diff --git a/include/libssh2.h b/include/libssh2.h
index 7b313bd8..77437429 100644
--- a/include/libssh2.h
+++ b/include/libssh2.h
@@ -588,6 +588,7 @@ typedef struct _LIBSSH2_POLLFD {
 #define LIBSSH2_ERROR_MISSING_USERAUTH_BANNER   -50
 #define LIBSSH2_ERROR_ALGO_UNSUPPORTED          -51
 #define LIBSSH2_ERROR_MAC_FAILURE               -52
+#define LIBSSH2_ERROR_HASH_INIT                 -53
 
 /* this is a define to provide the old (<= 1.2.7) name */
 #define LIBSSH2_ERROR_BANNER_NONE LIBSSH2_ERROR_BANNER_RECV
diff --git a/src/bcrypt_pbkdf.c b/src/bcrypt_pbkdf.c
index d0885878..5da5b92f 100644
--- a/src/bcrypt_pbkdf.c
+++ b/src/bcrypt_pbkdf.c
@@ -127,7 +127,10 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt,
     memcpy(countsalt, salt, saltlen);
 
     /* collapse password */
-    (void)libssh2_sha512_init(&ctx);
+    if(!libssh2_sha512_init(&ctx)) {
+        free(countsalt);
+        return -1;
+    }
     libssh2_sha512_update(ctx, pass, passlen);
     libssh2_sha512_final(ctx, sha2pass);
 
@@ -139,7 +142,11 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt,
         countsalt[saltlen + 3] = count & 0xff;
 
         /* first round, salt is salt */
-        (void)libssh2_sha512_init(&ctx);
+        if(!libssh2_sha512_init(&ctx)) {
+            _libssh2_explicit_zero(out, sizeof(out));
+            free(countsalt);
+            return -1;
+        }
         libssh2_sha512_update(ctx, countsalt, saltlen + 4);
         libssh2_sha512_final(ctx, sha2salt);
 
@@ -148,7 +155,11 @@ bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt,
 
         for(i = 1; i < rounds; i++) {
             /* subsequent rounds, salt is previous output */
-            (void)libssh2_sha512_init(&ctx);
+            if(!libssh2_sha512_init(&ctx)) {
+                _libssh2_explicit_zero(out, sizeof(out));
+                free(countsalt);
+                return -1;
+            }
             libssh2_sha512_update(ctx, tmpout, sizeof(tmpout));
             libssh2_sha512_final(ctx, sha2salt);
 
diff --git a/src/hostkey.c b/src/hostkey.c
index 1497a734..50a88a3d 100644
--- a/src/hostkey.c
+++ b/src/hostkey.c
@@ -242,7 +242,9 @@ hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION * session,
     unsigned char hash[SHA_DIGEST_LENGTH];
     libssh2_sha1_ctx ctx;
 
-    (void)libssh2_sha1_init(&ctx);
+    if(!libssh2_sha1_init(&ctx))
+        return -1;
+
     for(i = 0; i < veccount; i++) {
         libssh2_sha1_update(ctx, datavec[i].iov_base, datavec[i].iov_len);
     }
@@ -659,6 +661,12 @@ hostkey_method_ssh_dss_signv(LIBSSH2_SESSION * session,
     libssh2_sha1_ctx ctx;
     int i;
 
+    if(!libssh2_sha1_init(&ctx)) {
+        *signature = NULL;
+        *signature_len = 0;
+        return -1;
+    }
+
     *signature = LIBSSH2_CALLOC(session, 2 * SHA_DIGEST_LENGTH);
     if(!*signature) {
         return -1;
@@ -666,7 +674,6 @@ hostkey_method_ssh_dss_signv(LIBSSH2_SESSION * session,
 
     *signature_len = 2 * SHA_DIGEST_LENGTH;
 
-    (void)libssh2_sha1_init(&ctx);
     for(i = 0; i < veccount; i++) {
         libssh2_sha1_update(ctx, datavec[i].iov_base, datavec[i].iov_len);
     }
@@ -914,7 +921,10 @@ hostkey_method_ssh_ecdsa_sig_verify(LIBSSH2_SESSION * session,
         unsigned char hash[SHA##digest_type##_DIGEST_LENGTH];           \
         libssh2_sha##digest_type##_ctx ctx;                             \
         int i;                                                          \
-        (void)libssh2_sha##digest_type##_init(&ctx);                    \
+        if(!libssh2_sha##digest_type##_init(&ctx)) {                    \
+            ret = -1;                                                   \
+            break;                                                      \
+        }                                                               \
         for(i = 0; i < veccount; i++) {                                 \
             libssh2_sha##digest_type##_update(ctx, datavec[i].iov_base, \
                                               datavec[i].iov_len);      \
diff --git a/src/kex.c b/src/kex.c
index 65973297..98aed88d 100644
--- a/src/kex.c
+++ b/src/kex.c
@@ -81,7 +81,11 @@ do {                                                                        \
     }                                                                       \
     if(value)                                                               \
         while(len < (size_t)reqlen) {                                       \
-            (void)libssh2_sha##digest_type##_init(&hash);                   \
+            if(!libssh2_sha##digest_type##_init(&hash)) {                   \
+                LIBSSH2_FREE(session, value);                               \
+                value = NULL;                                               \
+                break;                                                      \
+            }                                                               \
             libssh2_sha##digest_type##_update(hash,                         \
                                               exchange_state->k_value,      \
                                               exchange_state->k_value_len); \
@@ -108,23 +112,26 @@ do {                                                                        \
  * don't allow it so we have to wrap them up in helper functions
  */
 
-static void _libssh2_sha_algo_ctx_init(int sha_algo, void *ctx)
+static int _libssh2_sha_algo_ctx_init(int sha_algo, void *ctx)
 {
     if(sha_algo == 512) {
-        (void)libssh2_sha512_init((libssh2_sha512_ctx*)ctx);
+        return libssh2_sha512_init((libssh2_sha512_ctx*)ctx);
     }
     else if(sha_algo == 384) {
-        (void)libssh2_sha384_init((libssh2_sha384_ctx*)ctx);
+        return libssh2_sha384_init((libssh2_sha384_ctx*)ctx);
     }
     else if(sha_algo == 256) {
-        (void)libssh2_sha256_init((libssh2_sha256_ctx*)ctx);
+        return libssh2_sha256_init((libssh2_sha256_ctx*)ctx);
     }
     else if(sha_algo == 1) {
-        (void)libssh2_sha1_init((libssh2_sha1_ctx*)ctx);
+        return libssh2_sha1_init((libssh2_sha1_ctx*)ctx);
     }
     else {
+#ifdef LIBSSH2DEBUG
         assert(0);
+#endif
     }
+    return 0;
 }
 
 static void _libssh2_sha_algo_ctx_update(int sha_algo, void *ctx,
@@ -534,8 +541,11 @@ static int diffie_hellman_sha_algo(LIBSSH2_SESSION *session,
         }
 
         exchange_state->exchange_hash = (void *)&exchange_hash_ctx;
-        _libssh2_sha_algo_ctx_init(sha_algo_value, exchange_hash_ctx);
-
+        if(!_libssh2_sha_algo_ctx_init(sha_algo_value, exchange_hash_ctx)) {
+            ret = _libssh2_error(session, LIBSSH2_ERROR_HASH_INIT,
+                                 "Unable to initialize hash context");
+            goto clean_exit;
+        }
         if(session->local.banner) {
             _libssh2_htonu32(exchange_state->h_sig_comp,
                 (uint32_t)(strlen((char *) session->local.banner) - 2));
@@ -1591,8 +1601,11 @@ dh_gex_clean_exit:
 #define LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY(digest_type)            \
 do {                                                                         \
     libssh2_sha##digest_type##_ctx ctx;                                      \
+    if(!libssh2_sha##digest_type##_init(&ctx)) {                             \
+        rc = -1;                                                             \
+        break;                                                               \
+    }                                                                        \
     exchange_state->exchange_hash = (void *)&ctx;                            \
-    (void)libssh2_sha##digest_type##_init(&ctx);                             \
     if(session->local.banner) {                                              \
         _libssh2_htonu32(exchange_state->h_sig_comp,                         \
             (uint32_t)(strlen((char *) session->local.banner) - 2));         \
@@ -1671,10 +1684,10 @@ do {                                                                         \
     libssh2_sha##digest_type##_final(ctx, exchange_state->h_sig_comp);       \
                                                                              \
     if(session->hostkey->                                                    \
-       sig_verify(session, exchange_state->h_sig,                            \
-                  exchange_state->h_sig_len, exchange_state->h_sig_comp,     \
-                  SHA##digest_type##_DIGEST_LENGTH,                          \
-                  &session->server_hostkey_abstract)) {                      \
+        sig_verify(session, exchange_state->h_sig,                           \
+                   exchange_state->h_sig_len, exchange_state->h_sig_comp,    \
+                   SHA##digest_type##_DIGEST_LENGTH,                         \
+                   &session->server_hostkey_abstract)) {                     \
         rc = -1;                                                             \
     }                                                                        \
 } while(0)
@@ -1908,7 +1921,6 @@ static int ecdh_sha2_nistp(LIBSSH2_SESSION *session, libssh2_curve_type type,
             case LIBSSH2_EC_CURVE_NISTP256:
                 LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY(256);
                 break;
-
             case LIBSSH2_EC_CURVE_NISTP384:
                 LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY(384);
                 break;