diff --git a/lib/hcrypto/hmac.c b/lib/hcrypto/hmac.c
index adccee76b..b646d5612 100644
--- a/lib/hcrypto/hmac.c
+++ b/lib/hcrypto/hmac.c
@@ -113,9 +113,10 @@ HMAC_Init_ex(HMAC_CTX *ctx,
             ctx->ipad = malloc(blockSize);
         if (ctx->ipad)
             ctx->ctx = EVP_MD_CTX_create();
-        if (!ctx->buf || !ctx->opad || !ctx->ipad || !ctx->ctx)
-            return 0;
     }
+    /* We do this check here to quiet scan-build */
+    if (!ctx->buf || !ctx->opad || !ctx->ipad || !ctx->ctx)
+	return 0;
 #if 0
     ctx->engine = engine;
 #endif
diff --git a/lib/hcrypto/libtommath/bn_mp_log_u32.c b/lib/hcrypto/libtommath/bn_mp_log_u32.c
index f7bca01de..c9cc15791 100644
--- a/lib/hcrypto/libtommath/bn_mp_log_u32.c
+++ b/lib/hcrypto/libtommath/bn_mp_log_u32.c
@@ -91,13 +91,24 @@ mp_err mp_log_u32(const mp_int *a, uint32_t base, uint32_t *c)
       return MP_VAL;
    }
 
+   /* `base' is at least 2 */
+
    /* A small shortcut for bases that are powers of two. */
    if ((base & (base - 1u)) == 0u) {
       int y, bit_count;
+
       for (y=0; (y < 7) && ((base & 1u) == 0u); y++) {
+         /* We must go through this loop at least once */
          base >>= 1;
       }
       bit_count = mp_count_bits(a) - 1;
+      /*
+       * `y' is necessarily at least 1 because `base' is a power of two and
+       * larger than 1, so we must have gone through the loop at least once, so
+       * we can't be dividing by zero.
+       *
+       * scan-build thinks we can be dividing by zero...  WAT.
+       */
       *c = (uint32_t)(bit_count/y);
       return MP_OKAY;
    }
diff --git a/lib/hcrypto/libtommath/bn_mp_prime_rand.c b/lib/hcrypto/libtommath/bn_mp_prime_rand.c
index 4530e9a5e..23a1c4f78 100644
--- a/lib/hcrypto/libtommath/bn_mp_prime_rand.c
+++ b/lib/hcrypto/libtommath/bn_mp_prime_rand.c
@@ -39,7 +39,7 @@ mp_err s_mp_prime_random_ex(mp_int *a, int t, int size, int flags, private_mp_pr
    bsize = (size>>3) + ((size&7)?1:0);
 
    /* we need a buffer of bsize bytes */
-   tmp = (unsigned char *) MP_MALLOC((size_t)bsize);
+   tmp = (unsigned char *) MP_CALLOC(1, (size_t)bsize);
    if (tmp == NULL) {
       return MP_MEM;
    }
diff --git a/lib/hcrypto/libtommath/bn_s_mp_montgomery_reduce_fast.c b/lib/hcrypto/libtommath/bn_s_mp_montgomery_reduce_fast.c
index 3f0c672ac..3ece03432 100644
--- a/lib/hcrypto/libtommath/bn_s_mp_montgomery_reduce_fast.c
+++ b/lib/hcrypto/libtommath/bn_s_mp_montgomery_reduce_fast.c
@@ -31,6 +31,14 @@ mp_err s_mp_montgomery_reduce_fast(mp_int *x, const mp_int *n, mp_digit rho)
       }
    }
 
+   /*
+    * We only have to initialize W[] here because even though we'll initialize
+    * it below, scan-build can fail to notice that we initialized as much of it
+    * as we'll use, and so it emits a spurious warning.  An optimizing compiler
+    * might be as dumb as scan-build... so let's avoid the danger.
+    */
+   MP_ZERO_BUFFER(W, sizeof(W));
+
    /* first we have to get the digits of the input into
     * an array of double precision words W[...]
     */
diff --git a/lib/hcrypto/rand-fortuna.c b/lib/hcrypto/rand-fortuna.c
index 74ba12396..31f723302 100644
--- a/lib/hcrypto/rand-fortuna.c
+++ b/lib/hcrypto/rand-fortuna.c
@@ -501,10 +501,9 @@ fortuna_reseed(void)
 	/* add /etc/shadow */
 	fd = open("/etc/shadow", O_RDONLY, 0);
 	if (fd >= 0) {
-	    ssize_t n;
 	    rk_cloexec(fd);
 	    /* add_entropy will hash the buf */
-	    while ((n = read(fd, (char *)u.shad, sizeof(u.shad))) > 0)
+	    while (read(fd, (char *)u.shad, sizeof(u.shad)) > 0)
 		add_entropy(&main_state, u.shad, sizeof(u.shad));
 	    close(fd);
 	}