crypto: use array memory (re)allocation routines

Co-Authored-by: Alexandr Nedvedicky <sashan@openssl.org> Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>
2025-07-17 15:17:38 +02:00 · 2025-07-17 15:17:38 +02:00 · f0a1e3c5a9
parent adb410f726
commit f0a1e3c5a9
28 changed files with 52 additions and 53 deletions
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@ -357,7 +357,7 @@ int CMS_verify(CMS_ContentInfo *cms, STACK_OF(X509) *certs,
    if ((flags & CMS_NO_SIGNER_CERT_VERIFY) == 0 || cadesVerify) {
        if (cadesVerify) {
            /* Certificate trust chain is required to check CAdES signature */
-            si_chains = OPENSSL_zalloc(scount * sizeof(si_chains[0]));
+            si_chains = OPENSSL_calloc(scount, sizeof(si_chains[0]));
            if (si_chains == NULL)
                goto err;
        }
--- a/crypto/comp/c_zlib.c
+++ b/crypto/comp/c_zlib.c
@ -40,7 +40,7 @@ static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size)
 {
    void *p;
-    p = OPENSSL_zalloc(no * size);
+    p = OPENSSL_calloc(no, size);
    return p;
 }
--- a/crypto/conf/conf_ssl.c
+++ b/crypto/conf/conf_ssl.c
@ -78,7 +78,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
    }
    cnt = sk_CONF_VALUE_num(cmd_lists);
    ssl_module_free(md);
-    ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
+    ssl_names = OPENSSL_calloc(cnt, sizeof(*ssl_names));
    if (ssl_names == NULL)
        goto err;
    ssl_names_count = cnt;
@ -101,7 +101,7 @@ static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
        if (ssl_name->name == NULL)
            goto err;
        cnt = sk_CONF_VALUE_num(cmds);
-        ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st));
+        ssl_name->cmds = OPENSSL_calloc(cnt, sizeof(struct ssl_conf_cmd_st));
        if (ssl_name->cmds == NULL)
            goto err;
        ssl_name->cmd_count = cnt;
--- a/crypto/encode_decode/encoder_pkey.c
+++ b/crypto/encode_decode/encoder_pkey.c
@ -290,7 +290,7 @@ static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
        namemap = ossl_namemap_stored(libctx);
        end = sk_OPENSSL_CSTRING_num(encoder_data.names);
        if (end > 0) {
-            encoder_data.id_names = OPENSSL_malloc(end * sizeof(int));
+            encoder_data.id_names = OPENSSL_malloc_array(end, sizeof(int));
            if (encoder_data.id_names == NULL) {
                sk_OPENSSL_CSTRING_free(keymgmt_data.names);
                goto err;
--- a/crypto/ex_data.c
+++ b/crypto/ex_data.c
@ -240,7 +240,7 @@ int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj,
        if (mx < (int)OSSL_NELEM(stack))
            storage = stack;
        else
-            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+            storage = OPENSSL_malloc_array(mx, sizeof(*storage));
        if (storage != NULL)
            for (i = 0; i < mx; i++)
                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
@ -302,7 +302,7 @@ int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
        if (mx < (int)OSSL_NELEM(stack))
            storage = stack;
        else
-            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+            storage = OPENSSL_malloc_array(mx, sizeof(*storage));
        if (storage != NULL)
            for (i = 0; i < mx; i++)
                storage[i] = sk_EX_CALLBACK_value(ip->meth, i);
@ -386,7 +386,7 @@ void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
        if (mx < (int)OSSL_NELEM(stack))
            storage = stack;
        else
-            storage = OPENSSL_malloc(sizeof(*storage) * mx);
+            storage = OPENSSL_malloc_array(mx, sizeof(*storage));
        if (storage != NULL)
            for (i = 0; i < mx; i++) {
                storage[i].excb = sk_EX_CALLBACK_value(ip->meth, i);
--- a/crypto/hashtable/hashtable.c
+++ b/crypto/hashtable/hashtable.c
@ -154,12 +154,13 @@ static struct ht_neighborhood_st *alloc_new_neighborhood_list(size_t len,
 {
    struct ht_neighborhood_st *ret;
-    ret = OPENSSL_aligned_alloc(sizeof(struct ht_neighborhood_st) * len,
+    ret = OPENSSL_aligned_alloc_array(len, sizeof(struct ht_neighborhood_st),
-                                CACHE_LINE_BYTES, freeptr);
+                                      CACHE_LINE_BYTES, freeptr);
    /* fall back to regular malloc */
    if (ret == NULL) {
-        ret = *freeptr = OPENSSL_malloc(sizeof(struct ht_neighborhood_st) * len);
+        ret = *freeptr =
            OPENSSL_malloc_array(len, sizeof(struct ht_neighborhood_st));
        if (ret == NULL)
            return NULL;
    }
--- a/crypto/hmac/hmac_s390x.c
+++ b/crypto/hmac/hmac_s390x.c
@ -117,8 +117,8 @@ int s390x_HMAC_init(HMAC_CTX *ctx, const void *key, int key_len, ENGINE *impl)
        (size_t)(ctx->plat.s390x.blk_size * HMAC_S390X_BUF_NUM_BLOCKS)) {
        OPENSSL_clear_free(ctx->plat.s390x.buf, ctx->plat.s390x.size);
        ctx->plat.s390x.size = 0;
-        ctx->plat.s390x.buf = OPENSSL_zalloc(ctx->plat.s390x.blk_size *
+        ctx->plat.s390x.buf = OPENSSL_calloc(HMAC_S390X_BUF_NUM_BLOCKS,
-                                             HMAC_S390X_BUF_NUM_BLOCKS);
+                                             ctx->plat.s390x.blk_size);
        if (ctx->plat.s390x.buf == NULL)
            return 0;
        ctx->plat.s390x.size = ctx->plat.s390x.blk_size *
--- a/crypto/lhash/lhash.c
+++ b/crypto/lhash/lhash.c
@ -66,7 +66,7 @@ OPENSSL_LHASH *OPENSSL_LH_new(OPENSSL_LH_HASHFUNC h, OPENSSL_LH_COMPFUNC c)
    if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL)
        return NULL;
-    if ((ret->b = OPENSSL_zalloc(sizeof(*ret->b) * MIN_NODES)) == NULL)
+    if ((ret->b = OPENSSL_calloc(MIN_NODES, sizeof(*ret->b))) == NULL)
        goto err;
    ret->comp = ((c == NULL) ? (OPENSSL_LH_COMPFUNC)strcmp : c);
    ret->hash = ((h == NULL) ? (OPENSSL_LH_HASHFUNC)OPENSSL_LH_strhash : h);
@ -251,7 +251,7 @@ static int expand(OPENSSL_LHASH *lh)
    pmax = lh->pmax;
    if (p + 1 >= pmax) {
        j = nni * 2;
-        n = OPENSSL_realloc(lh->b, sizeof(OPENSSL_LH_NODE *) * j);
+        n = OPENSSL_realloc_array(lh->b, j, sizeof(OPENSSL_LH_NODE *));
        if (n == NULL) {
            lh->error++;
            return 0;
@ -291,8 +291,7 @@ static void contract(OPENSSL_LHASH *lh)
    np = lh->b[lh->p + lh->pmax - 1];
    lh->b[lh->p + lh->pmax - 1] = NULL; /* 24/07-92 - eay - weird but :-( */
    if (lh->p == 0) {
-        n = OPENSSL_realloc(lh->b,
+        n = OPENSSL_realloc_array(lh->b, lh->pmax, sizeof(OPENSSL_LH_NODE *));
                            (unsigned int)(sizeof(OPENSSL_LH_NODE *) * lh->pmax));
        if (n == NULL) {
            /* fputs("realloc error in lhash", stderr); */
            lh->error++;
--- a/crypto/mem_sec.c
+++ b/crypto/mem_sec.c
@ -480,7 +480,7 @@ static int sh_init(size_t size, size_t minsize)
    for (i = sh.bittable_size; i; i >>= 1)
        sh.freelist_size++;
-    sh.freelist = OPENSSL_zalloc(sh.freelist_size * sizeof(char *));
+    sh.freelist = OPENSSL_calloc(sh.freelist_size, sizeof(char *));
    OPENSSL_assert(sh.freelist != NULL);
    if (sh.freelist == NULL)
        goto err;
--- a/crypto/ml_dsa/ml_dsa_key.c
+++ b/crypto/ml_dsa/ml_dsa_key.c
@ -326,7 +326,7 @@ static int public_from_private(const ML_DSA_KEY *key, EVP_MD_CTX *md_ctx,
    VECTOR s1_ntt;
    VECTOR t;
-    polys = OPENSSL_malloc(sizeof(*polys) * (k + l + k * l));
+    polys = OPENSSL_malloc_array(k + l + k * l, sizeof(*polys));
    if (polys == NULL)
        return 0;
@ -388,7 +388,7 @@ int ossl_ml_dsa_key_pairwise_check(const ML_DSA_KEY *key)
    if (key->pub_encoding == NULL || key->priv_encoding == 0)
        return 0;
-    polys = OPENSSL_malloc(sizeof(*polys) * (2 * k));
+    polys = OPENSSL_malloc_array(2 * k, sizeof(*polys));
    if (polys == NULL)
        return 0;
    md_ctx = EVP_MD_CTX_new();
--- a/crypto/ml_dsa/ml_dsa_vector.h
+++ b/crypto/ml_dsa/ml_dsa_vector.h
@ -33,7 +33,7 @@ void vector_init(VECTOR *v, POLY *polys, size_t num_polys)
 static ossl_inline ossl_unused
 int vector_alloc(VECTOR *v, size_t num_polys)
 {
-    v->poly = OPENSSL_malloc(num_polys * sizeof(POLY));
+    v->poly = OPENSSL_malloc_array(num_polys, sizeof(POLY));
    if (v->poly == NULL)
        return 0;
    v->num_poly = num_polys;
@ -43,7 +43,7 @@ int vector_alloc(VECTOR *v, size_t num_polys)
 static ossl_inline ossl_unused
 int vector_secure_alloc(VECTOR *v, size_t num_polys)
 {
-    v->poly = OPENSSL_secure_malloc(num_polys * sizeof(POLY));
+    v->poly = OPENSSL_secure_malloc_array(num_polys, sizeof(POLY));
    if (v->poly == NULL)
        return 0;
    v->num_poly = num_polys;
--- a/crypto/modes/ocb128.c
+++ b/crypto/modes/ocb128.c
@ -110,7 +110,7 @@ static OCB_BLOCK *ocb_lookup_l(OCB128_CONTEXT *ctx, size_t idx)
         * the index.
         */
        ctx->max_l_index += (idx - ctx->max_l_index + 4) & ~3;
-        tmp_ptr = OPENSSL_realloc(ctx->l, ctx->max_l_index * sizeof(OCB_BLOCK));
+        tmp_ptr = OPENSSL_realloc_array(ctx->l, ctx->max_l_index, sizeof(OCB_BLOCK));
        if (tmp_ptr == NULL) /* prevent ctx->l from being clobbered */
            return NULL;
        ctx->l = tmp_ptr;
@ -155,7 +155,7 @@ int CRYPTO_ocb128_init(OCB128_CONTEXT *ctx, void *keyenc, void *keydec,
    memset(ctx, 0, sizeof(*ctx));
    ctx->l_index = 0;
    ctx->max_l_index = 5;
-    if ((ctx->l = OPENSSL_malloc(ctx->max_l_index * 16)) == NULL)
+    if ((ctx->l = OPENSSL_malloc_array(ctx->max_l_index, 16)) == NULL)
        return 0;
    /*
@ -200,7 +200,7 @@ int CRYPTO_ocb128_copy_ctx(OCB128_CONTEXT *dest, OCB128_CONTEXT *src,
    if (keydec)
        dest->keydec = keydec;
    if (src->l) {
-        if ((dest->l = OPENSSL_malloc(src->max_l_index * 16)) == NULL)
+        if ((dest->l = OPENSSL_malloc_array(src->max_l_index, 16)) == NULL)
            return 0;
        memcpy(dest->l, src->l, (src->l_index + 1) * 16);
    }
--- a/crypto/objects/o_names.c
+++ b/crypto/objects/o_names.c
@ -333,7 +333,7 @@ void OBJ_NAME_do_all_sorted(int type,
    d.type = type;
    d.names =
-        OPENSSL_malloc(sizeof(*d.names) * lh_OBJ_NAME_num_items(names_lh));
+        OPENSSL_malloc_array(lh_OBJ_NAME_num_items(names_lh), sizeof(*d.names));
    /* Really should return an error if !d.names...but its a void function! */
    if (d.names != NULL) {
        d.n = 0;
--- a/crypto/params_dup.c
+++ b/crypto/params_dup.c
@ -38,9 +38,8 @@ static int ossl_param_buf_alloc(OSSL_PARAM_BUF *out, size_t extra_blocks,
    size_t sz;
    if (is_size_overflow(extra_blocks + out->blocks, OSSL_PARAM_ALIGN_SIZE, &sz,
-                         OPENSSL_FILE, OPENSSL_LINE)) {
+                         OPENSSL_FILE, OPENSSL_LINE))
        return 0;
    }
    out->alloc = is_secure ? OPENSSL_secure_zalloc(sz) : OPENSSL_zalloc(sz);
    if (out->alloc == NULL)
@ -187,7 +186,7 @@ OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2)
    qsort(list2, list2_sz, sizeof(OSSL_PARAM *), compare_params);
   /* Allocate enough space to store the merged parameters */
-    params = OPENSSL_zalloc((list1_sz + list2_sz + 1) * sizeof(*p1));
+    params = OPENSSL_calloc(list1_sz + list2_sz + 1, sizeof(*p1));
    if (params == NULL)
        return NULL;
    dst = params;
--- a/crypto/pem/pem_lib.c
+++ b/crypto/pem/pem_lib.c
@ -665,7 +665,7 @@ int PEM_write_bio(BIO *bp, const char *name, const char *header,
        }
    }
-    buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
+    buf = OPENSSL_malloc_array(PEM_BUFSIZE, 8);
    if (buf == NULL)
        goto err;
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@ -371,8 +371,8 @@ int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx,
    if (!CRYPTO_THREAD_write_lock(store->lock))
        return 0;
    if (store->provinfosz == 0) {
-        store->provinfo = OPENSSL_zalloc(sizeof(*store->provinfo)
+        store->provinfo = OPENSSL_calloc(BUILTINS_BLOCK_SIZE,
-                                         * BUILTINS_BLOCK_SIZE);
+                                         sizeof(*store->provinfo));
        if (store->provinfo == NULL)
            goto err;
        store->provinfosz = BUILTINS_BLOCK_SIZE;
@ -380,8 +380,8 @@ int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx,
        OSSL_PROVIDER_INFO *tmpbuiltins;
        size_t newsz = store->provinfosz + BUILTINS_BLOCK_SIZE;
-        tmpbuiltins = OPENSSL_realloc(store->provinfo,
+        tmpbuiltins = OPENSSL_realloc_array(store->provinfo,
-                                      sizeof(*store->provinfo) * newsz);
+                                            newsz, sizeof(*store->provinfo));
        if (tmpbuiltins == NULL)
            goto err;
        store->provinfo = tmpbuiltins;
@ -1119,7 +1119,7 @@ static int provider_init(OSSL_PROVIDER *prov)
        /* Allocate one extra item for the "library" name */
        prov->error_strings =
-            OPENSSL_zalloc(sizeof(ERR_STRING_DATA) * (cnt + 1));
+            OPENSSL_calloc(cnt + 1, sizeof(ERR_STRING_DATA));
        if (prov->error_strings == NULL)
            goto end;
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@ -704,7 +704,7 @@ static int rsa_keygen_pairwise_test(RSA *rsa, OSSL_CALLBACK *cb, void *cbarg)
     * decoded.
     */
    plaintxt_len = RSA_size(rsa);
-    plaintxt = OPENSSL_zalloc(plaintxt_len * 3);
+    plaintxt = OPENSSL_calloc(plaintxt_len, 3);
    if (plaintxt == NULL)
        goto err;
    ciphertxt = plaintxt + plaintxt_len;
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@ -177,7 +177,7 @@ int ossl_sm2_encrypt(const EC_KEY *key,
        goto done;
    }
-    x2y2 = OPENSSL_zalloc(2 * field_size);
+    x2y2 = OPENSSL_calloc(2, field_size);
    C3 = OPENSSL_zalloc(C3_size);
    if (x2y2 == NULL || C3 == NULL)
@ -343,7 +343,7 @@ int ossl_sm2_decrypt(const EC_KEY *key,
    }
    msg_mask = OPENSSL_zalloc(msg_len);
-    x2y2 = OPENSSL_zalloc(2 * field_size);
+    x2y2 = OPENSSL_calloc(2, field_size);
    computed_C3 = OPENSSL_zalloc(hash_size);
    if (msg_mask == NULL || x2y2 == NULL || computed_C3 == NULL)
--- a/crypto/sparse_array.c
+++ b/crypto/sparse_array.c
@ -173,7 +173,7 @@ void *ossl_sa_get(const OPENSSL_SA *sa, ossl_uintmax_t n)
 static ossl_inline void **alloc_node(void)
 {
-    return OPENSSL_zalloc(SA_BLOCK_MAX * sizeof(void *));
+    return OPENSSL_calloc(SA_BLOCK_MAX, sizeof(void *));
 }
 int ossl_sa_set(OPENSSL_SA *sa, ossl_uintmax_t posn, void *val)
--- a/crypto/srp/srp_lib.c
+++ b/crypto/srp/srp_lib.c
@ -39,7 +39,7 @@ static BIGNUM *srp_Calc_xy(const BIGNUM *x, const BIGNUM *y, const BIGNUM *N,
        goto err;
    if (y != N && BN_ucmp(y, N) >= 0)
        goto err;
-    if ((tmp = OPENSSL_malloc(numN * 2)) == NULL)
+    if ((tmp = OPENSSL_malloc_array(numN, 2)) == NULL)
        goto err;
    if (BN_bn2binpad(x, tmp, numN) < 0
        || BN_bn2binpad(y, tmp + numN, numN) < 0
--- a/crypto/srp/srp_vfy.c
+++ b/crypto/srp/srp_vfy.c
@ -681,9 +681,8 @@ char *SRP_create_verifier_ex(const char *user, const char *pass, char **salt,
    if (*salt == NULL) {
        char *tmp_salt;
-        if ((tmp_salt = OPENSSL_malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL) {
+        if ((tmp_salt = OPENSSL_malloc_array(SRP_RANDOM_SALT_LEN, 2)) == NULL)
            goto err;
        }
        if (!t_tob64(tmp_salt, tmp2, SRP_RANDOM_SALT_LEN)) {
            OPENSSL_free(tmp_salt);
            goto err;
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@ -69,7 +69,7 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk)
    }
    /* duplicate |sk->data| content */
-    ret->data = OPENSSL_malloc(sizeof(*ret->data) * sk->num_alloc);
+    ret->data = OPENSSL_malloc_array(sk->num_alloc, sizeof(*ret->data));
    if (ret->data == NULL)
        goto err;
    memcpy(ret->data, sk->data, sizeof(void *) * sk->num);
@ -107,7 +107,7 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk,
    }
    ret->num_alloc = sk->num > min_nodes ? sk->num : min_nodes;
-    ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc);
+    ret->data = OPENSSL_calloc(ret->num_alloc, sizeof(*ret->data));
    if (ret->data == NULL)
        goto err;
@ -197,7 +197,7 @@ static int sk_reserve(OPENSSL_STACK *st, int n, int exact)
         * At this point, |st->num_alloc| and |st->num| are 0;
         * so |num_alloc| value is |n| or |min_nodes| if greater than |n|.
         */
-        if ((st->data = OPENSSL_zalloc(sizeof(void *) * num_alloc)) == NULL)
+        if ((st->data = OPENSSL_calloc(num_alloc, sizeof(void *))) == NULL)
            return 0;
        st->num_alloc = num_alloc;
        return 1;
@ -215,7 +215,7 @@ static int sk_reserve(OPENSSL_STACK *st, int n, int exact)
        return 1;
    }
-    tmpdata = OPENSSL_realloc((void *)st->data, sizeof(void *) * num_alloc);
+    tmpdata = OPENSSL_realloc_array((void *)st->data, num_alloc, sizeof(void *));
    if (tmpdata == NULL)
        return 0;
--- a/crypto/threads_common.c
+++ b/crypto/threads_common.c
@ -355,7 +355,8 @@ int CRYPTO_THREAD_set_local_ex(CRYPTO_THREAD_LOCAL_KEY_ID id,
        /*
         * we didn't find one, but that's ok, just initialize it now
         */
-        mkey = OPENSSL_zalloc(sizeof(MASTER_KEY_ENTRY) * CRYPTO_THREAD_LOCAL_KEY_MAX);
+        mkey = OPENSSL_calloc(CRYPTO_THREAD_LOCAL_KEY_MAX,
                              sizeof(MASTER_KEY_ENTRY));
        if (mkey == NULL)
            return 0;
        /*
--- a/crypto/threads_pthread.c
+++ b/crypto/threads_pthread.c
@ -454,7 +454,7 @@ static struct rcu_qp *allocate_new_qp_group(CRYPTO_RCU_LOCK *lock,
                                            uint32_t count)
 {
    struct rcu_qp *new =
-        OPENSSL_zalloc(sizeof(*new) * count);
+        OPENSSL_calloc(count, sizeof(*new));
    lock->group_count = count;
    return new;
--- a/crypto/threads_win.c
+++ b/crypto/threads_win.c
@ -128,7 +128,7 @@ static struct rcu_qp *allocate_new_qp_group(struct rcu_lock_st *lock,
                                            uint32_t count)
 {
    struct rcu_qp *new =
-        OPENSSL_zalloc(sizeof(*new) * count);
+        OPENSSL_calloc(count, sizeof(*new));
    lock->group_count = count;
    return new;
--- a/crypto/txt_db/txt_db.c
+++ b/crypto/txt_db/txt_db.c
@ -40,9 +40,9 @@ TXT_DB *TXT_DB_read(BIO *in, int num)
    ret->qual = NULL;
    if ((ret->data = sk_OPENSSL_PSTRING_new_null()) == NULL)
        goto err;
-    if ((ret->index = OPENSSL_malloc(sizeof(*ret->index) * num)) == NULL)
+    if ((ret->index = OPENSSL_malloc_array(num, sizeof(*ret->index))) == NULL)
        goto err;
-    if ((ret->qual = OPENSSL_malloc(sizeof(*(ret->qual)) * num)) == NULL)
+    if ((ret->qual = OPENSSL_malloc_array(num, sizeof(*(ret->qual)))) == NULL)
        goto err;
    for (i = 0; i < num; i++) {
        ret->index[i] = NULL;
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@ -186,7 +186,7 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
     * policies of anyPolicy.  (RFC 5280 has the TA at depth 0 and the leaf at
     * depth n, we have the leaf at depth 0 and the TA at depth n).
     */
-    if ((tree->levels = OPENSSL_zalloc(sizeof(*tree->levels)*(n+1))) == NULL) {
+    if ((tree->levels = OPENSSL_calloc(n + 1, sizeof(*tree->levels))) == NULL) {
        OPENSSL_free(tree);
        return X509_PCY_TREE_INTERNAL;
    }
--- a/crypto/x509/x509spki.c
+++ b/crypto/x509/x509spki.c
@ -61,7 +61,7 @@ char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
    if (der_len <= 0)
        return NULL;
    der_spki = OPENSSL_malloc(der_len);
-    b64_str = OPENSSL_malloc(der_len * 2);
+    b64_str = OPENSSL_malloc_array(der_len, 2);
    if (der_spki == NULL || b64_str == NULL) {
        OPENSSL_free(der_spki);
        OPENSSL_free(b64_str);