diff --git a/src/internal.c b/src/internal.c
index 00f4eb49..863847f1 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -891,6 +891,7 @@ static int wolfSSH_KEY_init(WS_KeySignature* key, byte keyId, void* heap)
     int ret = WS_SUCCESS;
 
     if (key != NULL) {
+        WMEMSET(key, 0, sizeof(*key));
         key->keySigId = keyId;
 
         switch (keyId) {
@@ -1104,12 +1105,12 @@ static int GetOpenSshKey(WS_KeySignature *key,
     word32 keyCount = 0, strSz = 0, i;
     int ret = WS_SUCCESS;
 
-    if (strcmp(AuthMagic, (const char*)buf) != 0) {
+    if (WSTRCMP(AuthMagic, (const char*)buf) != 0) {
         ret = WS_KEY_AUTH_MAGIC_E;
     }
 
     if (ret == WS_SUCCESS) {
-        *idx += (word32)strlen(AuthMagic) + 1;
+        *idx += (word32)WSTRLEN(AuthMagic) + 1;
         ret = GetSkip(buf, len, idx); /* ciphername */
     }
 
@@ -9138,7 +9139,7 @@ static int SendKexGetSigningKey(WOLFSSH* ssh,
             sigKeyBlock_ptr->sk.ecc.primeName =
                     PrimeNameForId(ssh->handshake->pubKeyId);
             sigKeyBlock_ptr->sk.ecc.primeNameSz =
-                    (word32)strlen(sigKeyBlock_ptr->sk.ecc.primeName);
+                    (word32)WSTRLEN(sigKeyBlock_ptr->sk.ecc.primeName);
 
             /* Decode the user-configured ECDSA private key. */
             sigKeyBlock_ptr->sk.ecc.qSz =
@@ -9428,7 +9429,7 @@ int SendKexDhReply(WOLFSSH* ssh)
         sigKeyBlock_ptr->pubKeyName =
             IdToName(SigTypeForId(sigKeyBlock_ptr->pubKeyId));
         sigKeyBlock_ptr->pubKeyNameSz =
-                (word32)strlen(sigKeyBlock_ptr->pubKeyName);
+                (word32)WSTRLEN(sigKeyBlock_ptr->pubKeyName);
         sigKeyBlock_ptr->pubKeyFmtId = sigKeyBlock_ptr->pubKeyId;
         if (sigKeyBlock_ptr->pubKeyId == ID_RSA_SHA2_256
                 || sigKeyBlock_ptr->pubKeyId == ID_RSA_SHA2_512) {
@@ -9437,7 +9438,7 @@ int SendKexDhReply(WOLFSSH* ssh)
         sigKeyBlock_ptr->pubKeyFmtName =
                 IdToName(sigKeyBlock_ptr->pubKeyFmtId);
         sigKeyBlock_ptr->pubKeyFmtNameSz =
-                (word32)strlen(sigKeyBlock_ptr->pubKeyFmtName);
+                (word32)WSTRLEN(sigKeyBlock_ptr->pubKeyFmtName);
 
         switch (ssh->handshake->kexId) {
 #ifndef WOLFSSH_NO_ECDH_SHA2_NISTP256
diff --git a/src/ssh.c b/src/ssh.c
index 80535ddc..b5b6171a 100644
--- a/src/ssh.c
+++ b/src/ssh.c
@@ -1664,8 +1664,8 @@ static int DoOpenSshKey(const byte* in, word32 inSz, byte** out,
         newKey = *out;
     }
 
-    in += strlen(PrivBeginOpenSSH);
-    inSz -= (word32)(strlen(PrivBeginOpenSSH) + strlen(PrivEndOpenSSH) + 2);
+    in += WSTRLEN(PrivBeginOpenSSH);
+    inSz -= (word32)(WSTRLEN(PrivBeginOpenSSH) + WSTRLEN(PrivEndOpenSSH) + 2);
 
     ret = Base64_Decode((byte*)in, inSz, newKey, &newKeySz);
     if (ret == 0) {