Looks good, but if you chase something like this, it's ok to send a diff that kills all of them at once in the same file, like this. which replaces everywhere the original author didn't know about sizeof(buf) :)
-Bob Index: n_pkey.c =================================================================== RCS file: /cvs/src/lib/libssl/src/crypto/asn1/n_pkey.c,v retrieving revision 1.15 diff -u -p -u -p -r1.15 n_pkey.c --- n_pkey.c 21 Apr 2014 11:37:41 -0000 1.15 +++ n_pkey.c 23 Apr 2014 04:14:39 -0000 @@ -189,7 +189,7 @@ i2d_RSA_NET(const RSA *a, unsigned char if (cb == NULL) cb = EVP_read_pw_string; - i = cb((char *)buf, 256, "Enter Private Key password:", 1); + i = cb((char *)buf, sizeof(buf), "Enter Private Key password:", 1); if (i != 0) { ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ); goto err; @@ -205,7 +205,7 @@ i2d_RSA_NET(const RSA *a, unsigned char if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL)) goto err; - OPENSSL_cleanse(buf, 256); + OPENSSL_cleanse(buf, sizeof(buf)); /* Encrypt private key in place */ zz = enckey->enckey->digest->data; @@ -286,7 +286,7 @@ d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING EVP_CIPHER_CTX ctx; EVP_CIPHER_CTX_init(&ctx); - i=cb((char *)buf,256, "Enter Private Key password:",0); + i=cb((char *)buf, sizeof(buf), "Enter Private Key password:",0); if (i != 0) { ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ); goto err; @@ -302,7 +302,7 @@ d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING if (!EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i,1, key, NULL)) goto err; - OPENSSL_cleanse(buf, 256); + OPENSSL_cleanse(buf, sizeof(buf)); if (!EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL)) goto err;