Commit 226438fcb5 for openssl.org

commit 226438fcb5f953cd32062dac5f5b8c5960e2efc0
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date:   Mon Feb 23 15:52:01 2026 +0100

    ssl/ech/ech_store.c: use OPENSSL_malloc_array() in ech_decode_one_entry()

    Use OPENSSL_malloc_array() for ee->suites array allocation, as it is more
    semantically sound and performs a size overflow check.

    Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

    Reviewed-by: Matt Caswell <matt@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    MergeDate: Wed Feb 25 11:20:15 2026
    (Merged from https://github.com/openssl/openssl/pull/30146)

diff --git a/ssl/ech/ech_store.c b/ssl/ech/ech_store.c
index b327f000f3..67199bc0b4 100644
--- a/ssl/ech/ech_store.c
+++ b/ssl/ech/ech_store.c
@@ -364,7 +364,7 @@ static int ech_decode_one_entry(OSSL_ECHSTORE_ENTRY **rent, PACKET *pkt,
     }
     thiskemid = (uint16_t)tmpi;
     ee->nsuites = (unsigned int)(suiteoctets / OSSL_ECH_CIPHER_LEN);
-    ee->suites = OPENSSL_malloc(ee->nsuites * sizeof(*ee->suites));
+    ee->suites = OPENSSL_malloc_array(ee->nsuites, sizeof(*ee->suites));
     if (ee->suites == NULL)
         goto err;
     while (PACKET_copy_bytes(&cipher_suites, cipher,