diff --git a/apps/passwd.c b/apps/passwd.c
index 5a7c99abd4dca0a011d4137107bd9a21e53ec378..4650ea503dde68e347ad08dc34403de6d1217c9b 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -63,6 +63,7 @@ int MAIN(int argc, char **argv)
 	int in_stdin = 0;
 	char *salt = NULL, *passwd = NULL, **passwds = NULL;
 	char *salt_malloc = NULL, *passwd_malloc = NULL;
+	size_t passwd_malloc_size = 0;
 	int pw_source_defined = 0;
 	BIO *in = NULL, *out = NULL;
 	int i, badopt, opt_done;
@@ -196,9 +197,10 @@ int MAIN(int argc, char **argv)
 	if (passwds == NULL)
 		{
 		/* no passwords on the command line */
-#define PASSWD_MALLOC_SIZE (pw_maxlen + 2)
+
+		passwd_malloc_size = pw_maxlen + 2;
 		/* longer than necessary so that we can warn about truncation */
-		passwd = passwd_malloc = Malloc(PASSWD_MALLOC_SIZE);
+		passwd = passwd_malloc = Malloc(passwd_malloc_size);
 		if (passwd_malloc == NULL)
 			goto err;
 		}
@@ -210,7 +212,7 @@ int MAIN(int argc, char **argv)
 		
 		passwds = passwds_static;
 		if (in == NULL)
-			if (EVP_read_pw_string(passwd_malloc, PASSWD_MALLOC_SIZE, "Password: ", 0) != 0)
+			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", 0) != 0)
 				goto err;
 		passwds[0] = passwd_malloc;
 		}