start + extra_bytes,
-              cbb->base->buf + child_start, len);
+      OPENSSL_memmove(cbb->base->buf + child_start + extra_bytes,
+                      cbb->base->buf + child_start, len);
     }
     cbb->base->buf[cbb->child->offset++] = initial_length_byte;
     cbb->child->pending_len_len = len_len - 1;
@@ -303,8 +305,8 @@
     return 0;
   }
 
-  memset(prefix_bytes, 0, len_len);
-  memset(out_contents, 0, sizeof(CBB));
+  OPENSSL_memset(prefix_bytes, 0, len_len);
+  OPENSSL_memset(out_contents, 0, sizeof(CBB));
   out_contents->base = cbb->base;
   cbb->child = out_contents;
   cbb->child->offset = offset;
@@ -346,7 +348,7 @@
     return 0;
   }
 
-  memset(out_contents, 0, sizeof(CBB));
+  OPENSSL_memset(out_contents, 0, sizeof(CBB));
   out_contents->base = cbb->base;
   cbb->child = out_contents;
   cbb->child->offset = offset;
@@ -363,7 +365,7 @@
       !cbb_buffer_add(cbb->base, &dest, len)) {
     return 0;
   }
-  memcpy(dest, data, len);
+  OPENSSL_memcpy(dest, data, len);
   return 1;
 }
 
diff --git a/crypto/bytestring/cbs.c b/crypto/bytestring/cbs.c
index 132fe03..14c55a4 100644
--- a/crypto/bytestring/cbs.c
+++ b/crypto/bytestring/cbs.c
@@ -20,6 +20,7 @@
 #include <string.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 void CBS_init(CBS *cbs, const uint8_t *data, size_t len) {
@@ -76,7 +77,7 @@
 }
 
 int CBS_contains_zero_byte(const CBS *cbs) {
-  return memchr(cbs->data, 0, cbs->len) != NULL;
+  return OPENSSL_memchr(cbs->data, 0, cbs->len) != NULL;
 }
 
 int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) {
@@ -150,7 +151,7 @@
   if (!cbs_get(cbs, &v, len)) {
     return 0;
   }
-  memcpy(out, v, len);
+  OPENSSL_memcpy(out, v, len);
   return 1;
 }
 
diff --git a/crypto/chacha/chacha.c b/crypto/chacha/chacha.c
index feaa98a..fe32596 100644
--- a/crypto/chacha/chacha.c
+++ b/crypto/chacha/chacha.c
@@ -96,7 +96,7 @@
   uint32_t x[16];
   int i;
 
-  memcpy(x, input, sizeof(uint32_t) * 16);
+  OPENSSL_memcpy(x, input, sizeof(uint32_t) * 16);
   for (i = 20; i > 0; i -= 2) {
     QUARTERROUND(0, 4, 8, 12)
     QUARTERROUND(1, 5, 9, 13)
diff --git a/crypto/chacha/chacha_test.cc b/crypto/chacha/chacha_test.cc
index 0a5972f..6bfb03e 100644
--- a/crypto/chacha/chacha_test.cc
+++ b/crypto/chacha/chacha_test.cc
@@ -21,6 +21,8 @@
 #include <openssl/crypto.h>
 #include <openssl/chacha.h>
 
+#include "../internal.h"
+
 
 static const uint8_t kKey[32] = {
     0x98, 0xbe, 0xf1, 0x46, 0x9b, 0xe7, 0x26, 0x98, 0x37, 0xa4, 0x5b,
@@ -217,15 +219,15 @@
 static bool TestChaCha20(size_t len) {
   std::unique_ptr<uint8_t[]> buf(new uint8_t[len]);
   CRYPTO_chacha_20(buf.get(), kInput, len, kKey, kNonce, kCounter);
-  if (memcmp(buf.get(), kOutput, len) != 0) {
+  if (OPENSSL_memcmp(buf.get(), kOutput, len) != 0) {
     fprintf(stderr, "Mismatch at length %zu.\n", len);
     return false;
   }
 
   // Test in-place.
-  memcpy(buf.get(), kInput, len);
+  OPENSSL_memcpy(buf.get(), kInput, len);
   CRYPTO_chacha_20(buf.get(), buf.get(), len, kKey, kNonce, kCounter);
-  if (memcmp(buf.get(), kOutput, len) != 0) {
+  if (OPENSSL_memcmp(buf.get(), kOutput, len) != 0) {
     fprintf(stderr, "Mismatch at length %zu, in-place.\n", len);
     return false;
   }
diff --git a/crypto/cipher/aead.c b/crypto/cipher/aead.c
index 2d56715..b5ff48a 100644
--- a/crypto/cipher/aead.c
+++ b/crypto/cipher/aead.c
@@ -32,7 +32,7 @@
 size_t EVP_AEAD_max_tag_len(const EVP_AEAD *aead) { return aead->max_tag_len; }
 
 void EVP_AEAD_CTX_zero(EVP_AEAD_CTX *ctx) {
-  memset(ctx, 0, sizeof(EVP_AEAD_CTX));
+  OPENSSL_memset(ctx, 0, sizeof(EVP_AEAD_CTX));
 }
 
 int EVP_AEAD_CTX_init(EVP_AEAD_CTX *ctx, const EVP_AEAD *aead,
@@ -116,7 +116,7 @@
 error:
   /* In the event of an error, clear the output buffer so that a caller
    * that doesn't check the return value doesn't send raw data. */
-  memset(out, 0, max_out_len);
+  OPENSSL_memset(out, 0, max_out_len);
   *out_len = 0;
   return 0;
 }
@@ -139,7 +139,7 @@
   /* In the event of an error, clear the output buffer so that a caller
    * that doesn't check the return value doesn't try and process bad
    * data. */
-  memset(out, 0, max_out_len);
+  OPENSSL_memset(out, 0, max_out_len);
   *out_len = 0;
   return 0;
 }
diff --git a/crypto/cipher/aead_test.cc b/crypto/cipher/aead_test.cc
index 313f041..0c95fb4 100644
--- a/crypto/cipher/aead_test.cc
+++ b/crypto/cipher/aead_test.cc
@@ -21,6 +21,7 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 
+#include "../internal.h"
 #include "../test/file_test.h"
 
 
@@ -86,8 +87,8 @@
     }
   } else {
     out.resize(ct.size() + tag.size());
-    memcpy(out.data(), ct.data(), ct.size());
-    memcpy(out.data() + ct.size(), tag.data(), tag.size());
+    OPENSSL_memcpy(out.data(), ct.data(), ct.size());
+    OPENSSL_memcpy(out.data() + ct.size(), tag.data(), tag.size());
   }
 
   // The "stateful" AEADs for implementing pre-AEAD cipher suites need to be
@@ -170,7 +171,7 @@
   EVP_AEAD_CTX ctx;
   uint8_t key[128];
 
-  memset(key, 0, sizeof(key));
+  OPENSSL_memset(key, 0, sizeof(key));
   const size_t key_len = EVP_AEAD_key_length(aead);
   if (key_len > sizeof(key)) {
     fprintf(stderr, "Key length of AEAD too long.\n");
@@ -239,7 +240,7 @@
   uint8_t *out1 = buffer.data();
   uint8_t *out2 = buffer.data() + 2;
 
-  memcpy(in, kPlaintext, sizeof(kPlaintext));
+  OPENSSL_memcpy(in, kPlaintext, sizeof(kPlaintext));
   size_t out_len;
   if (EVP_AEAD_CTX_seal(ctx.get(), out1, &out_len,
                         sizeof(kPlaintext) + max_overhead, nonce.data(),
@@ -252,7 +253,7 @@
   }
   ERR_clear_error();
 
-  memcpy(in, valid_encryption.data(), valid_encryption_len);
+  OPENSSL_memcpy(in, valid_encryption.data(), valid_encryption_len);
   if (EVP_AEAD_CTX_open(ctx.get(), out1, &out_len, valid_encryption_len,
                         nonce.data(), nonce_len, in, valid_encryption_len,
                         nullptr, 0) ||
@@ -265,7 +266,7 @@
   ERR_clear_error();
 
   // Test with out == in, which we expect to work.
-  memcpy(in, kPlaintext, sizeof(kPlaintext));
+  OPENSSL_memcpy(in, kPlaintext, sizeof(kPlaintext));
 
   if (!EVP_AEAD_CTX_seal(ctx.get(), in, &out_len,
                          sizeof(kPlaintext) + max_overhead, nonce.data(),
@@ -275,12 +276,12 @@
   }
 
   if (out_len != valid_encryption_len ||
-      memcmp(in, valid_encryption.data(), out_len) != 0) {
+      OPENSSL_memcmp(in, valid_encryption.data(), out_len) != 0) {
     fprintf(stderr, "EVP_AEAD_CTX_seal produced bad output in-place.\n");
     return false;
   }
 
-  memcpy(in, valid_encryption.data(), valid_encryption_len);
+  OPENSSL_memcpy(in, valid_encryption.data(), valid_encryption_len);
   if (!EVP_AEAD_CTX_open(ctx.get(), in, &out_len, valid_encryption_len,
                          nonce.data(), nonce_len, in, valid_encryption_len,
                          nullptr, 0)) {
@@ -289,7 +290,7 @@
   }
 
   if (out_len != sizeof(kPlaintext) ||
-      memcmp(in, kPlaintext, out_len) != 0) {
+      OPENSSL_memcmp(in, kPlaintext, out_len) != 0) {
     fprintf(stderr, "EVP_AEAD_CTX_open produced bad output in-place.\n");
     return false;
   }
diff --git a/crypto/cipher/cipher.c b/crypto/cipher/cipher.c
index f61c59f..ae045ae 100644
--- a/crypto/cipher/cipher.c
+++ b/crypto/cipher/cipher.c
@@ -64,6 +64,7 @@
 #include <openssl/nid.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 const EVP_CIPHER *EVP_get_cipherbynid(int nid) {
@@ -88,7 +89,7 @@
 }
 
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) {
-  memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
+  OPENSSL_memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
 }
 
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) {
@@ -108,7 +109,7 @@
   }
   OPENSSL_free(c->cipher_data);
 
-  memset(c, 0, sizeof(EVP_CIPHER_CTX));
+  OPENSSL_memset(c, 0, sizeof(EVP_CIPHER_CTX));
   return 1;
 }
 
@@ -126,7 +127,7 @@
   }
 
   EVP_CIPHER_CTX_cleanup(out);
-  memcpy(out, in, sizeof(EVP_CIPHER_CTX));
+  OPENSSL_memcpy(out, in, sizeof(EVP_CIPHER_CTX));
 
   if (in->cipher_data && in->cipher->ctx_size) {
     out->cipher_data = OPENSSL_malloc(in->cipher->ctx_size);
@@ -134,7 +135,7 @@
       OPENSSL_PUT_ERROR(CIPHER, ERR_R_MALLOC_FAILURE);
       return 0;
     }
-    memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
+    OPENSSL_memcpy(out->cipher_data, in->cipher_data, in->cipher->ctx_size);
   }
 
   if (in->cipher->flags & EVP_CIPH_CUSTOM_COPY) {
@@ -210,9 +211,9 @@
       case EVP_CIPH_CBC_MODE:
         assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv));
         if (iv) {
-          memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+          OPENSSL_memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
         }
-        memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+        OPENSSL_memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
         break;
 
       case EVP_CIPH_CTR_MODE:
@@ -220,7 +221,7 @@
         ctx->num = 0;
         /* Don't reuse IV for CTR mode */
         if (iv) {
-          memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+          OPENSSL_memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
         }
         break;
 
@@ -285,13 +286,13 @@
   assert(bl <= (int)sizeof(ctx->buf));
   if (i != 0) {
     if (bl - i > in_len) {
-      memcpy(&ctx->buf[i], in, in_len);
+      OPENSSL_memcpy(&ctx->buf[i], in, in_len);
       ctx->buf_len += in_len;
       *out_len = 0;
       return 1;
     } else {
       j = bl - i;
-      memcpy(&ctx->buf[i], in, j);
+      OPENSSL_memcpy(&ctx->buf[i], in, j);
       if (!ctx->cipher->cipher(ctx, out, ctx->buf, bl)) {
         return 0;
       }
@@ -314,7 +315,7 @@
   }
 
   if (i != 0) {
-    memcpy(ctx->buf, &in[in_len], i);
+    OPENSSL_memcpy(ctx->buf, &in[in_len], i);
   }
   ctx->buf_len = i;
   return 1;
@@ -393,7 +394,7 @@
   assert(b <= sizeof(ctx->final));
 
   if (ctx->final_used) {
-    memcpy(out, ctx->final, b);
+    OPENSSL_memcpy(out, ctx->final, b);
     out += b;
     fix_len = 1;
   } else {
@@ -409,7 +410,7 @@
   if (b > 1 && !ctx->buf_len) {
     *out_len -= b;
     ctx->final_used = 1;
-    memcpy(ctx->final, &out[*out_len], b);
+    OPENSSL_memcpy(ctx->final, &out[*out_len], b);
   } else {
     ctx->final_used = 0;
   }
diff --git a/crypto/cipher/e_aes.c b/crypto/cipher/e_aes.c
index f99022f..0e9a7cd 100644
--- a/crypto/cipher/e_aes.c
+++ b/crypto/cipher/e_aes.c
@@ -479,7 +479,7 @@
     if (gctx->key_set) {
       CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen);
     } else {
-      memcpy(gctx->iv, iv, gctx->ivlen);
+      OPENSSL_memcpy(gctx->iv, iv, gctx->ivlen);
     }
     gctx->iv_set = 1;
     gctx->iv_gen = 0;
@@ -545,7 +545,7 @@
       if (arg <= 0 || arg > 16 || c->encrypt) {
         return 0;
       }
-      memcpy(c->buf, ptr, arg);
+      OPENSSL_memcpy(c->buf, ptr, arg);
       gctx->taglen = arg;
       return 1;
 
@@ -553,13 +553,13 @@
       if (arg <= 0 || arg > 16 || !c->encrypt || gctx->taglen < 0) {
         return 0;
       }
-      memcpy(ptr, c->buf, arg);
+      OPENSSL_memcpy(ptr, c->buf, arg);
       return 1;
 
     case EVP_CTRL_GCM_SET_IV_FIXED:
       /* Special case: -1 length restores whole IV */
       if (arg == -1) {
-        memcpy(gctx->iv, ptr, gctx->ivlen);
+        OPENSSL_memcpy(gctx->iv, ptr, gctx->ivlen);
         gctx->iv_gen = 1;
         return 1;
       }
@@ -569,7 +569,7 @@
         return 0;
       }
       if (arg) {
-        memcpy(gctx->iv, ptr, arg);
+        OPENSSL_memcpy(gctx->iv, ptr, arg);
       }
       if (c->encrypt && !RAND_bytes(gctx->iv + arg, gctx->ivlen - arg)) {
         return 0;
@@ -585,7 +585,7 @@
       if (arg <= 0 || arg > gctx->ivlen) {
         arg = gctx->ivlen;
       }
-      memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
+      OPENSSL_memcpy(ptr, gctx->iv + gctx->ivlen - arg, arg);
       /* Invocation field will be at least 8 bytes in size and
        * so no need to check wrap around or increment more than
        * last 8 bytes. */
@@ -597,7 +597,7 @@
       if (gctx->iv_gen == 0 || gctx->key_set == 0 || c->encrypt) {
         return 0;
       }
-      memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
+      OPENSSL_memcpy(gctx->iv + gctx->ivlen - arg, ptr, arg);
       CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, gctx->iv, gctx->ivlen);
       gctx->iv_set = 1;
       return 1;
@@ -612,7 +612,7 @@
         if (!gctx_out->iv) {
           return 0;
         }
-        memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
+        OPENSSL_memcpy(gctx_out->iv, gctx->iv, gctx->ivlen);
       }
       return 1;
     }
@@ -860,7 +860,7 @@
     if (gctx->key_set) {
       CRYPTO_gcm128_setiv(&gctx->gcm, &gctx->ks.ks, iv, gctx->ivlen);
     } else {
-      memcpy(gctx->iv, iv, gctx->ivlen);
+      OPENSSL_memcpy(gctx->iv, iv, gctx->ivlen);
     }
     gctx->iv_set = 1;
     gctx->iv_gen = 0;
@@ -1073,7 +1073,7 @@
 
   const AES_KEY *key = &gcm_ctx->ks.ks;
 
-  memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
+  OPENSSL_memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
   CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len);
 
   if (ad_len > 0 && !CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
@@ -1120,7 +1120,7 @@
 
   const AES_KEY *key = &gcm_ctx->ks.ks;
 
-  memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
+  OPENSSL_memcpy(&gcm, &gcm_ctx->gcm, sizeof(gcm));
   CRYPTO_gcm128_setiv(&gcm, key, nonce, nonce_len);
 
   if (!CRYPTO_gcm128_aad(&gcm, ad, ad_len)) {
@@ -1198,8 +1198,8 @@
                       const uint8_t hmac_key[32]) {
   static const size_t hmac_key_len = 32;
   uint8_t block[SHA256_CBLOCK];
-  memcpy(block, hmac_key, hmac_key_len);
-  memset(block + hmac_key_len, 0x36, sizeof(block) - hmac_key_len);
+  OPENSSL_memcpy(block, hmac_key, hmac_key_len);
+  OPENSSL_memset(block + hmac_key_len, 0x36, sizeof(block) - hmac_key_len);
 
   unsigned i;
   for (i = 0; i < hmac_key_len; i++) {
@@ -1209,7 +1209,7 @@
   SHA256_Init(out_inner);
   SHA256_Update(out_inner, block, sizeof(block));
 
-  memset(block + hmac_key_len, 0x5c, sizeof(block) - hmac_key_len);
+  OPENSSL_memset(block + hmac_key_len, 0x5c, sizeof(block) - hmac_key_len);
   for (i = 0; i < hmac_key_len; i++) {
     block[i] ^= (0x36 ^ 0x5c);
   }
@@ -1284,7 +1284,7 @@
                            const uint8_t *nonce, const uint8_t *ciphertext,
                            size_t ciphertext_len) {
   SHA256_CTX sha256;
-  memcpy(&sha256, inner_init_state, sizeof(sha256));
+  OPENSSL_memcpy(&sha256, inner_init_state, sizeof(sha256));
   hmac_update_uint64(&sha256, ad_len);
   hmac_update_uint64(&sha256, ciphertext_len);
   SHA256_Update(&sha256, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN);
@@ -1297,7 +1297,7 @@
                         SHA256_CBLOCK)) %
       SHA256_CBLOCK;
   uint8_t padding[SHA256_CBLOCK];
-  memset(padding, 0, num_padding);
+  OPENSSL_memset(padding, 0, num_padding);
   SHA256_Update(&sha256, padding, num_padding);
 
   SHA256_Update(&sha256, ciphertext, ciphertext_len);
@@ -1305,7 +1305,7 @@
   uint8_t inner_digest[SHA256_DIGEST_LENGTH];
   SHA256_Final(inner_digest, &sha256);
 
-  memcpy(&sha256, outer_init_state, sizeof(sha256));
+  OPENSSL_memcpy(&sha256, outer_init_state, sizeof(sha256));
   SHA256_Update(&sha256, inner_digest, sizeof(inner_digest));
   SHA256_Final(out, &sha256);
 }
@@ -1317,11 +1317,11 @@
    * bytes is pointless. However, |CRYPTO_ctr128_encrypt| requires it. */
   uint8_t partial_block_buffer[AES_BLOCK_SIZE];
   unsigned partial_block_offset = 0;
-  memset(partial_block_buffer, 0, sizeof(partial_block_buffer));
+  OPENSSL_memset(partial_block_buffer, 0, sizeof(partial_block_buffer));
 
   uint8_t counter[AES_BLOCK_SIZE];
-  memcpy(counter, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN);
-  memset(counter + EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN, 0, 4);
+  OPENSSL_memcpy(counter, nonce, EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN);
+  OPENSSL_memset(counter + EVP_AEAD_AES_CTR_HMAC_SHA256_NONCE_LEN, 0, 4);
 
   if (aes_ctx->ctr) {
     CRYPTO_ctr128_encrypt_ctr32(in, out, len, &aes_ctx->ks.ks, counter,
@@ -1364,7 +1364,7 @@
   uint8_t hmac_result[SHA256_DIGEST_LENGTH];
   hmac_calculate(hmac_result, &aes_ctx->inner_init_state,
                  &aes_ctx->outer_init_state, ad, ad_len, nonce, out, in_len);
-  memcpy(out + in_len, hmac_result, aes_ctx->tag_len);
+  OPENSSL_memcpy(out + in_len, hmac_result, aes_ctx->tag_len);
   *out_len = in_len + aes_ctx->tag_len;
 
   return 1;
@@ -1482,7 +1482,7 @@
   if (gcm_siv_ctx == NULL) {
     return 0;
   }
-  memset(gcm_siv_ctx, 0, sizeof(struct aead_aes_gcm_siv_ctx));
+  OPENSSL_memset(gcm_siv_ctx, 0, sizeof(struct aead_aes_gcm_siv_ctx));
 
   if (aesni_capable()) {
     aesni_set_encrypt_key(key, key_len * 8, &gcm_siv_ctx->ks.ks);
@@ -1525,7 +1525,7 @@
     uint8_t c[16];
   } counter;
 
-  memcpy(counter.c, initial_counter, AES_BLOCK_SIZE);
+  OPENSSL_memcpy(counter.c, initial_counter, AES_BLOCK_SIZE);
   counter.c[15] |= 0x80;
 
   for (size_t done = 0; done < in_len;) {
@@ -1558,15 +1558,15 @@
 
   uint8_t scratch[16];
   if (ad_len & 15) {
-    memset(scratch, 0, sizeof(scratch));
-    memcpy(scratch, &ad[ad_len & ~15], ad_len & 15);
+    OPENSSL_memset(scratch, 0, sizeof(scratch));
+    OPENSSL_memcpy(scratch, &ad[ad_len & ~15], ad_len & 15);
     CRYPTO_POLYVAL_update_blocks(&polyval_ctx, scratch, sizeof(scratch));
   }
 
   CRYPTO_POLYVAL_update_blocks(&polyval_ctx, in, in_len & ~15);
   if (in_len & 15) {
-    memset(scratch, 0, sizeof(scratch));
-    memcpy(scratch, &in[in_len & ~15], in_len & 15);
+    OPENSSL_memset(scratch, 0, sizeof(scratch));
+    OPENSSL_memcpy(scratch, &in[in_len & ~15], in_len & 15);
     CRYPTO_POLYVAL_update_blocks(&polyval_ctx, scratch, sizeof(scratch));
   }
 
@@ -1655,7 +1655,7 @@
 
   gcm_siv_crypt(out, in, in_len, tag, keys.enc_block, &keys.enc_key.ks);
 
-  memcpy(&out[in_len], tag, EVP_AEAD_AES_GCM_SIV_TAG_LEN);
+  OPENSSL_memcpy(&out[in_len], tag, EVP_AEAD_AES_GCM_SIV_TAG_LEN);
   *out_len = in_len + EVP_AEAD_AES_GCM_SIV_TAG_LEN;
 
   return 1;
diff --git a/crypto/cipher/e_chacha20poly1305.c b/crypto/cipher/e_chacha20poly1305.c
index 9c80ba1..ed0d74c 100644
--- a/crypto/cipher/e_chacha20poly1305.c
+++ b/crypto/cipher/e_chacha20poly1305.c
@@ -55,7 +55,7 @@
     return 0;
   }
 
-  memcpy(c20_ctx->key, key, key_len);
+  OPENSSL_memcpy(c20_ctx->key, key, key_len);
   c20_ctx->tag_len = tag_len;
   ctx->aead_state = c20_ctx;
 
@@ -94,7 +94,7 @@
                           size_t ad_len, const uint8_t *ciphertext,
                           size_t ciphertext_len) {
   alignas(16) uint8_t poly1305_key[32];
-  memset(poly1305_key, 0, sizeof(poly1305_key));
+  OPENSSL_memset(poly1305_key, 0, sizeof(poly1305_key));
   CRYPTO_chacha_20(poly1305_key, poly1305_key, sizeof(poly1305_key),
                    c20_ctx->key, nonce, 0);
   poly1305_state ctx;
@@ -137,7 +137,7 @@
   alignas(16) uint8_t tag[POLY1305_TAG_LEN];
   aead_poly1305(poly1305_update, tag, c20_ctx, nonce, ad, ad_len, out, in_len);
 
-  memcpy(out + in_len, tag, c20_ctx->tag_len);
+  OPENSSL_memcpy(out + in_len, tag, c20_ctx->tag_len);
   *out_len = in_len + c20_ctx->tag_len;
   return 1;
 }
@@ -261,8 +261,8 @@
     return 0;
   }
   uint8_t nonce_96[12];
-  memset(nonce_96, 0, 4);
-  memcpy(nonce_96 + 4, nonce, 8);
+  OPENSSL_memset(nonce_96, 0, 4);
+  OPENSSL_memcpy(nonce_96 + 4, nonce, 8);
   return seal_impl(poly1305_update_old, ctx, out, out_len, max_out_len,
                    nonce_96, in, in_len, ad, ad_len);
 }
@@ -276,8 +276,8 @@
     return 0;
   }
   uint8_t nonce_96[12];
-  memset(nonce_96, 0, 4);
-  memcpy(nonce_96 + 4, nonce, 8);
+  OPENSSL_memset(nonce_96, 0, 4);
+  OPENSSL_memcpy(nonce_96 + 4, nonce, 8);
   return open_impl(poly1305_update_old, ctx, out, out_len, max_out_len,
                    nonce_96, in, in_len, ad, ad_len);
 }
diff --git a/crypto/cipher/e_null.c b/crypto/cipher/e_null.c
index 3d6a24c..9f89308 100644
--- a/crypto/cipher/e_null.c
+++ b/crypto/cipher/e_null.c
@@ -60,6 +60,7 @@
 
 #include <openssl/nid.h>
 
+#include "../internal.h"
 #include "internal.h"
 
 
@@ -71,7 +72,7 @@
 static int null_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out,
                        const uint8_t *in, size_t in_len) {
   if (in != out) {
-    memcpy(out, in, in_len);
+    OPENSSL_memcpy(out, in, in_len);
   }
   return 1;
 }
diff --git a/crypto/cipher/e_ssl3.c b/crypto/cipher/e_ssl3.c
index ef87594..f1dad2b 100644
--- a/crypto/cipher/e_ssl3.c
+++ b/crypto/cipher/e_ssl3.c
@@ -25,6 +25,7 @@
 #include <openssl/sha.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 typedef struct {
@@ -49,7 +50,7 @@
 
   uint8_t pad[48];
   uint8_t tmp[EVP_MAX_MD_SIZE];
-  memset(pad, 0x36, pad_len);
+  OPENSSL_memset(pad, 0x36, pad_len);
   if (!EVP_MD_CTX_copy_ex(&md_ctx, &ssl3_ctx->md_ctx) ||
       !EVP_DigestUpdate(&md_ctx, pad, pad_len) ||
       !EVP_DigestUpdate(&md_ctx, ad, ad_len) ||
@@ -60,7 +61,7 @@
     return 0;
   }
 
-  memset(pad, 0x5c, pad_len);
+  OPENSSL_memset(pad, 0x5c, pad_len);
   if (!EVP_MD_CTX_copy_ex(&md_ctx, &ssl3_ctx->md_ctx) ||
       !EVP_DigestUpdate(&md_ctx, pad, pad_len) ||
       !EVP_DigestUpdate(&md_ctx, tmp, md_size) ||
@@ -188,7 +189,7 @@
     /* Compute padding and feed that into the cipher. */
     uint8_t padding[256];
     unsigned padding_len = block_size - ((in_len + mac_len) % block_size);
-    memset(padding, 0, padding_len - 1);
+    OPENSSL_memset(padding, 0, padding_len - 1);
     padding[padding_len - 1] = padding_len - 1;
     if (!EVP_EncryptUpdate(&ssl3_ctx->cipher_ctx, out + total, &len, padding,
                            (int)padding_len)) {
diff --git a/crypto/cipher/e_tls.c b/crypto/cipher/e_tls.c
index c0d18fd..7d9bbee 100644
--- a/crypto/cipher/e_tls.c
+++ b/crypto/cipher/e_tls.c
@@ -80,7 +80,7 @@
   EVP_CIPHER_CTX_init(&tls_ctx->cipher_ctx);
   HMAC_CTX_init(&tls_ctx->hmac_ctx);
   assert(mac_key_len <= EVP_MAX_MD_SIZE);
-  memcpy(tls_ctx->mac_key, key, mac_key_len);
+  OPENSSL_memcpy(tls_ctx->mac_key, key, mac_key_len);
   tls_ctx->mac_key_len = (uint8_t)mac_key_len;
   tls_ctx->implicit_iv = implicit_iv;
 
@@ -182,7 +182,7 @@
     /* Compute padding and feed that into the cipher. */
     uint8_t padding[256];
     unsigned padding_len = block_size - ((in_len + mac_len) % block_size);
-    memset(padding, padding_len - 1, padding_len);
+    OPENSSL_memset(padding, padding_len - 1, padding_len);
     if (!EVP_EncryptUpdate(&tls_ctx->cipher_ctx, out + total, &len, padding,
                            (int)padding_len)) {
       return 0;
@@ -288,7 +288,7 @@
   /* To allow for CBC mode which changes cipher length, |ad| doesn't include the
    * length for legacy ciphers. */
   uint8_t ad_fixed[13];
-  memcpy(ad_fixed, ad, 11);
+  OPENSSL_memcpy(ad_fixed, ad, 11);
   ad_fixed[11] = (uint8_t)(data_len >> 8);
   ad_fixed[12] = (uint8_t)(data_len & 0xff);
   ad_len += 2;
diff --git a/crypto/cipher/tls_cbc.c b/crypto/cipher/tls_cbc.c
index eb56604..52880b0 100644
--- a/crypto/cipher/tls_cbc.c
+++ b/crypto/cipher/tls_cbc.c
@@ -148,7 +148,7 @@
 
   unsigned rotate_offset = 0;
   uint8_t mac_started = 0;
-  memset(rotated_mac, 0, md_size);
+  OPENSSL_memset(rotated_mac, 0, md_size);
   for (unsigned i = scan_start, j = 0; i < orig_len; i++, j++) {
     if (j >= md_size) {
       j -= md_size;
@@ -184,7 +184,7 @@
     rotated_mac_tmp = tmp;
   }
 
-  memcpy(out, rotated_mac, md_size);
+  OPENSSL_memcpy(out, rotated_mac, md_size);
 }
 
 /* u32toBE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
@@ -382,16 +382,16 @@
 
   /* Compute the initial HMAC block. */
   bits += 8 * md_block_size;
-  memset(hmac_pad, 0, md_block_size);
+  OPENSSL_memset(hmac_pad, 0, md_block_size);
   assert(mac_secret_length <= sizeof(hmac_pad));
-  memcpy(hmac_pad, mac_secret, mac_secret_length);
+  OPENSSL_memcpy(hmac_pad, mac_secret, mac_secret_length);
   for (i = 0; i < md_block_size; i++) {
     hmac_pad[i] ^= 0x36;
   }
 
   md_transform(md_state.c, hmac_pad);
 
-  memset(length_bytes, 0, md_length_size - 4);
+  OPENSSL_memset(length_bytes, 0, md_length_size - 4);
   length_bytes[md_length_size - 4] = (uint8_t)(bits >> 24);
   length_bytes[md_length_size - 3] = (uint8_t)(bits >> 16);
   length_bytes[md_length_size - 2] = (uint8_t)(bits >> 8);
@@ -399,15 +399,15 @@
 
   if (k > 0) {
     /* k is a multiple of md_block_size. */
-    memcpy(first_block, header, 13);
-    memcpy(first_block + 13, data, md_block_size - 13);
+    OPENSSL_memcpy(first_block, header, 13);
+    OPENSSL_memcpy(first_block + 13, data, md_block_size - 13);
     md_transform(md_state.c, first_block);
     for (i = 1; i < k / md_block_size; i++) {
       md_transform(md_state.c, data + md_block_size * i - 13);
     }
   }
 
-  memset(mac_out, 0, sizeof(mac_out));
+  OPENSSL_memset(mac_out, 0, sizeof(mac_out));
 
   /* We now process the final hash blocks. For each block, we construct
    * it in constant time. If the |i==index_a| then we'll include the 0x80
diff --git a/crypto/cmac/cmac.c b/crypto/cmac/cmac.c
index fa4c3c4..a9a527d 100644
--- a/crypto/cmac/cmac.c
+++ b/crypto/cmac/cmac.c
@@ -55,6 +55,8 @@
 #include <openssl/cipher.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 struct cmac_ctx_st {
   EVP_CIPHER_CTX cipher_ctx;
@@ -176,7 +178,7 @@
       todo = in_len;
     }
 
-    memcpy(ctx->block + ctx->block_used, in, todo);
+    OPENSSL_memcpy(ctx->block + ctx->block_used, in, todo);
     in += todo;
     in_len -= todo;
     ctx->block_used += todo;
@@ -206,7 +208,7 @@
     in_len -= AES_BLOCK_SIZE;
   }
 
-  memcpy(ctx->block, in, in_len);
+  OPENSSL_memcpy(ctx->block, in, in_len);
   ctx->block_used = in_len;
 
   return 1;
@@ -224,8 +226,8 @@
     /* If the last block is incomplete, terminate it with a single 'one' bit
      * followed by zeros. */
     ctx->block[ctx->block_used] = 0x80;
-    memset(ctx->block + ctx->block_used + 1, 0,
-           AES_BLOCK_SIZE - (ctx->block_used + 1));
+    OPENSSL_memset(ctx->block + ctx->block_used + 1, 0,
+                   AES_BLOCK_SIZE - (ctx->block_used + 1));
 
     mask = ctx->k2;
   }
diff --git a/crypto/conf/conf.c b/crypto/conf/conf.c
index 96a534a..5b51d22 100644
--- a/crypto/conf/conf.c
+++ b/crypto/conf/conf.c
@@ -66,6 +66,7 @@
 
 #include "conf_def.h"
 #include "internal.h"
+#include "../internal.h"
 
 
 static uint32_t conf_value_hash(const CONF_VALUE *v) {
@@ -118,7 +119,7 @@
     OPENSSL_PUT_ERROR(CONF, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
-  memset(v, 0, sizeof(CONF_VALUE));
+  OPENSSL_memset(v, 0, sizeof(CONF_VALUE));
   return v;
 }
 
@@ -353,7 +354,7 @@
 static CONF_VALUE *get_section(const CONF *conf, const char *section) {
   CONF_VALUE template;
 
-  memset(&template, 0, sizeof(template));
+  OPENSSL_memset(&template, 0, sizeof(template));
   template.section = (char *) section;
   return lh_CONF_VALUE_retrieve(conf->data, &template);
 }
@@ -370,7 +371,7 @@
                              const char *name) {
   CONF_VALUE template, *value;
 
-  memset(&template, 0, sizeof(template));
+  OPENSSL_memset(&template, 0, sizeof(template));
   template.section = (char *) section;
   template.name = (char *) name;
   value = lh_CONF_VALUE_retrieve(conf->data, &template);
diff --git a/crypto/cpu-arm-linux.c b/crypto/cpu-arm-linux.c
index 73c38ec..95bb5ee 100644
--- a/crypto/cpu-arm-linux.c
+++ b/crypto/cpu-arm-linux.c
@@ -161,7 +161,7 @@
 
 static int STRING_PIECE_equals(const STRING_PIECE *a, const char *b) {
   size_t b_len = strlen(b);
-  return a->len == b_len && memcmp(a->data, b, b_len) == 0;
+  return a->len == b_len && OPENSSL_memcmp(a->data, b, b_len) == 0;
 }
 
 /* STRING_PIECE_split finds the first occurence of |sep| in |in| and, if found,
@@ -169,7 +169,7 @@
  * returns one if |sep| was found and zero otherwise. */
 static int STRING_PIECE_split(STRING_PIECE *out_left, STRING_PIECE *out_right,
                               const STRING_PIECE *in, char sep) {
-  const char *p = memchr(in->data, sep, in->len);
+  const char *p = OPENSSL_memchr(in->data, sep, in->len);
   if (p == NULL) {
     return 0;
   }
diff --git a/crypto/curve25519/curve25519.c b/crypto/curve25519/curve25519.c
index d660b6c..c91e78e 100644
--- a/crypto/curve25519/curve25519.c
+++ b/crypto/curve25519/curve25519.c
@@ -29,6 +29,7 @@
 #include <openssl/sha.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 static const int64_t kBottom25Bits = INT64_C(0x1ffffff);
@@ -204,15 +205,15 @@
 
 /* h = f */
 static void fe_copy(fe h, const fe f) {
-  memmove(h, f, sizeof(int32_t) * 10);
+  OPENSSL_memmove(h, f, sizeof(int32_t) * 10);
 }
 
 /* h = 0 */
-static void fe_0(fe h) { memset(h, 0, sizeof(int32_t) * 10); }
+static void fe_0(fe h) { OPENSSL_memset(h, 0, sizeof(int32_t) * 10); }
 
 /* h = 1 */
 static void fe_1(fe h) {
-  memset(h, 0, sizeof(int32_t) * 10);
+  OPENSSL_memset(h, 0, sizeof(int32_t) * 10);
   h[0] = 1;
 }
 
@@ -4662,11 +4663,11 @@
   fe_neg(A.T, A.T);
 
   uint8_t pkcopy[32];
-  memcpy(pkcopy, public_key, 32);
+  OPENSSL_memcpy(pkcopy, public_key, 32);
   uint8_t rcopy[32];
-  memcpy(rcopy, signature, 32);
+  OPENSSL_memcpy(rcopy, signature, 32);
   uint8_t scopy[32];
-  memcpy(scopy, signature + 32, 32);
+  OPENSSL_memcpy(scopy, signature + 32, 32);
 
   SHA512_CTX hash_ctx;
   SHA512_Init(&hash_ctx);
@@ -4701,8 +4702,8 @@
   x25519_ge_scalarmult_base(&A, az);
   ge_p3_tobytes(out_public_key, &A);
 
-  memcpy(out_private_key, seed, 32);
-  memcpy(out_private_key + 32, out_public_key, 32);
+  OPENSSL_memcpy(out_private_key, seed, 32);
+  OPENSSL_memcpy(out_private_key + 32, out_public_key, 32);
 }
 
 
@@ -4800,7 +4801,7 @@
   fe x1, x2, z2, x3, z3, tmp0, tmp1;
 
   uint8_t e[32];
-  memcpy(e, scalar, 32);
+  OPENSSL_memcpy(e, scalar, 32);
   e[0] &= 248;
   e[31] &= 127;
   e[31] |= 64;
@@ -4916,7 +4917,7 @@
 #endif
 
   uint8_t e[32];
-  memcpy(e, private_key, 32);
+  OPENSSL_memcpy(e, private_key, 32);
   e[0] &= 248;
   e[31] &= 127;
   e[31] |= 64;
diff --git a/crypto/curve25519/ed25519_test.cc b/crypto/curve25519/ed25519_test.cc
index 5af8ba7..7581730 100644
--- a/crypto/curve25519/ed25519_test.cc
+++ b/crypto/curve25519/ed25519_test.cc
@@ -17,6 +17,7 @@
 
 #include <openssl/curve25519.h>
 
+#include "../internal.h"
 #include "../test/file_test.h"
 
 
@@ -58,13 +59,13 @@
   ED25519_keypair(public_key1, private_key1);
 
   uint8_t seed[32];
-  memcpy(seed, private_key1, sizeof(seed));
+  OPENSSL_memcpy(seed, private_key1, sizeof(seed));
 
   uint8_t public_key2[32], private_key2[64];
   ED25519_keypair_from_seed(public_key2, private_key2, seed);
 
-  if (memcmp(public_key1, public_key2, sizeof(public_key1)) != 0 ||
-      memcmp(private_key1, private_key2, sizeof(private_key1)) != 0) {
+  if (OPENSSL_memcmp(public_key1, public_key2, sizeof(public_key1)) != 0 ||
+      OPENSSL_memcmp(private_key1, private_key2, sizeof(private_key1)) != 0) {
     fprintf(stderr, "TestKeypairFromSeed: resulting keypairs did not match.\n");
     return false;
   }
diff --git a/crypto/curve25519/spake25519.c b/crypto/curve25519/spake25519.c
index 617418c..5b794b3 100644
--- a/crypto/curve25519/spake25519.c
+++ b/crypto/curve25519/spake25519.c
@@ -22,6 +22,7 @@
 #include <openssl/sha.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 /* The following precomputation tables are for the following
@@ -291,7 +292,7 @@
     return NULL;
   }
 
-  memset(ctx, 0, sizeof(SPAKE2_CTX));
+  OPENSSL_memset(ctx, 0, sizeof(SPAKE2_CTX));
   ctx->my_role = my_role;
 
   CBS my_name_cbs, their_name_cbs;
@@ -346,7 +347,7 @@
   /* Multiply by the cofactor (eight) so that we'll clear it when operating on
    * the peer's point later in the protocol. */
   left_shift_3(private_tmp);
-  memcpy(ctx->private_key, private_tmp, sizeof(ctx->private_key));
+  OPENSSL_memcpy(ctx->private_key, private_tmp, sizeof(ctx->private_key));
 
   ge_p3 P;
   x25519_ge_scalarmult_base(&P, ctx->private_key);
@@ -354,9 +355,9 @@
   /* mask = h(password) * <N or M>. */
   uint8_t password_tmp[SHA512_DIGEST_LENGTH];
   SHA512(password, password_len, password_tmp);
-  memcpy(ctx->password_hash, password_tmp, sizeof(ctx->password_hash));
+  OPENSSL_memcpy(ctx->password_hash, password_tmp, sizeof(ctx->password_hash));
   x25519_sc_reduce(password_tmp);
-  memcpy(ctx->password_scalar, password_tmp, sizeof(ctx->password_scalar));
+  OPENSSL_memcpy(ctx->password_scalar, password_tmp, sizeof(ctx->password_scalar));
 
   ge_p3 mask;
   x25519_ge_scalarmult_small_precomp(&mask, ctx->password_scalar,
@@ -375,7 +376,7 @@
   x25519_ge_p1p1_to_p2(&Pstar_proj, &Pstar);
   x25519_ge_tobytes(ctx->my_msg, &Pstar_proj);
 
-  memcpy(out, ctx->my_msg, sizeof(ctx->my_msg));
+  OPENSSL_memcpy(out, ctx->my_msg, sizeof(ctx->my_msg));
   *out_len = sizeof(ctx->my_msg);
   ctx->state = spake2_state_msg_generated;
 
@@ -456,7 +457,7 @@
   if (to_copy > sizeof(key)) {
     to_copy = sizeof(key);
   }
-  memcpy(out_key, key, to_copy);
+  OPENSSL_memcpy(out_key, key, to_copy);
   *out_key_len = to_copy;
   ctx->state = spake2_state_key_generated;
 
diff --git a/crypto/curve25519/spake25519_test.cc b/crypto/curve25519/spake25519_test.cc
index 363b60c..3af073d 100644
--- a/crypto/curve25519/spake25519_test.cc
+++ b/crypto/curve25519/spake25519_test.cc
@@ -20,6 +20,8 @@
 
 #include <openssl/curve25519.h>
 
+#include "../internal.h"
+
 
 struct SPAKE2Run {
   bool Run() {
@@ -71,7 +73,7 @@
     }
 
     key_matches_ = (alice_key_len == bob_key_len &&
-                    memcmp(alice_key, bob_key, alice_key_len) == 0);
+                    OPENSSL_memcmp(alice_key, bob_key, alice_key_len) == 0);
 
     return true;
   }
diff --git a/crypto/curve25519/x25519-x86_64.c b/crypto/curve25519/x25519-x86_64.c
index 1bd86a0..9c3d414 100644
--- a/crypto/curve25519/x25519-x86_64.c
+++ b/crypto/curve25519/x25519-x86_64.c
@@ -23,6 +23,7 @@
 
 #include <string.h>
 
+#include "../internal.h"
 #include "internal.h"
 
 
@@ -228,7 +229,7 @@
 void x25519_x86_64(uint8_t out[32], const uint8_t scalar[32],
                   const uint8_t point[32]) {
   uint8_t e[32];
-  memcpy(e, scalar, sizeof(e));
+  OPENSSL_memcpy(e, scalar, sizeof(e));
 
   e[0] &= 248;
   e[31] &= 127;
diff --git a/crypto/curve25519/x25519_test.cc b/crypto/curve25519/x25519_test.cc
index 24dfa65..b1a37d4 100644
--- a/crypto/curve25519/x25519_test.cc
+++ b/crypto/curve25519/x25519_test.cc
@@ -18,6 +18,8 @@
 
 #include <openssl/curve25519.h>
 
+#include "../internal.h"
+
 
 static bool TestX25519() {
   /* Taken from https://tools.ietf.org/html/rfc7748#section-5.2 */
@@ -40,7 +42,7 @@
       0x4d, 0xf2, 0x8d, 0x08, 0x4f, 0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c,
       0x71, 0xf7, 0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52,
   };
-  if (memcmp(kExpected1, out, sizeof(out)) != 0) {
+  if (OPENSSL_memcmp(kExpected1, out, sizeof(out)) != 0) {
     fprintf(stderr, "X25519 test one failed.\n");
     return false;
   }
@@ -63,7 +65,7 @@
       0x5c, 0xb4, 0xb8, 0x73, 0xf8, 0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f,
       0xa1, 0x52, 0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57,
   };
-  if (memcmp(kExpected2, out, sizeof(out)) != 0) {
+  if (OPENSSL_memcmp(kExpected2, out, sizeof(out)) != 0) {
     fprintf(stderr, "X25519 test two failed.\n");
     return false;
   }
@@ -79,7 +81,7 @@
   };
 
   uint8_t out[32], private_key[32];
-  memset(private_key, 0x11, sizeof(private_key));
+  OPENSSL_memset(private_key, 0x11, sizeof(private_key));
 
   if (X25519(out, private_key, kSmallOrderPoint)) {
     fprintf(stderr, "X25519 returned success with a small-order input.\n");
@@ -96,8 +98,8 @@
   unsigned i;
   for (i = 0; i < 1000; i++) {
     X25519(out, scalar, point);
-    memcpy(point, scalar, sizeof(point));
-    memcpy(scalar, out, sizeof(scalar));
+    OPENSSL_memcpy(point, scalar, sizeof(point));
+    OPENSSL_memcpy(scalar, out, sizeof(scalar));
   }
 
   static const uint8_t kExpected[32] = {
@@ -106,7 +108,7 @@
       0xe3, 0x87, 0x5f, 0x2e, 0xb9, 0x4d, 0x99, 0x53, 0x2c, 0x51,
   };
 
-  if (memcmp(kExpected, scalar, sizeof(kExpected)) != 0) {
+  if (OPENSSL_memcmp(kExpected, scalar, sizeof(kExpected)) != 0) {
     fprintf(stderr, "Iterated X25519 test failed\n");
     return false;
   }
diff --git a/crypto/dh/dh.c b/crypto/dh/dh.c
index 7545071..69a7ec8 100644
--- a/crypto/dh/dh.c
+++ b/crypto/dh/dh.c
@@ -79,7 +79,7 @@
     return NULL;
   }
 
-  memset(dh, 0, sizeof(DH));
+  OPENSSL_memset(dh, 0, sizeof(DH));
 
   CRYPTO_MUTEX_init(&dh->method_mont_p_lock);
 
diff --git a/crypto/dh/dh_test.cc b/crypto/dh/dh_test.cc
index 99bb945..8165c1a 100644
--- a/crypto/dh/dh_test.cc
+++ b/crypto/dh/dh_test.cc
@@ -68,6 +68,8 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 static bool RunBasicTests();
 static bool RunRFC5114Tests();
@@ -470,9 +472,9 @@
     }
 
     if (static_cast<size_t>(ret1) != td->Z_len ||
-        memcmp(Z1.data(), td->Z, td->Z_len) != 0 ||
+        OPENSSL_memcmp(Z1.data(), td->Z, td->Z_len) != 0 ||
         static_cast<size_t>(ret2) != td->Z_len ||
-        memcmp(Z2.data(), td->Z, td->Z_len) != 0) {
+        OPENSSL_memcmp(Z2.data(), td->Z, td->Z_len) != 0) {
       fprintf(stderr, "Test failed RFC5114 set %u\n", i + 1);
       return false;
     }
@@ -576,7 +578,8 @@
     return false;
   }
   bssl::UniquePtr<uint8_t> free_der(der);
-  if (der_len != sizeof(kParams) || memcmp(der, kParams, der_len) != 0) {
+  if (der_len != sizeof(kParams) ||
+      OPENSSL_memcmp(der, kParams, der_len) != 0) {
     return false;
   }
 
@@ -618,7 +621,8 @@
     return false;
   }
   bssl::UniquePtr<uint8_t> free_der2(der);
-  if (der_len != sizeof(kParamsDSA) || memcmp(der, kParamsDSA, der_len) != 0) {
+  if (der_len != sizeof(kParamsDSA) ||
+      OPENSSL_memcmp(der, kParamsDSA, der_len) != 0) {
     return false;
   }
 
@@ -653,7 +657,7 @@
   uint8_t buffer[sizeof(kPrime1536)];
   if (BN_num_bytes(bn.get()) != sizeof(kPrime1536) ||
       BN_bn2bin(bn.get(), buffer) != sizeof(kPrime1536) ||
-      memcmp(buffer, kPrime1536, sizeof(kPrime1536)) != 0) {
+      OPENSSL_memcmp(buffer, kPrime1536, sizeof(kPrime1536)) != 0) {
     fprintf(stderr, "1536-bit MODP prime did not match.\n");
     return false;
   }
diff --git a/crypto/digest/digest.c b/crypto/digest/digest.c
index fdd9fe5..9c9962b 100644
--- a/crypto/digest/digest.c
+++ b/crypto/digest/digest.c
@@ -63,6 +63,7 @@
 #include <openssl/mem.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 int EVP_MD_type(const EVP_MD *md) { return md->type; }
@@ -74,7 +75,9 @@
 size_t EVP_MD_block_size(const EVP_MD *md) { return md->block_size; }
 
 
-void EVP_MD_CTX_init(EVP_MD_CTX *ctx) { memset(ctx, 0, sizeof(EVP_MD_CTX)); }
+void EVP_MD_CTX_init(EVP_MD_CTX *ctx) {
+  OPENSSL_memset(ctx, 0, sizeof(EVP_MD_CTX));
+}
 
 EVP_MD_CTX *EVP_MD_CTX_create(void) {
   EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof(EVP_MD_CTX));
@@ -140,7 +143,7 @@
         return 0;
       }
     }
-    memcpy(out->md_data, in->md_data, in->digest->ctx_size);
+    OPENSSL_memcpy(out->md_data, in->md_data, in->digest->ctx_size);
   }
 
   assert(in->pctx == NULL || in->pctx_ops != NULL);
diff --git a/crypto/digest/md32_common.h b/crypto/digest/md32_common.h
index 818eb63..45fe939 100644
--- a/crypto/digest/md32_common.h
+++ b/crypto/digest/md32_common.h
@@ -53,6 +53,8 @@
 
 #include <assert.h>
 
+#include "../internal.h"
+
 #if defined(__cplusplus)
 extern "C" {
 #endif
@@ -194,16 +196,16 @@
   size_t n = c->num;
   if (n != 0) {
     if (len >= HASH_CBLOCK || len + n >= HASH_CBLOCK) {
-      memcpy(c->data + n, data, HASH_CBLOCK - n);
+      OPENSSL_memcpy(c->data + n, data, HASH_CBLOCK - n);
       HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
       n = HASH_CBLOCK - n;
       data += n;
       len -= n;
       c->num = 0;
       /* Keep |c->data| zeroed when unused. */
-      memset(c->data, 0, HASH_CBLOCK);
+      OPENSSL_memset(c->data, 0, HASH_CBLOCK);
     } else {
-      memcpy(c->data + n, data, len);
+      OPENSSL_memcpy(c->data + n, data, len);
       c->num += (unsigned)len;
       return 1;
     }
@@ -219,7 +221,7 @@
 
   if (len != 0) {
     c->num = (unsigned)len;
-    memcpy(c->data, data, len);
+    OPENSSL_memcpy(c->data, data, len);
   }
   return 1;
 }
@@ -240,11 +242,11 @@
 
   /* Fill the block with zeros if there isn't room for a 64-bit length. */
   if (n > (HASH_CBLOCK - 8)) {
-    memset(c->data + n, 0, HASH_CBLOCK - n);
+    OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - n);
     n = 0;
     HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
   }
-  memset(c->data + n, 0, HASH_CBLOCK - 8 - n);
+  OPENSSL_memset(c->data + n, 0, HASH_CBLOCK - 8 - n);
 
   /* Append a 64-bit length to the block and process it. */
   uint8_t *p = c->data + HASH_CBLOCK - 8;
@@ -258,7 +260,7 @@
   assert(p == c->data + HASH_CBLOCK);
   HASH_BLOCK_DATA_ORDER(c->h, c->data, 1);
   c->num = 0;
-  memset(c->data, 0, HASH_CBLOCK);
+  OPENSSL_memset(c->data, 0, HASH_CBLOCK);
 
   HASH_MAKE_STRING(c, md);
   return 1;
diff --git a/crypto/dsa/dsa.c b/crypto/dsa/dsa.c
index 3e5894a..65e4091 100644
--- a/crypto/dsa/dsa.c
+++ b/crypto/dsa/dsa.c
@@ -90,7 +90,7 @@
     return NULL;
   }
 
-  memset(dsa, 0, sizeof(DSA));
+  OPENSSL_memset(dsa, 0, sizeof(DSA));
 
   dsa->references = 1;
 
@@ -188,7 +188,7 @@
       /* Only consume as much seed as is expected. */
       seed_len = qsize;
     }
-    memcpy(seed, seed_in, seed_len);
+    OPENSSL_memcpy(seed, seed_in, seed_len);
   }
 
   ctx = BN_CTX_new();
@@ -232,8 +232,8 @@
         /* If we come back through, use random seed next time. */
         seed_in = NULL;
       }
-      memcpy(buf, seed, qsize);
-      memcpy(buf2, seed, qsize);
+      OPENSSL_memcpy(buf, seed, qsize);
+      OPENSSL_memcpy(buf2, seed, qsize);
       /* precompute "SEED + 1" for step 7: */
       for (i = qsize - 1; i < qsize; i--) {
         buf[i]++;
@@ -763,7 +763,8 @@
 
   /* Ensure that the signature uses DER and doesn't have trailing garbage. */
   int der_len = i2d_DSA_SIG(s, &der);
-  if (der_len < 0 || (size_t)der_len != sig_len || memcmp(sig, der, sig_len)) {
+  if (der_len < 0 || (size_t)der_len != sig_len ||
+      OPENSSL_memcmp(sig, der, sig_len)) {
     goto err;
   }
 
diff --git a/crypto/dsa/dsa_test.c b/crypto/dsa/dsa_test.c
index 6296c8f..e95c3b0 100644
--- a/crypto/dsa/dsa_test.c
+++ b/crypto/dsa/dsa_test.c
@@ -65,6 +65,8 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 
+#include "../internal.h"
+
 
 static int dsa_cb(int p, int n, BN_GENCB *arg);
 
@@ -217,21 +219,21 @@
 
   i = BN_bn2bin(dsa->q, buf);
   j = sizeof(fips_q);
-  if (i != j || memcmp(buf, fips_q, i) != 0) {
+  if (i != j || OPENSSL_memcmp(buf, fips_q, i) != 0) {
     fprintf(stderr, "q value is wrong\n");
     goto end;
   }
 
   i = BN_bn2bin(dsa->p, buf);
   j = sizeof(fips_p);
-  if (i != j || memcmp(buf, fips_p, i) != 0) {
+  if (i != j || OPENSSL_memcmp(buf, fips_p, i) != 0) {
     fprintf(stderr, "p value is wrong\n");
     goto end;
   }
 
   i = BN_bn2bin(dsa->g, buf);
   j = sizeof(fips_g);
-  if (i != j || memcmp(buf, fips_g, i) != 0) {
+  if (i != j || OPENSSL_memcmp(buf, fips_g, i) != 0) {
     fprintf(stderr, "g value is wrong\n");
     goto end;
   }
diff --git a/crypto/ec/ec.c b/crypto/ec/ec.c
index 7e76dfe..96bb703 100644
--- a/crypto/ec/ec.c
+++ b/crypto/ec/ec.c
@@ -350,7 +350,7 @@
     OPENSSL_PUT_ERROR(EC, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
-  memset(ret, 0, sizeof(EC_GROUP));
+  OPENSSL_memset(ret, 0, sizeof(EC_GROUP));
 
   ret->meth = meth;
   BN_init(&ret->order);
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index f31e158..35c8f27 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -64,6 +64,7 @@
 
 #include "internal.h"
 #include "../bytestring/internal.h"
+#include "../internal.h"
 
 
 static const uint8_t kParametersTag =
@@ -271,7 +272,7 @@
       !CBS_get_asn1(&params, &field_id, CBS_ASN1_SEQUENCE) ||
       !CBS_get_asn1(&field_id, &field_type, CBS_ASN1_OBJECT) ||
       CBS_len(&field_type) != sizeof(kPrimeField) ||
-      memcmp(CBS_data(&field_type), kPrimeField, sizeof(kPrimeField)) != 0 ||
+      OPENSSL_memcmp(CBS_data(&field_type), kPrimeField, sizeof(kPrimeField)) != 0 ||
       !CBS_get_asn1(&field_id, out_prime, CBS_ASN1_INTEGER) ||
       !is_unsigned_integer(out_prime) ||
       CBS_len(&field_id) != 0 ||
@@ -335,7 +336,7 @@
   for (i = 0; OPENSSL_built_in_curves[i].nid != NID_undef; i++) {
     const struct built_in_curve *curve = &OPENSSL_built_in_curves[i];
     if (CBS_len(&named_curve) == curve->oid_len &&
-        memcmp(CBS_data(&named_curve), curve->oid, curve->oid_len) == 0) {
+        OPENSSL_memcmp(CBS_data(&named_curve), curve->oid, curve->oid_len) == 0) {
       return EC_GROUP_new_by_curve_name(curve->nid);
     }
   }
diff --git a/crypto/ec/ec_key.c b/crypto/ec/ec_key.c
index 3e4456c..1a93346 100644
--- a/crypto/ec/ec_key.c
+++ b/crypto/ec/ec_key.c
@@ -91,7 +91,7 @@
     return NULL;
   }
 
-  memset(ret, 0, sizeof(EC_KEY));
+  OPENSSL_memset(ret, 0, sizeof(EC_KEY));
 
   if (engine) {
     ret->ecdsa_meth = ENGINE_get_ECDSA_method(engine);
diff --git a/crypto/ec/p224-64.c b/crypto/ec/p224-64.c
index 825bbc3..b948b31 100644
--- a/crypto/ec/p224-64.c
+++ b/crypto/ec/p224-64.c
@@ -211,7 +211,7 @@
 static int BN_to_felem(felem out, const BIGNUM *bn) {
   /* BN_bn2bin eats leading zeroes */
   felem_bytearray b_out;
-  memset(b_out, 0, sizeof(b_out));
+  OPENSSL_memset(b_out, 0, sizeof(b_out));
   size_t num_bytes = BN_num_bytes(bn);
   if (num_bytes > sizeof(b_out) ||
       BN_is_negative(bn)) {
@@ -860,7 +860,7 @@
 static void select_point(const u64 idx, size_t size,
                          const felem pre_comp[/*size*/][3], felem out[3]) {
   limb *outlimbs = &out[0][0];
-  memset(outlimbs, 0, 3 * sizeof(felem));
+  OPENSSL_memset(outlimbs, 0, 3 * sizeof(felem));
 
   for (size_t i = 0; i < size; i++) {
     const limb *inlimbs = &pre_comp[i][0][0];
@@ -898,7 +898,7 @@
   u8 sign, digit;
 
   /* set nq to the point at infinity */
-  memset(nq, 0, 3 * sizeof(felem));
+  OPENSSL_memset(nq, 0, 3 * sizeof(felem));
 
   /* Loop over all scalars msb-to-lsb, interleaving additions
    * of multiples of the generator (two in each of the last 28 rounds)
@@ -925,7 +925,7 @@
         point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 1 /* mixed */,
                   tmp[0], tmp[1], tmp[2]);
       } else {
-        memcpy(nq, tmp, 3 * sizeof(felem));
+        OPENSSL_memcpy(nq, tmp, 3 * sizeof(felem));
         skip = 0;
       }
 
@@ -962,7 +962,7 @@
           point_add(nq[0], nq[1], nq[2], nq[0], nq[1], nq[2], 0 /* mixed */,
                     tmp[0], tmp[1], tmp[2]);
         } else {
-          memcpy(nq, tmp, 3 * sizeof(felem));
+          OPENSSL_memcpy(nq, tmp, 3 * sizeof(felem));
           skip = 0;
         }
       }
@@ -1074,8 +1074,8 @@
 
     /* we treat NULL scalars as 0, and NULL points as points at infinity,
      * i.e., they contribute nothing to the linear combination */
-    memset(secrets, 0, num_points * sizeof(felem_bytearray));
-    memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem));
+    OPENSSL_memset(secrets, 0, num_points * sizeof(felem_bytearray));
+    OPENSSL_memset(pre_comp, 0, num_points * 17 * 3 * sizeof(felem));
     for (size_t i = 0; i < num_points; ++i) {
       if (i == num) {
         /* the generator */
@@ -1131,7 +1131,7 @@
   }
 
   if (g_scalar != NULL) {
-    memset(g_secret, 0, sizeof(g_secret));
+    OPENSSL_memset(g_secret, 0, sizeof(g_secret));
     size_t num_bytes;
     /* reduce g_scalar to 0 <= g_scalar < 2^224 */
     if (BN_num_bits(g_scalar) > 224 || BN_is_negative(g_scalar)) {
diff --git a/crypto/ec/p256-64.c b/crypto/ec/p256-64.c
index 6a54200..38fee45 100644
--- a/crypto/ec/p256-64.c
+++ b/crypto/ec/p256-64.c
@@ -108,7 +108,7 @@
 
   felem_bytearray b_out;
   /* BN_bn2bin eats leading zeroes */
-  memset(b_out, 0, sizeof(b_out));
+  OPENSSL_memset(b_out, 0, sizeof(b_out));
   size_t num_bytes = BN_num_bytes(bn);
   if (num_bytes > sizeof(b_out)) {
     OPENSSL_PUT_ERROR(EC, EC_R_BIGNUM_OUT_OF_RANGE);
@@ -1402,7 +1402,7 @@
                          const smallfelem pre_comp[/*size*/][3],
                          smallfelem out[3]) {
   u64 *outlimbs = &out[0][0];
-  memset(outlimbs, 0, 3 * sizeof(smallfelem));
+  OPENSSL_memset(outlimbs, 0, 3 * sizeof(smallfelem));
 
   for (size_t i = 0; i < size; i++) {
     const u64 *inlimbs = (const u64 *)&pre_comp[i][0][0];
@@ -1441,7 +1441,7 @@
   u8 sign, digit;
 
   /* set nq to the point at infinity */
-  memset(nq, 0, 3 * sizeof(felem));
+  OPENSSL_memset(nq, 0, 3 * sizeof(felem));
 
   /* Loop over all scalars msb-to-lsb, interleaving additions of multiples
    * of the generator (two in each of the last 32 rounds) and additions of
@@ -1632,8 +1632,8 @@
 
     /* we treat NULL scalars as 0, and NULL points as points at infinity,
      * i.e., they contribute nothing to the linear combination. */
-    memset(secrets, 0, num_points * sizeof(felem_bytearray));
-    memset(pre_comp, 0, num_points * 17 * 3 * sizeof(smallfelem));
+    OPENSSL_memset(secrets, 0, num_points * sizeof(felem_bytearray));
+    OPENSSL_memset(pre_comp, 0, num_points * 17 * 3 * sizeof(smallfelem));
     for (size_t i = 0; i < num_points; ++i) {
       if (i == num) {
         /* we didn't have a valid precomputation, so we pick the generator. */
@@ -1688,7 +1688,7 @@
   if (g_scalar != NULL) {
     size_t num_bytes;
 
-    memset(g_secret, 0, sizeof(g_secret));
+    OPENSSL_memset(g_secret, 0, sizeof(g_secret));
     /* reduce g_scalar to 0 <= g_scalar < 2^256 */
     if (BN_num_bits(g_scalar) > 256 || BN_is_negative(g_scalar)) {
       /* this is an unusual input, and we don't guarantee
diff --git a/crypto/ec/p256-x86_64.c b/crypto/ec/p256-x86_64.c
index 0a3be92..2400740 100644
--- a/crypto/ec/p256-x86_64.c
+++ b/crypto/ec/p256-x86_64.c
@@ -208,8 +208,8 @@
     return 0;
   }
 
-  memset(out, 0, sizeof(BN_ULONG) * P256_LIMBS);
-  memcpy(out, in->d, sizeof(BN_ULONG) * in->top);
+  OPENSSL_memset(out, 0, sizeof(BN_ULONG) * P256_LIMBS);
+  OPENSSL_memcpy(out, in->d, sizeof(BN_ULONG) * in->top);
   return 1;
 }
 
@@ -441,7 +441,7 @@
     /* Convert |p| from affine to Jacobian coordinates. We set Z to zero if |p|
      * is infinity and |ONE| otherwise. |p| was computed from the table, so it
      * is infinity iff |wvalue >> 1| is zero.  */
-    memset(p.p.Z, 0, sizeof(p.p.Z));
+    OPENSSL_memset(p.p.Z, 0, sizeof(p.p.Z));
     copy_conditional(p.p.Z, ONE, is_not_zero(wvalue >> 1));
 
     for (i = 1; i < 37; i++) {
diff --git a/crypto/ec/p256-x86_64_test.cc b/crypto/ec/p256-x86_64_test.cc
index 531edcf..afc3b54 100644
--- a/crypto/ec/p256-x86_64_test.cc
+++ b/crypto/ec/p256-x86_64_test.cc
@@ -38,9 +38,9 @@
   // Fill a table with some garbage input.
   P256_POINT table[16];
   for (size_t i = 0; i < 16; i++) {
-    memset(table[i].X, 3 * i, sizeof(table[i].X));
-    memset(table[i].Y, 3 * i + 1, sizeof(table[i].Y));
-    memset(table[i].Z, 3 * i + 2, sizeof(table[i].Z));
+    OPENSSL_memset(table[i].X, 3 * i, sizeof(table[i].X));
+    OPENSSL_memset(table[i].Y, 3 * i + 1, sizeof(table[i].Y));
+    OPENSSL_memset(table[i].Z, 3 * i + 2, sizeof(table[i].Z));
   }
 
   for (int i = 0; i <= 16; i++) {
@@ -49,12 +49,12 @@
 
     P256_POINT expected;
     if (i == 0) {
-      memset(&expected, 0, sizeof(expected));
+      OPENSSL_memset(&expected, 0, sizeof(expected));
     } else {
       expected = table[i-1];
     }
 
-    if (memcmp(&val, &expected, sizeof(P256_POINT)) != 0) {
+    if (OPENSSL_memcmp(&val, &expected, sizeof(P256_POINT)) != 0) {
       fprintf(stderr, "ecp_nistz256_select_w5(%d) gave the wrong value.\n", i);
       return false;
     }
@@ -67,8 +67,8 @@
   // Fill a table with some garbage input.
   P256_POINT_AFFINE table[64];
   for (size_t i = 0; i < 64; i++) {
-    memset(table[i].X, 2 * i, sizeof(table[i].X));
-    memset(table[i].Y, 2 * i + 1, sizeof(table[i].Y));
+    OPENSSL_memset(table[i].X, 2 * i, sizeof(table[i].X));
+    OPENSSL_memset(table[i].Y, 2 * i + 1, sizeof(table[i].Y));
   }
 
   for (int i = 0; i <= 64; i++) {
@@ -77,12 +77,12 @@
 
     P256_POINT_AFFINE expected;
     if (i == 0) {
-      memset(&expected, 0, sizeof(expected));
+      OPENSSL_memset(&expected, 0, sizeof(expected));
     } else {
       expected = table[i-1];
     }
 
-    if (memcmp(&val, &expected, sizeof(P256_POINT_AFFINE)) != 0) {
+    if (OPENSSL_memcmp(&val, &expected, sizeof(P256_POINT_AFFINE)) != 0) {
       fprintf(stderr, "ecp_nistz256_select_w7(%d) gave the wrong value.\n", i);
       return false;
     }
@@ -105,7 +105,7 @@
 
   // |byte| contains bytes in big-endian while |out| should contain |BN_ULONG|s
   // in little-endian.
-  memset(out, 0, P256_LIMBS * sizeof(BN_ULONG));
+  OPENSSL_memset(out, 0, P256_LIMBS * sizeof(BN_ULONG));
   for (size_t i = 0; i < bytes.size(); i++) {
     out[P256_LIMBS - 1 - (i / BN_BYTES)] <<= 8;
     out[P256_LIMBS - 1 - (i / BN_BYTES)] |= bytes[i];
@@ -127,7 +127,7 @@
 static bool ExpectFieldElementsEqual(FileTest *t, const char *message,
                                      const BN_ULONG expected[P256_LIMBS],
                                      const BN_ULONG actual[P256_LIMBS]) {
-  if (memcmp(expected, actual, sizeof(BN_ULONG) * P256_LIMBS) == 0) {
+  if (OPENSSL_memcmp(expected, actual, sizeof(BN_ULONG) * P256_LIMBS) == 0) {
     return true;
   }
 
@@ -160,7 +160,7 @@
     return false;
   }
 
-  memset(out, 0, sizeof(P256_POINT_AFFINE));
+  OPENSSL_memset(out, 0, sizeof(P256_POINT_AFFINE));
 
   if (BN_is_zero(z.get())) {
     // The point at infinity is represented as (0, 0).
@@ -189,8 +189,8 @@
     return false;
   }
 
-  memcpy(out->X, x->d, sizeof(BN_ULONG) * x->top);
-  memcpy(out->Y, y->d, sizeof(BN_ULONG) * y->top);
+  OPENSSL_memcpy(out->X, x->d, sizeof(BN_ULONG) * x->top);
+  OPENSSL_memcpy(out->Y, y->d, sizeof(BN_ULONG) * y->top);
   return true;
 }
 
@@ -209,7 +209,7 @@
     return false;
   }
 
-  if (memcmp(expected, &affine, sizeof(P256_POINT_AFFINE)) != 0) {
+  if (OPENSSL_memcmp(expected, &affine, sizeof(P256_POINT_AFFINE)) != 0) {
     t->PrintLine("%s", message);
     t->PrintLine("Expected: (%s, %s)",
                  FieldElementToString(expected->X).c_str(),
@@ -237,7 +237,7 @@
     return false;
   }
 
-  memcpy(ret, a, sizeof(ret));
+  OPENSSL_memcpy(ret, a, sizeof(ret));
   ecp_nistz256_neg(ret, ret);
   if (!ExpectFieldElementsEqual(
           t, "In-place ecp_nistz256_neg(A) was incorrect.", b, ret)) {
@@ -251,7 +251,7 @@
     return false;
   }
 
-  memcpy(ret, b, sizeof(ret));
+  OPENSSL_memcpy(ret, b, sizeof(ret));
   ecp_nistz256_neg(ret, ret);
   if (!ExpectFieldElementsEqual(
           t, "In-place ecp_nistz256_neg(B) was incorrect.", a, ret)) {
@@ -282,42 +282,42 @@
     return false;
   }
 
-  memcpy(ret, a, sizeof(ret));
+  OPENSSL_memcpy(ret, a, sizeof(ret));
   ecp_nistz256_mul_mont(ret, ret, b);
   if (!ExpectFieldElementsEqual(
           t, "ecp_nistz256_mul_mont(ret = A, B) was incorrect.", result, ret)) {
     return false;
   }
 
-  memcpy(ret, a, sizeof(ret));
+  OPENSSL_memcpy(ret, a, sizeof(ret));
   ecp_nistz256_mul_mont(ret, b, ret);
   if (!ExpectFieldElementsEqual(
           t, "ecp_nistz256_mul_mont(B, ret = A) was incorrect.", result, ret)) {
     return false;
   }
 
-  memcpy(ret, b, sizeof(ret));
+  OPENSSL_memcpy(ret, b, sizeof(ret));
   ecp_nistz256_mul_mont(ret, a, ret);
   if (!ExpectFieldElementsEqual(
           t, "ecp_nistz256_mul_mont(A, ret = B) was incorrect.", result, ret)) {
     return false;
   }
 
-  memcpy(ret, b, sizeof(ret));
+  OPENSSL_memcpy(ret, b, sizeof(ret));
   ecp_nistz256_mul_mont(ret, ret, a);
   if (!ExpectFieldElementsEqual(
           t, "ecp_nistz256_mul_mont(ret = B, A) was incorrect.", result, ret)) {
     return false;
   }
 
-  if (memcmp(a, b, sizeof(a)) == 0) {
+  if (OPENSSL_memcmp(a, b, sizeof(a)) == 0) {
     ecp_nistz256_sqr_mont(ret, a);
     if (!ExpectFieldElementsEqual(t, "ecp_nistz256_sqr_mont(A) was incorrect.",
                                   result, ret)) {
       return false;
     }
 
-    memcpy(ret, a, sizeof(ret));
+    OPENSSL_memcpy(ret, a, sizeof(ret));
     ecp_nistz256_sqr_mont(ret, ret);
     if (!ExpectFieldElementsEqual(
             t, "ecp_nistz256_sqr_mont(ret = A) was incorrect.", result, ret)) {
@@ -342,7 +342,7 @@
     return false;
   }
 
-  memcpy(ret, a, sizeof(ret));
+  OPENSSL_memcpy(ret, a, sizeof(ret));
   ecp_nistz256_from_mont(ret, ret);
   if (!ExpectFieldElementsEqual(
           t, "ecp_nistz256_from_mont(ret = A) was incorrect.", result, ret)) {
@@ -379,28 +379,28 @@
     return false;
   }
 
-  memcpy(&ret, &a, sizeof(ret));
+  OPENSSL_memcpy(&ret, &a, sizeof(ret));
   ecp_nistz256_point_add(&ret, &ret, &b);
   if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = A, B) was incorrect.",
                          &result, &ret)) {
     return false;
   }
 
-  memcpy(&ret, &a, sizeof(ret));
+  OPENSSL_memcpy(&ret, &a, sizeof(ret));
   ecp_nistz256_point_add(&ret, &b, &ret);
   if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(B, ret = A) was incorrect.",
                          &result, &ret)) {
     return false;
   }
 
-  memcpy(&ret, &b, sizeof(ret));
+  OPENSSL_memcpy(&ret, &b, sizeof(ret));
   ecp_nistz256_point_add(&ret, &a, &ret);
   if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = A, B) was incorrect.",
                          &result, &ret)) {
     return false;
   }
 
-  memcpy(&ret, &b, sizeof(ret));
+  OPENSSL_memcpy(&ret, &b, sizeof(ret));
   ecp_nistz256_point_add(&ret, &ret, &a);
   if (!ExpectPointsEqual(t, "ecp_nistz256_point_add(ret = B, A) was incorrect.",
                          &result, &ret)) {
@@ -408,7 +408,7 @@
   }
 
   P256_POINT_AFFINE a_affine, b_affine, infinity;
-  memset(&infinity, 0, sizeof(infinity));
+  OPENSSL_memset(&infinity, 0, sizeof(infinity));
   if (!PointToAffine(&a_affine, &a) ||
       !PointToAffine(&b_affine, &b)) {
     return false;
@@ -416,8 +416,8 @@
 
   // ecp_nistz256_point_add_affine does not work when a == b unless doubling the
   // point at infinity.
-  if (memcmp(&a_affine, &b_affine, sizeof(a_affine)) != 0 ||
-      memcmp(&a_affine, &infinity, sizeof(a_affine)) == 0) {
+  if (OPENSSL_memcmp(&a_affine, &b_affine, sizeof(a_affine)) != 0 ||
+      OPENSSL_memcmp(&a_affine, &infinity, sizeof(a_affine)) == 0) {
     ecp_nistz256_point_add_affine(&ret, &a, &b_affine);
     if (!ExpectPointsEqual(t,
                            "ecp_nistz256_point_add_affine(A, B) was incorrect.",
@@ -425,7 +425,7 @@
       return false;
     }
 
-    memcpy(&ret, &a, sizeof(ret));
+    OPENSSL_memcpy(&ret, &a, sizeof(ret));
     ecp_nistz256_point_add_affine(&ret, &ret, &b_affine);
     if (!ExpectPointsEqual(
             t, "ecp_nistz256_point_add_affine(ret = A, B) was incorrect.",
@@ -440,7 +440,7 @@
       return false;
     }
 
-    memcpy(&ret, &b, sizeof(ret));
+    OPENSSL_memcpy(&ret, &b, sizeof(ret));
     ecp_nistz256_point_add_affine(&ret, &ret, &a_affine);
     if (!ExpectPointsEqual(
             t, "ecp_nistz256_point_add_affine(ret = B, A) was incorrect.",
@@ -449,7 +449,7 @@
     }
   }
 
-  if (memcmp(&a, &b, sizeof(a)) == 0) {
+  if (OPENSSL_memcmp(&a, &b, sizeof(a)) == 0) {
     ecp_nistz256_point_double(&ret, &a);
     if (!ExpectPointsEqual(t, "ecp_nistz256_point_double(A) was incorrect.",
                            &result, &ret)) {
diff --git a/crypto/ec/simple.c b/crypto/ec/simple.c
index a1e6229..880b717 100644
--- a/crypto/ec/simple.c
+++ b/crypto/ec/simple.c
@@ -74,6 +74,7 @@
 #include <openssl/mem.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 /* Most method functions in this file are designed to work with non-trivial
@@ -988,7 +989,7 @@
   if (prod_Z == NULL) {
     goto err;
   }
-  memset(prod_Z, 0, num * sizeof(prod_Z[0]));
+  OPENSSL_memset(prod_Z, 0, num * sizeof(prod_Z[0]));
   for (size_t i = 0; i < num; i++) {
     prod_Z[i] = BN_new();
     if (prod_Z[i] == NULL) {
diff --git a/crypto/ecdh/ecdh.c b/crypto/ecdh/ecdh.c
index 50a844e..22b216e 100644
--- a/crypto/ecdh/ecdh.c
+++ b/crypto/ecdh/ecdh.c
@@ -74,6 +74,8 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
                      const EC_KEY *priv_key,
@@ -140,7 +142,7 @@
     if (buflen < outlen) {
       outlen = buflen;
     }
-    memcpy(out, buf, outlen);
+    OPENSSL_memcpy(out, buf, outlen);
   }
 
   if (outlen > INT_MAX) {
diff --git a/crypto/ecdsa/ecdsa.c b/crypto/ecdsa/ecdsa.c
index 6320992..b4e6d0d 100644
--- a/crypto/ecdsa/ecdsa.c
+++ b/crypto/ecdsa/ecdsa.c
@@ -61,6 +61,7 @@
 #include <openssl/mem.h>
 
 #include "../ec/internal.h"
+#include "../internal.h"
 
 
 int ECDSA_sign(int type, const uint8_t *digest, size_t digest_len, uint8_t *sig,
@@ -88,7 +89,7 @@
   /* Defend against potential laxness in the DER parser. */
   size_t der_len;
   if (!ECDSA_SIG_to_bytes(&der, &der_len, s) ||
-      der_len != sig_len || memcmp(sig, der, sig_len) != 0) {
+      der_len != sig_len || OPENSSL_memcmp(sig, der, sig_len) != 0) {
     /* This should never happen. crypto/bytestring is strictly DER. */
     OPENSSL_PUT_ERROR(ECDSA, ERR_R_INTERNAL_ERROR);
     goto err;
diff --git a/crypto/engine/engine.c b/crypto/engine/engine.c
index f1037d4..141ed23 100644
--- a/crypto/engine/engine.c
+++ b/crypto/engine/engine.c
@@ -23,6 +23,8 @@
 #include <openssl/rsa.h>
 #include <openssl/thread.h>
 
+#include "../internal.h"
+
 
 struct engine_st {
   RSA_METHOD *rsa_method;
@@ -35,7 +37,7 @@
     return NULL;
   }
 
-  memset(engine, 0, sizeof(ENGINE));
+  OPENSSL_memset(engine, 0, sizeof(ENGINE));
   return engine;
 }
 
diff --git a/crypto/err/err.c b/crypto/err/err.c
index 48d631f..cbb1260 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -141,7 +141,7 @@
 /* err_clear clears the given queued error. */
 static void err_clear(struct err_error_st *error) {
   err_clear_data(error);
-  memset(error, 0, sizeof(struct err_error_st));
+  OPENSSL_memset(error, 0, sizeof(struct err_error_st));
 }
 
 /* global_next_library contains the next custom library value to return. */
@@ -175,7 +175,7 @@
     if (state == NULL) {
       return NULL;
     }
-    memset(state, 0, sizeof(ERR_STATE));
+    OPENSSL_memset(state, 0, sizeof(ERR_STATE));
     if (!CRYPTO_set_thread_local(OPENSSL_THREAD_LOCAL_ERR, state,
                                  err_state_free)) {
       return NULL;
@@ -349,7 +349,7 @@
 #if !defined(NDEBUG)
   /* This is aimed to help catch callers who don't provide
    * |ERR_ERROR_STRING_BUF_LEN| bytes of space. */
-  memset(ret, 0, ERR_ERROR_STRING_BUF_LEN);
+  OPENSSL_memset(ret, 0, ERR_ERROR_STRING_BUF_LEN);
 #endif
 
   ERR_error_string_n(packed_error, ret, ERR_ERROR_STRING_BUF_LEN);
@@ -407,7 +407,7 @@
          * terminating 0). If we're setting this colon, then all whole of the
          * rest of the string must be colons in order to have the correct
          * number. */
-        memset(last_pos, ':', num_colons - i);
+        OPENSSL_memset(last_pos, ':', num_colons - i);
         break;
       }
 
@@ -675,7 +675,7 @@
       buf = new_buf;
     }
 
-    memcpy(buf + len, substr, substr_len);
+    OPENSSL_memcpy(buf + len, substr, substr_len);
     len = new_len;
   }
 
diff --git a/crypto/evp/evp.c b/crypto/evp/evp.c
index 0916092..f083879 100644
--- a/crypto/evp/evp.c
+++ b/crypto/evp/evp.c
@@ -80,7 +80,7 @@
     return NULL;
   }
 
-  memset(ret, 0, sizeof(EVP_PKEY));
+  OPENSSL_memset(ret, 0, sizeof(EVP_PKEY));
   ret->type = EVP_PKEY_NONE;
   ret->references = 1;
 
diff --git a/crypto/evp/evp_asn1.c b/crypto/evp/evp_asn1.c
index 2b24858..6c90571 100644
--- a/crypto/evp/evp_asn1.c
+++ b/crypto/evp/evp_asn1.c
@@ -84,7 +84,7 @@
   for (i = 0; i < OPENSSL_ARRAY_SIZE(kASN1Methods); i++) {
     const EVP_PKEY_ASN1_METHOD *method = kASN1Methods[i];
     if (CBS_len(&oid) == method->oid_len &&
-        memcmp(CBS_data(&oid), method->oid, method->oid_len) == 0) {
+        OPENSSL_memcmp(CBS_data(&oid), method->oid, method->oid_len) == 0) {
       *out_type = method->pkey_id;
       return 1;
     }
diff --git a/crypto/evp/evp_ctx.c b/crypto/evp/evp_ctx.c
index f7d4b41..8cf23bb 100644
--- a/crypto/evp/evp_ctx.c
+++ b/crypto/evp/evp_ctx.c
@@ -61,6 +61,7 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
 #include "internal.h"
 
 
@@ -105,7 +106,7 @@
     OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
-  memset(ret, 0, sizeof(EVP_PKEY_CTX));
+  OPENSSL_memset(ret, 0, sizeof(EVP_PKEY_CTX));
 
   ret->engine = e;
   ret->pmeth = pmeth;
@@ -159,7 +160,7 @@
     return NULL;
   }
 
-  memset(rctx, 0, sizeof(EVP_PKEY_CTX));
+  OPENSSL_memset(rctx, 0, sizeof(EVP_PKEY_CTX));
 
   rctx->pmeth = pctx->pmeth;
   rctx->engine = pctx->engine;
diff --git a/crypto/evp/evp_extra_test.cc b/crypto/evp/evp_extra_test.cc
index 4d41760..2758917d0 100644
--- a/crypto/evp/evp_extra_test.cc
+++ b/crypto/evp/evp_extra_test.cc
@@ -27,6 +27,8 @@
 #include <openssl/pkcs8.h>
 #include <openssl/rsa.h>
 
+#include "../internal.h"
+
 
 // kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
 // should never use this key anywhere but in an example.
@@ -469,7 +471,7 @@
     return false;
   }
 
-  if (memcmp(recovered.data(), kDummyHash, sizeof(kDummyHash)) != 0) {
+  if (OPENSSL_memcmp(recovered.data(), kDummyHash, sizeof(kDummyHash)) != 0) {
     fprintf(stderr, "verify_recover got wrong value.\n");
     ERR_print_errors_fp(stderr);
     return false;
diff --git a/crypto/evp/p_ec.c b/crypto/evp/p_ec.c
index f92c87c..dc1ea6f 100644
--- a/crypto/evp/p_ec.c
+++ b/crypto/evp/p_ec.c
@@ -70,6 +70,7 @@
 
 #include "internal.h"
 #include "../ec/internal.h"
+#include "../internal.h"
 
 
 typedef struct {
@@ -84,7 +85,7 @@
   if (!dctx) {
     return 0;
   }
-  memset(dctx, 0, sizeof(EC_PKEY_CTX));
+  OPENSSL_memset(dctx, 0, sizeof(EC_PKEY_CTX));
 
   ctx->data = dctx;
 
diff --git a/crypto/evp/p_rsa.c b/crypto/evp/p_rsa.c
index b01230a..ea2ba99 100644
--- a/crypto/evp/p_rsa.c
+++ b/crypto/evp/p_rsa.c
@@ -67,6 +67,7 @@
 #include <openssl/nid.h>
 #include <openssl/rsa.h>
 
+#include "../internal.h"
 #include "../rsa/internal.h"
 #include "internal.h"
 
@@ -97,7 +98,7 @@
   if (!rctx) {
     return 0;
   }
-  memset(rctx, 0, sizeof(RSA_PKEY_CTX));
+  OPENSSL_memset(rctx, 0, sizeof(RSA_PKEY_CTX));
 
   rctx->nbits = 2048;
   rctx->pad_mode = RSA_PKCS1_PADDING;
@@ -289,7 +290,7 @@
       return 0;
     }
     *out_len = ret;
-    memcpy(out, rctx->tbuf, *out_len);
+    OPENSSL_memcpy(out, rctx->tbuf, *out_len);
     return 1;
   }
 
@@ -329,7 +330,7 @@
   }
 
   if (out != NULL) {
-    memcpy(out, rctx->tbuf + asn1_prefix_len, result_len);
+    OPENSSL_memcpy(out, rctx->tbuf + asn1_prefix_len, result_len);
   }
   *out_len = result_len;
 
diff --git a/crypto/evp/pbkdf.c b/crypto/evp/pbkdf.c
index b06b922..1792cdc 100644
--- a/crypto/evp/pbkdf.c
+++ b/crypto/evp/pbkdf.c
@@ -59,6 +59,8 @@
 
 #include <openssl/hmac.h>
 
+#include "../internal.h"
+
 
 int PKCS5_PBKDF2_HMAC(const char *password, size_t password_len,
                       const uint8_t *salt, size_t salt_len, unsigned iterations,
@@ -101,7 +103,7 @@
       return 0;
     }
     HMAC_CTX_cleanup(&hctx);
-    memcpy(p, digest_tmp, cplen);
+    OPENSSL_memcpy(p, digest_tmp, cplen);
     for (j = 1; j < iterations; j++) {
       if (!HMAC_CTX_copy(&hctx, &hctx_tpl)) {
         HMAC_CTX_cleanup(&hctx_tpl);
diff --git a/crypto/evp/pbkdf_test.cc b/crypto/evp/pbkdf_test.cc
index 438ab64..5284700 100644
--- a/crypto/evp/pbkdf_test.cc
+++ b/crypto/evp/pbkdf_test.cc
@@ -20,6 +20,8 @@
 #include <openssl/err.h>
 #include <openssl/evp.h>
 
+#include "../internal.h"
+
 
 // Prints out the data buffer as a sequence of hex bytes.
 static void PrintDataHex(const void *data, size_t len) {
@@ -49,7 +51,7 @@
     return false;
   }
 
-  if (memcmp(key, expected_key, key_len) != 0) {
+  if (OPENSSL_memcmp(key, expected_key, key_len) != 0) {
     fprintf(stderr, "Resulting key material does not match expectation\n");
     fprintf(stderr, "Expected:\n    ");
     PrintDataHex(expected_key, key_len);
diff --git a/crypto/hkdf/hkdf.c b/crypto/hkdf/hkdf.c
index f21cb42..ae43b69 100644
--- a/crypto/hkdf/hkdf.c
+++ b/crypto/hkdf/hkdf.c
@@ -20,6 +20,8 @@
 #include <openssl/err.h>
 #include <openssl/hmac.h>
 
+#include "../internal.h"
+
 
 int HKDF(uint8_t *out_key, size_t out_len, const EVP_MD *digest,
          const uint8_t *secret, size_t secret_len, const uint8_t *salt,
@@ -95,7 +97,7 @@
     if (done + todo > out_len) {
       todo = out_len - done;
     }
-    memcpy(out_key + done, previous, todo);
+    OPENSSL_memcpy(out_key + done, previous, todo);
     done += todo;
   }
 
diff --git a/crypto/hkdf/hkdf_test.c b/crypto/hkdf/hkdf_test.c
index 4499cc0..d9b50fa 100644
--- a/crypto/hkdf/hkdf_test.c
+++ b/crypto/hkdf/hkdf_test.c
@@ -262,7 +262,7 @@
       return 1;
     }
     if (prk_len != test->prk_len ||
-        memcmp(prk, test->prk, test->prk_len) != 0) {
+        OPENSSL_memcmp(prk, test->prk, test->prk_len) != 0) {
       fprintf(stderr, "%zu: Resulting PRK does not match test vector\n", i);
       return 1;
     }
@@ -272,7 +272,7 @@
       ERR_print_errors_fp(stderr);
       return 1;
     }
-    if (memcmp(buf, test->out, test->out_len) != 0) {
+    if (OPENSSL_memcmp(buf, test->out, test->out_len) != 0) {
       fprintf(stderr,
               "%zu: Resulting key material does not match test vector\n", i);
       return 1;
@@ -284,7 +284,7 @@
       ERR_print_errors_fp(stderr);
       return 1;
     }
-    if (memcmp(buf, test->out, test->out_len) != 0) {
+    if (OPENSSL_memcmp(buf, test->out, test->out_len) != 0) {
       fprintf(stderr,
               "%zu: Resulting key material does not match test vector\n", i);
       return 1;
diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
index 2eae9e8..a252667 100644
--- a/crypto/hmac/hmac.c
+++ b/crypto/hmac/hmac.c
@@ -62,6 +62,8 @@
 #include <openssl/digest.h>
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 uint8_t *HMAC(const EVP_MD *evp_md, const void *key, size_t key_len,
               const uint8_t *data, size_t data_len, uint8_t *out,
@@ -130,12 +132,12 @@
       }
     } else {
       assert(key_len <= sizeof(key_block));
-      memcpy(key_block, key, key_len);
+      OPENSSL_memcpy(key_block, key, key_len);
       key_block_len = (unsigned)key_len;
     }
     /* Keys are then padded with zeros. */
     if (key_block_len != EVP_MAX_MD_BLOCK_SIZE) {
-      memset(&key_block[key_block_len], 0, sizeof(key_block) - key_block_len);
+      OPENSSL_memset(&key_block[key_block_len], 0, sizeof(key_block) - key_block_len);
     }
 
     for (size_t i = 0; i < EVP_MAX_MD_BLOCK_SIZE; i++) {
diff --git a/crypto/internal.h b/crypto/internal.h
index 896cc3b..e94383b 100644
--- a/crypto/internal.h
+++ b/crypto/internal.h
@@ -112,6 +112,8 @@
 #include <openssl/ex_data.h>
 #include <openssl/thread.h>
 
+#include <string.h>
+
 #if defined(_MSC_VER)
 #if !defined(__cplusplus) || _MSC_VER < 1900
 #define alignas(x) __declspec(align(x))
@@ -520,6 +522,86 @@
                                         void *obj, CRYPTO_EX_DATA *ad);
 
 
+/* Language bug workarounds.
+ *
+ * Most C standard library functions are undefined if passed NULL, even when the
+ * corresponding length is zero. This gives them (and, in turn, all functions
+ * which call them) surprising behavior on empty arrays. Some compilers will
+ * miscompile code due to this rule. See also
+ * https://www.imperialviolet.org/2016/06/26/nonnull.html
+ *
+ * If building BoringSSL itself, replace C standard library functions with more
+ * well-behaved versions. Due to some C++ toolchains defining versions of these
+ * functions under namespaces, this is limited to our C files.
+ *
+ * Note |OPENSSL_memcmp| is a different function from |CRYPTO_memcmp|. */
+
+/* C++ defines |memchr| as a const-correct overload. */
+#if defined(__cplusplus)
+extern "C++" {
+
+static inline const void *OPENSSL_memchr(const void *s, int c, size_t n) {
+  if (n == 0) {
+    return NULL;
+  }
+
+  return memchr(s, c, n);
+}
+
+static inline void *OPENSSL_memchr(void *s, int c, size_t n) {
+  if (n == 0) {
+    return NULL;
+  }
+
+  return memchr(s, c, n);
+}
+
+}  /* extern "C++" */
+#else  /* __cplusplus */
+
+static inline void *OPENSSL_memchr(const void *s, int c, size_t n) {
+  if (n == 0) {
+    return NULL;
+  }
+
+  return memchr(s, c, n);
+}
+
+#endif  /* __cplusplus */
+
+static inline int OPENSSL_memcmp(const void *s1, const void *s2, size_t n) {
+  if (n == 0) {
+    return 0;
+  }
+
+  return memcmp(s1, s2, n);
+}
+
+static inline void *OPENSSL_memcpy(void *dst, const void *src, size_t n) {
+  if (n == 0) {
+    return dst;
+  }
+
+  return memcpy(dst, src, n);
+}
+
+static inline void *OPENSSL_memmove(void *dst, const void *src, size_t n) {
+  if (n == 0) {
+    return dst;
+  }
+
+  return memmove(dst, src, n);
+}
+
+static inline void *OPENSSL_memset(void *dst, int c, size_t n) {
+  if (n == 0) {
+    return dst;
+  }
+
+  return memset(dst, c, n);
+}
+
+
 #if defined(__cplusplus)
 }  /* extern C */
 #endif
diff --git a/crypto/lhash/lhash.c b/crypto/lhash/lhash.c
index 233f34f..6bb330c 100644
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@@ -62,6 +62,9 @@
 
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
+
 /* kMinNumBuckets is the minimum size of the buckets array in an |_LHASH|. */
 static const size_t kMinNumBuckets = 16;
 
@@ -77,7 +80,7 @@
   if (ret == NULL) {
     return NULL;
   }
-  memset(ret, 0, sizeof(_LHASH));
+  OPENSSL_memset(ret, 0, sizeof(_LHASH));
 
   ret->num_buckets = kMinNumBuckets;
   ret->buckets = OPENSSL_malloc(sizeof(LHASH_ITEM *) * ret->num_buckets);
@@ -85,7 +88,7 @@
     OPENSSL_free(ret);
     return NULL;
   }
-  memset(ret->buckets, 0, sizeof(LHASH_ITEM *) * ret->num_buckets);
+  OPENSSL_memset(ret->buckets, 0, sizeof(LHASH_ITEM *) * ret->num_buckets);
 
   ret->comp = comp;
   if (ret->comp == NULL) {
@@ -173,7 +176,7 @@
   if (new_buckets == NULL) {
     return;
   }
-  memset(new_buckets, 0, alloc_size);
+  OPENSSL_memset(new_buckets, 0, alloc_size);
 
   for (i = 0; i < lh->num_buckets; i++) {
     for (cur = lh->buckets[i]; cur != NULL; cur = next) {
diff --git a/crypto/md4/md4.c b/crypto/md4/md4.c
index 7da3ec8..0046c21 100644
--- a/crypto/md4/md4.c
+++ b/crypto/md4/md4.c
@@ -59,6 +59,8 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include "../internal.h"
+
 
 uint8_t *MD4(const uint8_t *data, size_t len, uint8_t *out) {
   MD4_CTX ctx;
@@ -72,7 +74,7 @@
 /* Implemented from RFC1186 The MD4 Message-Digest Algorithm. */
 
 int MD4_Init(MD4_CTX *md4) {
-  memset(md4, 0, sizeof(MD4_CTX));
+  OPENSSL_memset(md4, 0, sizeof(MD4_CTX));
   md4->h[0] = 0x67452301UL;
   md4->h[1] = 0xefcdab89UL;
   md4->h[2] = 0x98badcfeUL;
diff --git a/crypto/md5/md5.c b/crypto/md5/md5.c
index a66fa7f..7712f47 100644
--- a/crypto/md5/md5.c
+++ b/crypto/md5/md5.c
@@ -60,6 +60,8 @@
 
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 uint8_t *MD5(const uint8_t *data, size_t len, uint8_t *out) {
   MD5_CTX ctx;
@@ -78,7 +80,7 @@
 }
 
 int MD5_Init(MD5_CTX *md5) {
-  memset(md5, 0, sizeof(MD5_CTX));
+  OPENSSL_memset(md5, 0, sizeof(MD5_CTX));
   md5->h[0] = 0x67452301UL;
   md5->h[1] = 0xefcdab89UL;
   md5->h[2] = 0x98badcfeUL;
diff --git a/crypto/mem.c b/crypto/mem.c
index ee34767..390ca2e 100644
--- a/crypto/mem.c
+++ b/crypto/mem.c
@@ -73,6 +73,8 @@
 #include <strings.h>
 #endif
 
+#include "internal.h"
+
 
 void *OPENSSL_realloc_clean(void *ptr, size_t old_size, size_t new_size) {
   if (ptr == NULL) {
@@ -94,7 +96,7 @@
     return NULL;
   }
 
-  memcpy(ret, ptr, old_size);
+  OPENSSL_memcpy(ret, ptr, old_size);
   OPENSSL_cleanse(ptr, old_size);
   OPENSSL_free(ptr);
   return ret;
@@ -104,7 +106,7 @@
 #if defined(OPENSSL_WINDOWS)
   SecureZeroMemory(ptr, len);
 #else
-  memset(ptr, 0, len);
+  OPENSSL_memset(ptr, 0, len);
 
 #if !defined(OPENSSL_NO_ASM)
   /* As best as we can tell, this is sufficient to break any optimisations that
diff --git a/crypto/modes/cbc.c b/crypto/modes/cbc.c
index 6e9fe24..12d551c 100644
--- a/crypto/modes/cbc.c
+++ b/crypto/modes/cbc.c
@@ -103,7 +103,7 @@
     out += 16;
   }
 
-  memcpy(ivec, iv, 16);
+  OPENSSL_memcpy(ivec, iv, 16);
 }
 
 void CRYPTO_cbc128_decrypt(const uint8_t *in, uint8_t *out, size_t len,
@@ -154,7 +154,7 @@
         out += 16;
       }
     }
-    memcpy(ivec, iv, 16);
+    OPENSSL_memcpy(ivec, iv, 16);
   } else {
     /* |out| is less than two blocks behind |in|. Decrypting an input block
      * directly to |out| would overwrite a ciphertext block before it is used as
diff --git a/crypto/modes/cfb.c b/crypto/modes/cfb.c
index 51b883e..af15255 100644
--- a/crypto/modes/cfb.c
+++ b/crypto/modes/cfb.c
@@ -167,7 +167,7 @@
   }
 
   /* fill in the first half of the new IV with the current IV */
-  memcpy(ovec, ivec, 16);
+  OPENSSL_memcpy(ovec, ivec, 16);
   /* construct the new IV */
   (*block)(ivec, ivec, key);
   num = (nbits + 7) / 8;
@@ -186,7 +186,7 @@
   rem = nbits % 8;
   num = nbits / 8;
   if (rem == 0) {
-    memcpy(ivec, ovec + num, 16);
+    OPENSSL_memcpy(ivec, ovec + num, 16);
   } else {
     for (n = 0; n < 16; ++n) {
       ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem);
diff --git a/crypto/modes/ctr.c b/crypto/modes/ctr.c
index b84e72c..c026d15 100644
--- a/crypto/modes/ctr.c
+++ b/crypto/modes/ctr.c
@@ -202,7 +202,7 @@
     in += blocks;
   }
   if (len) {
-    memset(ecount_buf, 0, 16);
+    OPENSSL_memset(ecount_buf, 0, 16);
     (*func)(ecount_buf, ecount_buf, 1, key, ivec);
     ++ctr32;
     PUTU32(ivec + 12, ctr32);
diff --git a/crypto/modes/gcm.c b/crypto/modes/gcm.c
index 3b793e8..df68c40 100644
--- a/crypto/modes/gcm.c
+++ b/crypto/modes/gcm.c
@@ -363,7 +363,7 @@
     uint8_t c[16];
   } H;
 
-  memcpy(H.c, gcm_key, 16);
+  OPENSSL_memcpy(H.c, gcm_key, 16);
 
   /* H is stored in host byte order */
   H.u[0] = CRYPTO_bswap8(H.u[0]);
@@ -426,11 +426,11 @@
 
 void CRYPTO_gcm128_init(GCM128_CONTEXT *ctx, const void *aes_key,
                         block128_f block) {
-  memset(ctx, 0, sizeof(*ctx));
+  OPENSSL_memset(ctx, 0, sizeof(*ctx));
   ctx->block = block;
 
   uint8_t gcm_key[16];
-  memset(gcm_key, 0, sizeof(gcm_key));
+  OPENSSL_memset(gcm_key, 0, sizeof(gcm_key));
   (*block)(gcm_key, gcm_key, aes_key);
 
   CRYPTO_ghash_init(&ctx->gmult, &ctx->ghash, ctx->Htable, gcm_key);
@@ -453,7 +453,7 @@
   ctx->mres = 0;
 
   if (len == 12) {
-    memcpy(ctx->Yi.c, iv, 12);
+    OPENSSL_memcpy(ctx->Yi.c, iv, 12);
     ctx->Yi.c[15] = 1;
     ctr = 1;
   } else {
@@ -1060,7 +1060,8 @@
 
 void CRYPTO_gcm128_tag(GCM128_CONTEXT *ctx, unsigned char *tag, size_t len) {
   CRYPTO_gcm128_finish(ctx, NULL, 0);
-  memcpy(tag, ctx->Xi.c, len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c));
+  OPENSSL_memcpy(tag, ctx->Xi.c,
+                 len <= sizeof(ctx->Xi.c) ? len : sizeof(ctx->Xi.c));
 }
 
 #if defined(OPENSSL_X86) || defined(OPENSSL_X86_64)
diff --git a/crypto/modes/gcm_test.cc b/crypto/modes/gcm_test.cc
index 8baf20e..1a5e034 100644
--- a/crypto/modes/gcm_test.cc
+++ b/crypto/modes/gcm_test.cc
@@ -350,7 +350,7 @@
 
   CRYPTO_gcm128_init(&ctx, &aes_key, (block128_f) AES_encrypt);
   CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_len);
-  memset(out, 0, plaintext_len);
+  OPENSSL_memset(out, 0, plaintext_len);
   if (additional_data) {
     CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
   }
@@ -358,7 +358,7 @@
     CRYPTO_gcm128_encrypt(&ctx, &aes_key, plaintext, out, plaintext_len);
   }
   if (!CRYPTO_gcm128_finish(&ctx, tag, tag_len) ||
-      (ciphertext && memcmp(out, ciphertext, plaintext_len) != 0)) {
+      (ciphertext && OPENSSL_memcmp(out, ciphertext, plaintext_len) != 0)) {
     fprintf(stderr, "%u: encrypt failed.\n", test_num);
     hexdump(stderr, "got :", out, plaintext_len);
     hexdump(stderr, "want:", ciphertext, plaintext_len);
@@ -366,7 +366,7 @@
   }
 
   CRYPTO_gcm128_setiv(&ctx, &aes_key, nonce, nonce_len);
-  memset(out, 0, plaintext_len);
+  OPENSSL_memset(out, 0, plaintext_len);
   if (additional_data) {
     CRYPTO_gcm128_aad(&ctx, additional_data, additional_data_len);
   }
@@ -377,7 +377,7 @@
     fprintf(stderr, "%u: decrypt failed.\n", test_num);
     goto out;
   }
-  if (plaintext && memcmp(out, plaintext, plaintext_len)) {
+  if (plaintext && OPENSSL_memcmp(out, plaintext, plaintext_len)) {
     fprintf(stderr, "%u: plaintext doesn't match.\n", test_num);
     goto out;
   }
diff --git a/crypto/modes/internal.h b/crypto/modes/internal.h
index a53da04..9b579fa 100644
--- a/crypto/modes/internal.h
+++ b/crypto/modes/internal.h
@@ -53,6 +53,8 @@
 
 #include <string.h>
 
+#include "../internal.h"
+
 #if defined(__cplusplus)
 extern "C" {
 #endif
@@ -100,13 +102,13 @@
 
 static inline uint32_t GETU32(const void *in) {
   uint32_t v;
-  memcpy(&v, in, sizeof(v));
+  OPENSSL_memcpy(&v, in, sizeof(v));
   return CRYPTO_bswap4(v);
 }
 
 static inline void PUTU32(void *out, uint32_t v) {
   v = CRYPTO_bswap4(v);
-  memcpy(out, &v, sizeof(v));
+  OPENSSL_memcpy(out, &v, sizeof(v));
 }
 
 static inline uint32_t GETU32_aligned(const void *in) {
diff --git a/crypto/modes/ofb.c b/crypto/modes/ofb.c
index 0ee95ca..95d15c3 100644
--- a/crypto/modes/ofb.c
+++ b/crypto/modes/ofb.c
@@ -73,11 +73,11 @@
     (*block)(ivec, ivec, key);
     for (; n < 16; n += sizeof(size_t)) {
       size_t a, b;
-      memcpy(&a, in + n, sizeof(size_t));
-      memcpy(&b, ivec + n, sizeof(size_t));
+      OPENSSL_memcpy(&a, in + n, sizeof(size_t));
+      OPENSSL_memcpy(&b, ivec + n, sizeof(size_t));
 
       const size_t c = a ^ b;
-      memcpy(out + n, &c, sizeof(size_t));
+      OPENSSL_memcpy(out + n, &c, sizeof(size_t));
     }
     len -= 16;
     out += 16;
diff --git a/crypto/modes/polyval.c b/crypto/modes/polyval.c
index c5121a1..eb7eadc 100644
--- a/crypto/modes/polyval.c
+++ b/crypto/modes/polyval.c
@@ -54,11 +54,11 @@
 
 void CRYPTO_POLYVAL_init(struct polyval_ctx *ctx, const uint8_t key[16]) {
   polyval_block H;
-  memcpy(H.c, key, 16);
+  OPENSSL_memcpy(H.c, key, 16);
   reverse_and_mulX_ghash(&H);
 
   CRYPTO_ghash_init(&ctx->gmult, &ctx->ghash, ctx->Htable, H.c);
-  memset(&ctx->S, 0, sizeof(ctx->S));
+  OPENSSL_memset(&ctx->S, 0, sizeof(ctx->S));
 }
 
 void CRYPTO_POLYVAL_update_blocks(struct polyval_ctx *ctx, const uint8_t *in,
@@ -71,7 +71,7 @@
     if (todo > sizeof(reversed)) {
       todo = sizeof(reversed);
     }
-    memcpy(reversed, in, todo);
+    OPENSSL_memcpy(reversed, in, todo);
     in_len -= todo;
 
     size_t blocks = todo / sizeof(polyval_block);
@@ -86,7 +86,7 @@
 void CRYPTO_POLYVAL_finish(const struct polyval_ctx *ctx, uint8_t out[16]) {
   polyval_block S = ctx->S;
   byte_reverse(&S);
-  memcpy(out, &S.c, sizeof(polyval_block));
+  OPENSSL_memcpy(out, &S.c, sizeof(polyval_block));
 }
 
 
diff --git a/crypto/obj/obj.c b/crypto/obj/obj.c
index c44ffc8..d0a6c82 100644
--- a/crypto/obj/obj.c
+++ b/crypto/obj/obj.c
@@ -123,7 +123,7 @@
     goto err;
   }
   if (o->data != NULL) {
-    memcpy(data, o->data, o->length);
+    OPENSSL_memcpy(data, o->data, o->length);
   }
 
   /* once data is attached to an object, it remains const */
@@ -169,7 +169,7 @@
   if (ret) {
     return ret;
   }
-  return memcmp(a->data, b->data, a->length);
+  return OPENSSL_memcmp(a->data, b->data, a->length);
 }
 
 /* obj_cmp is called to search the kNIDsInOIDOrder array. The |key| argument is
@@ -185,7 +185,7 @@
   } else if (a->length > b->length) {
     return 1;
   }
-  return memcmp(a->data, b->data, a->length);
+  return OPENSSL_memcmp(a->data, b->data, a->length);
 }
 
 int OBJ_obj2nid(const ASN1_OBJECT *obj) {
@@ -225,7 +225,7 @@
   }
 
   ASN1_OBJECT obj;
-  memset(&obj, 0, sizeof(obj));
+  OPENSSL_memset(&obj, 0, sizeof(obj));
   obj.data = CBS_data(cbs);
   obj.length = (int)CBS_len(cbs);
 
@@ -543,7 +543,7 @@
   if (i) {
     return i;
   }
-  return memcmp(a->data, b->data, a->length);
+  return OPENSSL_memcmp(a->data, b->data, a->length);
 }
 
 static uint32_t hash_short_name(const ASN1_OBJECT *obj) {
diff --git a/crypto/obj/obj_test.cc b/crypto/obj/obj_test.cc
index 4813b05..6c9dc3f 100644
--- a/crypto/obj/obj_test.cc
+++ b/crypto/obj/obj_test.cc
@@ -20,6 +20,8 @@
 #include <openssl/crypto.h>
 #include <openssl/obj.h>
 
+#include "../internal.h"
+
 
 static bool TestBasic() {
   static const int kNID = NID_sha256WithRSAEncryption;
@@ -97,7 +99,7 @@
 static bool ExpectObj2Txt(const uint8_t *der, size_t der_len,
                           bool always_return_oid, const char *expected) {
   ASN1_OBJECT obj;
-  memset(&obj, 0, sizeof(obj));
+  OPENSSL_memset(&obj, 0, sizeof(obj));
   obj.data = der;
   obj.length = static_cast<int>(der_len);
 
@@ -112,7 +114,7 @@
   }
 
   char short_buf[1];
-  memset(short_buf, 0xff, sizeof(short_buf));
+  OPENSSL_memset(short_buf, 0xff, sizeof(short_buf));
   len = OBJ_obj2txt(short_buf, sizeof(short_buf), &obj, always_return_oid);
   if (len != expected_len) {
     fprintf(stderr,
@@ -121,7 +123,7 @@
     return false;
   }
 
-  if (memchr(short_buf, '\0', sizeof(short_buf)) == nullptr) {
+  if (OPENSSL_memchr(short_buf, '\0', sizeof(short_buf)) == nullptr) {
     fprintf(stderr,
             "OBJ_obj2txt of %s with out_len = 1 did not NUL-terminate the "
             "output.\n",
@@ -186,7 +188,7 @@
   }
 
   ASN1_OBJECT obj;
-  memset(&obj, 0, sizeof(obj));
+  OPENSSL_memset(&obj, 0, sizeof(obj));
 
   // kNonMinimalOID is kBasicConstraints with the final component non-minimally
   // encoded.
diff --git a/crypto/pem/pem_lib.c b/crypto/pem/pem_lib.c
index e53abf8..8b7932e 100644
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@@ -71,6 +71,9 @@
 #include <openssl/rand.h>
 #include <openssl/x509.h>
 
+#include "../internal.h"
+
+
 #define MIN_LENGTH      4
 
 static int load_iv(char **fromp, unsigned char *to, int num);
@@ -638,7 +641,7 @@
                 OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
-            memcpy(nameB->data, &(buf[11]), i - 6);
+            OPENSSL_memcpy(nameB->data, &(buf[11]), i - 6);
             nameB->data[i - 6] = '\0';
             break;
         }
@@ -669,7 +672,7 @@
             nohead = 1;
             break;
         }
-        memcpy(&(headerB->data[hl]), buf, i);
+        OPENSSL_memcpy(&(headerB->data[hl]), buf, i);
         headerB->data[hl + i] = '\0';
         hl += i;
     }
@@ -701,7 +704,7 @@
                 OPENSSL_PUT_ERROR(PEM, ERR_R_MALLOC_FAILURE);
                 goto err;
             }
-            memcpy(&(dataB->data[bl]), buf, i);
+            OPENSSL_memcpy(&(dataB->data[bl]), buf, i);
             dataB->data[bl + i] = '\0';
             bl += i;
             if (end) {
diff --git a/crypto/pkcs8/p5_pbe.c b/crypto/pkcs8/p5_pbe.c
index 8e56d41..eee2e00 100644
--- a/crypto/pkcs8/p5_pbe.c
+++ b/crypto/pkcs8/p5_pbe.c
@@ -62,6 +62,7 @@
 #include <openssl/rand.h>
 #include <openssl/x509.h>
 
+#include "../internal.h"
 #include "internal.h"
 
 
@@ -106,7 +107,7 @@
 		}
 	sstr = ASN1_STRING_data(pbe->salt);
 	if (salt)
-		memcpy(sstr, salt, saltlen);
+		OPENSSL_memcpy(sstr, salt, saltlen);
 	else if (!RAND_bytes(sstr, saltlen))
 		goto err;
 
diff --git a/crypto/pkcs8/p5_pbev2.c b/crypto/pkcs8/p5_pbev2.c
index 050a4d6..c16b83f 100644
--- a/crypto/pkcs8/p5_pbev2.c
+++ b/crypto/pkcs8/p5_pbev2.c
@@ -67,6 +67,7 @@
 #include <openssl/x509.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 /* PKCS#5 v2.0 password based encryption structures */
@@ -144,7 +145,7 @@
 	if (EVP_CIPHER_iv_length(cipher))
 		{
 		if (aiv)
-			memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
+			OPENSSL_memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher));
 		else if (!RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)))
   			goto err;
 		}
@@ -246,7 +247,7 @@
 	osalt->length = saltlen;
 
 	if (salt)
-		memcpy (osalt->data, salt, saltlen);
+		OPENSSL_memcpy (osalt->data, salt, saltlen);
 	else if (!RAND_bytes(osalt->data, saltlen))
 		goto merr;
 
diff --git a/crypto/pkcs8/pkcs8.c b/crypto/pkcs8/pkcs8.c
index 7b34705..e965bc9 100644
--- a/crypto/pkcs8/pkcs8.c
+++ b/crypto/pkcs8/pkcs8.c
@@ -124,7 +124,7 @@
   /* 1. Construct a string, D (the "diversifier"), by concatenating v/8 copies
    * of ID. */
   uint8_t D[EVP_MAX_MD_BLOCK_SIZE];
-  memset(D, id, block_size);
+  OPENSSL_memset(D, id, block_size);
 
   /* 2. Concatenate copies of the salt together to create a string S of length
    * v(ceiling(s/v)) bits (the final copy of the salt may be truncated to
@@ -186,7 +186,7 @@
     }
 
     size_t todo = out_len < A_len ? out_len : A_len;
-    memcpy(out, A, todo);
+    OPENSSL_memcpy(out, A, todo);
     out += todo;
     out_len -= todo;
     if (out_len == 0) {
@@ -911,7 +911,7 @@
   }
 
   *out_key = NULL;
-  memset(&ctx, 0, sizeof(ctx));
+  OPENSSL_memset(&ctx, 0, sizeof(ctx));
 
   /* See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1.pdf, section
    * four. */
@@ -1068,7 +1068,7 @@
     return NULL;
   }
 
-  memcpy(p12->ber_bytes, *ber_bytes, ber_len);
+  OPENSSL_memcpy(p12->ber_bytes, *ber_bytes, ber_len);
   p12->ber_len = ber_len;
   *ber_bytes += ber_len;
 
@@ -1193,7 +1193,7 @@
     }
   } else if (password_len != -1 &&
              (password[password_len] != 0 ||
-              memchr(password, 0, password_len) != NULL)) {
+              OPENSSL_memchr(password, 0, password_len) != NULL)) {
     return 0;
   }
 
diff --git a/crypto/poly1305/poly1305.c b/crypto/poly1305/poly1305.c
index 4c5d11f..77e8046 100644
--- a/crypto/poly1305/poly1305.c
+++ b/crypto/poly1305/poly1305.c
@@ -23,6 +23,7 @@
 #include <openssl/cpu.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 #if defined(OPENSSL_WINDOWS) || !defined(OPENSSL_X86_64)
@@ -30,11 +31,13 @@
 /* We can assume little-endian. */
 static uint32_t U8TO32_LE(const uint8_t *m) {
   uint32_t r;
-  memcpy(&r, m, sizeof(r));
+  OPENSSL_memcpy(&r, m, sizeof(r));
   return r;
 }
 
-static void U32TO8_LE(uint8_t *m, uint32_t v) { memcpy(m, &v, sizeof(v)); }
+static void U32TO8_LE(uint8_t *m, uint32_t v) {
+  OPENSSL_memcpy(m, &v, sizeof(v));
+}
 
 static uint64_t mul32x32_64(uint32_t a, uint32_t b) { return (uint64_t)a * b; }
 
@@ -192,7 +195,7 @@
   state->h4 = 0;
 
   state->buf_used = 0;
-  memcpy(state->key, key + 16, sizeof(state->key));
+  OPENSSL_memcpy(state->key, key + 16, sizeof(state->key));
 }
 
 void CRYPTO_poly1305_update(poly1305_state *statep, const uint8_t *in,
diff --git a/crypto/poly1305/poly1305_arm.c b/crypto/poly1305/poly1305_arm.c
index de31d6b..444413b 100644
--- a/crypto/poly1305/poly1305_arm.c
+++ b/crypto/poly1305/poly1305_arm.c
@@ -129,7 +129,7 @@
  * fe1305x2_frombytearray. */
 static uint32_t load32(uint8_t *t) {
   uint32_t tmp;
-  memcpy(&tmp, t, sizeof(tmp));
+  OPENSSL_memcpy(&tmp, t, sizeof(tmp));
   return tmp;
 }
 
@@ -203,7 +203,7 @@
   addmulmod(precomp, r, r, &zero);                 /* precompute r^2 */
   addmulmod(precomp + 1, precomp, precomp, &zero); /* precompute r^4 */
 
-  memcpy(st->key, key + 16, 16);
+  OPENSSL_memcpy(st->key, key + 16, 16);
   st->buf_used = 0;
 }
 
diff --git a/crypto/pool/pool.c b/crypto/pool/pool.c
index ca058fc..44d10af 100644
--- a/crypto/pool/pool.c
+++ b/crypto/pool/pool.c
@@ -34,7 +34,7 @@
   if (a->len != b->len) {
     return 1;
   }
-  return memcmp(a->data, b->data, a->len);
+  return OPENSSL_memcmp(a->data, b->data, a->len);
 }
 
 CRYPTO_BUFFER_POOL* CRYPTO_BUFFER_POOL_new(void) {
@@ -43,7 +43,7 @@
     return NULL;
   }
 
-  memset(pool, 0, sizeof(CRYPTO_BUFFER_POOL));
+  OPENSSL_memset(pool, 0, sizeof(CRYPTO_BUFFER_POOL));
   pool->bufs = lh_CRYPTO_BUFFER_new(CRYPTO_BUFFER_hash, CRYPTO_BUFFER_cmp);
   if (pool->bufs == NULL) {
     OPENSSL_free(pool);
@@ -95,7 +95,7 @@
   if (buf == NULL) {
     return NULL;
   }
-  memset(buf, 0, sizeof(CRYPTO_BUFFER));
+  OPENSSL_memset(buf, 0, sizeof(CRYPTO_BUFFER));
 
   buf->data = BUF_memdup(data, len);
   if (len != 0 && buf->data == NULL) {
diff --git a/crypto/pool/pool_test.cc b/crypto/pool/pool_test.cc
index 0b5338f..72b8ce0 100644
--- a/crypto/pool/pool_test.cc
+++ b/crypto/pool/pool_test.cc
@@ -17,6 +17,8 @@
 
 #include <openssl/pool.h>
 
+#include "../internal.h"
+
 
 static bool TestUnpooled() {
   static const uint8_t kData[4] = {1, 2, 3, 4};
@@ -27,7 +29,8 @@
   }
 
   if (CRYPTO_BUFFER_len(buf.get()) != sizeof(kData) ||
-      memcmp(kData, CRYPTO_BUFFER_data(buf.get()), sizeof(kData)) != 0) {
+      OPENSSL_memcmp(kData, CRYPTO_BUFFER_data(buf.get()), sizeof(kData)) !=
+          0) {
     fprintf(stderr, "CRYPTO_BUFFER corrupted data.\n");
     return false;
   }
diff --git a/crypto/rand/deterministic.c b/crypto/rand/deterministic.c
index c0a347c..36e99aa 100644
--- a/crypto/rand/deterministic.c
+++ b/crypto/rand/deterministic.c
@@ -36,10 +36,10 @@
   static const uint8_t kZeroKey[32];
 
   uint8_t nonce[12];
-  memset(nonce, 0, sizeof(nonce));
-  memcpy(nonce, &g_num_calls, sizeof(g_num_calls));
+  OPENSSL_memset(nonce, 0, sizeof(nonce));
+  OPENSSL_memcpy(nonce, &g_num_calls, sizeof(g_num_calls));
 
-  memset(out, 0, requested);
+  OPENSSL_memset(out, 0, requested);
   CRYPTO_chacha_20(out, out, requested, kZeroKey, nonce, 0);
   g_num_calls++;
 }
diff --git a/crypto/rand/rand.c b/crypto/rand/rand.c
index ec78a2e..51da6ba 100644
--- a/crypto/rand/rand.c
+++ b/crypto/rand/rand.c
@@ -101,7 +101,7 @@
     if (!CRYPTO_rdrand(rand_buf)) {
       return 0;
     }
-    memcpy(buf + len_multiple8, rand_buf, len);
+    OPENSSL_memcpy(buf + len_multiple8, rand_buf, len);
   }
 
   return 1;
@@ -138,7 +138,7 @@
       return 1;
     }
 
-    memset(state->partial_block, 0, sizeof(state->partial_block));
+    OPENSSL_memset(state->partial_block, 0, sizeof(state->partial_block));
     state->calls_used = kMaxCallsPerRefresh;
   }
 
@@ -161,8 +161,8 @@
         todo = kMaxBytesPerCall;
       }
       uint8_t nonce[12];
-      memset(nonce, 0, 4);
-      memcpy(nonce + 4, &state->calls_used, sizeof(state->calls_used));
+      OPENSSL_memset(nonce, 0, 4);
+      OPENSSL_memcpy(nonce + 4, &state->calls_used, sizeof(state->calls_used));
       CRYPTO_chacha_20(buf, buf, todo, state->key, nonce, 0);
       buf += todo;
       remaining -= todo;
@@ -171,8 +171,8 @@
   } else {
     if (sizeof(state->partial_block) - state->partial_block_used < len) {
       uint8_t nonce[12];
-      memset(nonce, 0, 4);
-      memcpy(nonce + 4, &state->calls_used, sizeof(state->calls_used));
+      OPENSSL_memset(nonce, 0, 4);
+      OPENSSL_memcpy(nonce + 4, &state->calls_used, sizeof(state->calls_used));
       CRYPTO_chacha_20(state->partial_block, state->partial_block,
                        sizeof(state->partial_block), state->key, nonce, 0);
       state->partial_block_used = 0;
diff --git a/crypto/rand/urandom.c b/crypto/rand/urandom.c
index 26feec7..2233203 100644
--- a/crypto/rand/urandom.c
+++ b/crypto/rand/urandom.c
@@ -291,7 +291,7 @@
   size_t remaining = BUF_SIZE - buf->used;
 
   while (requested > remaining) {
-    memcpy(out, &buf->rand[buf->used], remaining);
+    OPENSSL_memcpy(out, &buf->rand[buf->used], remaining);
     buf->used += remaining;
     out += remaining;
     requested -= remaining;
@@ -304,7 +304,7 @@
     remaining = BUF_SIZE;
   }
 
-  memcpy(out, &buf->rand[buf->used], requested);
+  OPENSSL_memcpy(out, &buf->rand[buf->used], requested);
   buf->used += requested;
 }
 
diff --git a/crypto/rsa/blinding.c b/crypto/rsa/blinding.c
index 0a485ee..693dced 100644
--- a/crypto/rsa/blinding.c
+++ b/crypto/rsa/blinding.c
@@ -115,6 +115,7 @@
 #include <openssl/err.h>
 
 #include "internal.h"
+#include "../internal.h"
 
 
 #define BN_BLINDING_COUNTER 32
@@ -134,7 +135,7 @@
     OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
-  memset(ret, 0, sizeof(BN_BLINDING));
+  OPENSSL_memset(ret, 0, sizeof(BN_BLINDING));
 
   ret->A = BN_new();
   if (ret->A == NULL) {
diff --git a/crypto/rsa/padding.c b/crypto/rsa/padding.c
index 987349b..3ed19ad 100644
--- a/crypto/rsa/padding.c
+++ b/crypto/rsa/padding.c
@@ -92,10 +92,10 @@
 
   /* pad out with 0xff data */
   j = to_len - 3 - from_len;
-  memset(p, 0xff, j);
+  OPENSSL_memset(p, 0xff, j);
   p += j;
   *(p++) = 0;
-  memcpy(p, from, from_len);
+  OPENSSL_memcpy(p, from, from_len);
   return 1;
 }
 
@@ -146,7 +146,7 @@
     OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE);
     return -1;
   }
-  memcpy(to, p, j);
+  OPENSSL_memcpy(to, p, j);
 
   return j;
 }
@@ -188,7 +188,7 @@
 
   *(p++) = 0;
 
-  memcpy(p, from, from_len);
+  OPENSSL_memcpy(p, from, from_len);
   return 1;
 }
 
@@ -254,7 +254,7 @@
     return -1;
   }
 
-  memcpy(to, &from[zero_index], msg_len);
+  OPENSSL_memcpy(to, &from[zero_index], msg_len);
   return (int)msg_len;
 }
 
@@ -270,7 +270,7 @@
     return 0;
   }
 
-  memcpy(to, from, from_len);
+  OPENSSL_memcpy(to, from, from_len);
   return 1;
 }
 
@@ -305,7 +305,7 @@
       if (!EVP_DigestFinal_ex(&ctx, digest, NULL)) {
         goto err;
       }
-      memcpy(out, digest, len);
+      OPENSSL_memcpy(out, digest, len);
       len = 0;
     }
   }
@@ -358,9 +358,9 @@
   if (!EVP_Digest(param, param_len, db, NULL, md, NULL)) {
     return 0;
   }
-  memset(db + mdlen, 0, emlen - from_len - 2 * mdlen - 1);
+  OPENSSL_memset(db + mdlen, 0, emlen - from_len - 2 * mdlen - 1);
   db[emlen - from_len - mdlen - 1] = 0x01;
-  memcpy(db + emlen - from_len - mdlen, from, from_len);
+  OPENSSL_memcpy(db + emlen - from_len - mdlen, from, from_len);
   if (!RAND_bytes(seed, mdlen)) {
     return 0;
   }
@@ -471,7 +471,7 @@
     OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE);
     mlen = -1;
   } else {
-    memcpy(to, db + one_index, mlen);
+    OPENSSL_memcpy(to, db + one_index, mlen);
   }
 
   OPENSSL_free(db);
@@ -579,7 +579,7 @@
   if (!EVP_DigestFinal_ex(&ctx, H_, NULL)) {
     goto err;
   }
-  if (memcmp(H_, H, hLen)) {
+  if (OPENSSL_memcmp(H_, H, hLen)) {
     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_SIGNATURE);
     ret = 0;
   } else {
diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c
index 17f0a8a..731293f 100644
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@@ -82,7 +82,7 @@
     return NULL;
   }
 
-  memset(rsa, 0, sizeof(RSA));
+  OPENSSL_memset(rsa, 0, sizeof(RSA));
 
   if (engine) {
     rsa->meth = ENGINE_get_RSA_method(engine);
@@ -446,8 +446,8 @@
       return 0;
     }
 
-    memcpy(signed_msg, prefix, prefix_len);
-    memcpy(signed_msg + prefix_len, msg, msg_len);
+    OPENSSL_memcpy(signed_msg, prefix, prefix_len);
+    OPENSSL_memcpy(signed_msg + prefix_len, msg, msg_len);
 
     *out_msg = signed_msg;
     *out_msg_len = signed_msg_len;
@@ -532,7 +532,7 @@
     goto out;
   }
 
-  if (len != signed_msg_len || memcmp(buf, signed_msg, len) != 0) {
+  if (len != signed_msg_len || OPENSSL_memcmp(buf, signed_msg, len) != 0) {
     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_SIGNATURE);
     goto out;
   }
diff --git a/crypto/rsa/rsa_asn1.c b/crypto/rsa/rsa_asn1.c
index 4adb499..88b1dfb 100644
--- a/crypto/rsa/rsa_asn1.c
+++ b/crypto/rsa/rsa_asn1.c
@@ -66,6 +66,7 @@
 
 #include "internal.h"
 #include "../bytestring/internal.h"
+#include "../internal.h"
 
 
 static int parse_integer_buggy(CBS *cbs, BIGNUM **out, int buggy) {
@@ -183,7 +184,7 @@
     OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
     return 0;
   }
-  memset(ret, 0, sizeof(RSA_additional_prime));
+  OPENSSL_memset(ret, 0, sizeof(RSA_additional_prime));
 
   CBS child;
   if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||
diff --git a/crypto/rsa/rsa_impl.c b/crypto/rsa/rsa_impl.c
index 70c3f7a..2cae4ca 100644
--- a/crypto/rsa/rsa_impl.c
+++ b/crypto/rsa/rsa_impl.c
@@ -263,7 +263,7 @@
   if (new_blindings == NULL) {
     goto err1;
   }
-  memcpy(new_blindings, rsa->blindings,
+  OPENSSL_memcpy(new_blindings, rsa->blindings,
          sizeof(BN_BLINDING *) * rsa->num_blindings);
   new_blindings[rsa->num_blindings] = ret;
 
@@ -271,7 +271,7 @@
   if (new_blindings_inuse == NULL) {
     goto err2;
   }
-  memcpy(new_blindings_inuse, rsa->blindings_inuse, rsa->num_blindings);
+  OPENSSL_memcpy(new_blindings_inuse, rsa->blindings_inuse, rsa->num_blindings);
   new_blindings_inuse[rsa->num_blindings] = 1;
   *index_used = rsa->num_blindings;
 
@@ -805,7 +805,7 @@
     if (ap == NULL) {
       goto err;
     }
-    memset(ap, 0, sizeof(RSA_additional_prime));
+    OPENSSL_memset(ap, 0, sizeof(RSA_additional_prime));
     ap->prime = BN_new();
     ap->exp = BN_new();
     ap->coeff = BN_new();
diff --git a/crypto/rsa/rsa_test.cc b/crypto/rsa/rsa_test.cc
index 00fd129..306df7e 100644
--- a/crypto/rsa/rsa_test.cc
+++ b/crypto/rsa/rsa_test.cc
@@ -65,6 +65,8 @@
 #include <openssl/err.h>
 #include <openssl/nid.h>
 
+#include "../internal.h"
+
 
 // kPlaintext is a sample plaintext.
 static const uint8_t kPlaintext[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
@@ -549,7 +551,7 @@
   if (!RSA_decrypt(key.get(), &plaintext_len, plaintext, sizeof(plaintext),
                    ciphertext, ciphertext_len, RSA_PKCS1_PADDING) ||
       plaintext_len != kPlaintextLen ||
-      memcmp(plaintext, kPlaintext, plaintext_len) != 0) {
+      OPENSSL_memcmp(plaintext, kPlaintext, plaintext_len) != 0) {
     fprintf(stderr, "PKCS#1 v1.5 decryption failed!\n");
     return false;
   }
@@ -566,7 +568,7 @@
   if (!RSA_decrypt(key.get(), &plaintext_len, plaintext, sizeof(plaintext),
                    ciphertext, ciphertext_len, RSA_PKCS1_OAEP_PADDING) ||
       plaintext_len != kPlaintextLen ||
-      memcmp(plaintext, kPlaintext, plaintext_len) != 0) {
+      OPENSSL_memcmp(plaintext, kPlaintext, plaintext_len) != 0) {
     fprintf(stderr, "OAEP decryption (encrypted data) failed!\n");
     return false;
   }
@@ -577,13 +579,13 @@
                    oaep_ciphertext, oaep_ciphertext_len,
                    RSA_PKCS1_OAEP_PADDING) ||
       plaintext_len != kPlaintextLen ||
-      memcmp(plaintext, kPlaintext, plaintext_len) != 0) {
+      OPENSSL_memcmp(plaintext, kPlaintext, plaintext_len) != 0) {
     fprintf(stderr, "OAEP decryption (test vector data) failed!\n");
     return false;
   }
 
   // Try decrypting corrupted ciphertexts.
-  memcpy(ciphertext, oaep_ciphertext, oaep_ciphertext_len);
+  OPENSSL_memcpy(ciphertext, oaep_ciphertext, oaep_ciphertext_len);
   for (size_t i = 0; i < oaep_ciphertext_len; i++) {
     ciphertext[i] ^= 1;
     if (RSA_decrypt(key.get(), &plaintext_len, plaintext, sizeof(plaintext),
@@ -628,7 +630,7 @@
   if (!RSA_decrypt(rsa.get(), &out_len, out, sizeof(out), enc, enc_size,
                    RSA_PKCS1_PADDING) ||
       out_len != 11 ||
-      memcmp(out, "hello world", 11) != 0) {
+      OPENSSL_memcmp(out, "hello world", 11) != 0) {
     fprintf(stderr, "%d-prime key failed to decrypt.\n", nprimes);
     ERR_print_errors_fp(stderr);
     return false;
@@ -655,7 +657,7 @@
       !RSA_decrypt(rsa.get(), &decrypted_len, decrypted, sizeof(decrypted),
                    encrypted, encrypted_len, RSA_PKCS1_PADDING) ||
       decrypted_len != sizeof(kMessage) ||
-      memcmp(decrypted, kMessage, sizeof(kMessage)) != 0) {
+      OPENSSL_memcmp(decrypted, kMessage, sizeof(kMessage)) != 0) {
     ERR_print_errors_fp(stderr);
     return false;
   }
@@ -867,7 +869,8 @@
     return false;
   }
   bssl::UniquePtr<uint8_t> delete_der(der);
-  if (der_len != sizeof(kKey1) - 1 || memcmp(der, kKey1, der_len) != 0) {
+  if (der_len != sizeof(kKey1) - 1 ||
+      OPENSSL_memcmp(der, kKey1, der_len) != 0) {
     return false;
   }
 
@@ -890,7 +893,7 @@
     return false;
   }
   bssl::UniquePtr<uint8_t> delete_der2(der2);
-  if (der_len != der2_len || memcmp(der, der2, der_len) != 0) {
+  if (der_len != der2_len || OPENSSL_memcmp(der, der2, der_len) != 0) {
     return false;
   }
 
diff --git a/crypto/sha/sha1.c b/crypto/sha/sha1.c
index 12fb457..7c72713 100644
--- a/crypto/sha/sha1.c
+++ b/crypto/sha/sha1.c
@@ -60,6 +60,8 @@
 
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 #if !defined(OPENSSL_NO_ASM) &&                         \
     (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
@@ -69,7 +71,7 @@
 #endif
 
 int SHA1_Init(SHA_CTX *sha) {
-  memset(sha, 0, sizeof(SHA_CTX));
+  OPENSSL_memset(sha, 0, sizeof(SHA_CTX));
   sha->h[0] = 0x67452301UL;
   sha->h[1] = 0xefcdab89UL;
   sha->h[2] = 0x98badcfeUL;
diff --git a/crypto/sha/sha256.c b/crypto/sha/sha256.c
index 58f7c42..fb950d7 100644
--- a/crypto/sha/sha256.c
+++ b/crypto/sha/sha256.c
@@ -60,6 +60,8 @@
 
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 #if !defined(OPENSSL_NO_ASM) &&                         \
     (defined(OPENSSL_X86) || defined(OPENSSL_X86_64) || \
@@ -68,7 +70,7 @@
 #endif
 
 int SHA224_Init(SHA256_CTX *sha) {
-  memset(sha, 0, sizeof(SHA256_CTX));
+  OPENSSL_memset(sha, 0, sizeof(SHA256_CTX));
   sha->h[0] = 0xc1059ed8UL;
   sha->h[1] = 0x367cd507UL;
   sha->h[2] = 0x3070dd17UL;
@@ -82,7 +84,7 @@
 }
 
 int SHA256_Init(SHA256_CTX *sha) {
-  memset(sha, 0, sizeof(SHA256_CTX));
+  OPENSSL_memset(sha, 0, sizeof(SHA256_CTX));
   sha->h[0] = 0x6a09e667UL;
   sha->h[1] = 0xbb67ae85UL;
   sha->h[2] = 0x3c6ef372UL;
diff --git a/crypto/sha/sha512.c b/crypto/sha/sha512.c
index 355011f..8761150 100644
--- a/crypto/sha/sha512.c
+++ b/crypto/sha/sha512.c
@@ -60,6 +60,8 @@
 
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
 
 /* IMPLEMENTATION NOTES.
  *
@@ -167,7 +169,7 @@
 void SHA512_Transform(SHA512_CTX *c, const uint8_t *block) {
 #ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
   if ((size_t)block % sizeof(c->u.d[0]) != 0) {
-    memcpy(c->u.p, block, sizeof(c->u.p));
+    OPENSSL_memcpy(c->u.p, block, sizeof(c->u.p));
     block = c->u.p;
   }
 #endif
@@ -196,11 +198,11 @@
     size_t n = sizeof(c->u) - c->num;
 
     if (len < n) {
-      memcpy(p + c->num, data, len);
+      OPENSSL_memcpy(p + c->num, data, len);
       c->num += (unsigned int)len;
       return 1;
     } else {
-      memcpy(p + c->num, data, n), c->num = 0;
+      OPENSSL_memcpy(p + c->num, data, n), c->num = 0;
       len -= n;
       data += n;
       sha512_block_data_order(c->h, (uint64_t *)p, 1);
@@ -211,7 +213,7 @@
 #ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
     if ((size_t)data % sizeof(c->u.d[0]) != 0) {
       while (len >= sizeof(c->u)) {
-        memcpy(p, data, sizeof(c->u));
+        OPENSSL_memcpy(p, data, sizeof(c->u));
         sha512_block_data_order(c->h, (uint64_t *)p, 1);
         len -= sizeof(c->u);
         data += sizeof(c->u);
@@ -227,7 +229,7 @@
   }
 
   if (len != 0) {
-    memcpy(p, data, len);
+    OPENSSL_memcpy(p, data, len);
     c->num = (int)len;
   }
 
@@ -241,12 +243,12 @@
   p[n] = 0x80; /* There always is a room for one */
   n++;
   if (n > (sizeof(sha->u) - 16)) {
-    memset(p + n, 0, sizeof(sha->u) - n);
+    OPENSSL_memset(p + n, 0, sizeof(sha->u) - n);
     n = 0;
     sha512_block_data_order(sha->h, (uint64_t *)p, 1);
   }
 
-  memset(p + n, 0, sizeof(sha->u) - 16 - n);
+  OPENSSL_memset(p + n, 0, sizeof(sha->u) - 16 - n);
   p[sizeof(sha->u) - 1] = (uint8_t)(sha->Nl);
   p[sizeof(sha->u) - 2] = (uint8_t)(sha->Nl >> 8);
   p[sizeof(sha->u) - 3] = (uint8_t)(sha->Nl >> 16);
diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
index 2d5744a..f78209d 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -60,6 +60,9 @@
 
 #include <openssl/mem.h>
 
+#include "../internal.h"
+
+
 /* kMinSize is the number of pointers that will be initially allocated in a new
  * stack. */
 static const size_t kMinSize = 4;
@@ -71,14 +74,14 @@
   if (ret == NULL) {
     goto err;
   }
-  memset(ret, 0, sizeof(_STACK));
+  OPENSSL_memset(ret, 0, sizeof(_STACK));
 
   ret->data = OPENSSL_malloc(sizeof(void *) * kMinSize);
   if (ret->data == NULL) {
     goto err;
   }
 
-  memset(ret->data, 0, sizeof(void *) * kMinSize);
+  OPENSSL_memset(ret->data, 0, sizeof(void *) * kMinSize);
 
   ret->comp = comp;
   ret->num_alloc = kMinSize;
@@ -103,7 +106,7 @@
   if (sk == NULL || sk->num == 0) {
     return;
   }
-  memset(sk->data, 0, sizeof(void*) * sk->num);
+  OPENSSL_memset(sk->data, 0, sizeof(void*) * sk->num);
   sk->num = 0;
   sk->sorted = 0;
 }
@@ -177,8 +180,8 @@
   if (where >= sk->num) {
     sk->data[sk->num] = p;
   } else {
-    memmove(&sk->data[where + 1], &sk->data[where],
-            sizeof(void *) * (sk->num - where));
+    OPENSSL_memmove(&sk->data[where + 1], &sk->data[where],
+                    sizeof(void *) * (sk->num - where));
     sk->data[where] = p;
   }
 
@@ -198,7 +201,7 @@
   ret = sk->data[where];
 
   if (where != sk->num - 1) {
-    memmove(&sk->data[where], &sk->data[where + 1],
+    OPENSSL_memmove(&sk->data[where], &sk->data[where + 1],
             sizeof(void *) * (sk->num - where - 1));
   }
 
@@ -308,7 +311,7 @@
   ret->data = s;
 
   ret->num = sk->num;
-  memcpy(ret->data, sk->data, sizeof(void *) * sk->num);
+  OPENSSL_memcpy(ret->data, sk->data, sizeof(void *) * sk->num);
   ret->sorted = sk->sorted;
   ret->num_alloc = sk->num_alloc;
   ret->comp = sk->comp;
diff --git a/crypto/test/file_test.cc b/crypto/test/file_test.cc
index d684aa0..715907e 100644
--- a/crypto/test/file_test.cc
+++ b/crypto/test/file_test.cc
@@ -24,6 +24,8 @@
 
 #include <openssl/err.h>
 
+#include "../internal.h"
+
 
 FileTest::FileTest(const char *path) {
   file_ = fopen(path, "r");
@@ -227,7 +229,7 @@
 bool FileTest::ExpectBytesEqual(const uint8_t *expected, size_t expected_len,
                                 const uint8_t *actual, size_t actual_len) {
   if (expected_len == actual_len &&
-      memcmp(expected, actual, expected_len) == 0) {
+      OPENSSL_memcmp(expected, actual, expected_len) == 0) {
     return true;
   }
 
diff --git a/crypto/thread_pthread.c b/crypto/thread_pthread.c
index 90ff861..d9e87f2 100644
--- a/crypto/thread_pthread.c
+++ b/crypto/thread_pthread.c
@@ -103,7 +103,7 @@
   if (pthread_mutex_lock(&g_destructors_lock) != 0) {
     return;
   }
-  memcpy(destructors, g_destructors, sizeof(destructors));
+  OPENSSL_memcpy(destructors, g_destructors, sizeof(destructors));
   pthread_mutex_unlock(&g_destructors_lock);
 
   unsigned i;
@@ -154,7 +154,7 @@
       destructor(value);
       return 0;
     }
-    memset(pointers, 0, sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS);
+    OPENSSL_memset(pointers, 0, sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS);
     if (pthread_setspecific(g_thread_local_key, pointers) != 0) {
       OPENSSL_free(pointers);
       destructor(value);
diff --git a/crypto/thread_test.c b/crypto/thread_test.c
index 12ca2ec..c702ace 100644
--- a/crypto/thread_test.c
+++ b/crypto/thread_test.c
@@ -30,7 +30,7 @@
 static DWORD WINAPI thread_run(LPVOID arg) {
   void (*thread_func)(void);
   /* VC really doesn't like casting between data and function pointers. */
-  memcpy(&thread_func, &arg, sizeof(thread_func));
+  OPENSSL_memcpy(&thread_func, &arg, sizeof(thread_func));
   thread_func();
   return 0;
 }
@@ -38,7 +38,7 @@
 static int run_thread(thread_t *out_thread, void (*thread_func)(void)) {
   void *arg;
   /* VC really doesn't like casting between data and function pointers. */
-  memcpy(&arg, &thread_func, sizeof(arg));
+  OPENSSL_memcpy(&arg, &thread_func, sizeof(arg));
 
   *out_thread = CreateThread(NULL /* security attributes */,
                              0 /* default stack size */, thread_run, arg,
@@ -86,7 +86,7 @@
   Sleep(1 /* milliseconds */);
 #else
   struct timespec req;
-  memset(&req, 0, sizeof(req));
+  OPENSSL_memset(&req, 0, sizeof(req));
   req.tv_nsec = 1000000;
   nanosleep(&req, NULL);
 #endif
diff --git a/crypto/thread_win.c b/crypto/thread_win.c
index 836cf0f..62119b4 100644
--- a/crypto/thread_win.c
+++ b/crypto/thread_win.c
@@ -122,7 +122,7 @@
   thread_local_destructor_t destructors[NUM_OPENSSL_THREAD_LOCALS];
 
   EnterCriticalSection(&g_destructors_lock);
-  memcpy(destructors, g_destructors, sizeof(destructors));
+  OPENSSL_memcpy(destructors, g_destructors, sizeof(destructors));
   LeaveCriticalSection(&g_destructors_lock);
 
   unsigned i;
@@ -218,7 +218,7 @@
       destructor(value);
       return 0;
     }
-    memset(pointers, 0, sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS);
+    OPENSSL_memset(pointers, 0, sizeof(void *) * NUM_OPENSSL_THREAD_LOCALS);
     if (TlsSetValue(g_thread_local_key, pointers) == 0) {
       OPENSSL_free(pointers);
       destructor(value);
diff --git a/crypto/x509/a_verify.c b/crypto/x509/a_verify.c
index 5a9adb6..0af4197 100644
--- a/crypto/x509/a_verify.c
+++ b/crypto/x509/a_verify.c
@@ -119,7 +119,7 @@
      * we don't need to zero the 'ctx' because we just checked public
      * information
      */
-    /* memset(&ctx,0,sizeof(ctx)); */
+    /* OPENSSL_memset(&ctx,0,sizeof(ctx)); */
     ret = 1;
  err:
     EVP_MD_CTX_cleanup(&ctx);
diff --git a/crypto/x509/asn1_gen.c b/crypto/x509/asn1_gen.c
index 03a0ab9..c52a1ac 100644
--- a/crypto/x509/asn1_gen.c
+++ b/crypto/x509/asn1_gen.c
@@ -261,7 +261,7 @@
     }
 
     /* Copy across original encoding */
-    memcpy(p, cpy_start, cpy_len);
+    OPENSSL_memcpy(p, cpy_start, cpy_len);
 
     cp = new_der;
 
diff --git a/crypto/x509/by_dir.c b/crypto/x509/by_dir.c
index 434e5ab..e68ca5a 100644
--- a/crypto/x509/by_dir.c
+++ b/crypto/x509/by_dir.c
@@ -433,7 +433,7 @@
             if (tmp != NULL) {
                 ok = 1;
                 ret->type = tmp->type;
-                memcpy(&ret->data, &tmp->data, sizeof(ret->data));
+                OPENSSL_memcpy(&ret->data, &tmp->data, sizeof(ret->data));
                 /*
                  * If we were going to up the reference count, we would need
                  * to do it on a perl 'type' basis
diff --git a/crypto/x509/pkcs7_test.c b/crypto/x509/pkcs7_test.c
index bebcbd9..7bf4b81 100644
--- a/crypto/x509/pkcs7_test.c
+++ b/crypto/x509/pkcs7_test.c
@@ -22,6 +22,7 @@
 #include <openssl/stack.h>
 #include <openssl/x509.h>
 
+#include "../internal.h"
 #include "../test/test_util.h"
 
 
@@ -520,7 +521,7 @@
   }
 
   if (result_len != result2_len ||
-      memcmp(result_data, result2_data, result_len) != 0) {
+      OPENSSL_memcmp(result_data, result2_data, result_len) != 0) {
     fprintf(stderr, "Serialisation is not stable.\n");
     return 0;
   }
@@ -584,7 +585,7 @@
   }
 
   if (result_len != result2_len ||
-      memcmp(result_data, result2_data, result_len) != 0) {
+      OPENSSL_memcmp(result_data, result2_data, result_len) != 0) {
     fprintf(stderr, "Serialisation is not stable.\n");
     return 0;
   }
diff --git a/crypto/x509/x509_cmp.c b/crypto/x509/x509_cmp.c
index 32862eb..98236d9 100644
--- a/crypto/x509/x509_cmp.c
+++ b/crypto/x509/x509_cmp.c
@@ -67,6 +67,9 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
+#include "../internal.h"
+
+
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
 {
     int i;
@@ -125,7 +128,7 @@
 
 int X509_CRL_match(const X509_CRL *a, const X509_CRL *b)
 {
-    return memcmp(a->sha1_hash, b->sha1_hash, 20);
+    return OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, 20);
 }
 
 X509_NAME *X509_get_issuer_name(X509 *a)
@@ -178,7 +181,7 @@
     X509_check_purpose((X509 *)a, -1, 0);
     X509_check_purpose((X509 *)b, -1, 0);
 
-    rv = memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+    rv = OPENSSL_memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
     if (rv)
         return rv;
     /* Check for match against stored encoding too */
@@ -186,8 +189,8 @@
         rv = (int)(a->cert_info->enc.len - b->cert_info->enc.len);
         if (rv)
             return rv;
-        return memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
-                      a->cert_info->enc.len);
+        return OPENSSL_memcmp(a->cert_info->enc.enc, b->cert_info->enc.enc,
+                              a->cert_info->enc.len);
     }
     return rv;
 }
@@ -215,7 +218,7 @@
     if (ret)
         return ret;
 
-    return memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
+    return OPENSSL_memcmp(a->canon_enc, b->canon_enc, a->canon_enclen);
 
 }
 
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index 6c6eee1..9e45964 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -188,7 +188,7 @@
 
     if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
         return NULL;
-    memset(ret, 0, sizeof(*ret));
+    OPENSSL_memset(ret, 0, sizeof(*ret));
     CRYPTO_MUTEX_init(&ret->objs_lock);
     ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
     if (ret->objs == NULL)
diff --git a/crypto/x509/x509_obj.c b/crypto/x509/x509_obj.c
index a7f31e0..33eafc4 100644
--- a/crypto/x509/x509_obj.c
+++ b/crypto/x509/x509_obj.c
@@ -64,6 +64,9 @@
 #include <openssl/obj.h>
 #include <openssl/x509.h>
 
+#include "../internal.h"
+
+
 /*
  * Limit to ensure we don't overflow: much greater than
  * anything enountered in practice.
@@ -161,7 +164,7 @@
         } else
             p = &(buf[lold]);
         *(p++) = '/';
-        memcpy(p, s, (unsigned int)l1);
+        OPENSSL_memcpy(p, s, (unsigned int)l1);
         p += l1;
         *(p++) = '=';
 
diff --git a/crypto/x509/x509_test.cc b/crypto/x509/x509_test.cc
index f6a8b64..3629c13 100644
--- a/crypto/x509/x509_test.cc
+++ b/crypto/x509/x509_test.cc
@@ -25,6 +25,8 @@
 #include <openssl/pool.h>
 #include <openssl/x509.h>
 
+#include "../internal.h"
+
 
 static const char kCrossSigningRootPEM[] =
     "-----BEGIN CERTIFICATE-----\n"
@@ -839,7 +841,7 @@
   }
 
   std::unique_ptr<uint8_t[]> trailing_data(new uint8_t[data_len + 1]);
-  memcpy(trailing_data.get(), data.get(), data_len);
+  OPENSSL_memcpy(trailing_data.get(), data.get(), data_len);
 
   bssl::UniquePtr<CRYPTO_BUFFER> buf_trailing_data(
       CRYPTO_BUFFER_new(trailing_data.get(), data_len + 1, nullptr));
@@ -952,7 +954,7 @@
     return false;
   }
   if (i2d_len != static_cast<long>(data2_len) ||
-      memcmp(data2.get(), i2d, i2d_len) != 0) {
+      OPENSSL_memcmp(data2.get(), i2d, i2d_len) != 0) {
     fprintf(stderr, "TestFromBufferReused: i2d gave wrong result.\n");
     return false;
   }
@@ -989,7 +991,7 @@
   }
 
   std::unique_ptr<uint8_t[]> data_with_trailing_byte(new uint8_t[data_len + 1]);
-  memcpy(data_with_trailing_byte.get(), data.get(), data_len);
+  OPENSSL_memcpy(data_with_trailing_byte.get(), data.get(), data_len);
   data_with_trailing_byte[data_len] = 0;
 
   bssl::UniquePtr<CRYPTO_BUFFER> buf_with_trailing_byte(
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 9ce22bc..27b58f4 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1863,7 +1863,7 @@
         int max_length = sizeof("YYMMDDHHMMSS+hhmm") - 1;
         if (remaining < min_length || remaining > max_length)
             return 0;
-        memcpy(p, str, 10);
+        OPENSSL_memcpy(p, str, 10);
         p += 10;
         str += 10;
         remaining -= 10;
@@ -1875,7 +1875,7 @@
         int max_length = sizeof("YYYYMMDDHHMMSS.fff+hhmm") - 1;
         if (remaining < min_length || remaining > max_length)
             return 0;
-        memcpy(p, str, 12);
+        OPENSSL_memcpy(p, str, 12);
         p += 12;
         str += 12;
         remaining -= 12;
@@ -2260,7 +2260,7 @@
         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    memset(ctx, 0, sizeof(X509_STORE_CTX));
+    OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
     return ctx;
 }
 
@@ -2278,7 +2278,7 @@
 {
     int ret = 1;
 
-    memset(ctx, 0, sizeof(X509_STORE_CTX));
+    OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
     ctx->ctx = store;
     ctx->cert = x509;
     ctx->untrusted = chain;
@@ -2371,7 +2371,7 @@
         X509_VERIFY_PARAM_free(ctx->param);
     }
 
-    memset(ctx, 0, sizeof(X509_STORE_CTX));
+    OPENSSL_memset(ctx, 0, sizeof(X509_STORE_CTX));
     OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
     return 0;
 }
@@ -2409,7 +2409,7 @@
         ctx->chain = NULL;
     }
     CRYPTO_free_ex_data(&g_ex_data_class, ctx, &(ctx->ex_data));
-    memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
+    OPENSSL_memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
 }
 
 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
diff --git a/crypto/x509/x509_vpm.c b/crypto/x509/x509_vpm.c
index 924cfa7..2317214 100644
--- a/crypto/x509/x509_vpm.c
+++ b/crypto/x509/x509_vpm.c
@@ -65,6 +65,8 @@
 #include <openssl/x509v3.h>
 
 #include "vpm_int.h"
+#include "../internal.h"
+
 
 /* X509_VERIFY_PARAM functions */
 
@@ -92,7 +94,7 @@
      * Refuse names with embedded NUL bytes.
      * XXX: Do we need to push an error onto the error stack?
      */
-    if (name && memchr(name, '\0', namelen))
+    if (name && OPENSSL_memchr(name, '\0', namelen))
         return 0;
 
     if (mode == SET_HOST && id->hosts) {
@@ -176,8 +178,8 @@
         OPENSSL_free(param);
         return NULL;
     }
-    memset(param, 0, sizeof(X509_VERIFY_PARAM));
-    memset(paramid, 0, sizeof(X509_VERIFY_PARAM_ID));
+    OPENSSL_memset(param, 0, sizeof(X509_VERIFY_PARAM));
+    OPENSSL_memset(paramid, 0, sizeof(X509_VERIFY_PARAM_ID));
     param->id = paramid;
     x509_verify_param_zero(param);
     return param;
diff --git a/crypto/x509/x509name.c b/crypto/x509/x509name.c
index 050e16a..610de5f 100644
--- a/crypto/x509/x509name.c
+++ b/crypto/x509/x509name.c
@@ -63,6 +63,9 @@
 #include <openssl/stack.h>
 #include <openssl/x509.h>
 
+#include "../internal.h"
+
+
 int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
 {
     const ASN1_OBJECT *obj;
@@ -86,7 +89,7 @@
     i = (data->length > (len - 1)) ? (len - 1) : data->length;
     if (buf == NULL)
         return (data->length);
-    memcpy(buf, data->data, i);
+    OPENSSL_memcpy(buf, data->data, i);
     buf[i] = '\0';
     return (i);
 }
diff --git a/crypto/x509/x_name.c b/crypto/x509/x_name.c
index 19f536c..f97081d 100644
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@@ -67,6 +67,8 @@
 #include <openssl/x509.h>
 
 #include "../asn1/asn1_locl.h"
+#include "../internal.h"
+
 
 typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
 DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
@@ -233,7 +235,7 @@
                                              local_sk_X509_NAME_ENTRY_pop_free);
         goto err;
     }
-    memcpy(nm.x->bytes->data, q, p - q);
+    OPENSSL_memcpy(nm.x->bytes->data, q, p - q);
 
     /* Convert internal representation to X509_NAME structure */
     for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
@@ -276,7 +278,7 @@
     }
     ret = a->bytes->length;
     if (out != NULL) {
-        memcpy(*out, a->bytes->data, ret);
+        OPENSSL_memcpy(*out, a->bytes->data, ret);
         *out += ret;
     }
     return ret;
@@ -336,8 +338,8 @@
  * spaces collapsed, converted to lower case and the leading SEQUENCE header
  * removed. In future we could also normalize the UTF8 too. By doing this
  * comparison of Name structures can be rapidly perfomed by just using
- * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
- * constraints of type dirName can also be checked with a simple memcmp().
+ * OPENSSL_memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
+ * constraints of type dirName can also be checked with a simple OPENSSL_memcmp().
  */
 
 static int x509_name_canon(X509_NAME *a)
diff --git a/crypto/x509/x_pkey.c b/crypto/x509/x_pkey.c
index fc44595..8231a24 100644
--- a/crypto/x509/x_pkey.c
+++ b/crypto/x509/x_pkey.c
@@ -63,6 +63,9 @@
 #include <openssl/mem.h>
 #include <openssl/thread.h>
 
+#include "../internal.h"
+
+
 X509_PKEY *X509_PKEY_new(void)
 {
     X509_PKEY *ret = OPENSSL_malloc(sizeof(X509_PKEY));
@@ -70,7 +73,7 @@
         OPENSSL_PUT_ERROR(X509, ERR_R_MALLOC_FAILURE);
         goto err;
     }
-    memset(ret, 0, sizeof(X509_PKEY));
+    OPENSSL_memset(ret, 0, sizeof(X509_PKEY));
 
     ret->enc_algor = X509_ALGOR_new();
     if (ret->enc_algor == NULL)
diff --git a/crypto/x509v3/pcy_tree.c b/crypto/x509v3/pcy_tree.c
index a13a4fa..a588107 100644
--- a/crypto/x509v3/pcy_tree.c
+++ b/crypto/x509v3/pcy_tree.c
@@ -66,6 +66,7 @@
 #include <openssl/x509v3.h>
 
 #include "pcy_int.h"
+#include "../internal.h"
 
 /*
  * Enable this to print out the complete policy tree at various point during
@@ -238,7 +239,7 @@
         return 0;
     }
 
-    memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL));
+    OPENSSL_memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL));
 
     tree->nlevel = n;
 
diff --git a/crypto/x509v3/v3_ia5.c b/crypto/x509v3/v3_ia5.c
index 6fc6b59..6b2056d 100644
--- a/crypto/x509v3/v3_ia5.c
+++ b/crypto/x509v3/v3_ia5.c
@@ -67,6 +67,9 @@
 #include <openssl/obj.h>
 #include <openssl/x509v3.h>
 
+#include "../internal.h"
+
+
 static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
                                 ASN1_IA5STRING *ia5);
 static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
@@ -92,7 +95,7 @@
         OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
         return NULL;
     }
-    memcpy(tmp, ia5->data, ia5->length);
+    OPENSSL_memcpy(tmp, ia5->data, ia5->length);
     tmp[ia5->length] = 0;
     return tmp;
 }
diff --git a/crypto/x509v3/v3_ncons.c b/crypto/x509v3/v3_ncons.c
index 368ad27..fc2843e 100644
--- a/crypto/x509v3/v3_ncons.c
+++ b/crypto/x509v3/v3_ncons.c
@@ -65,6 +65,9 @@
 #include <openssl/obj.h>
 #include <openssl/x509v3.h>
 
+#include "../internal.h"
+
+
 static void *v2i_NAME_CONSTRAINTS(const X509V3_EXT_METHOD *method,
                                   X509V3_CTX *ctx,
                                   STACK_OF(CONF_VALUE) *nval);
@@ -365,7 +368,7 @@
         return X509_V_ERR_OUT_OF_MEM;
     if (base->canon_enclen > nm->canon_enclen)
         return X509_V_ERR_PERMITTED_VIOLATION;
-    if (memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
+    if (OPENSSL_memcmp(base->canon_enc, nm->canon_enc, base->canon_enclen))
         return X509_V_ERR_PERMITTED_VIOLATION;
     return X509_V_OK;
 }
diff --git a/crypto/x509v3/v3_pci.c b/crypto/x509v3/v3_pci.c
index 220f65e..68dca5e 100644
--- a/crypto/x509v3/v3_pci.c
+++ b/crypto/x509v3/v3_pci.c
@@ -44,6 +44,9 @@
 #include <openssl/obj.h>
 #include <openssl/x509v3.h>
 
+#include "../internal.h"
+
+
 static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
                    BIO *out, int indent);
 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
@@ -133,7 +136,7 @@
                                        (*policy)->length + val_len + 1);
             if (tmp_data) {
                 (*policy)->data = tmp_data;
-                memcpy(&(*policy)->data[(*policy)->length],
+                OPENSSL_memcpy(&(*policy)->data[(*policy)->length],
                        tmp_data2, val_len);
                 (*policy)->length += val_len;
                 (*policy)->data[(*policy)->length] = '\0';
@@ -171,7 +174,7 @@
                     break;
 
                 (*policy)->data = tmp_data;
-                memcpy(&(*policy)->data[(*policy)->length], buf, n);
+                OPENSSL_memcpy(&(*policy)->data[(*policy)->length], buf, n);
                 (*policy)->length += n;
                 (*policy)->data[(*policy)->length] = '\0';
             }
@@ -188,7 +191,7 @@
                                        (*policy)->length + val_len + 1);
             if (tmp_data) {
                 (*policy)->data = tmp_data;
-                memcpy(&(*policy)->data[(*policy)->length],
+                OPENSSL_memcpy(&(*policy)->data[(*policy)->length],
                        val->value + 5, val_len);
                 (*policy)->length += val_len;
                 (*policy)->data[(*policy)->length] = '\0';
diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c
index a238a20..b603274 100644
--- a/crypto/x509v3/v3_utl.c
+++ b/crypto/x509v3/v3_utl.c
@@ -71,6 +71,8 @@
 #include <openssl/x509v3.h>
 
 #include "../conf/internal.h"
+#include "../internal.h"
+
 
 static char *strip_spaces(char *name);
 static int sk_strcmp(const OPENSSL_STRING *a, const OPENSSL_STRING *b);
@@ -690,7 +692,7 @@
     return 1;
 }
 
-/* Compare using memcmp. */
+/* Compare using OPENSSL_memcmp. */
 static int equal_case(const unsigned char *pattern, size_t pattern_len,
                       const unsigned char *subject, size_t subject_len,
                       unsigned int flags)
@@ -698,7 +700,7 @@
     skip_prefix(&pattern, &pattern_len, subject, subject_len, flags);
     if (pattern_len != subject_len)
         return 0;
-    return !memcmp(pattern, subject, pattern_len);
+    return !OPENSSL_memcmp(pattern, subject, pattern_len);
 }
 
 /*
@@ -909,7 +911,7 @@
             return 0;
         if (cmp_type == V_ASN1_IA5STRING)
             rv = equal(a->data, a->length, (unsigned char *)b, blen, flags);
-        else if (a->length == (int)blen && !memcmp(a->data, b, blen))
+        else if (a->length == (int)blen && !OPENSSL_memcmp(a->data, b, blen))
             rv = 1;
         if (rv > 0 && peername)
             *peername = BUF_strndup((char *)a->data, a->length);
@@ -1014,7 +1016,7 @@
 {
     if (chk == NULL)
         return -2;
-    if (memchr(chk, '\0', chklen))
+    if (OPENSSL_memchr(chk, '\0', chklen))
         return -2;
     return do_x509_check(x, chk, chklen, flags, GEN_DNS, peername);
 }
@@ -1024,7 +1026,7 @@
 {
     if (chk == NULL)
         return -2;
-    if (memchr(chk, '\0', chklen))
+    if (OPENSSL_memchr(chk, '\0', chklen))
         return -2;
     return do_x509_check(x, chk, chklen, flags, GEN_EMAIL, NULL);
 }
@@ -1213,16 +1215,16 @@
 
     if (v6stat.zero_pos >= 0) {
         /* Copy initial part */
-        memcpy(v6, v6stat.tmp, v6stat.zero_pos);
+        OPENSSL_memcpy(v6, v6stat.tmp, v6stat.zero_pos);
         /* Zero middle */
-        memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
+        OPENSSL_memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
         /* Copy final part */
         if (v6stat.total != v6stat.zero_pos)
-            memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
-                   v6stat.tmp + v6stat.zero_pos,
-                   v6stat.total - v6stat.zero_pos);
+            OPENSSL_memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
+                           v6stat.tmp + v6stat.zero_pos,
+                           v6stat.total - v6stat.zero_pos);
     } else
-        memcpy(v6, v6stat.tmp, 16);
+        OPENSSL_memcpy(v6, v6stat.tmp, 16);
 
     return 1;
 }
diff --git a/crypto/x509v3/v3name_test.c b/crypto/x509v3/v3name_test.c
index dadf488..959b924 100644
--- a/crypto/x509v3/v3name_test.c
+++ b/crypto/x509v3/v3name_test.c
@@ -62,6 +62,9 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
+#include "../internal.h"
+
+
 static const char *const names[] = {
     "a", "b", ".", "*", "@",
     ".a", "a.", ".b", "b.", ".*", "*.", "*@", "@*", "a@", "@a", "b@", "..",
@@ -334,7 +337,7 @@
         size_t namelen = strlen(*pname);
         char *name = malloc(namelen);
         int match, ret;
-        memcpy(name, *pname, namelen);
+        OPENSSL_memcpy(name, *pname, namelen);
 
         ret = X509_check_host(crt, name, namelen, 0, NULL);
         match = -1;
diff --git a/decrepit/bio/base64_bio.c b/decrepit/bio/base64_bio.c
index 8415bfe..85f30ff 100644
--- a/decrepit/bio/base64_bio.c
+++ b/decrepit/bio/base64_bio.c
@@ -65,6 +65,8 @@
 #include <openssl/evp.h>
 #include <openssl/mem.h>
 
+#include "../../crypto/internal.h"
+
 
 #define B64_BLOCK_SIZE 1024
 #define B64_BLOCK_SIZE2 768
@@ -94,7 +96,7 @@
     return 0;
   }
 
-  memset(ctx, 0, sizeof(*ctx));
+  OPENSSL_memset(ctx, 0, sizeof(*ctx));
 
   ctx->cont = 1;
   ctx->start = 1;
@@ -147,7 +149,7 @@
       i = outl;
     }
     assert(ctx->buf_off + i < (int)sizeof(ctx->buf));
-    memcpy(out, &ctx->buf[ctx->buf_off], i);
+    OPENSSL_memcpy(out, &ctx->buf[ctx->buf_off], i);
     ret = i;
     out += i;
     outl -= i;
@@ -274,7 +276,7 @@
       }
       /* z is now number of output bytes and jj is the number consumed. */
       if (jj != i) {
-        memmove(ctx->tmp, &ctx->tmp[jj], i - jj);
+        OPENSSL_memmove(ctx->tmp, &ctx->tmp[jj], i - jj);
         ctx->tmp_len = i - jj;
       }
       ctx->buf_len = 0;
@@ -300,7 +302,7 @@
       i = outl;
     }
 
-    memcpy(out, ctx->buf, i);
+    OPENSSL_memcpy(out, ctx->buf, i);
     ret += i;
     ctx->buf_off = i;
     if (ctx->buf_off == ctx->buf_len) {
@@ -367,7 +369,7 @@
         if (n > inl) {
           n = inl;
         }
-        memcpy(&(ctx->tmp[ctx->tmp_len]), in, n);
+        OPENSSL_memcpy(&(ctx->tmp[ctx->tmp_len]), in, n);
         ctx->tmp_len += n;
         ret += n;
         if (ctx->tmp_len < 3) {
@@ -383,7 +385,7 @@
         ctx->tmp_len = 0;
       } else {
         if (n < 3) {
-          memcpy(ctx->tmp, in, n);
+          OPENSSL_memcpy(ctx->tmp, in, n);
           ctx->tmp_len = n;
           ret += n;
           break;
diff --git a/decrepit/blowfish/blowfish.c b/decrepit/blowfish/blowfish.c
index e277f34..04b7368 100644
--- a/decrepit/blowfish/blowfish.c
+++ b/decrepit/blowfish/blowfish.c
@@ -58,6 +58,7 @@
 
 #include <string.h>
 
+#include "../../crypto/internal.h"
 #include "../macros.h"
 
 
@@ -441,7 +442,7 @@
   uint32_t *p, ri, in[2];
   const uint8_t *d, *end;
 
-  memcpy(key, &bf_init, sizeof(BF_KEY));
+  OPENSSL_memcpy(key, &bf_init, sizeof(BF_KEY));
   p = key->P;
 
   if (len > ((BF_ROUNDS + 2) * 4))
diff --git a/decrepit/des/cfb64ede.c b/decrepit/des/cfb64ede.c
index f7e81d4..3099127 100644
--- a/decrepit/des/cfb64ede.c
+++ b/decrepit/des/cfb64ede.c
@@ -58,7 +58,8 @@
 
 #include <openssl/des.h>
 
-#include "../crypto/des/internal.h"
+#include "../../crypto/des/internal.h"
+#include "../../crypto/internal.h"
 
 
 /* The input and output encrypted as though 64bit cfb mode is being used. The
@@ -174,7 +175,7 @@
         l2c(d0, iv);
         l2c(d1, iv);
         /* shift ovec left most of the bits... */
-        memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+        OPENSSL_memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
         /* now the remaining bits */
         if (num % 8 != 0) {
           for (i = 0; i < 8; ++i) {
@@ -210,7 +211,7 @@
         l2c(d0, iv);
         l2c(d1, iv);
         /* shift ovec left most of the bits... */
-        memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+        OPENSSL_memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
         /* now the remaining bits */
         if (num % 8 != 0) {
           for (i = 0; i < 8; ++i) {
diff --git a/decrepit/obj/obj_decrepit.c b/decrepit/obj/obj_decrepit.c
index 8ea2e0a..65b2b13 100644
--- a/decrepit/obj/obj_decrepit.c
+++ b/decrepit/obj/obj_decrepit.c
@@ -19,6 +19,8 @@
 
 #include <openssl/evp.h>
 
+#include "../../crypto/internal.h"
+
 
 struct wrapped_callback {
   void (*callback)(const OBJ_NAME *, void *arg);
@@ -30,7 +32,7 @@
   const struct wrapped_callback *wrapped = (struct wrapped_callback *)arg;
   OBJ_NAME obj_name;
 
-  memset(&obj_name, 0, sizeof(obj_name));
+  OPENSSL_memset(&obj_name, 0, sizeof(obj_name));
   obj_name.type = OBJ_NAME_TYPE_CIPHER_METH;
   obj_name.name = name;
   obj_name.data = (const char *)cipher;
@@ -43,7 +45,7 @@
   const struct wrapped_callback *wrapped = (struct wrapped_callback*) arg;
   OBJ_NAME obj_name;
 
-  memset(&obj_name, 0, sizeof(obj_name));
+  OPENSSL_memset(&obj_name, 0, sizeof(obj_name));
   obj_name.type = OBJ_NAME_TYPE_MD_METH;
   obj_name.name = name;
   obj_name.data = (const char *)md;
diff --git a/decrepit/ripemd/ripemd.c b/decrepit/ripemd/ripemd.c
index ce47c28..ab9bc32 100644
--- a/decrepit/ripemd/ripemd.c
+++ b/decrepit/ripemd/ripemd.c
@@ -62,7 +62,7 @@
 
 
 int RIPEMD160_Init(RIPEMD160_CTX *ctx) {
-  memset(ctx, 0, sizeof(*ctx));
+  OPENSSL_memset(ctx, 0, sizeof(*ctx));
   ctx->h[0] = RIPEMD160_A;
   ctx->h[1] = RIPEMD160_B;
   ctx->h[2] = RIPEMD160_C;
diff --git a/decrepit/ripemd/ripemd_test.cc b/decrepit/ripemd/ripemd_test.cc
index ebcabdf..e39c893 100644
--- a/decrepit/ripemd/ripemd_test.cc
+++ b/decrepit/ripemd/ripemd_test.cc
@@ -19,6 +19,7 @@
 #include <stdio.h>
 #include <string.h>
 
+#include "../../crypto/internal.h"
 #include "../../crypto/test/test_util.h"
 
 
@@ -85,7 +86,7 @@
         RIPEMD160_Final(digest, &ctx);
       }
 
-      if (memcmp(digest, test.expected, sizeof(digest)) != 0) {
+      if (OPENSSL_memcmp(digest, test.expected, sizeof(digest)) != 0) {
         fprintf(stderr, "#%u: bad result with stride %u: ", test_num,
                 static_cast<unsigned>(stride));
         hexdump(stderr, "", digest, sizeof(digest));
@@ -96,7 +97,7 @@
 
   static const size_t kLargeBufSize = 1000000;
   std::unique_ptr<uint8_t[]> buf(new uint8_t[kLargeBufSize]);
-  memset(buf.get(), 'a', kLargeBufSize);
+  OPENSSL_memset(buf.get(), 'a', kLargeBufSize);
   uint8_t digest[RIPEMD160_DIGEST_LENGTH];
   RIPEMD160(buf.get(), kLargeBufSize, digest);
 
@@ -104,7 +105,7 @@
       0x52, 0x78, 0x32, 0x43, 0xc1, 0x69, 0x7b, 0xdb, 0xe1, 0x6d,
       0x37, 0xf9, 0x7f, 0x68, 0xf0, 0x83, 0x25, 0xdc, 0x15, 0x28};
 
-  if (memcmp(digest, kMillionADigest, sizeof(digest)) != 0) {
+  if (OPENSSL_memcmp(digest, kMillionADigest, sizeof(digest)) != 0) {
     fprintf(stderr, "Digest incorrect for “million a's” test: ");
     hexdump(stderr, "", digest, sizeof(digest));
     ok = 0;
diff --git a/decrepit/xts/xts.c b/decrepit/xts/xts.c
index 10a696d..2811445 100644
--- a/decrepit/xts/xts.c
+++ b/decrepit/xts/xts.c
@@ -73,7 +73,7 @@
 
   if (len < 16) return 0;
 
-  memcpy(tweak.c, iv, 16);
+  OPENSSL_memcpy(tweak.c, iv, 16);
 
   (*ctx->block2)(tweak.c, tweak.c, ctx->key2);
 
@@ -81,7 +81,7 @@
 
   while (len >= 16) {
 #if STRICT_ALIGNMENT
-    memcpy(scratch.c, inp, 16);
+    OPENSSL_memcpy(scratch.c, inp, 16);
     scratch.u[0] ^= tweak.u[0];
     scratch.u[1] ^= tweak.u[1];
 #else
@@ -92,7 +92,7 @@
 #if STRICT_ALIGNMENT
     scratch.u[0] ^= tweak.u[0];
     scratch.u[1] ^= tweak.u[1];
-    memcpy(out, scratch.c, 16);
+    OPENSSL_memcpy(out, scratch.c, 16);
 #else
     ((uint64_t *)out)[0] = scratch.u[0] ^= tweak.u[0];
     ((uint64_t *)out)[1] = scratch.u[1] ^= tweak.u[1];
@@ -121,7 +121,7 @@
     (*ctx->block1)(scratch.c, scratch.c, ctx->key1);
     scratch.u[0] ^= tweak.u[0];
     scratch.u[1] ^= tweak.u[1];
-    memcpy(out - 16, scratch.c, 16);
+    OPENSSL_memcpy(out - 16, scratch.c, 16);
   } else {
     union {
       uint64_t u[2];
@@ -135,7 +135,7 @@
     tweak1.u[0] = (tweak.u[0] << 1) ^ res;
     tweak1.u[1] = (tweak.u[1] << 1) | carry;
 #if STRICT_ALIGNMENT
-    memcpy(scratch.c, inp, 16);
+    OPENSSL_memcpy(scratch.c, inp, 16);
     scratch.u[0] ^= tweak1.u[0];
     scratch.u[1] ^= tweak1.u[1];
 #else
@@ -157,7 +157,7 @@
 #if STRICT_ALIGNMENT
     scratch.u[0] ^= tweak.u[0];
     scratch.u[1] ^= tweak.u[1];
-    memcpy(out, scratch.c, 16);
+    OPENSSL_memcpy(out, scratch.c, 16);
 #else
     ((uint64_t *)out)[0] = scratch.u[0] ^ tweak.u[0];
     ((uint64_t *)out)[1] = scratch.u[1] ^ tweak.u[1];
@@ -200,7 +200,7 @@
 
   if (iv) {
     xctx->xts.key2 = &xctx->ks2;
-    memcpy(ctx->iv, iv, 16);
+    OPENSSL_memcpy(ctx->iv, iv, 16);
   }
 
   return 1;
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index f9bb8f4..d3e4a92 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -124,6 +124,7 @@
 #include <openssl/rand.h>
 #include <openssl/x509.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -157,7 +158,7 @@
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
-  memset(frag, 0, sizeof(hm_fragment));
+  OPENSSL_memset(frag, 0, sizeof(hm_fragment));
   frag->type = msg_hdr->type;
   frag->seq = msg_hdr->seq;
   frag->msg_len = msg_hdr->msg_len;
@@ -195,7 +196,7 @@
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       goto err;
     }
-    memset(frag->reassembly, 0, bitmask_len);
+    OPENSSL_memset(frag->reassembly, 0, bitmask_len);
   }
 
   return frag;
@@ -383,7 +384,7 @@
     assert(msg_len > 0);
 
     /* Copy the body into the fragment. */
-    memcpy(frag->data + DTLS1_HM_HEADER_LENGTH + frag_off, CBS_data(&body),
+    OPENSSL_memcpy(frag->data + DTLS1_HM_HEADER_LENGTH + frag_off, CBS_data(&body),
            CBS_len(&body));
     dtls1_hm_fragment_mark(frag, frag_off, frag_off + frag_len);
   }
@@ -489,7 +490,7 @@
 
 int dtls1_parse_fragment(CBS *cbs, struct hm_header_st *out_hdr,
                          CBS *out_body) {
-  memset(out_hdr, 0x00, sizeof(struct hm_header_st));
+  OPENSSL_memset(out_hdr, 0x00, sizeof(struct hm_header_st));
 
   if (!CBS_get_u8(cbs, &out_hdr->type) ||
       !CBS_get_u24(cbs, &out_hdr->msg_len) ||
@@ -747,7 +748,7 @@
 
   /* Fix up the header. Copy the fragment length into the total message
    * length. */
-  memcpy(*out_msg + 1, *out_msg + DTLS1_HM_HEADER_LENGTH - 3, 3);
+  OPENSSL_memcpy(*out_msg + 1, *out_msg + DTLS1_HM_HEADER_LENGTH - 3, 3);
   return 1;
 }
 
diff --git a/ssl/d1_lib.c b/ssl/d1_lib.c
index cafb4c2..ba3c844 100644
--- a/ssl/d1_lib.c
+++ b/ssl/d1_lib.c
@@ -64,9 +64,11 @@
 #include <openssl/mem.h>
 #include <openssl/nid.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
+
 /* DTLS1_MTU_TIMEOUTS is the maximum number of timeouts to expire
  * before starting to decrease the MTU. */
 #define DTLS1_MTU_TIMEOUTS                     2
@@ -86,7 +88,7 @@
     ssl3_free(ssl);
     return 0;
   }
-  memset(d1, 0, sizeof *d1);
+  OPENSSL_memset(d1, 0, sizeof *d1);
 
   ssl->d1 = d1;
 
@@ -154,12 +156,12 @@
   if (ssl->d1->next_timeout.tv_sec < timenow.tv_sec ||
       (ssl->d1->next_timeout.tv_sec == timenow.tv_sec &&
        ssl->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
-    memset(out, 0, sizeof(struct timeval));
+    OPENSSL_memset(out, 0, sizeof(struct timeval));
     return 1;
   }
 
   /* Calculate time left until timer expires */
-  memcpy(out, &ssl->d1->next_timeout, sizeof(struct timeval));
+  OPENSSL_memcpy(out, &ssl->d1->next_timeout, sizeof(struct timeval));
   out->tv_sec -= timenow.tv_sec;
   out->tv_usec -= timenow.tv_usec;
   if (out->tv_usec < 0) {
@@ -170,7 +172,7 @@
   /* If remaining time is less than 15 ms, set it to 0 to prevent issues
    * because of small devergences with socket timeouts. */
   if (out->tv_sec == 0 && out->tv_usec < 15000) {
-    memset(out, 0, sizeof(struct timeval));
+    OPENSSL_memset(out, 0, sizeof(struct timeval));
   }
 
   return 1;
@@ -204,7 +206,7 @@
 void dtls1_stop_timer(SSL *ssl) {
   /* Reset everything */
   ssl->d1->num_timeouts = 0;
-  memset(&ssl->d1->next_timeout, 0, sizeof(struct timeval));
+  OPENSSL_memset(&ssl->d1->next_timeout, 0, sizeof(struct timeval));
   ssl->d1->timeout_duration_ms = ssl->initial_timeout_duration_ms;
   BIO_ctrl(ssl->rbio, BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
            &ssl->d1->next_timeout);
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 155359c..c6950d5 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -122,6 +122,7 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -265,7 +266,7 @@
     len = rr->length;
   }
 
-  memcpy(buf, rr->data, len);
+  OPENSSL_memcpy(buf, rr->data, len);
   if (!peek) {
     /* TODO(davidben): Should the record be truncated instead? This is a
      * datagram transport. See https://crbug.com/boringssl/65. */
diff --git a/ssl/dtls_method.c b/ssl/dtls_method.c
index 89b5491..6576686 100644
--- a/ssl/dtls_method.c
+++ b/ssl/dtls_method.c
@@ -62,6 +62,7 @@
 #include <openssl/buf.h>
 #include <openssl/err.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -112,8 +113,8 @@
   }
 
   ssl->d1->r_epoch++;
-  memset(&ssl->d1->bitmap, 0, sizeof(ssl->d1->bitmap));
-  memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));
+  OPENSSL_memset(&ssl->d1->bitmap, 0, sizeof(ssl->d1->bitmap));
+  OPENSSL_memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));
 
   SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx);
   ssl->s3->aead_read_ctx = aead_ctx;
@@ -122,9 +123,9 @@
 
 static int dtls1_set_write_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) {
   ssl->d1->w_epoch++;
-  memcpy(ssl->d1->last_write_sequence, ssl->s3->write_sequence,
-         sizeof(ssl->s3->write_sequence));
-  memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence));
+  OPENSSL_memcpy(ssl->d1->last_write_sequence, ssl->s3->write_sequence,
+                 sizeof(ssl->s3->write_sequence));
+  OPENSSL_memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence));
 
   SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx);
   ssl->s3->aead_write_ctx = aead_ctx;
diff --git a/ssl/dtls_record.c b/ssl/dtls_record.c
index ffe4053..e507f5c 100644
--- a/ssl/dtls_record.c
+++ b/ssl/dtls_record.c
@@ -283,7 +283,7 @@
 
   out[3] = epoch >> 8;
   out[4] = epoch & 0xff;
-  memcpy(&out[5], &seq[2], 6);
+  OPENSSL_memcpy(&out[5], &seq[2], 6);
 
   size_t ciphertext_len;
   if (!SSL_AEAD_CTX_seal(aead, out + DTLS1_RT_HEADER_LENGTH, &ciphertext_len,
diff --git a/ssl/handshake_client.c b/ssl/handshake_client.c
index 8c21818..2791abc 100644
--- a/ssl/handshake_client.c
+++ b/ssl/handshake_client.c
@@ -167,6 +167,7 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -815,7 +816,7 @@
     goto f_err;
   }
 
-  memcpy(ssl->d1->cookie, CBS_data(&cookie), CBS_len(&cookie));
+  OPENSSL_memcpy(ssl->d1->cookie, CBS_data(&cookie), CBS_len(&cookie));
   ssl->d1->cookie_len = CBS_len(&cookie);
 
   ssl->d1->send_cookie = 1;
@@ -913,7 +914,7 @@
   }
 
   /* Copy over the server random. */
-  memcpy(ssl->s3->server_random, CBS_data(&server_random), SSL3_RANDOM_SIZE);
+  OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random), SSL3_RANDOM_SIZE);
 
   /* TODO(davidben): Implement the TLS 1.1 and 1.2 downgrade sentinels once TLS
    * 1.3 is finalized and we are not implementing a draft version. */
@@ -932,7 +933,7 @@
     }
     /* Note: session_id could be empty. */
     ssl->s3->new_session->session_id_length = CBS_len(&session_id);
-    memcpy(ssl->s3->new_session->session_id, CBS_data(&session_id),
+    OPENSSL_memcpy(ssl->s3->new_session->session_id, CBS_data(&session_id),
            CBS_len(&session_id));
   }
 
@@ -1515,7 +1516,7 @@
     }
 
     char identity[PSK_MAX_IDENTITY_LEN + 1];
-    memset(identity, 0, sizeof(identity));
+    OPENSSL_memset(identity, 0, sizeof(identity));
     psk_len =
         ssl->psk_client_callback(ssl, hs->peer_psk_identity_hint, identity,
                                  sizeof(identity), psk, sizeof(psk));
@@ -1616,7 +1617,7 @@
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       goto err;
     }
-    memset(pms, 0, pms_len);
+    OPENSSL_memset(pms, 0, pms_len);
   } else {
     ssl3_send_alert(ssl, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
diff --git a/ssl/handshake_server.c b/ssl/handshake_server.c
index d41685e..909e921 100644
--- a/ssl/handshake_server.c
+++ b/ssl/handshake_server.c
@@ -881,12 +881,12 @@
       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
       return -1;
     }
-    memcpy(ssl->s3->client_random, client_hello.random,
-           client_hello.random_len);
+    OPENSSL_memcpy(ssl->s3->client_random, client_hello.random,
+                   client_hello.random_len);
 
     /* Only null compression is supported. */
-    if (memchr(client_hello.compression_methods, 0,
-               client_hello.compression_methods_len) == NULL) {
+    if (OPENSSL_memchr(client_hello.compression_methods, 0,
+                       client_hello.compression_methods_len) == NULL) {
       al = SSL_AD_ILLEGAL_PARAMETER;
       OPENSSL_PUT_ERROR(SSL, SSL_R_NO_COMPRESSION_SPECIFIED);
       goto f_err;
@@ -1736,7 +1736,7 @@
       OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
       goto err;
     }
-    memset(premaster_secret, 0, premaster_secret_len);
+    OPENSSL_memset(premaster_secret, 0, premaster_secret_len);
   } else {
     al = SSL_AD_HANDSHAKE_FAILURE;
     OPENSSL_PUT_ERROR(SSL, SSL_R_UNKNOWN_CIPHER_TYPE);
diff --git a/ssl/s3_both.c b/ssl/s3_both.c
index 3a96abc..a0594f4 100644
--- a/ssl/s3_both.c
+++ b/ssl/s3_both.c
@@ -127,6 +127,7 @@
 #include <openssl/sha.h>
 #include <openssl/x509.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -136,7 +137,7 @@
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
-  memset(hs, 0, sizeof(SSL_HANDSHAKE));
+  OPENSSL_memset(hs, 0, sizeof(SSL_HANDSHAKE));
   hs->ssl = ssl;
   hs->wait = ssl_hs_ok;
   hs->state = SSL_ST_INIT;
@@ -295,10 +296,10 @@
     }
 
     if (ssl->server) {
-      memcpy(ssl->s3->previous_server_finished, finished, finished_len);
+      OPENSSL_memcpy(ssl->s3->previous_server_finished, finished, finished_len);
       ssl->s3->previous_server_finished_len = finished_len;
     } else {
-      memcpy(ssl->s3->previous_client_finished, finished, finished_len);
+      OPENSSL_memcpy(ssl->s3->previous_client_finished, finished, finished_len);
       ssl->s3->previous_client_finished_len = finished_len;
     }
   }
@@ -353,10 +354,10 @@
     }
 
     if (ssl->server) {
-      memcpy(ssl->s3->previous_client_finished, finished, finished_len);
+      OPENSSL_memcpy(ssl->s3->previous_client_finished, finished, finished_len);
       ssl->s3->previous_client_finished_len = finished_len;
     } else {
-      memcpy(ssl->s3->previous_server_finished, finished, finished_len);
+      OPENSSL_memcpy(ssl->s3->previous_server_finished, finished, finished_len);
       ssl->s3->previous_server_finished_len = finished_len;
     }
   }
@@ -521,9 +522,9 @@
     rand_len = SSL3_RANDOM_SIZE;
   }
   uint8_t random[SSL3_RANDOM_SIZE];
-  memset(random, 0, SSL3_RANDOM_SIZE);
-  memcpy(random + (SSL3_RANDOM_SIZE - rand_len), CBS_data(&challenge),
-         rand_len);
+  OPENSSL_memset(random, 0, SSL3_RANDOM_SIZE);
+  OPENSSL_memcpy(random + (SSL3_RANDOM_SIZE - rand_len), CBS_data(&challenge),
+                 rand_len);
 
   /* Write out an equivalent SSLv3 ClientHello. */
   size_t max_v3_client_hello = SSL3_HM_HEADER_LENGTH + 2 /* version */ +
diff --git a/ssl/s3_enc.c b/ssl/s3_enc.c
index 7cdc294..bf82e08 100644
--- a/ssl/s3_enc.c
+++ b/ssl/s3_enc.c
@@ -144,8 +144,10 @@
 #include <openssl/md5.h>
 #include <openssl/nid.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
+
 static int ssl3_prf(const SSL *ssl, uint8_t *out, size_t out_len,
                     const uint8_t *secret, size_t secret_len, const char *label,
                     size_t label_len, const uint8_t *seed1, size_t seed1_len,
@@ -194,7 +196,7 @@
     EVP_DigestUpdate(&md5, smd, SHA_DIGEST_LENGTH);
     if (i + MD5_DIGEST_LENGTH > out_len) {
       EVP_DigestFinal_ex(&md5, smd, NULL);
-      memcpy(out, smd, out_len - i);
+      OPENSSL_memcpy(out, smd, out_len - i);
     } else {
       EVP_DigestFinal_ex(&md5, out, NULL);
     }
@@ -269,7 +271,8 @@
     if (!BUF_MEM_grow(ssl->s3->handshake_buffer, new_len)) {
       return 0;
     }
-    memcpy(ssl->s3->handshake_buffer->data + new_len - in_len, in, in_len);
+    OPENSSL_memcpy(ssl->s3->handshake_buffer->data + new_len - in_len, in,
+                   in_len);
   }
 
   if (EVP_MD_CTX_md(&ssl->s3->handshake_hash) != NULL) {
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 3b14411..7039418 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -159,6 +159,7 @@
 #include <openssl/mem.h>
 #include <openssl/nid.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -169,7 +170,7 @@
   if (s3 == NULL) {
     return 0;
   }
-  memset(s3, 0, sizeof *s3);
+  OPENSSL_memset(s3, 0, sizeof *s3);
 
   s3->hs = ssl_handshake_new(ssl);
   if (s3->hs == NULL) {
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index e4116fb..9bd9f1f 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -118,6 +118,7 @@
 #include <openssl/mem.h>
 #include <openssl/rand.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -319,7 +320,7 @@
     len = (int)rr->length;
   }
 
-  memcpy(out, rr->data, len);
+  OPENSSL_memcpy(out, rr->data, len);
   if (!peek) {
     rr->length -= len;
     rr->data += len;
diff --git a/ssl/ssl_aead_ctx.c b/ssl/ssl_aead_ctx.c
index b05df0b..1b95150 100644
--- a/ssl/ssl_aead_ctx.c
+++ b/ssl/ssl_aead_ctx.c
@@ -22,6 +22,7 @@
 #include <openssl/rand.h>
 #include <openssl/type_check.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -52,9 +53,10 @@
       OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
       return 0;
     }
-    memcpy(merged_key, mac_key, mac_key_len);
-    memcpy(merged_key + mac_key_len, enc_key, enc_key_len);
-    memcpy(merged_key + mac_key_len + enc_key_len, fixed_iv, fixed_iv_len);
+    OPENSSL_memcpy(merged_key, mac_key, mac_key_len);
+    OPENSSL_memcpy(merged_key + mac_key_len, enc_key, enc_key_len);
+    OPENSSL_memcpy(merged_key + mac_key_len + enc_key_len, fixed_iv,
+                   fixed_iv_len);
     enc_key = merged_key;
     enc_key_len += mac_key_len;
     enc_key_len += fixed_iv_len;
@@ -65,7 +67,7 @@
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
-  memset(aead_ctx, 0, sizeof(SSL_AEAD_CTX));
+  OPENSSL_memset(aead_ctx, 0, sizeof(SSL_AEAD_CTX));
   aead_ctx->cipher = cipher;
 
   if (!EVP_AEAD_CTX_init_with_direction(
@@ -79,7 +81,7 @@
   aead_ctx->variable_nonce_len = (uint8_t)EVP_AEAD_nonce_length(aead);
   if (mac_key_len == 0) {
     assert(fixed_iv_len <= sizeof(aead_ctx->fixed_nonce));
-    memcpy(aead_ctx->fixed_nonce, fixed_iv, fixed_iv_len);
+    OPENSSL_memcpy(aead_ctx->fixed_nonce, fixed_iv, fixed_iv_len);
     aead_ctx->fixed_nonce_len = fixed_iv_len;
 
     if (cipher->algorithm_enc & SSL_CHACHA20POLY1305) {
@@ -158,7 +160,7 @@
     return 0;
   }
 
-  memcpy(out, seqnum, 8);
+  OPENSSL_memcpy(out, seqnum, 8);
   size_t len = 8;
   out[len++] = type;
   if (!aead->omit_version_in_ad) {
@@ -208,9 +210,9 @@
   /* Prepend the fixed nonce, or left-pad with zeros if XORing. */
   if (aead->xor_fixed_nonce) {
     nonce_len = aead->fixed_nonce_len - aead->variable_nonce_len;
-    memset(nonce, 0, nonce_len);
+    OPENSSL_memset(nonce, 0, nonce_len);
   } else {
-    memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len);
+    OPENSSL_memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len);
     nonce_len += aead->fixed_nonce_len;
   }
 
@@ -221,12 +223,12 @@
       OPENSSL_PUT_ERROR(SSL, SSL_R_BAD_PACKET_LENGTH);
       return 0;
     }
-    memcpy(nonce + nonce_len, in, aead->variable_nonce_len);
+    OPENSSL_memcpy(nonce + nonce_len, in, aead->variable_nonce_len);
     in += aead->variable_nonce_len;
     in_len -= aead->variable_nonce_len;
   } else {
     assert(aead->variable_nonce_len == 8);
-    memcpy(nonce + nonce_len, seqnum, aead->variable_nonce_len);
+    OPENSSL_memcpy(nonce + nonce_len, seqnum, aead->variable_nonce_len);
   }
   nonce_len += aead->variable_nonce_len;
 
@@ -262,7 +264,7 @@
       OPENSSL_PUT_ERROR(SSL, SSL_R_BUFFER_TOO_SMALL);
       return 0;
     }
-    memmove(out, in, in_len);
+    OPENSSL_memmove(out, in, in_len);
     *out_len = in_len;
     return 1;
   }
@@ -278,9 +280,9 @@
   /* Prepend the fixed nonce, or left-pad with zeros if XORing. */
   if (aead->xor_fixed_nonce) {
     nonce_len = aead->fixed_nonce_len - aead->variable_nonce_len;
-    memset(nonce, 0, nonce_len);
+    OPENSSL_memset(nonce, 0, nonce_len);
   } else {
-    memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len);
+    OPENSSL_memcpy(nonce, aead->fixed_nonce, aead->fixed_nonce_len);
     nonce_len += aead->fixed_nonce_len;
   }
 
@@ -294,7 +296,7 @@
     /* When sending we use the sequence number as the variable part of the
      * nonce. */
     assert(aead->variable_nonce_len == 8);
-    memcpy(nonce + nonce_len, seqnum, aead->variable_nonce_len);
+    OPENSSL_memcpy(nonce + nonce_len, seqnum, aead->variable_nonce_len);
   }
   nonce_len += aead->variable_nonce_len;
 
@@ -310,7 +312,8 @@
       OPENSSL_PUT_ERROR(SSL, SSL_R_OUTPUT_ALIASES_INPUT);
       return 0;
     }
-    memcpy(out, nonce + aead->fixed_nonce_len, aead->variable_nonce_len);
+    OPENSSL_memcpy(out, nonce + aead->fixed_nonce_len,
+                   aead->variable_nonce_len);
     extra_len = aead->variable_nonce_len;
     out += aead->variable_nonce_len;
     max_out -= aead->variable_nonce_len;
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 902b580..d8a7d8f 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -91,6 +91,7 @@
 #include <openssl/mem.h>
 #include <openssl/x509.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -443,7 +444,7 @@
   }
 
   if (pp) {
-    memcpy(*pp, out, len);
+    OPENSSL_memcpy(*pp, out, len);
     *pp += len;
   }
   OPENSSL_free(out);
@@ -510,7 +511,7 @@
     OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
     return 0;
   }
-  memcpy(out, CBS_data(&value), CBS_len(&value));
+  OPENSSL_memcpy(out, CBS_data(&value), CBS_len(&value));
   *out_len = (uint8_t)CBS_len(&value);
   return 1;
 }
@@ -593,9 +594,9 @@
     OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
     goto err;
   }
-  memcpy(ret->session_id, CBS_data(&session_id), CBS_len(&session_id));
+  OPENSSL_memcpy(ret->session_id, CBS_data(&session_id), CBS_len(&session_id));
   ret->session_id_length = CBS_len(&session_id);
-  memcpy(ret->master_key, CBS_data(&master_key), CBS_len(&master_key));
+  OPENSSL_memcpy(ret->master_key, CBS_data(&master_key), CBS_len(&master_key));
   ret->master_key_length = CBS_len(&master_key);
 
   CBS child;
@@ -647,7 +648,8 @@
       OPENSSL_PUT_ERROR(SSL, SSL_R_INVALID_SSL_SESSION);
       goto err;
     }
-    memcpy(ret->peer_sha256, CBS_data(&peer_sha256), sizeof(ret->peer_sha256));
+    OPENSSL_memcpy(ret->peer_sha256, CBS_data(&peer_sha256),
+                   sizeof(ret->peer_sha256));
     ret->peer_sha256_valid = 1;
   } else {
     ret->peer_sha256_valid = 0;
diff --git a/ssl/ssl_buffer.c b/ssl/ssl_buffer.c
index 7feb161..c27db8b 100644
--- a/ssl/ssl_buffer.c
+++ b/ssl/ssl_buffer.c
@@ -24,6 +24,7 @@
 #include <openssl/mem.h>
 #include <openssl/type_check.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -67,7 +68,7 @@
 
 static void clear_buffer(SSL3_BUFFER *buf) {
   OPENSSL_free(buf->buf);
-  memset(buf, 0, sizeof(SSL3_BUFFER));
+  OPENSSL_memset(buf, 0, sizeof(SSL3_BUFFER));
 }
 
 OPENSSL_COMPILE_ASSERT(DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <=
diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
index 277ee4d..3eaf499 100644
--- a/ssl/ssl_cert.c
+++ b/ssl/ssl_cert.c
@@ -147,7 +147,7 @@
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
-  memset(ret, 0, sizeof(CERT));
+  OPENSSL_memset(ret, 0, sizeof(CERT));
 
   return ret;
 }
@@ -158,7 +158,7 @@
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
     return NULL;
   }
-  memset(ret, 0, sizeof(CERT));
+  OPENSSL_memset(ret, 0, sizeof(CERT));
 
   if (cert->x509_leaf != NULL) {
     X509_up_ref(cert->x509_leaf);
@@ -707,7 +707,8 @@
 
     static const uint8_t kKeyUsageOID[3] = {0x55, 0x1d, 0x0f};
     if (CBS_len(&oid) != sizeof(kKeyUsageOID) ||
-        memcmp(CBS_data(&oid), kKeyUsageOID, sizeof(kKeyUsageOID)) != 0) {
+        OPENSSL_memcmp(CBS_data(&oid), kKeyUsageOID, sizeof(kKeyUsageOID)) !=
+            0) {
       continue;
     }
 
diff --git a/ssl/ssl_cipher.c b/ssl/ssl_cipher.c
index 5223721..20b075e 100644
--- a/ssl/ssl_cipher.c
+++ b/ssl/ssl_cipher.c
@@ -1073,7 +1073,7 @@
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
     return 0;
   }
-  memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
+  OPENSSL_memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int));
 
   /* Now find the strength_bits values actually used. */
   curr = *head_p;
@@ -1437,7 +1437,7 @@
   if (!pref_list->in_group_flags) {
     goto err;
   }
-  memcpy(pref_list->in_group_flags, in_group_flags, num_in_group_flags);
+  OPENSSL_memcpy(pref_list->in_group_flags, in_group_flags, num_in_group_flags);
   OPENSSL_free(in_group_flags);
   in_group_flags = NULL;
   if (*out_cipher_list != NULL) {
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index eee2fb2..f428104 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -196,8 +196,8 @@
 
   uint8_t tmp_storage[sizeof(uint32_t)];
   if (sess->session_id_length < sizeof(tmp_storage)) {
-    memset(tmp_storage, 0, sizeof(tmp_storage));
-    memcpy(tmp_storage, sess->session_id, sess->session_id_length);
+    OPENSSL_memset(tmp_storage, 0, sizeof(tmp_storage));
+    OPENSSL_memcpy(tmp_storage, sess->session_id, sess->session_id_length);
     session_id = tmp_storage;
   }
 
@@ -224,7 +224,7 @@
     return 1;
   }
 
-  return memcmp(a->session_id, b->session_id, a->session_id_length);
+  return OPENSSL_memcmp(a->session_id, b->session_id, a->session_id_length);
 }
 
 SSL_CTX *SSL_CTX_new(const SSL_METHOD *method) {
@@ -245,7 +245,7 @@
     goto err;
   }
 
-  memset(ret, 0, sizeof(SSL_CTX));
+  OPENSSL_memset(ret, 0, sizeof(SSL_CTX));
 
   ret->method = method->method;
 
@@ -383,7 +383,7 @@
   if (ssl == NULL) {
     goto err;
   }
-  memset(ssl, 0, sizeof(SSL));
+  OPENSSL_memset(ssl, 0, sizeof(SSL));
 
   ssl->min_version = ctx->min_version;
   ssl->max_version = ctx->max_version;
@@ -406,7 +406,7 @@
   ssl->verify_mode = ctx->verify_mode;
   ssl->sid_ctx_length = ctx->sid_ctx_length;
   assert(ssl->sid_ctx_length <= sizeof ssl->sid_ctx);
-  memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
+  OPENSSL_memcpy(&ssl->sid_ctx, &ctx->sid_ctx, sizeof(ssl->sid_ctx));
   ssl->verify_callback = ctx->default_verify_callback;
   ssl->retain_only_sha256_of_client_certs =
       ctx->retain_only_sha256_of_client_certs;
@@ -1157,12 +1157,12 @@
     *out_len = max_out;
   }
 
-  memcpy(out, finished, *out_len);
+  OPENSSL_memcpy(out, finished, *out_len);
   return 1;
 
 err:
   *out_len = 0;
-  memset(out, 0, max_out);
+  OPENSSL_memset(out, 0, max_out);
   return 0;
 }
 
@@ -1175,7 +1175,7 @@
 
   assert(sizeof(ctx->sid_ctx) < 256);
   ctx->sid_ctx_length = (uint8_t)sid_ctx_len;
-  memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
+  OPENSSL_memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
 
   return 1;
 }
@@ -1189,7 +1189,7 @@
 
   assert(sizeof(ssl->sid_ctx) < 256);
   ssl->sid_ctx_length = (uint8_t)sid_ctx_len;
-  memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
+  OPENSSL_memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
 
   return 1;
 }
@@ -1309,7 +1309,7 @@
   if (out_len > in_len) {
     out_len = in_len;
   }
-  memcpy(out, in, out_len);
+  OPENSSL_memcpy(out, in, out_len);
   return in_len;
 }
 
@@ -1545,9 +1545,9 @@
     return 0;
   }
   uint8_t *out_bytes = out;
-  memcpy(out_bytes, ctx->tlsext_tick_key_name, 16);
-  memcpy(out_bytes + 16, ctx->tlsext_tick_hmac_key, 16);
-  memcpy(out_bytes + 32, ctx->tlsext_tick_aes_key, 16);
+  OPENSSL_memcpy(out_bytes, ctx->tlsext_tick_key_name, 16);
+  OPENSSL_memcpy(out_bytes + 16, ctx->tlsext_tick_hmac_key, 16);
+  OPENSSL_memcpy(out_bytes + 32, ctx->tlsext_tick_aes_key, 16);
   return 1;
 }
 
@@ -1560,9 +1560,9 @@
     return 0;
   }
   const uint8_t *in_bytes = in;
-  memcpy(ctx->tlsext_tick_key_name, in_bytes, 16);
-  memcpy(ctx->tlsext_tick_hmac_key, in_bytes + 16, 16);
-  memcpy(ctx->tlsext_tick_aes_key, in_bytes + 32, 16);
+  OPENSSL_memcpy(ctx->tlsext_tick_key_name, in_bytes, 16);
+  OPENSSL_memcpy(ctx->tlsext_tick_hmac_key, in_bytes + 16, 16);
+  OPENSSL_memcpy(ctx->tlsext_tick_aes_key, in_bytes + 32, 16);
   return 1;
 }
 
@@ -1844,7 +1844,7 @@
   for (i = 0; i < server_len;) {
     for (j = 0; j < client_len;) {
       if (server[i] == client[j] &&
-          memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
+          OPENSSL_memcmp(&server[i + 1], &client[j + 1], server[i]) == 0) {
         /* We found a match */
         result = &server[i];
         status = OPENSSL_NPN_NEGOTIATED;
@@ -1996,7 +1996,8 @@
   if (!ssl->s3->tlsext_channel_id_valid) {
     return 0;
   }
-  memcpy(out, ssl->s3->tlsext_channel_id, (max_out < 64) ? max_out : 64);
+  OPENSSL_memcpy(out, ssl->s3->tlsext_channel_id,
+                 (max_out < 64) ? max_out : 64);
   return 64;
 }
 
@@ -2271,7 +2272,7 @@
 
   ssl->sid_ctx_length = ctx->sid_ctx_length;
   assert(ssl->sid_ctx_length <= sizeof(ssl->sid_ctx));
-  memcpy(ssl->sid_ctx, ctx->sid_ctx, sizeof(ssl->sid_ctx));
+  OPENSSL_memcpy(ssl->sid_ctx, ctx->sid_ctx, sizeof(ssl->sid_ctx));
 
   return ssl->ctx;
 }
@@ -2835,7 +2836,7 @@
   if (max_out > sizeof(ssl->s3->client_random)) {
     max_out = sizeof(ssl->s3->client_random);
   }
-  memcpy(out, ssl->s3->client_random, max_out);
+  OPENSSL_memcpy(out, ssl->s3->client_random, max_out);
   return max_out;
 }
 
@@ -2846,7 +2847,7 @@
   if (max_out > sizeof(ssl->s3->server_random)) {
     max_out = sizeof(ssl->s3->server_random);
   }
-  memcpy(out, ssl->s3->server_random, max_out);
+  OPENSSL_memcpy(out, ssl->s3->server_random, max_out);
   return max_out;
 }
 
diff --git a/ssl/ssl_session.c b/ssl/ssl_session.c
index d6d7dab..62ee28e 100644
--- a/ssl/ssl_session.c
+++ b/ssl/ssl_session.c
@@ -166,7 +166,7 @@
     OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE);
     return 0;
   }
-  memset(session, 0, sizeof(SSL_SESSION));
+  OPENSSL_memset(session, 0, sizeof(SSL_SESSION));
 
   session->verify_result = X509_V_ERR_INVALID_CALL;
   session->references = 1;
@@ -185,11 +185,11 @@
   new_session->is_server = session->is_server;
   new_session->ssl_version = session->ssl_version;
   new_session->sid_ctx_length = session->sid_ctx_length;
-  memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);
+  OPENSSL_memcpy(new_session->sid_ctx, session->sid_ctx, session->sid_ctx_length);
 
   /* Copy the key material. */
   new_session->master_key_length = session->master_key_length;
-  memcpy(new_session->master_key, session->master_key,
+  OPENSSL_memcpy(new_session->master_key, session->master_key,
          session->master_key_length);
   new_session->cipher = session->cipher;
 
@@ -245,7 +245,8 @@
     }
   }
 
-  memcpy(new_session->peer_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH);
+  OPENSSL_memcpy(new_session->peer_sha256, session->peer_sha256,
+                 SHA256_DIGEST_LENGTH);
   new_session->peer_sha256_valid = session->peer_sha256_valid;
 
   if (session->tlsext_hostname != NULL) {
@@ -263,14 +264,14 @@
   /* Copy non-authentication connection properties. */
   if (dup_flags & SSL_SESSION_INCLUDE_NONAUTH) {
     new_session->session_id_length = session->session_id_length;
-    memcpy(new_session->session_id, session->session_id,
-           session->session_id_length);
+    OPENSSL_memcpy(new_session->session_id, session->session_id,
+                   session->session_id_length);
 
     new_session->group_id = session->group_id;
 
-    memcpy(new_session->original_handshake_hash,
-           session->original_handshake_hash,
-           session->original_handshake_hash_len);
+    OPENSSL_memcpy(new_session->original_handshake_hash,
+                   session->original_handshake_hash,
+                   session->original_handshake_hash_len);
     new_session->original_handshake_hash_len =
         session->original_handshake_hash_len;
     new_session->tlsext_tick_lifetime_hint = session->tlsext_tick_lifetime_hint;
@@ -387,7 +388,7 @@
   if (max_out > (size_t)session->master_key_length) {
     max_out = (size_t)session->master_key_length;
   }
-  memcpy(out, session->master_key, max_out);
+  OPENSSL_memcpy(out, session->master_key, max_out);
   return max_out;
 }
 
@@ -418,7 +419,7 @@
 
   assert(sizeof(session->sid_ctx) < 256);
   session->sid_ctx_length = (uint8_t)sid_ctx_len;
-  memcpy(session->sid_ctx, sid_ctx, sid_ctx_len);
+  OPENSSL_memcpy(session->sid_ctx, sid_ctx, sid_ctx_len);
 
   return 1;
 }
@@ -517,7 +518,7 @@
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
     goto err;
   }
-  memcpy(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length);
+  OPENSSL_memcpy(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length);
   session->sid_ctx_length = ssl->sid_ctx_length;
 
   /* The session is marked not resumable until it is completely filled in. */
@@ -627,7 +628,7 @@
                       NULL)) {
       goto err;
     }
-    memcpy(key_name, tctx->tlsext_tick_key_name, 16);
+    OPENSSL_memcpy(key_name, tctx->tlsext_tick_key_name, 16);
   }
 
   uint8_t *ptr;
@@ -639,7 +640,7 @@
 
   size_t total = 0;
 #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
-  memcpy(ptr, session_buf, session_len);
+  OPENSSL_memcpy(ptr, session_buf, session_len);
   total = session_len;
 #else
   int len;
@@ -679,7 +680,8 @@
   }
 
   return session->sid_ctx_length == ssl->sid_ctx_length &&
-         memcmp(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length) == 0;
+         OPENSSL_memcmp(session->sid_ctx, ssl->sid_ctx, ssl->sid_ctx_length) ==
+             0;
 }
 
 int ssl_session_is_time_valid(const SSL *ssl, const SSL_SESSION *session) {
@@ -737,7 +739,7 @@
     SSL_SESSION data;
     data.ssl_version = ssl->version;
     data.session_id_length = session_id_len;
-    memcpy(data.session_id, session_id, session_id_len);
+    OPENSSL_memcpy(data.session_id, session_id, session_id_len);
 
     CRYPTO_MUTEX_lock_read(&ssl->initial_ctx->lock);
     session = lh_SSL_SESSION_retrieve(ssl->initial_ctx->sessions, &data);
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index 8ede63c..796c051 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -673,7 +673,7 @@
   }
   encoded.reset(encoded_raw);
   if (encoded_len != input.size() ||
-      memcmp(input.data(), encoded.get(), input.size()) != 0) {
+      OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
     fprintf(stderr, "SSL_SESSION_to_bytes did not round-trip\n");
     hexdump(stderr, "Before: ", input.data(), input.size());
     hexdump(stderr, "After:  ", encoded_raw, encoded_len);
@@ -711,7 +711,7 @@
     fprintf(stderr, "i2d_SSL_SESSION did not advance ptr correctly\n");
     return false;
   }
-  if (memcmp(input.data(), encoded.get(), input.size()) != 0) {
+  if (OPENSSL_memcmp(input.data(), encoded.get(), input.size()) != 0) {
     fprintf(stderr, "i2d_SSL_SESSION did not round-trip\n");
     return false;
   }
@@ -838,7 +838,7 @@
   if (session->tlsext_tick == nullptr) {
     return nullptr;
   }
-  memset(session->tlsext_tick, 'a', ticket_len);
+  OPENSSL_memset(session->tlsext_tick, 'a', ticket_len);
   session->tlsext_ticklen = ticket_len;
 
   // Fix up the timeout.
@@ -1030,8 +1030,8 @@
   }
 
   ret->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-  memset(ret->session_id, 0, ret->session_id_length);
-  memcpy(ret->session_id, &number, sizeof(number));
+  OPENSSL_memset(ret->session_id, 0, ret->session_id_length);
+  OPENSSL_memcpy(ret->session_id, &number, sizeof(number));
   return ret;
 }
 
@@ -1442,7 +1442,7 @@
   }
   bssl::UniquePtr<uint8_t> free_s1(s1_bytes);
 
-  return s0_len == s1_len && memcmp(s0_bytes, s1_bytes, s0_len) == 0;
+  return s0_len == s1_len && OPENSSL_memcmp(s0_bytes, s1_bytes, s0_len) == 0;
 }
 
 static bool ExpectFDs(const SSL *ssl, int rfd, int wfd) {
@@ -1711,7 +1711,8 @@
     return false;
   }
 
-  if (memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) != 0) {
+  if (OPENSSL_memcmp(cert_sha256, session->peer_sha256, SHA256_DIGEST_LENGTH) !=
+      0) {
     fprintf(stderr, "peer_sha256 did not match.\n");
     return false;
   }
@@ -1747,10 +1748,10 @@
     fprintf(stderr, "ClientHello for version %04x too short.\n", version);
     return false;
   }
-  memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
+  OPENSSL_memset(client_hello.data() + kRandomOffset, 0, SSL3_RANDOM_SIZE);
 
   if (client_hello.size() != expected_len ||
-      memcmp(client_hello.data(), expected, expected_len) != 0) {
+      OPENSSL_memcmp(client_hello.data(), expected, expected_len) != 0) {
     fprintf(stderr, "ClientHello for version %04x did not match:\n", version);
     fprintf(stderr, "Got:\n\t");
     for (size_t i = 0; i < client_hello.size(); i++) {
@@ -2097,9 +2098,9 @@
   static const uint8_t kZeros[16] = {0};
 
   if (encrypt) {
-    memcpy(key_name, kZeros, sizeof(kZeros));
+    OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
     RAND_bytes(iv, 16);
-  } else if (memcmp(key_name, kZeros, 16) != 0) {
+  } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
     return 0;
   }
 
@@ -2124,7 +2125,7 @@
 
 #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
   // Fuzzer-mode tickets are unencrypted.
-  memcpy(plaintext.get(), ciphertext, len);
+  OPENSSL_memcpy(plaintext.get(), ciphertext, len);
 #else
   static const uint8_t kZeros[16] = {0};
   const uint8_t *iv = session->tlsext_tick + 16;
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 70907e1..5e5c348 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -146,6 +146,7 @@
 #include <openssl/nid.h>
 #include <openssl/rand.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -231,7 +232,7 @@
     return 1;
   }
 
-  memset(out, 0, out_len);
+  OPENSSL_memset(out, 0, out_len);
 
   uint32_t algorithm_prf = ssl_get_algorithm_prf(ssl);
   if (algorithm_prf == SSL_HANDSHAKE_MAC_DEFAULT) {
@@ -528,12 +529,13 @@
     return 0;
   }
 
-  memcpy(seed, ssl->s3->client_random, SSL3_RANDOM_SIZE);
-  memcpy(seed + SSL3_RANDOM_SIZE, ssl->s3->server_random, SSL3_RANDOM_SIZE);
+  OPENSSL_memcpy(seed, ssl->s3->client_random, SSL3_RANDOM_SIZE);
+  OPENSSL_memcpy(seed + SSL3_RANDOM_SIZE, ssl->s3->server_random,
+                 SSL3_RANDOM_SIZE);
   if (use_context) {
     seed[2 * SSL3_RANDOM_SIZE] = (uint8_t)(context_len >> 8);
     seed[2 * SSL3_RANDOM_SIZE + 1] = (uint8_t)context_len;
-    memcpy(seed + 2 * SSL3_RANDOM_SIZE + 2, context, context_len);
+    OPENSSL_memcpy(seed + 2 * SSL3_RANDOM_SIZE + 2, context, context_len);
   }
 
   int ret =
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index 8d91cfc..c27e84d 100644
--- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c
@@ -205,7 +205,7 @@
 
 int ssl_client_hello_init(SSL *ssl, SSL_CLIENT_HELLO *out, const uint8_t *in,
                           size_t in_len) {
-  memset(out, 0, sizeof(*out));
+  OPENSSL_memset(out, 0, sizeof(*out));
   out->ssl = ssl;
   out->client_hello = in;
   out->client_hello_len = in_len;
@@ -1506,8 +1506,9 @@
     }
 
     if (CBS_len(&client_protocol_name) == CBS_len(&protocol_name) &&
-        memcmp(CBS_data(&client_protocol_name), CBS_data(&protocol_name),
-               CBS_len(&protocol_name)) == 0) {
+        OPENSSL_memcmp(CBS_data(&client_protocol_name),
+                       CBS_data(&protocol_name),
+                       CBS_len(&protocol_name)) == 0) {
       protocol_ok = 1;
       break;
     }
@@ -1881,8 +1882,9 @@
 
   /* Per RFC 4492, section 5.1.2, implementations MUST support the uncompressed
    * point format. */
-  if (memchr(CBS_data(&ec_point_format_list), TLSEXT_ECPOINTFORMAT_uncompressed,
-             CBS_len(&ec_point_format_list)) == NULL) {
+  if (OPENSSL_memchr(CBS_data(&ec_point_format_list),
+                     TLSEXT_ECPOINTFORMAT_uncompressed,
+                     CBS_len(&ec_point_format_list)) == NULL) {
     *out_alert = SSL_AD_ILLEGAL_PARAMETER;
     return 0;
   }
@@ -2141,8 +2143,8 @@
   }
 
   /* We only support tickets with PSK_DHE_KE. */
-  hs->accept_psk_mode =
-      memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE, CBS_len(&ke_modes)) != NULL;
+  hs->accept_psk_mode = OPENSSL_memchr(CBS_data(&ke_modes), SSL_PSK_DHE_KE,
+                                       CBS_len(&ke_modes)) != NULL;
 
   return 1;
 }
@@ -2343,7 +2345,7 @@
   uint8_t *secret = NULL;
   size_t secret_len;
   SSL_ECDH_CTX group;
-  memset(&group, 0, sizeof(SSL_ECDH_CTX));
+  OPENSSL_memset(&group, 0, sizeof(SSL_ECDH_CTX));
   CBB public_key;
   if (!CBB_init(&public_key, 32) ||
       !SSL_ECDH_CTX_init(&group, group_id) ||
@@ -2820,7 +2822,7 @@
         goto err;
       }
 
-      memset(padding_bytes, 0, padding_len);
+      OPENSSL_memset(padding_bytes, 0, padding_len);
     }
   }
 
@@ -3183,8 +3185,8 @@
     }
   } else {
     /* Check the key name matches. */
-    if (memcmp(ticket, ssl_ctx->tlsext_tick_key_name,
-               SSL_TICKET_KEY_NAME_LEN) != 0) {
+    if (OPENSSL_memcmp(ticket, ssl_ctx->tlsext_tick_key_name,
+                       SSL_TICKET_KEY_NAME_LEN) != 0) {
       goto done;
     }
     if (!HMAC_Init_ex(&hmac_ctx, ssl_ctx->tlsext_tick_hmac_key,
@@ -3227,7 +3229,7 @@
   }
   size_t plaintext_len;
 #if defined(BORINGSSL_UNSAFE_FUZZER_MODE)
-  memcpy(plaintext, ciphertext, ciphertext_len);
+  OPENSSL_memcpy(plaintext, ciphertext, ciphertext_len);
   plaintext_len = ciphertext_len;
 #else
   if (ciphertext_len >= INT_MAX) {
@@ -3252,7 +3254,7 @@
 
   /* Copy the client's session ID into the new session, to denote the ticket has
    * been accepted. */
-  memcpy(session->session_id, session_id, session_id_len);
+  OPENSSL_memcpy(session->session_id, session_id, session_id_len);
   session->session_id_length = session_id_len;
 
   *out_session = session;
@@ -3439,7 +3441,7 @@
     goto err;
   }
 
-  memcpy(ssl->s3->tlsext_channel_id, p, 64);
+  OPENSSL_memcpy(ssl->s3->tlsext_channel_id, p, 64);
   ret = 1;
 
 err:
diff --git a/ssl/test/async_bio.cc b/ssl/test/async_bio.cc
index 605b33a..fd35176 100644
--- a/ssl/test/async_bio.cc
+++ b/ssl/test/async_bio.cc
@@ -20,6 +20,8 @@
 #include <openssl/bio.h>
 #include <openssl/mem.h>
 
+#include "../../crypto/internal.h"
+
 
 namespace {
 
@@ -110,7 +112,7 @@
   if (a == NULL) {
     return 0;
   }
-  memset(a, 0, sizeof(*a));
+  OPENSSL_memset(a, 0, sizeof(*a));
   a->enforce_write_quota = true;
   bio->init = 1;
   bio->ptr = (char *)a;
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index f2d6d9f..4425ab0 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -330,8 +330,8 @@
     fprintf(stderr, "Output buffer too small.\n");
     return ssl_private_key_failure;
   }
-  memcpy(out, test_state->private_key_result.data(),
-         test_state->private_key_result.size());
+  OPENSSL_memcpy(out, test_state->private_key_result.data(),
+                 test_state->private_key_result.size());
   *out_len = test_state->private_key_result.size();
 
   test_state->private_key_result.clear();
@@ -498,9 +498,9 @@
     size_t certificate_types_len =
         SSL_get0_certificate_types(ssl, &certificate_types);
     if (certificate_types_len != config->expected_certificate_types.size() ||
-        memcmp(certificate_types,
-               config->expected_certificate_types.data(),
-               certificate_types_len) != 0) {
+        OPENSSL_memcmp(certificate_types,
+                       config->expected_certificate_types.data(),
+                       certificate_types_len) != 0) {
       fprintf(stderr, "certificate types mismatch\n");
       return false;
     }
@@ -626,8 +626,8 @@
 
   if (!config->expected_advertised_alpn.empty() &&
       (config->expected_advertised_alpn.size() != inlen ||
-       memcmp(config->expected_advertised_alpn.data(),
-              in, inlen) != 0)) {
+       OPENSSL_memcmp(config->expected_advertised_alpn.data(), in, inlen) !=
+           0)) {
     fprintf(stderr, "bad ALPN select callback inputs\n");
     exit(1);
   }
@@ -663,7 +663,7 @@
 
   BUF_strlcpy(out_identity, config->psk_identity.c_str(),
               max_identity_len);
-  memcpy(out_psk, config->psk.data(), config->psk.size());
+  OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size());
   return config->psk.size();
 }
 
@@ -681,7 +681,7 @@
     return 0;
   }
 
-  memcpy(out_psk, config->psk.data(), config->psk.size());
+  OPENSSL_memcpy(out_psk, config->psk.data(), config->psk.size());
   return config->psk.size();
 }
 
@@ -758,9 +758,9 @@
   static const uint8_t kZeros[16] = {0};
 
   if (encrypt) {
-    memcpy(key_name, kZeros, sizeof(kZeros));
+    OPENSSL_memcpy(key_name, kZeros, sizeof(kZeros));
     RAND_bytes(iv, 16);
-  } else if (memcmp(key_name, kZeros, 16) != 0) {
+  } else if (OPENSSL_memcmp(key_name, kZeros, 16) != 0) {
     return 0;
   }
 
@@ -824,7 +824,7 @@
   }
 
   if (contents_len != sizeof(kCustomExtensionContents) - 1 ||
-      memcmp(contents, kCustomExtensionContents, contents_len) != 0) {
+      OPENSSL_memcmp(contents, kCustomExtensionContents, contents_len) != 0) {
     *out_alert_value = SSL_AD_DECODE_ERROR;
     return 0;
   }
@@ -862,7 +862,7 @@
     return -1;
   }
   sockaddr_in sin;
-  memset(&sin, 0, sizeof(sin));
+  OPENSSL_memset(&sin, 0, sizeof(sin));
   sin.sin_family = AF_INET;
   sin.sin_port = htons(port);
   if (!inet_pton(AF_INET, "127.0.0.1", &sin.sin_addr)) {
@@ -1143,7 +1143,7 @@
     // SSL_peek should synchronously return the same data.
     int ret2 = SSL_peek(ssl, buf.get(), ret);
     if (ret2 != ret ||
-        memcmp(buf.get(), out, ret) != 0) {
+        OPENSSL_memcmp(buf.get(), out, ret) != 0) {
       fprintf(stderr, "First and second SSL_peek did not match.\n");
       return -1;
     }
@@ -1151,7 +1151,7 @@
     // SSL_read should synchronously return the same data and consume it.
     ret2 = SSL_read(ssl, buf.get(), ret);
     if (ret2 != ret ||
-        memcmp(buf.get(), out, ret) != 0) {
+        OPENSSL_memcmp(buf.get(), out, ret) != 0) {
       fprintf(stderr, "SSL_peek and SSL_read did not match.\n");
       return -1;
     }
@@ -1265,8 +1265,8 @@
     unsigned next_proto_len;
     SSL_get0_next_proto_negotiated(ssl, &next_proto, &next_proto_len);
     if (next_proto_len != config->expected_next_proto.size() ||
-        memcmp(next_proto, config->expected_next_proto.data(),
-               next_proto_len) != 0) {
+        OPENSSL_memcmp(next_proto, config->expected_next_proto.data(),
+                       next_proto_len) != 0) {
       fprintf(stderr, "negotiated next proto mismatch\n");
       return false;
     }
@@ -1277,8 +1277,8 @@
     unsigned alpn_proto_len;
     SSL_get0_alpn_selected(ssl, &alpn_proto, &alpn_proto_len);
     if (alpn_proto_len != config->expected_alpn.size() ||
-        memcmp(alpn_proto, config->expected_alpn.data(),
-               alpn_proto_len) != 0) {
+        OPENSSL_memcmp(alpn_proto, config->expected_alpn.data(),
+                       alpn_proto_len) != 0) {
       fprintf(stderr, "negotiated alpn proto mismatch\n");
       return false;
     }
@@ -1291,8 +1291,8 @@
       return false;
     }
     if (config->expected_channel_id.size() != 64 ||
-        memcmp(config->expected_channel_id.data(),
-               channel_id, 64) != 0) {
+        OPENSSL_memcmp(config->expected_channel_id.data(), channel_id, 64) !=
+            0) {
       fprintf(stderr, "channel id mismatch\n");
       return false;
     }
@@ -1310,7 +1310,7 @@
     size_t len;
     SSL_get0_ocsp_response(ssl, &data, &len);
     if (config->expected_ocsp_response.size() != len ||
-        memcmp(config->expected_ocsp_response.data(), data, len) != 0) {
+        OPENSSL_memcmp(config->expected_ocsp_response.data(), data, len) != 0) {
       fprintf(stderr, "OCSP response mismatch\n");
       return false;
     }
@@ -1321,8 +1321,8 @@
     size_t len;
     SSL_get0_signed_cert_timestamp_list(ssl, &data, &len);
     if (config->expected_signed_cert_timestamps.size() != len ||
-        memcmp(config->expected_signed_cert_timestamps.data(),
-               data, len) != 0) {
+        OPENSSL_memcmp(config->expected_signed_cert_timestamps.data(), data,
+                       len) != 0) {
       fprintf(stderr, "SCT list mismatch\n");
       return false;
     }
@@ -1743,7 +1743,7 @@
     // trip up the CBC record splitting code.
     static const size_t kBufLen = 32769;
     std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufLen]);
-    memset(buf.get(), 0x42, kBufLen);
+    OPENSSL_memset(buf.get(), 0x42, kBufLen);
     static const size_t kRecordSizes[] = {
         0, 1, 255, 256, 257, 16383, 16384, 16385, 32767, 32768, 32769};
     for (size_t i = 0; i < OPENSSL_ARRAY_SIZE(kRecordSizes); i++) {
diff --git a/ssl/test/packeted_bio.cc b/ssl/test/packeted_bio.cc
index 8331b4b..835df0e 100644
--- a/ssl/test/packeted_bio.cc
+++ b/ssl/test/packeted_bio.cc
@@ -21,6 +21,8 @@
 
 #include <openssl/mem.h>
 
+#include "../../crypto/internal.h"
+
 
 namespace {
 
@@ -33,8 +35,8 @@
 struct PacketedBio {
   PacketedBio(timeval *clock_arg, bool advance_clock_arg)
       : clock(clock_arg), advance_clock(advance_clock_arg) {
-    memset(&timeout, 0, sizeof(timeout));
-    memset(&read_deadline, 0, sizeof(read_deadline));
+    OPENSSL_memset(&timeout, 0, sizeof(timeout));
+    OPENSSL_memset(&read_deadline, 0, sizeof(read_deadline));
   }
 
   bool HasTimeout() const {
@@ -209,7 +211,7 @@
     if (outl > (int)len) {
       outl = len;
     }
-    memcpy(out, buf, outl);
+    OPENSSL_memcpy(out, buf, outl);
     OPENSSL_free(buf);
     return outl;
   }
@@ -217,7 +219,7 @@
 
 static long PacketedCtrl(BIO *bio, int cmd, long num, void *ptr) {
   if (cmd == BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT) {
-    memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval));
+    OPENSSL_memcpy(&GetData(bio)->read_deadline, ptr, sizeof(timeval));
     return 1;
   }
 
@@ -290,6 +292,6 @@
   data->clock->tv_sec += data->clock->tv_usec / 1000000;
   data->clock->tv_usec %= 1000000;
   data->clock->tv_sec += data->timeout.tv_sec;
-  memset(&data->timeout, 0, sizeof(data->timeout));
+  OPENSSL_memset(&data->timeout, 0, sizeof(data->timeout));
   return true;
 }
diff --git a/ssl/tls13_client.c b/ssl/tls13_client.c
index ea241c1..d19bc14 100644
--- a/ssl/tls13_client.c
+++ b/ssl/tls13_client.c
@@ -182,7 +182,8 @@
   }
 
   assert(ssl->s3->have_version);
-  memcpy(ssl->s3->server_random, CBS_data(&server_random), SSL3_RANDOM_SIZE);
+  OPENSSL_memcpy(ssl->s3->server_random, CBS_data(&server_random),
+                 SSL3_RANDOM_SIZE);
 
   const SSL_CIPHER *cipher = SSL_get_cipher_by_value(cipher_suite);
   if (cipher == NULL) {
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index b431b75..ea9dce8 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -24,6 +24,7 @@
 #include <openssl/hmac.h>
 #include <openssl/mem.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -34,7 +35,7 @@
   hs->hash_len = EVP_MD_size(digest);
 
   /* Initialize the secret to the zero key. */
-  memset(hs->secret, 0, hs->hash_len);
+  OPENSSL_memset(hs->secret, 0, hs->hash_len);
 
   /* Initialize the rolling hashes and release the handshake buffer. */
   if (!ssl3_init_handshake_hash(ssl)) {
@@ -166,10 +167,12 @@
 
   /* Save the traffic secret. */
   if (direction == evp_aead_open) {
-    memmove(ssl->s3->read_traffic_secret, traffic_secret, traffic_secret_len);
+    OPENSSL_memmove(ssl->s3->read_traffic_secret, traffic_secret,
+                    traffic_secret_len);
     ssl->s3->read_traffic_secret_len = traffic_secret_len;
   } else {
-    memmove(ssl->s3->write_traffic_secret, traffic_secret, traffic_secret_len);
+    OPENSSL_memmove(ssl->s3->write_traffic_secret, traffic_secret,
+                    traffic_secret_len);
     ssl->s3->write_traffic_secret_len = traffic_secret_len;
   }
 
@@ -384,7 +387,7 @@
     return 0;
   }
 
-  memcpy(msg + len - hash_len, verify_data, hash_len);
+  OPENSSL_memcpy(msg + len - hash_len, verify_data, hash_len);
   return 1;
 }
 
diff --git a/ssl/tls13_server.c b/ssl/tls13_server.c
index 7181f46..e3606f1 100644
--- a/ssl/tls13_server.c
+++ b/ssl/tls13_server.c
@@ -25,6 +25,7 @@
 #include <openssl/rand.h>
 #include <openssl/stack.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -109,7 +110,8 @@
     OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR);
     return ssl_hs_error;
   }
-  memcpy(ssl->s3->client_random, client_hello.random, client_hello.random_len);
+  OPENSSL_memcpy(ssl->s3->client_random, client_hello.random,
+                 client_hello.random_len);
 
   /* TLS 1.3 requires the peer only advertise the null compression. */
   if (client_hello.compression_methods_len != 1 ||
diff --git a/ssl/tls_method.c b/ssl/tls_method.c
index 9effb36..4efed3f 100644
--- a/ssl/tls_method.c
+++ b/ssl/tls_method.c
@@ -61,6 +61,7 @@
 
 #include <openssl/buf.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -112,7 +113,7 @@
     return 0;
   }
 
-  memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));
+  OPENSSL_memset(ssl->s3->read_sequence, 0, sizeof(ssl->s3->read_sequence));
 
   SSL_AEAD_CTX_free(ssl->s3->aead_read_ctx);
   ssl->s3->aead_read_ctx = aead_ctx;
@@ -120,7 +121,7 @@
 }
 
 static int ssl3_set_write_state(SSL *ssl, SSL_AEAD_CTX *aead_ctx) {
-  memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence));
+  OPENSSL_memset(ssl->s3->write_sequence, 0, sizeof(ssl->s3->write_sequence));
 
   SSL_AEAD_CTX_free(ssl->s3->aead_write_ctx);
   ssl->s3->aead_write_ctx = aead_ctx;
diff --git a/ssl/tls_record.c b/ssl/tls_record.c
index c52909c..9e04163 100644
--- a/ssl/tls_record.c
+++ b/ssl/tls_record.c
@@ -422,7 +422,7 @@
       return 0;
     }
 
-    memmove(out + SSL3_RT_HEADER_LENGTH, in, in_len);
+    OPENSSL_memmove(out + SSL3_RT_HEADER_LENGTH, in, in_len);
     out[SSL3_RT_HEADER_LENGTH + in_len] = type;
     in = out + SSL3_RT_HEADER_LENGTH;
     type = SSL3_RT_APPLICATION_DATA;
diff --git a/tool/client.cc b/tool/client.cc
index 39cb7f0..dd3f846 100644
--- a/tool/client.cc
+++ b/tool/client.cc
@@ -26,6 +26,7 @@
 #include <openssl/pem.h>
 #include <openssl/ssl.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 #include "transport_common.h"
 
@@ -325,7 +326,8 @@
       }
       wire.push_back(static_cast<uint8_t>(len));
       wire.resize(wire.size() + len);
-      memcpy(wire.data() + wire.size() - len, alpn_protos.data() + i, len);
+      OPENSSL_memcpy(wire.data() + wire.size() - len, alpn_protos.data() + i,
+                     len);
       i = j + 1;
     }
     if (SSL_CTX_set_alpn_protos(ctx.get(), wire.data(), wire.size()) != 0) {
diff --git a/tool/pkcs12.cc b/tool/pkcs12.cc
index 7fd6f13..a8ddb0e 100644
--- a/tool/pkcs12.cc
+++ b/tool/pkcs12.cc
@@ -36,6 +36,7 @@
 #include <openssl/pkcs8.h>
 #include <openssl/stack.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -106,11 +107,11 @@
     if (n >= 0) {
       off += static_cast<size_t>(n);
     }
-  } while ((n > 0 && memchr(password, '\n', off) == NULL &&
+  } while ((n > 0 && OPENSSL_memchr(password, '\n', off) == NULL &&
             off < sizeof(password) - 1) ||
            (n == -1 && errno == EINTR));
 
-  char *newline = reinterpret_cast<char*>(memchr(password, '\n', off));
+  char *newline = reinterpret_cast<char *>(OPENSSL_memchr(password, '\n', off));
   if (newline == NULL) {
     return false;
   }
diff --git a/tool/speed.cc b/tool/speed.cc
index ad2ce95..52708c0 100644
--- a/tool/speed.cc
+++ b/tool/speed.cc
@@ -43,6 +43,7 @@
 #include <time.h>
 #endif
 
+#include "../crypto/internal.h"
 #include "internal.h"
 
 
@@ -208,18 +209,18 @@
   const size_t overhead_len = EVP_AEAD_max_overhead(aead);
 
   std::unique_ptr<uint8_t[]> key(new uint8_t[key_len]);
-  memset(key.get(), 0, key_len);
+  OPENSSL_memset(key.get(), 0, key_len);
   std::unique_ptr<uint8_t[]> nonce(new uint8_t[nonce_len]);
-  memset(nonce.get(), 0, nonce_len);
+  OPENSSL_memset(nonce.get(), 0, nonce_len);
   std::unique_ptr<uint8_t[]> in_storage(new uint8_t[chunk_len + kAlignment]);
   std::unique_ptr<uint8_t[]> out_storage(new uint8_t[chunk_len + overhead_len + kAlignment]);
   std::unique_ptr<uint8_t[]> ad(new uint8_t[ad_len]);
-  memset(ad.get(), 0, ad_len);
+  OPENSSL_memset(ad.get(), 0, ad_len);
 
   uint8_t *const in = align(in_storage.get(), kAlignment);
-  memset(in, 0, chunk_len);
+  OPENSSL_memset(in, 0, chunk_len);
   uint8_t *const out = align(out_storage.get(), kAlignment);
-  memset(out, 0, chunk_len + overhead_len);
+  OPENSSL_memset(out, 0, chunk_len + overhead_len);
 
   if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.get(), key_len,
                                         EVP_AEAD_DEFAULT_TAG_LENGTH,
@@ -381,7 +382,7 @@
     return false;
   }
   uint8_t digest[20];
-  memset(digest, 42, sizeof(digest));
+  OPENSSL_memset(digest, 42, sizeof(digest));
   unsigned sig_len;
 
   TimeResults results;
@@ -462,7 +463,7 @@
 
   if (!TimeFunction(&results, []() -> bool {
         uint8_t out[32], in[32];
-        memset(in, 0, sizeof(in));
+        OPENSSL_memset(in, 0, sizeof(in));
         X25519_public_from_private(out, in);
         return true;
       })) {
@@ -474,8 +475,8 @@
 
   if (!TimeFunction(&results, []() -> bool {
         uint8_t out[32], in1[32], in2[32];
-        memset(in1, 0, sizeof(in1));
-        memset(in2, 0, sizeof(in2));
+        OPENSSL_memset(in1, 0, sizeof(in1));
+        OPENSSL_memset(in2, 0, sizeof(in2));
         in1[0] = 1;
         in2[0] = 9;
         return X25519(out, in1, in2) == 1;
diff --git a/tool/transport_common.cc b/tool/transport_common.cc
index 0fee377..9b8715d 100644
--- a/tool/transport_common.cc
+++ b/tool/transport_common.cc
@@ -47,6 +47,7 @@
 #include <openssl/ssl.h>
 #include <openssl/x509.h>
 
+#include "../crypto/internal.h"
 #include "internal.h"
 #include "transport_common.h"
 
@@ -98,7 +99,7 @@
   }
 
   struct addrinfo hint, *result;
-  memset(&hint, 0, sizeof(hint));
+  OPENSSL_memset(&hint, 0, sizeof(hint));
   hint.ai_family = AF_UNSPEC;
   hint.ai_socktype = SOCK_STREAM;
 
@@ -151,7 +152,7 @@
 bool Accept(int *out_sock, const std::string &port) {
   struct sockaddr_in6 addr, cli_addr;
   socklen_t cli_addr_len = sizeof(cli_addr);
-  memset(&addr, 0, sizeof(addr));
+  OPENSSL_memset(&addr, 0, sizeof(addr));
 
   addr.sin6_family = AF_INET6;
   addr.sin6_addr = IN6ADDR_ANY_INIT;
@@ -434,7 +435,7 @@
 
         out_line->assign(buf_, length);
         buf_len_ -= i + 1;
-        memmove(buf_, &buf_[i + 1], buf_len_);
+        OPENSSL_memmove(buf_, &buf_[i + 1], buf_len_);
 
         return true;
       }