diff --git a/library/pkcs12.c b/library/pkcs12.c
index 7023b9dbc..c603a1357 100644
--- a/library/pkcs12.c
+++ b/library/pkcs12.c
@@ -93,7 +93,7 @@ static int pkcs12_pbe_derive_key_iv( mbedtls_asn1_buf *pbe_params, mbedtls_md_ty
                                      unsigned char *key, size_t keylen,
                                      unsigned char *iv,  size_t ivlen )
 {
-    int ret, iterations;
+    int ret, iterations = 0;
     mbedtls_asn1_buf salt;
     size_t i;
     unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
diff --git a/library/rsa.c b/library/rsa.c
index fba68ddfc..60559e2ac 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -797,7 +797,12 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
     int ret;
     size_t ilen, pad_count = 0, i;
     unsigned char *p, bad, pad_done = 0;
+#ifdef __clang_analyzer__
+    /* Shut up Clang, mbedtls_rsa_public/private writes to this */
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { };
+#else
     unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+#endif
 
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1175,13 +1180,18 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
     int ret;
     size_t siglen;
     unsigned char *p;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
     unsigned char result[MBEDTLS_MD_MAX_SIZE];
     unsigned char zeros[8];
     unsigned int hlen;
     size_t slen, msb;
     const mbedtls_md_info_t *md_info;
     mbedtls_md_context_t md_ctx;
+#ifdef __clang_analyzer__
+    /* Shut up Clang, mbedtls_rsa_public/private writes to this */
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { };
+#else
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+#endif
 
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V21 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
@@ -1320,10 +1330,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
     int ret;
     size_t len, siglen, asn1_len;
     unsigned char *p, *end;
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
     mbedtls_md_type_t msg_md_alg;
     const mbedtls_md_info_t *md_info;
     mbedtls_asn1_buf oid;
+#ifdef __clang_analyzer__
+    /* Shut up Clang, mbedtls_rsa_public/private writes to this */
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE] = { };
+#else
+    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
+#endif
 
     if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 )
         return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index f071d311e..7805a79bc 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -83,7 +83,7 @@ static int generic_check( const mbedtls_md_info_t *md_info, char *filename )
     int nb_err1, nb_err2;
     int nb_tot1, nb_tot2;
     unsigned char sum[MBEDTLS_MD_MAX_SIZE];
-    char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1], line[1024];
+    char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { }, line[1024];
     char diff;
 
     if( ( f = fopen( filename, "rb" ) ) == NULL )