Remove some dependencies on NewZeroed

Bug: 491512320
Change-Id: If57a8b748c4eaf9a5d021308e1775a8f6b55a38c
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/90627
Auto-Submit: David Benjamin <davidben@google.com>
Commit-Queue: Rudolf Polzer <rpolzer@google.com>
Reviewed-by: Rudolf Polzer <rpolzer@google.com>
diff --git a/crypto/x509/internal.h b/crypto/x509/internal.h
index 1b91bad..d762fe0 100644
--- a/crypto/x509/internal.h
+++ b/crypto/x509/internal.h
@@ -77,7 +77,7 @@
 
 class X509Name : public X509_name_st {
  public:
-  STACK_OF(X509_NAME_ENTRY) *entries;
+  STACK_OF(X509_NAME_ENTRY) *entries = nullptr;
   mutable bssl::Atomic<bssl::X509_NAME_CACHE *> cache;
 } /* X509_NAME */;
 
@@ -134,9 +134,9 @@
   ASN1_TIME notAfter;
   X509Name subject;
   X509_PUBKEY key;
-  ASN1_BIT_STRING *issuerUID;            // [ 1 ] optional in v2
-  ASN1_BIT_STRING *subjectUID;           // [ 2 ] optional in v2
-  STACK_OF(X509_EXTENSION) *extensions;  // [ 3 ] optional in v3
+  ASN1_BIT_STRING *issuerUID = nullptr;            // [ 1 ] optional in v2
+  ASN1_BIT_STRING *subjectUID = nullptr;           // [ 2 ] optional in v2
+  STACK_OF(X509_EXTENSION) *extensions = nullptr;  // [ 3 ] optional in v3
   // Certificate fields:
   X509_ALGOR sig_alg;
   ASN1_BIT_STRING signature;
@@ -144,20 +144,20 @@
   // buf, if not nullptr, contains a copy of the serialized Certificate.
   // TODO(davidben): Now every parsed |X509| has an underlying |CRYPTO_BUFFER|,
   // but |X509|s created peacemeal do not. Can we make this more uniform?
-  CRYPTO_BUFFER *buf;
+  CRYPTO_BUFFER *buf = nullptr;
   CRYPTO_EX_DATA ex_data;
   // These contain copies of various extension values
   long ex_pathlen = -1;
-  uint32_t ex_flags;
-  uint32_t ex_kusage;
-  uint32_t ex_xkusage;
-  ASN1_OCTET_STRING *skid;
-  AUTHORITY_KEYID *akid;
-  STACK_OF(DIST_POINT) *crldp;
-  STACK_OF(GENERAL_NAME) *altname;
-  NAME_CONSTRAINTS *nc;
-  unsigned char cert_hash[SHA256_DIGEST_LENGTH];
-  bssl::X509_CERT_AUX *aux;
+  uint32_t ex_flags = 0;
+  uint32_t ex_kusage = 0;
+  uint32_t ex_xkusage = 0;
+  ASN1_OCTET_STRING *skid = nullptr;
+  AUTHORITY_KEYID *akid = nullptr;
+  STACK_OF(DIST_POINT) *crldp = nullptr;
+  STACK_OF(GENERAL_NAME) *altname = nullptr;
+  NAME_CONSTRAINTS *nc = nullptr;
+  unsigned char cert_hash[SHA256_DIGEST_LENGTH] = {};
+  bssl::X509_CERT_AUX *aux = nullptr;
   Mutex lock;
 
  private:
diff --git a/crypto/x509/x_name.cc b/crypto/x509/x_name.cc
index 5c85edb..66ba94f 100644
--- a/crypto/x509/x_name.cc
+++ b/crypto/x509/x_name.cc
@@ -133,7 +133,7 @@
   Delete(impl->cache.exchange(nullptr));
 }
 
-X509_NAME *X509_NAME_new() { return NewZeroed<X509Name>(); }
+X509_NAME *X509_NAME_new() { return New<X509Name>(); }
 
 void X509_NAME_free(X509_NAME *name) {
   if (name != nullptr) {
diff --git a/crypto/x509/x_x509.cc b/crypto/x509/x_x509.cc
index 25a0ad2..206521a 100644
--- a/crypto/x509/x_x509.cc
+++ b/crypto/x509/x_x509.cc
@@ -57,7 +57,7 @@
   CRYPTO_new_ex_data(&ex_data);
 }
 
-X509 *X509_new() { return NewZeroed<X509Impl>(); }
+X509 *X509_new() { return New<X509Impl>(); }
 
 X509Impl::~X509Impl() {
   CRYPTO_free_ex_data(&g_ex_data_class, &ex_data);