convert 53 malloc(a*b) to reallocarray(NULL, a, b). that is 53

potential integer overflows easily changed into an allocation return of NULL, with errno nicely set if need be. checks for an allocations returning NULL are commonplace, or if the object is dereferenced (quite normal) will result in a nice fault which can be detected & repaired properly. ok tedu
author: deraadt <> 2014-05-29 21:07:43 +0000
committer: deraadt <> 2014-05-29 21:07:43 +0000
commit: 3d662abca6b2a7f5bc9108b036434d61fcdb6e53 (patch)
tree: d5fe0c330801f3e72c7b588264c6027636db4330
parent: d205a2aecb99564cccfbea61c39ebe3b0ddd7fb7 (diff)
download: openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.gz
openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.bz2
openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.zip
51 files changed, 109 insertions, 93 deletions
diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c
index 3aeb7e54ff..8101f7722d 100644
--- a/src/lib/libcrypto/asn1/a_set.c
+++ b/src/lib/libcrypto/asn1/a_set.c
@@ -121,7 +121,7 @@ i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, i2d_of_void *i2d,
        pStart  = p;    /* Catch the beg of Setblobs*/
        /* In this array we will store the SET blobs */
-        rgSetBlob = malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
+        rgSetBlob = reallocarray(NULL, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB));
        if (rgSetBlob == NULL) {
                ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
                return 0;
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
index f5fc8820f6..cfceabe5a9 100644
--- a/src/lib/libcrypto/asn1/tasn_enc.c
+++ b/src/lib/libcrypto/asn1/tasn_enc.c
@@ -435,7 +435,7 @@ asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen,
                if (sk_ASN1_VALUE_num(sk) < 2)
                        do_sort = 0;
                else {
-                        derlst = malloc(sk_ASN1_VALUE_num(sk) *
+                        derlst = reallocarray(NULL, sk_ASN1_VALUE_num(sk),
                            sizeof(*derlst));
                        tmpdat = malloc(skcontlen);
                        if (!derlst || !tmpdat) {
diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c
index 7407dade50..2368e25183 100644
--- a/src/lib/libcrypto/bn/bn_ctx.c
+++ b/src/lib/libcrypto/bn/bn_ctx.c
@@ -349,8 +349,8 @@ BN_STACK_push(BN_STACK *st, unsigned int idx)
        {
                unsigned int newsize = (st->size ?
                    (st->size * 3 / 2) : BN_CTX_START_FRAMES);
-                unsigned int *newitems = malloc(newsize *
+                unsigned int *newitems = reallocarray(NULL,
-                    sizeof(unsigned int));
+                    newsize, sizeof(unsigned int));
                if (!newitems)
                        return 0;
                if (st->depth)
diff --git a/src/lib/libcrypto/bn/bn_gf2m.c b/src/lib/libcrypto/bn/bn_gf2m.c
index 4000fb8733..4bd50924d3 100644
--- a/src/lib/libcrypto/bn/bn_gf2m.c
+++ b/src/lib/libcrypto/bn/bn_gf2m.c
@@ -547,7 +547,7 @@ BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
        bn_check_top(a);
        bn_check_top(b);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -609,7 +609,7 @@ BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -1037,7 +1037,7 @@ BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
        bn_check_top(a);
        bn_check_top(b);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -1099,7 +1099,7 @@ BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        int *arr = NULL;
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -1234,7 +1234,7 @@ BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c
index a3a96662e8..28489f8181 100644
--- a/src/lib/libcrypto/bn/bn_lib.c
+++ b/src/lib/libcrypto/bn/bn_lib.c
@@ -245,7 +245,7 @@ BN_new(void)
 {
        BIGNUM *ret;
-        if ((ret = (BIGNUM *)malloc(sizeof(BIGNUM))) == NULL) {
+        if ((ret = malloc(sizeof(BIGNUM))) == NULL) {
                BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
                return (NULL);
        }
@@ -278,7 +278,7 @@ bn_expand_internal(const BIGNUM *b, int words)
                    BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
                return (NULL);
        }
-        a = A = (BN_ULONG *)malloc(sizeof(BN_ULONG)*words);
+        a = A = reallocarray(NULL, sizeof(BN_ULONG), words);
        if (A == NULL) {
                BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
                return (NULL);
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c
index 3a0fb25369..ea5fa5c3da 100644
--- a/src/lib/libcrypto/bn/bn_print.c
+++ b/src/lib/libcrypto/bn/bn_print.c
@@ -116,7 +116,7 @@ BN_bn2dec(const BIGNUM *a)
         */
        i = BN_num_bits(a) * 3;
        num = (i / 10 + i / 1000 + 1) + 1;
-        bn_data = (BN_ULONG *)malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
+        bn_data = reallocarray(NULL, num / BN_DEC_NUM + 1, sizeof(BN_ULONG));
        buf = (char *)malloc(num + 3);
        if ((buf == NULL) || (bn_data == NULL)) {
                BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libcrypto/ec/ec_mult.c b/src/lib/libcrypto/ec/ec_mult.c
index c0525c4940..b3bd34d82d 100644
--- a/src/lib/libcrypto/ec/ec_mult.c
+++ b/src/lib/libcrypto/ec/ec_mult.c
@@ -425,11 +425,11 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
        }
        totalnum = num + numblocks;
-        wsize = malloc(totalnum * sizeof wsize[0]);
+        wsize = reallocarray(NULL, totalnum, sizeof wsize[0]);
-        wNAF_len = malloc(totalnum * sizeof wNAF_len[0]);
+        wNAF_len = reallocarray(NULL, totalnum, sizeof wNAF_len[0]);
-        wNAF = malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for
+        /* includes space for pivot */
-                                                         * pivot */
+        wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]);
-        val_sub = malloc(totalnum * sizeof val_sub[0]);
+        val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]);
        if (!wsize || !wNAF_len || !wNAF || !val_sub) {
                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
@@ -573,7 +573,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
         * to a subarray of 'pre_comp->points' if we already have
         * precomputation.
         */
-        val = malloc((num_val + 1) * sizeof val[0]);
+        val = reallocarray(NULL, (num_val + 1), sizeof val[0]);
        if (val == NULL) {
                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
                goto err;
@@ -790,7 +790,7 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
        num = pre_points_per_block * numblocks; /* number of points to
                                                 * compute and store */
-        points = malloc(sizeof(EC_POINT *) * (num + 1));
+        points = reallocarray(NULL, sizeof(EC_POINT *), (num + 1));
        if (!points) {
                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
                goto err;
diff --git a/src/lib/libcrypto/ec/ecp_nistp224.c b/src/lib/libcrypto/ec/ecp_nistp224.c
index 53aced54d5..6e9b9fac3c 100644
--- a/src/lib/libcrypto/ec/ecp_nistp224.c
+++ b/src/lib/libcrypto/ec/ecp_nistp224.c
@@ -1438,7 +1438,8 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
                secrets = calloc(num_points, sizeof(felem_bytearray));
                pre_comp = calloc(num_points, 17 * 3 * sizeof(felem));
                if (mixed)
-                        tmp_felems = malloc((num_points * 17 + 1) * sizeof(felem));
+                        tmp_felems = reallocarray(NULL,
+                            (num_points * 17 + 1), sizeof(felem));
                if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
                        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_MALLOC_FAILURE);
                        goto err;
diff --git a/src/lib/libcrypto/ec/ecp_nistp256.c b/src/lib/libcrypto/ec/ecp_nistp256.c
index df80cc2b8a..b2398e106c 100644
--- a/src/lib/libcrypto/ec/ecp_nistp256.c
+++ b/src/lib/libcrypto/ec/ecp_nistp256.c
@@ -1987,8 +1987,11 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
                }
                secrets = calloc(num_points, sizeof(felem_bytearray));
                pre_comp = calloc(num_points, 17 * 3 * sizeof(smallfelem));
-                if (mixed)
+                if (mixed) {
-                        tmp_smallfelems = malloc((num_points * 17 + 1) * sizeof(smallfelem));
+                        /* XXX should do more int overflow checking */
+                        tmp_smallfelems = reallocarray(NULL,
+                            (num_points * 17 + 1), sizeof(smallfelem));
+                }
                if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) {
                        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
                        goto err;
diff --git a/src/lib/libcrypto/ec/ecp_nistp521.c b/src/lib/libcrypto/ec/ecp_nistp521.c
index 6792c5b71d..083e017cdc 100644
--- a/src/lib/libcrypto/ec/ecp_nistp521.c
+++ b/src/lib/libcrypto/ec/ecp_nistp521.c
@@ -1874,8 +1874,11 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
                }
                secrets = calloc(num_points, sizeof(felem_bytearray));
                pre_comp = calloc(num_points, 17 * 3 * sizeof(felem));
-                if (mixed)
+                if (mixed) {
-                        tmp_felems = malloc((num_points * 17 + 1) * sizeof(felem));
+                        /* XXX should do more int overflow checking */
+                        tmp_felems = reallocarray(NULL,
+                            (num_points * 17 + 1), sizeof(felem));
+                }
                if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
                        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE);
                        goto err;
diff --git a/src/lib/libcrypto/ec/ecp_smpl.c b/src/lib/libcrypto/ec/ecp_smpl.c
index b87410120d..46783a47a8 100644
--- a/src/lib/libcrypto/ec/ecp_smpl.c
+++ b/src/lib/libcrypto/ec/ecp_smpl.c
@@ -1257,7 +1257,7 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT *
         */
        pow2 <<= 1;
-        heap = malloc(pow2 * sizeof heap[0]);
+        heap = reallocarray(NULL, pow2, sizeof heap[0]);
        if (heap == NULL)
                goto err;
diff --git a/src/lib/libcrypto/engine/eng_rsax.c b/src/lib/libcrypto/engine/eng_rsax.c
index 1b15b6f1a3..0f8e1cd498 100644
--- a/src/lib/libcrypto/engine/eng_rsax.c
+++ b/src/lib/libcrypto/engine/eng_rsax.c
@@ -268,7 +268,7 @@ static E_RSAX_MOD_CTX *e_rsax_get_ctx(RSA *rsa, int idx, BIGNUM* m)
        hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx);
        if (!hptr) {
-            hptr = malloc(3*sizeof(E_RSAX_MOD_CTX));
+            hptr = reallocarray(NULL, 3, sizeof(E_RSAX_MOD_CTX));
            if (!hptr) return NULL;
            hptr[2].type = hptr[1].type= hptr[0].type = 0;
            RSA_set_ex_data(rsa, rsax_ex_data_idx, hptr);
diff --git a/src/lib/libcrypto/ex_data.c b/src/lib/libcrypto/ex_data.c
index d8d25d320e..5cd01c72d1 100644
--- a/src/lib/libcrypto/ex_data.c
+++ b/src/lib/libcrypto/ex_data.c
@@ -424,7 +424,7 @@ int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
        if (mx > 0) {
-                storage = malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+                storage = reallocarray(NULL, mx, sizeof(CRYPTO_EX_DATA_FUNCS*));
                if (!storage)
                        goto skip;
                for (i = 0; i < mx; i++)
@@ -468,7 +468,7 @@ int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from)
        if (j < mx)
                mx = j;
        if (mx > 0) {
-                storage = malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+                storage = reallocarray(NULL, mx, sizeof(CRYPTO_EX_DATA_FUNCS*));
                if (!storage)
                        goto skip;
                for (i = 0; i < mx; i++)
@@ -505,7 +505,7 @@ int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
        if (mx > 0) {
-                storage = malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+                storage = reallocarray(NULL, mx, sizeof(CRYPTO_EX_DATA_FUNCS*));
                if (!storage)
                        goto skip;
                for (i = 0; i < mx; i++)
diff --git a/src/lib/libcrypto/lhash/lhash.c b/src/lib/libcrypto/lhash/lhash.c
index ad24a7726b..e75a43f506 100644
--- a/src/lib/libcrypto/lhash/lhash.c
+++ b/src/lib/libcrypto/lhash/lhash.c
@@ -119,7 +119,7 @@ lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
        if ((ret = malloc(sizeof(_LHASH))) == NULL)
                goto err0;
-        if ((ret->b = malloc(sizeof(LHASH_NODE *) * MIN_NODES)) == NULL)
+        if ((ret->b = reallocarray(NULL, sizeof(LHASH_NODE *), MIN_NODES)) == NULL)
                goto err1;
        for (i = 0; i < MIN_NODES; i++)
                ret->b[i] = NULL;
diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c
index 196d3ab0a7..169b8ae87d 100644
--- a/src/lib/libcrypto/objects/o_names.c
+++ b/src/lib/libcrypto/objects/o_names.c
@@ -292,7 +292,8 @@ OBJ_NAME_do_all_sorted(int type, void (*fn)(const OBJ_NAME *, void *arg),
        int n;
        d.type = type;
-        d.names = malloc(lh_OBJ_NAME_num_items(names_lh)*sizeof *d.names);
+        d.names = reallocarray(NULL, lh_OBJ_NAME_num_items(names_lh),
+            sizeof *d.names);
        d.n = 0;
        OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
diff --git a/src/lib/libcrypto/objects/obj_xref.c b/src/lib/libcrypto/objects/obj_xref.c
index 25aed74ff1..8e9128efc4 100644
--- a/src/lib/libcrypto/objects/obj_xref.c
+++ b/src/lib/libcrypto/objects/obj_xref.c
@@ -164,7 +164,7 @@ OBJ_add_sigid(int signid, int dig_id, int pkey_id)
                sigx_app = sk_nid_triple_new(sigx_cmp);
        if (!sigx_app)
                return 0;
-        ntr = malloc(sizeof(int) * 3);
+        ntr = reallocarray(NULL, sizeof(int), 3);
        if (!ntr)
                return 0;
        ntr->sign_id = signid;
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index 58d2bfbee9..945262f019 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -605,7 +605,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                        goto err;
        }
-        buf = malloc(PEM_BUFSIZE * 8);
+        buf = reallocarray(NULL, PEM_BUFSIZE, 8);
        if (buf == NULL) {
                reason = ERR_R_MALLOC_FAILURE;
                goto err;
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c
index 92b70157cd..a7b9379223 100644
--- a/src/lib/libcrypto/pem/pem_seal.c
+++ b/src/lib/libcrypto/pem/pem_seal.c
@@ -85,7 +85,7 @@ PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
                if (j > max)
                        max = j;
        }
-        s = (char *)malloc(max*2);
+        s = (char *)reallocarray(NULL, max, 2);
        if (s == NULL) {
                PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE);
                goto err;
@@ -159,7 +159,7 @@ PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
        i = RSA_size(priv->pkey.rsa);
        if (i < 100)
                i = 100;
-        s = (unsigned char *)malloc(i*2);
+        s = reallocarray(NULL, i, 2);
        if (s == NULL) {
                PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE);
                goto err;
diff --git a/src/lib/libcrypto/srp/srp_lib.c b/src/lib/libcrypto/srp/srp_lib.c
index a3a67eda2e..77e2c2c2f2 100644
--- a/src/lib/libcrypto/srp/srp_lib.c
+++ b/src/lib/libcrypto/srp/srp_lib.c
@@ -121,7 +121,7 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
        longN= BN_num_bytes(N);
-        if ((cAB = malloc(2*longN)) == NULL) 
+        if ((cAB = reallocarray(NULL, 2, longN)) == NULL) 
                return NULL;
        memset(cAB, 0, longN);
diff --git a/src/lib/libcrypto/srp/srp_vfy.c b/src/lib/libcrypto/srp/srp_vfy.c
index de7dbe5bbd..6ad80ef992 100644
--- a/src/lib/libcrypto/srp/srp_vfy.c
+++ b/src/lib/libcrypto/srp/srp_vfy.c
@@ -573,7 +573,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
        if(!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) goto err;
        BN_bn2bin(v,tmp);
-        if (((vf = malloc(BN_num_bytes(v)*2)) == NULL))
+        if (((vf = reallocarray(NULL, BN_num_bytes(v), 2)) == NULL))
                goto err;
        t_tob64(vf, tmp, BN_num_bytes(v));
@@ -582,7 +582,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
                {
                char *tmp_salt;
-                if ((tmp_salt = malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
+                if ((tmp_salt = reallocarray(NULL, SRP_RANDOM_SALT_LEN, 2)) == NULL)
                        {
                        free(vf);
                        goto err;
diff --git a/src/lib/libcrypto/txt_db/txt_db.c b/src/lib/libcrypto/txt_db/txt_db.c
index a2afa3df23..0f3a7ffbb3 100644
--- a/src/lib/libcrypto/txt_db/txt_db.c
+++ b/src/lib/libcrypto/txt_db/txt_db.c
@@ -94,9 +94,9 @@ TXT_DB_read(BIO *in, int num)
        ret->qual = NULL;
        if ((ret->data = sk_OPENSSL_PSTRING_new_null()) == NULL)
                goto err;
-        if ((ret->index = malloc(sizeof(*ret->index)*num)) == NULL)
+        if ((ret->index = reallocarray(NULL, sizeof(*ret->index), num)) == NULL)
                goto err;
-        if ((ret->qual = malloc(sizeof(*(ret->qual))*num)) == NULL)
+        if ((ret->qual = reallocarray(NULL, sizeof(*(ret->qual)), num)) == NULL)
                goto err;
        for (i = 0; i < num; i++) {
                ret->index[i] = NULL;
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c
index b5f67b5a97..23172fdb8e 100644
--- a/src/lib/libcrypto/x509/x509spki.c
+++ b/src/lib/libcrypto/x509/x509spki.c
@@ -115,7 +115,7 @@ NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
        int der_len;
        der_len = i2d_NETSCAPE_SPKI(spki, NULL);
        der_spki = malloc(der_len);
-        b64_str = malloc(der_len * 2);
+        b64_str = reallocarray(NULL, der_len, 2);
        if (!der_spki || !b64_str) {
                X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
                free(der_spki);
diff --git a/src/lib/libcrypto/x509v3/pcy_tree.c b/src/lib/libcrypto/x509v3/pcy_tree.c
index ebc4809371..080a87d674 100644
--- a/src/lib/libcrypto/x509v3/pcy_tree.c
+++ b/src/lib/libcrypto/x509v3/pcy_tree.c
@@ -220,7 +220,7 @@ tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, unsigned int flags)
                return 0;
        tree->flags = 0;
-        tree->levels = malloc(sizeof(X509_POLICY_LEVEL) * n);
+        tree->levels = reallocarray(NULL, sizeof(X509_POLICY_LEVEL), n);
        tree->nlevel = 0;
        tree->extra_data = NULL;
        tree->auth_policies = NULL;
diff --git a/src/lib/libssl/src/apps/apps.c b/src/lib/libssl/src/apps/apps.c
index 6d1faab482..a5ffee3e5f 100644
--- a/src/lib/libssl/src/apps/apps.c
+++ b/src/lib/libssl/src/apps/apps.c
@@ -214,7 +214,7 @@ chopup_args(ARGS *arg, char *buf, int *argc, char **argv[])
        i = 0;
        if (arg->count == 0) {
                arg->count = 20;
-                arg->data = (char **)malloc(sizeof(char *) * arg->count);
+                arg->data = reallocarray(NULL, sizeof(char *), arg->count);
        }
        for (i = 0; i < arg->count; i++)
                arg->data[i] = NULL;
@@ -1838,9 +1838,9 @@ parse_name(char *subject, long chtype, int multirdn)
                                                 * only become shorter */
        char *buf = malloc(buflen);
        size_t max_ne = buflen / 2 + 1; /* maximum number of name elements */
-        char **ne_types = malloc(max_ne * sizeof(char *));
+        char **ne_types = reallocarray(NULL, max_ne, sizeof(char *));
-        char **ne_values = malloc(max_ne * sizeof(char *));
+        char **ne_values = reallocarray(NULL, max_ne, sizeof(char *));
-        int *mval = malloc(max_ne * sizeof(int));
+        int *mval = reallocarray(NULL, max_ne, sizeof(int));
        char *sp = subject, *bp = buf;
        int i, ne_num = 0;
diff --git a/src/lib/libssl/src/apps/ca.c b/src/lib/libssl/src/apps/ca.c
index 87b5dd1511..89c4f84613 100644
--- a/src/lib/libssl/src/apps/ca.c
+++ b/src/lib/libssl/src/apps/ca.c
@@ -1974,7 +1974,7 @@ again2:
        row[DB_type][0] = 'V';
        row[DB_type][1] = '\0';
-        if ((irow = (char **)malloc(sizeof(char *) * (DB_NUMBER + 1))) ==
+        if ((irow = reallocarray(NULL, sizeof(char *), (DB_NUMBER + 1))) ==
            NULL) {
                BIO_printf(bio_err, "Memory allocation failure\n");
                goto err;
@@ -2238,7 +2238,7 @@ do_revoke(X509 * x509, CA_DB * db, int type, char *value)
                row[DB_type][0] = 'V';
                row[DB_type][1] = '\0';
-                if ((irow = (char **)malloc(sizeof(char *) *
+                if ((irow = reallocarray(NULL, sizeof(char *),
                    (DB_NUMBER + 1))) == NULL) {
                        BIO_printf(bio_err, "Memory allocation failure\n");
                        goto err;
diff --git a/src/lib/libssl/src/apps/ecparam.c b/src/lib/libssl/src/apps/ecparam.c
index 46c23a22d1..29eaf9ba1a 100644
--- a/src/lib/libssl/src/apps/ecparam.c
+++ b/src/lib/libssl/src/apps/ecparam.c
@@ -308,7 +308,7 @@ bad:
                crv_len = EC_get_builtin_curves(NULL, 0);
-                curves = malloc((int) (sizeof(EC_builtin_curve) * crv_len));
+                curves = reallocarray(NULL, sizeof(EC_builtin_curve), crv_len);
                if (curves == NULL)
                        goto end;
diff --git a/src/lib/libssl/src/apps/rsautl.c b/src/lib/libssl/src/apps/rsautl.c
index 08d28a496b..0e4cae5ffc 100644
--- a/src/lib/libssl/src/apps/rsautl.c
+++ b/src/lib/libssl/src/apps/rsautl.c
@@ -253,7 +253,7 @@ rsautl_main(int argc, char **argv)
        keysize = RSA_size(rsa);
-        rsa_in = malloc(keysize * 2);
+        rsa_in = reallocarray(NULL, keysize, 2);
        rsa_out = malloc(keysize);
        /* Read the input data */
diff --git a/src/lib/libssl/src/apps/speed.c b/src/lib/libssl/src/apps/speed.c
index d7e212178a..da8c3b3196 100644
--- a/src/lib/libssl/src/apps/speed.c
+++ b/src/lib/libssl/src/apps/speed.c
@@ -2106,7 +2106,7 @@ do_multi(int multi)
        int *fds;
        static char sep[] = ":";
-        fds = malloc(multi * sizeof *fds);
+        fds = reallocarray(NULL, multi, sizeof *fds);
        for (n = 0; n < multi; ++n) {
                if (pipe(fd) == -1) {
                        fprintf(stderr, "pipe failure\n");
diff --git a/src/lib/libssl/src/crypto/asn1/a_set.c b/src/lib/libssl/src/crypto/asn1/a_set.c
index 3aeb7e54ff..8101f7722d 100644
--- a/src/lib/libssl/src/crypto/asn1/a_set.c
+++ b/src/lib/libssl/src/crypto/asn1/a_set.c
@@ -121,7 +121,7 @@ i2d_ASN1_SET(STACK_OF(OPENSSL_BLOCK) *a, unsigned char **pp, i2d_of_void *i2d,
        pStart  = p;    /* Catch the beg of Setblobs*/
        /* In this array we will store the SET blobs */
-        rgSetBlob = malloc(sk_OPENSSL_BLOCK_num(a) * sizeof(MYBLOB));
+        rgSetBlob = reallocarray(NULL, sk_OPENSSL_BLOCK_num(a), sizeof(MYBLOB));
        if (rgSetBlob == NULL) {
                ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
                return 0;
diff --git a/src/lib/libssl/src/crypto/asn1/tasn_enc.c b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
index f5fc8820f6..cfceabe5a9 100644
--- a/src/lib/libssl/src/crypto/asn1/tasn_enc.c
+++ b/src/lib/libssl/src/crypto/asn1/tasn_enc.c
@@ -435,7 +435,7 @@ asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen,
                if (sk_ASN1_VALUE_num(sk) < 2)
                        do_sort = 0;
                else {
-                        derlst = malloc(sk_ASN1_VALUE_num(sk) *
+                        derlst = reallocarray(NULL, sk_ASN1_VALUE_num(sk),
                            sizeof(*derlst));
                        tmpdat = malloc(skcontlen);
                        if (!derlst || !tmpdat) {
diff --git a/src/lib/libssl/src/crypto/bn/bn_ctx.c b/src/lib/libssl/src/crypto/bn/bn_ctx.c
index 7407dade50..2368e25183 100644
--- a/src/lib/libssl/src/crypto/bn/bn_ctx.c
+++ b/src/lib/libssl/src/crypto/bn/bn_ctx.c
@@ -349,8 +349,8 @@ BN_STACK_push(BN_STACK *st, unsigned int idx)
        {
                unsigned int newsize = (st->size ?
                    (st->size * 3 / 2) : BN_CTX_START_FRAMES);
-                unsigned int *newitems = malloc(newsize *
+                unsigned int *newitems = reallocarray(NULL,
-                    sizeof(unsigned int));
+                    newsize, sizeof(unsigned int));
                if (!newitems)
                        return 0;
                if (st->depth)
diff --git a/src/lib/libssl/src/crypto/bn/bn_gf2m.c b/src/lib/libssl/src/crypto/bn/bn_gf2m.c
index 4000fb8733..4bd50924d3 100644
--- a/src/lib/libssl/src/crypto/bn/bn_gf2m.c
+++ b/src/lib/libssl/src/crypto/bn/bn_gf2m.c
@@ -547,7 +547,7 @@ BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
        bn_check_top(a);
        bn_check_top(b);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -609,7 +609,7 @@ BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -1037,7 +1037,7 @@ BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p,
        bn_check_top(a);
        bn_check_top(b);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -1099,7 +1099,7 @@ BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        int *arr = NULL;
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
@@ -1234,7 +1234,7 @@ BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        bn_check_top(a);
        bn_check_top(p);
-        if ((arr = (int *)malloc(sizeof(int) * max)) == NULL)
+        if ((arr = reallocarray(NULL, sizeof(int), max)) == NULL)
                goto err;
        ret = BN_GF2m_poly2arr(p, arr, max);
        if (!ret || ret > max) {
diff --git a/src/lib/libssl/src/crypto/bn/bn_lib.c b/src/lib/libssl/src/crypto/bn/bn_lib.c
index a3a96662e8..28489f8181 100644
--- a/src/lib/libssl/src/crypto/bn/bn_lib.c
+++ b/src/lib/libssl/src/crypto/bn/bn_lib.c
@@ -245,7 +245,7 @@ BN_new(void)
 {
        BIGNUM *ret;
-        if ((ret = (BIGNUM *)malloc(sizeof(BIGNUM))) == NULL) {
+        if ((ret = malloc(sizeof(BIGNUM))) == NULL) {
                BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
                return (NULL);
        }
@@ -278,7 +278,7 @@ bn_expand_internal(const BIGNUM *b, int words)
                    BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
                return (NULL);
        }
-        a = A = (BN_ULONG *)malloc(sizeof(BN_ULONG)*words);
+        a = A = reallocarray(NULL, sizeof(BN_ULONG), words);
        if (A == NULL) {
                BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
                return (NULL);
diff --git a/src/lib/libssl/src/crypto/bn/bn_print.c b/src/lib/libssl/src/crypto/bn/bn_print.c
index 3a0fb25369..ea5fa5c3da 100644
--- a/src/lib/libssl/src/crypto/bn/bn_print.c
+++ b/src/lib/libssl/src/crypto/bn/bn_print.c
@@ -116,7 +116,7 @@ BN_bn2dec(const BIGNUM *a)
         */
        i = BN_num_bits(a) * 3;
        num = (i / 10 + i / 1000 + 1) + 1;
-        bn_data = (BN_ULONG *)malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
+        bn_data = reallocarray(NULL, num / BN_DEC_NUM + 1, sizeof(BN_ULONG));
        buf = (char *)malloc(num + 3);
        if ((buf == NULL) || (bn_data == NULL)) {
                BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
diff --git a/src/lib/libssl/src/crypto/ec/ec_mult.c b/src/lib/libssl/src/crypto/ec/ec_mult.c
index c0525c4940..b3bd34d82d 100644
--- a/src/lib/libssl/src/crypto/ec/ec_mult.c
+++ b/src/lib/libssl/src/crypto/ec/ec_mult.c
@@ -425,11 +425,11 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
        }
        totalnum = num + numblocks;
-        wsize = malloc(totalnum * sizeof wsize[0]);
+        wsize = reallocarray(NULL, totalnum, sizeof wsize[0]);
-        wNAF_len = malloc(totalnum * sizeof wNAF_len[0]);
+        wNAF_len = reallocarray(NULL, totalnum, sizeof wNAF_len[0]);
-        wNAF = malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for
+        /* includes space for pivot */
-                                                         * pivot */
+        wNAF = reallocarray(NULL, (totalnum + 1), sizeof wNAF[0]);
-        val_sub = malloc(totalnum * sizeof val_sub[0]);
+        val_sub = reallocarray(NULL, totalnum, sizeof val_sub[0]);
        if (!wsize || !wNAF_len || !wNAF || !val_sub) {
                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
@@ -573,7 +573,7 @@ ec_wNAF_mul(const EC_GROUP * group, EC_POINT * r, const BIGNUM * scalar,
         * to a subarray of 'pre_comp->points' if we already have
         * precomputation.
         */
-        val = malloc((num_val + 1) * sizeof val[0]);
+        val = reallocarray(NULL, (num_val + 1), sizeof val[0]);
        if (val == NULL) {
                ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
                goto err;
@@ -790,7 +790,7 @@ ec_wNAF_precompute_mult(EC_GROUP * group, BN_CTX * ctx)
        num = pre_points_per_block * numblocks; /* number of points to
                                                 * compute and store */
-        points = malloc(sizeof(EC_POINT *) * (num + 1));
+        points = reallocarray(NULL, sizeof(EC_POINT *), (num + 1));
        if (!points) {
                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
                goto err;
diff --git a/src/lib/libssl/src/crypto/ec/ecp_nistp224.c b/src/lib/libssl/src/crypto/ec/ecp_nistp224.c
index 53aced54d5..6e9b9fac3c 100644
--- a/src/lib/libssl/src/crypto/ec/ecp_nistp224.c
+++ b/src/lib/libssl/src/crypto/ec/ecp_nistp224.c
@@ -1438,7 +1438,8 @@ ec_GFp_nistp224_points_mul(const EC_GROUP * group, EC_POINT * r,
                secrets = calloc(num_points, sizeof(felem_bytearray));
                pre_comp = calloc(num_points, 17 * 3 * sizeof(felem));
                if (mixed)
-                        tmp_felems = malloc((num_points * 17 + 1) * sizeof(felem));
+                        tmp_felems = reallocarray(NULL,
+                            (num_points * 17 + 1), sizeof(felem));
                if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
                        ECerr(EC_F_EC_GFP_NISTP224_POINTS_MUL, ERR_R_MALLOC_FAILURE);
                        goto err;
diff --git a/src/lib/libssl/src/crypto/ec/ecp_nistp256.c b/src/lib/libssl/src/crypto/ec/ecp_nistp256.c
index df80cc2b8a..b2398e106c 100644
--- a/src/lib/libssl/src/crypto/ec/ecp_nistp256.c
+++ b/src/lib/libssl/src/crypto/ec/ecp_nistp256.c
@@ -1987,8 +1987,11 @@ ec_GFp_nistp256_points_mul(const EC_GROUP * group, EC_POINT * r,
                }
                secrets = calloc(num_points, sizeof(felem_bytearray));
                pre_comp = calloc(num_points, 17 * 3 * sizeof(smallfelem));
-                if (mixed)
+                if (mixed) {
-                        tmp_smallfelems = malloc((num_points * 17 + 1) * sizeof(smallfelem));
+                        /* XXX should do more int overflow checking */
+                        tmp_smallfelems = reallocarray(NULL,
+                            (num_points * 17 + 1), sizeof(smallfelem));
+                }
                if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_smallfelems == NULL))) {
                        ECerr(EC_F_EC_GFP_NISTP256_POINTS_MUL, ERR_R_MALLOC_FAILURE);
                        goto err;
diff --git a/src/lib/libssl/src/crypto/ec/ecp_nistp521.c b/src/lib/libssl/src/crypto/ec/ecp_nistp521.c
index 6792c5b71d..083e017cdc 100644
--- a/src/lib/libssl/src/crypto/ec/ecp_nistp521.c
+++ b/src/lib/libssl/src/crypto/ec/ecp_nistp521.c
@@ -1874,8 +1874,11 @@ ec_GFp_nistp521_points_mul(const EC_GROUP * group, EC_POINT * r,
                }
                secrets = calloc(num_points, sizeof(felem_bytearray));
                pre_comp = calloc(num_points, 17 * 3 * sizeof(felem));
-                if (mixed)
+                if (mixed) {
-                        tmp_felems = malloc((num_points * 17 + 1) * sizeof(felem));
+                        /* XXX should do more int overflow checking */
+                        tmp_felems = reallocarray(NULL,
+                            (num_points * 17 + 1), sizeof(felem));
+                }
                if ((secrets == NULL) || (pre_comp == NULL) || (mixed && (tmp_felems == NULL))) {
                        ECerr(EC_F_EC_GFP_NISTP521_POINTS_MUL, ERR_R_MALLOC_FAILURE);
                        goto err;
diff --git a/src/lib/libssl/src/crypto/ec/ecp_smpl.c b/src/lib/libssl/src/crypto/ec/ecp_smpl.c
index b87410120d..46783a47a8 100644
--- a/src/lib/libssl/src/crypto/ec/ecp_smpl.c
+++ b/src/lib/libssl/src/crypto/ec/ecp_smpl.c
@@ -1257,7 +1257,7 @@ ec_GFp_simple_points_make_affine(const EC_GROUP * group, size_t num, EC_POINT *
         */
        pow2 <<= 1;
-        heap = malloc(pow2 * sizeof heap[0]);
+        heap = reallocarray(NULL, pow2, sizeof heap[0]);
        if (heap == NULL)
                goto err;
diff --git a/src/lib/libssl/src/crypto/engine/eng_rsax.c b/src/lib/libssl/src/crypto/engine/eng_rsax.c
index 1b15b6f1a3..0f8e1cd498 100644
--- a/src/lib/libssl/src/crypto/engine/eng_rsax.c
+++ b/src/lib/libssl/src/crypto/engine/eng_rsax.c
@@ -268,7 +268,7 @@ static E_RSAX_MOD_CTX *e_rsax_get_ctx(RSA *rsa, int idx, BIGNUM* m)
        hptr = RSA_get_ex_data(rsa, rsax_ex_data_idx);
        if (!hptr) {
-            hptr = malloc(3*sizeof(E_RSAX_MOD_CTX));
+            hptr = reallocarray(NULL, 3, sizeof(E_RSAX_MOD_CTX));
            if (!hptr) return NULL;
            hptr[2].type = hptr[1].type= hptr[0].type = 0;
            RSA_set_ex_data(rsa, rsax_ex_data_idx, hptr);
diff --git a/src/lib/libssl/src/crypto/ex_data.c b/src/lib/libssl/src/crypto/ex_data.c
index d8d25d320e..5cd01c72d1 100644
--- a/src/lib/libssl/src/crypto/ex_data.c
+++ b/src/lib/libssl/src/crypto/ex_data.c
@@ -424,7 +424,7 @@ int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
        if (mx > 0) {
-                storage = malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+                storage = reallocarray(NULL, mx, sizeof(CRYPTO_EX_DATA_FUNCS*));
                if (!storage)
                        goto skip;
                for (i = 0; i < mx; i++)
@@ -468,7 +468,7 @@ int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from)
        if (j < mx)
                mx = j;
        if (mx > 0) {
-                storage = malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+                storage = reallocarray(NULL, mx, sizeof(CRYPTO_EX_DATA_FUNCS*));
                if (!storage)
                        goto skip;
                for (i = 0; i < mx; i++)
@@ -505,7 +505,7 @@ int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
        if (mx > 0) {
-                storage = malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
+                storage = reallocarray(NULL, mx, sizeof(CRYPTO_EX_DATA_FUNCS*));
                if (!storage)
                        goto skip;
                for (i = 0; i < mx; i++)
diff --git a/src/lib/libssl/src/crypto/lhash/lhash.c b/src/lib/libssl/src/crypto/lhash/lhash.c
index ad24a7726b..e75a43f506 100644
--- a/src/lib/libssl/src/crypto/lhash/lhash.c
+++ b/src/lib/libssl/src/crypto/lhash/lhash.c
@@ -119,7 +119,7 @@ lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
        if ((ret = malloc(sizeof(_LHASH))) == NULL)
                goto err0;
-        if ((ret->b = malloc(sizeof(LHASH_NODE *) * MIN_NODES)) == NULL)
+        if ((ret->b = reallocarray(NULL, sizeof(LHASH_NODE *), MIN_NODES)) == NULL)
                goto err1;
        for (i = 0; i < MIN_NODES; i++)
                ret->b[i] = NULL;
diff --git a/src/lib/libssl/src/crypto/objects/o_names.c b/src/lib/libssl/src/crypto/objects/o_names.c
index 196d3ab0a7..169b8ae87d 100644
--- a/src/lib/libssl/src/crypto/objects/o_names.c
+++ b/src/lib/libssl/src/crypto/objects/o_names.c
@@ -292,7 +292,8 @@ OBJ_NAME_do_all_sorted(int type, void (*fn)(const OBJ_NAME *, void *arg),
        int n;
        d.type = type;
-        d.names = malloc(lh_OBJ_NAME_num_items(names_lh)*sizeof *d.names);
+        d.names = reallocarray(NULL, lh_OBJ_NAME_num_items(names_lh),
+            sizeof *d.names);
        d.n = 0;
        OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
diff --git a/src/lib/libssl/src/crypto/objects/obj_xref.c b/src/lib/libssl/src/crypto/objects/obj_xref.c
index 25aed74ff1..8e9128efc4 100644
--- a/src/lib/libssl/src/crypto/objects/obj_xref.c
+++ b/src/lib/libssl/src/crypto/objects/obj_xref.c
@@ -164,7 +164,7 @@ OBJ_add_sigid(int signid, int dig_id, int pkey_id)
                sigx_app = sk_nid_triple_new(sigx_cmp);
        if (!sigx_app)
                return 0;
-        ntr = malloc(sizeof(int) * 3);
+        ntr = reallocarray(NULL, sizeof(int), 3);
        if (!ntr)
                return 0;
        ntr->sign_id = signid;
diff --git a/src/lib/libssl/src/crypto/pem/pem_lib.c b/src/lib/libssl/src/crypto/pem/pem_lib.c
index 58d2bfbee9..945262f019 100644
--- a/src/lib/libssl/src/crypto/pem/pem_lib.c
+++ b/src/lib/libssl/src/crypto/pem/pem_lib.c
@@ -605,7 +605,7 @@ PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
                        goto err;
        }
-        buf = malloc(PEM_BUFSIZE * 8);
+        buf = reallocarray(NULL, PEM_BUFSIZE, 8);
        if (buf == NULL) {
                reason = ERR_R_MALLOC_FAILURE;
                goto err;
diff --git a/src/lib/libssl/src/crypto/pem/pem_seal.c b/src/lib/libssl/src/crypto/pem/pem_seal.c
index 92b70157cd..a7b9379223 100644
--- a/src/lib/libssl/src/crypto/pem/pem_seal.c
+++ b/src/lib/libssl/src/crypto/pem/pem_seal.c
@@ -85,7 +85,7 @@ PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
                if (j > max)
                        max = j;
        }
-        s = (char *)malloc(max*2);
+        s = (char *)reallocarray(NULL, max, 2);
        if (s == NULL) {
                PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE);
                goto err;
@@ -159,7 +159,7 @@ PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
        i = RSA_size(priv->pkey.rsa);
        if (i < 100)
                i = 100;
-        s = (unsigned char *)malloc(i*2);
+        s = reallocarray(NULL, i, 2);
        if (s == NULL) {
                PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE);
                goto err;
diff --git a/src/lib/libssl/src/crypto/srp/srp_lib.c b/src/lib/libssl/src/crypto/srp/srp_lib.c
index a3a67eda2e..77e2c2c2f2 100644
--- a/src/lib/libssl/src/crypto/srp/srp_lib.c
+++ b/src/lib/libssl/src/crypto/srp/srp_lib.c
@@ -121,7 +121,7 @@ BIGNUM *SRP_Calc_u(BIGNUM *A, BIGNUM *B, BIGNUM *N)
        longN= BN_num_bytes(N);
-        if ((cAB = malloc(2*longN)) == NULL) 
+        if ((cAB = reallocarray(NULL, 2, longN)) == NULL) 
                return NULL;
        memset(cAB, 0, longN);
diff --git a/src/lib/libssl/src/crypto/srp/srp_vfy.c b/src/lib/libssl/src/crypto/srp/srp_vfy.c
index de7dbe5bbd..6ad80ef992 100644
--- a/src/lib/libssl/src/crypto/srp/srp_vfy.c
+++ b/src/lib/libssl/src/crypto/srp/srp_vfy.c
@@ -573,7 +573,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
        if(!SRP_create_verifier_BN(user, pass, &s, &v, N_bn, g_bn)) goto err;
        BN_bn2bin(v,tmp);
-        if (((vf = malloc(BN_num_bytes(v)*2)) == NULL))
+        if (((vf = reallocarray(NULL, BN_num_bytes(v), 2)) == NULL))
                goto err;
        t_tob64(vf, tmp, BN_num_bytes(v));
@@ -582,7 +582,7 @@ char *SRP_create_verifier(const char *user, const char *pass, char **salt,
                {
                char *tmp_salt;
-                if ((tmp_salt = malloc(SRP_RANDOM_SALT_LEN * 2)) == NULL)
+                if ((tmp_salt = reallocarray(NULL, SRP_RANDOM_SALT_LEN, 2)) == NULL)
                        {
                        free(vf);
                        goto err;
diff --git a/src/lib/libssl/src/crypto/txt_db/txt_db.c b/src/lib/libssl/src/crypto/txt_db/txt_db.c
index a2afa3df23..0f3a7ffbb3 100644
--- a/src/lib/libssl/src/crypto/txt_db/txt_db.c
+++ b/src/lib/libssl/src/crypto/txt_db/txt_db.c
@@ -94,9 +94,9 @@ TXT_DB_read(BIO *in, int num)
        ret->qual = NULL;
        if ((ret->data = sk_OPENSSL_PSTRING_new_null()) == NULL)
                goto err;
-        if ((ret->index = malloc(sizeof(*ret->index)*num)) == NULL)
+        if ((ret->index = reallocarray(NULL, sizeof(*ret->index), num)) == NULL)
                goto err;
-        if ((ret->qual = malloc(sizeof(*(ret->qual))*num)) == NULL)
+        if ((ret->qual = reallocarray(NULL, sizeof(*(ret->qual)), num)) == NULL)
                goto err;
        for (i = 0; i < num; i++) {
                ret->index[i] = NULL;
diff --git a/src/lib/libssl/src/crypto/x509/x509spki.c b/src/lib/libssl/src/crypto/x509/x509spki.c
index b5f67b5a97..23172fdb8e 100644
--- a/src/lib/libssl/src/crypto/x509/x509spki.c
+++ b/src/lib/libssl/src/crypto/x509/x509spki.c
@@ -115,7 +115,7 @@ NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
        int der_len;
        der_len = i2d_NETSCAPE_SPKI(spki, NULL);
        der_spki = malloc(der_len);
-        b64_str = malloc(der_len * 2);
+        b64_str = reallocarray(NULL, der_len, 2);
        if (!der_spki || !b64_str) {
                X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
                free(der_spki);
diff --git a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
index ebc4809371..080a87d674 100644
--- a/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
+++ b/src/lib/libssl/src/crypto/x509v3/pcy_tree.c
@@ -220,7 +220,7 @@ tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs, unsigned int flags)
                return 0;
        tree->flags = 0;
-        tree->levels = malloc(sizeof(X509_POLICY_LEVEL) * n);
+        tree->levels = reallocarray(NULL, sizeof(X509_POLICY_LEVEL), n);
        tree->nlevel = 0;
        tree->extra_data = NULL;
        tree->auth_policies = NULL;
author	deraadt <>	2014-05-29 21:07:43 +0000
committer	deraadt <>	2014-05-29 21:07:43 +0000
commit	3d662abca6b2a7f5bc9108b036434d61fcdb6e53 (patch)
tree	d5fe0c330801f3e72c7b588264c6027636db4330
parent	d205a2aecb99564cccfbea61c39ebe3b0ddd7fb7 (diff)
download	openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.gz openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.tar.bz2 openbsd-3d662abca6b2a7f5bc9108b036434d61fcdb6e53.zip