merge 5.7p1

14 files changed, 488 insertions, 117 deletions

diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index d22efd66c..41b22d837 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.45 2010/08/16 03:15:23 dtucker Exp $
+# $Id: Makefile.in,v 1.46 2010/10/07 11:19:24 djm Exp $
 
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@
 INSTALL=@INSTALL@
 LDFLAGS=-L. @LDFLAGS@
 
-OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
+OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o timingsafe_bcmp.o vis.o
 
 COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
 
diff --git a/openbsd-compat/bindresvport.c b/openbsd-compat/bindresvport.c
index c0d5bdb5c..c89f21403 100644
--- a/openbsd-compat/bindresvport.c
+++ b/openbsd-compat/bindresvport.c
@@ -89,7 +89,7 @@ bindresvport_sa(int sd, struct sockaddr *sa)
 
         port = ntohs(*portp);
         if (port == 0)
-                port = (arc4random() % NPORTS) + STARTPORT;
+                port = arc4random_uniform(NPORTS) + STARTPORT;
 
         /* Avoid warning */
         error = -1;
diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c
index 55f100ac0..3ef373f56 100644
--- a/openbsd-compat/bsd-misc.c
+++ b/openbsd-compat/bsd-misc.c
@@ -240,3 +240,10 @@ strdup(const char *str)
         return NULL;
 }
 #endif
+
+#ifndef HAVE_ISBLANK
+int isblank(int c)
+{
+        return (c == ' ' || c == '\t');
+}
+#endif
diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h
index b61ec4244..e70c3f9e9 100644
--- a/openbsd-compat/bsd-misc.h
+++ b/openbsd-compat/bsd-misc.h
@@ -1,4 +1,4 @@
-/* $Id: bsd-misc.h,v 1.18 2005/02/25 23:07:38 dtucker Exp $ */
+/* $Id: bsd-misc.h,v 1.19 2010/11/08 22:26:23 tim Exp $ */
 
 /*
  * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org>
@@ -95,4 +95,8 @@ mysig_t mysignal(int sig, mysig_t act);
 
 #define signal(a,b) mysignal(a,b)
 
+#ifndef HAVE_ISBLANK
+int     isblank(int);
+#endif
+
 #endif /* _BSD_MISC_H */
diff --git a/openbsd-compat/charclass.h b/openbsd-compat/charclass.h
new file mode 100644
index 000000000..91f517447
--- /dev/null
+++ b/openbsd-compat/charclass.h
@@ -0,0 +1,31 @@
+/*
+ * Public domain, 2008, Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * $OpenBSD: charclass.h,v 1.1 2008/10/01 23:04:13 millert Exp $
+ */
+
+/* OPENBSD ORIGINAL: lib/libc/gen/charclass.h */
+
+/*
+ * POSIX character class support for fnmatch() and glob().
+ */
+static struct cclass {
+        const char *name;
+        int (*isctype)(int);
+} cclasses[] = {
+        { "alnum",      isalnum },
+        { "alpha",      isalpha },
+        { "blank",      isblank },
+        { "cntrl",      iscntrl },
+        { "digit",      isdigit },
+        { "graph",      isgraph },
+        { "lower",      islower },
+        { "print",      isprint },
+        { "punct",      ispunct },
+        { "space",      isspace },
+        { "upper",      isupper },
+        { "xdigit",     isxdigit },
+        { NULL,         NULL }
+};
+
+#define NCCLASSES       (sizeof(cclasses) / sizeof(cclasses[0]) - 1)
diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c
index 74b506403..0341225cd 100644
--- a/openbsd-compat/glob.c
+++ b/openbsd-compat/glob.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: glob.c,v 1.26 2005/11/28 17:50:12 deraadt Exp $ */
+/*      $OpenBSD: glob.c,v 1.35 2011/01/12 01:53:14 djm Exp $ */
 /*
  * Copyright (c) 1989, 1993
  *      The Regents of the University of California.  All rights reserved.
@@ -33,36 +33,6 @@
 
 /* OPENBSD ORIGINAL: lib/libc/gen/glob.c */
 
-#include "includes.h"
-
-#include <sys/types.h>
-#include <sys/stat.h>
-
-#include <dirent.h>
-#include <ctype.h>
-#include <errno.h>
-#include <pwd.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \
-    !defined(GLOB_HAS_GL_MATCHC) || \
-    !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \
-    defined(BROKEN_GLOB)
-
-static long
-get_arg_max(void)
-{
-#ifdef ARG_MAX
-        return(ARG_MAX);
-#elif defined(HAVE_SYSCONF) && defined(_SC_ARG_MAX)
-        return(sysconf(_SC_ARG_MAX));
-#else
-        return(256); /* XXX: arbitrary */
-#endif
-}
-
 /*
  * glob(3) -- a superset of the one defined in POSIX 1003.2.
  *
@@ -88,6 +58,25 @@ get_arg_max(void)
  *      Number of matches in the current invocation of glob.
  */
 
+#include "includes.h"
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <dirent.h>
+#include <ctype.h>
+#include <errno.h>
+#include <pwd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#if !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) || \
+    !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) || \
+    !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \
+    defined(BROKEN_GLOB)
+
+#include "charclass.h"
 
 #define DOLLAR          '$'
 #define DOT             '.'
@@ -100,7 +89,6 @@ get_arg_max(void)
 #define RBRACKET        ']'
 #define SEP             '/'
 #define STAR            '*'
-#undef TILDE                    /* Some platforms may already define it */
 #define TILDE           '~'
 #define UNDERSCORE      '_'
 #define LBRACE          '{'
@@ -137,26 +125,39 @@ typedef char Char;
 #define M_ONE           META('?')
 #define M_RNG           META('-')
 #define M_SET           META('[')
+#define M_CLASS         META(':')
 #define ismeta(c)       (((c)&M_QUOTE) != 0)
 
+#define GLOB_LIMIT_MALLOC       65536
+#define GLOB_LIMIT_STAT         128
+#define GLOB_LIMIT_READDIR      16384
+
+struct glob_lim {
+        size_t  glim_malloc;
+        size_t  glim_stat;
+        size_t  glim_readdir;
+};
 
 static int       compare(const void *, const void *);
 static int       g_Ctoc(const Char *, char *, u_int);
 static int       g_lstat(Char *, struct stat *, glob_t *);
 static DIR      *g_opendir(Char *, glob_t *);
-static Char     *g_strchr(Char *, int);
+static Char     *g_strchr(const Char *, int);
+static int       g_strncmp(const Char *, const char *, size_t);
 static int       g_stat(Char *, struct stat *, glob_t *);
-static int       glob0(const Char *, glob_t *);
-static int       glob1(Char *, Char *, glob_t *, size_t *);
+static int       glob0(const Char *, glob_t *, struct glob_lim *);
+static int       glob1(Char *, Char *, glob_t *, struct glob_lim *);
 static int       glob2(Char *, Char *, Char *, Char *, Char *, Char *,
-                    glob_t *, size_t *);
+                    glob_t *, struct glob_lim *);
 static int       glob3(Char *, Char *, Char *, Char *, Char *,
-                    Char *, Char *, glob_t *, size_t *);
-static int       globextend(const Char *, glob_t *, size_t *);
+                    Char *, Char *, glob_t *, struct glob_lim *);
+static int       globextend(const Char *, glob_t *, struct glob_lim *,
+                    struct stat *);
 static const Char *
                  globtilde(const Char *, Char *, size_t, glob_t *);
-static int       globexp1(const Char *, glob_t *);
-static int       globexp2(const Char *, const Char *, glob_t *, int *);
+static int       globexp1(const Char *, glob_t *, struct glob_lim *);
+static int       globexp2(const Char *, const Char *, glob_t *,
+                    struct glob_lim *);
 static int       match(Char *, Char *, Char *);
 #ifdef DEBUG
 static void      qprintf(const char *, Char *);
@@ -169,11 +170,13 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
         const u_char *patnext;
         int c;
         Char *bufnext, *bufend, patbuf[MAXPATHLEN];
+        struct glob_lim limit = { 0, 0, 0 };
 
         patnext = (u_char *) pattern;
         if (!(flags & GLOB_APPEND)) {
                 pglob->gl_pathc = 0;
                 pglob->gl_pathv = NULL;
+                pglob->gl_statv = NULL;
                 if (!(flags & GLOB_DOOFFS))
                         pglob->gl_offs = 0;
         }
@@ -181,6 +184,11 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
         pglob->gl_errfunc = errfunc;
         pglob->gl_matchc = 0;
 
+        if (pglob->gl_offs < 0 || pglob->gl_pathc < 0 ||
+            pglob->gl_offs >= INT_MAX || pglob->gl_pathc >= INT_MAX ||
+            pglob->gl_pathc >= INT_MAX - pglob->gl_offs - 1)
+                return GLOB_NOSPACE;
+
         bufnext = patbuf;
         bufend = bufnext + MAXPATHLEN - 1;
         if (flags & GLOB_NOESCAPE)
@@ -201,9 +209,9 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
         *bufnext = EOS;
 
         if (flags & GLOB_BRACE)
-                return globexp1(patbuf, pglob);
+                return globexp1(patbuf, pglob, &limit);
         else
-                return glob0(patbuf, pglob);
+                return glob0(patbuf, pglob, &limit);
 }
 
 /*
@@ -212,20 +220,18 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
  * characters
  */
 static int
-globexp1(const Char *pattern, glob_t *pglob)
+globexp1(const Char *pattern, glob_t *pglob, struct glob_lim *limitp)
 {
         const Char* ptr = pattern;
-        int rv;
 
         /* Protect a single {}, for find(1), like csh */
         if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS)
-                return glob0(pattern, pglob);
+                return glob0(pattern, pglob, limitp);
 
-        while ((ptr = (const Char *) g_strchr((Char *) ptr, LBRACE)) != NULL)
-                if (!globexp2(ptr, pattern, pglob, &rv))
-                        return rv;
+        if ((ptr = (const Char *) g_strchr(ptr, LBRACE)) != NULL)
+                return globexp2(ptr, pattern, pglob, limitp);
 
-        return glob0(pattern, pglob);
+        return glob0(pattern, pglob, limitp);
 }
 
 
@@ -235,9 +241,10 @@ globexp1(const Char *pattern, glob_t *pglob)
  * If it fails then it tries to glob the rest of the pattern and returns.
  */
 static int
-globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv)
+globexp2(const Char *ptr, const Char *pattern, glob_t *pglob,
+    struct glob_lim *limitp)
 {
-        int     i;
+        int     i, rv;
         Char   *lm, *ls;
         const Char *pe, *pm, *pl;
         Char    patbuf[MAXPATHLEN];
@@ -270,10 +277,8 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv)
                 }
 
         /* Non matching braces; just glob the pattern */
-        if (i != 0 || *pe == EOS) {
-                *rv = glob0(patbuf, pglob);
-                return 0;
-        }
+        if (i != 0 || *pe == EOS)
+                return glob0(patbuf, pglob, limitp);
 
         for (i = 0, pl = pm = ptr; pm <= pe; pm++) {
                 switch (*pm) {
@@ -319,7 +324,9 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv)
 #ifdef DEBUG
                                 qprintf("globexp2:", patbuf);
 #endif
-                                *rv = globexp1(patbuf, pglob);
+                                rv = globexp1(patbuf, pglob, limitp);
+                                if (rv && rv != GLOB_NOMATCH)
+                                        return rv;
 
                                 /* move after the comma, to the next string */
                                 pl = pm + 1;
@@ -330,7 +337,6 @@ globexp2(const Char *ptr, const Char *pattern, glob_t *pglob, int *rv)
                         break;
                 }
         }
-        *rv = 0;
         return 0;
 }
 
@@ -399,6 +405,47 @@ globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob)
         return patbuf;
 }
 
+static int
+g_strncmp(const Char *s1, const char *s2, size_t n)
+{
+        int rv = 0;
+
+        while (n--) {
+                rv = *(Char *)s1 - *(const unsigned char *)s2++;
+                if (rv)
+                        break;
+                if (*s1++ == '\0')
+                        break;
+        }
+        return rv;
+}
+
+static int
+g_charclass(const Char **patternp, Char **bufnextp)
+{
+        const Char *pattern = *patternp + 1;
+        Char *bufnext = *bufnextp;
+        const Char *colon;
+        struct cclass *cc;
+        size_t len;
+
+        if ((colon = g_strchr(pattern, ':')) == NULL || colon[1] != ']')
+                return 1;       /* not a character class */
+
+        len = (size_t)(colon - pattern);
+        for (cc = cclasses; cc->name != NULL; cc++) {
+                if (!g_strncmp(pattern, cc->name, len) && cc->name[len] == '\0')
+                        break;
+        }
+        if (cc->name == NULL)
+                return -1;      /* invalid character class */
+        *bufnext++ = M_CLASS;
+        *bufnext++ = (Char)(cc - &cclasses[0]);
+        *bufnextp = bufnext;
+        *patternp += len + 3;
+
+        return 0;
+}
 
 /*
  * The main glob() routine: compiles the pattern (optionally processing
@@ -408,12 +455,11 @@ globtilde(const Char *pattern, Char *patbuf, size_t patbuf_len, glob_t *pglob)
  * to find no matches.
  */
 static int
-glob0(const Char *pattern, glob_t *pglob)
+glob0(const Char *pattern, glob_t *pglob, struct glob_lim *limitp)
 {
         const Char *qpatnext;
         int c, err, oldpathc;
         Char *bufnext, patbuf[MAXPATHLEN];
-        size_t limit = 0;
 
         qpatnext = globtilde(pattern, patbuf, MAXPATHLEN, pglob);
         oldpathc = pglob->gl_pathc;
@@ -427,7 +473,7 @@ glob0(const Char *pattern, glob_t *pglob)
                         if (c == NOT)
                                 ++qpatnext;
                         if (*qpatnext == EOS ||
-                            g_strchr((Char *) qpatnext+1, RBRACKET) == NULL) {
+                            g_strchr(qpatnext+1, RBRACKET) == NULL) {
                                 *bufnext++ = LBRACKET;
                                 if (c == NOT)
                                         --qpatnext;
@@ -438,6 +484,20 @@ glob0(const Char *pattern, glob_t *pglob)
                                 *bufnext++ = M_NOT;
                         c = *qpatnext++;
                         do {
+                                if (c == LBRACKET && *qpatnext == ':') {
+                                        do {
+                                                err = g_charclass(&qpatnext,
+                                                    &bufnext);
+                                                if (err)
+                                                        break;
+                                                c = *qpatnext++;
+                                        } while (c == LBRACKET && *qpatnext == ':');
+                                        if (err == -1 &&
+                                            !(pglob->gl_flags & GLOB_NOCHECK))
+                                                return GLOB_NOMATCH;
+                                        if (c == RBRACKET)
+                                                break;
+                                }
                                 *bufnext++ = CHAR(c);
                                 if (*qpatnext == RANGE &&
                                     (c = qpatnext[1]) != RBRACKET) {
@@ -471,7 +531,7 @@ glob0(const Char *pattern, glob_t *pglob)
         qprintf("glob0:", patbuf);
 #endif
 
-        if ((err = glob1(patbuf, patbuf+MAXPATHLEN-1, pglob, &limit)) != 0)
+        if ((err = glob1(patbuf, patbuf+MAXPATHLEN-1, pglob, limitp)) != 0)
                 return(err);
 
         /*
@@ -484,7 +544,7 @@ glob0(const Char *pattern, glob_t *pglob)
                 if ((pglob->gl_flags & GLOB_NOCHECK) ||
                     ((pglob->gl_flags & GLOB_NOMAGIC) &&
                     !(pglob->gl_flags & GLOB_MAGCHAR)))
-                        return(globextend(pattern, pglob, &limit));
+                        return(globextend(pattern, pglob, limitp, NULL));
                 else
                         return(GLOB_NOMATCH);
         }
@@ -501,7 +561,7 @@ compare(const void *p, const void *q)
 }
 
 static int
-glob1(Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp)
+glob1(Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp)
 {
         Char pathbuf[MAXPATHLEN];
 
@@ -520,7 +580,7 @@ glob1(Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp)
  */
 static int
 glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
-    Char *pattern, Char *pattern_last, glob_t *pglob, size_t *limitp)
+    Char *pattern, Char *pattern_last, glob_t *pglob, struct glob_lim *limitp)
 {
         struct stat sb;
         Char *p, *q;
@@ -536,6 +596,14 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
                         if (g_lstat(pathbuf, &sb, pglob))
                                 return(0);
 
+                        if ((pglob->gl_flags & GLOB_LIMIT) &&
+                            limitp->glim_stat++ >= GLOB_LIMIT_STAT) {
+                                errno = 0;
+                                *pathend++ = SEP;
+                                *pathend = EOS;
+                                return(GLOB_NOSPACE);
+                        }
+
                         if (((pglob->gl_flags & GLOB_MARK) &&
                             pathend[-1] != SEP) && (S_ISDIR(sb.st_mode) ||
                             (S_ISLNK(sb.st_mode) &&
@@ -547,7 +615,7 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
                                 *pathend = EOS;
                         }
                         ++pglob->gl_matchc;
-                        return(globextend(pathbuf, pglob, limitp));
+                        return(globextend(pathbuf, pglob, limitp, &sb));
                 }
 
                 /* Find end of next segment, copy tentatively to pathend. */
@@ -581,7 +649,7 @@ glob2(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
 static int
 glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
     Char *pattern, Char *restpattern, Char *restpattern_last, glob_t *pglob,
-    size_t *limitp)
+    struct glob_lim *limitp)
 {
         struct dirent *dp;
         DIR *dirp;
@@ -624,6 +692,14 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
                 u_char *sc;
                 Char *dc;
 
+                if ((pglob->gl_flags & GLOB_LIMIT) &&
+                    limitp->glim_readdir++ >= GLOB_LIMIT_READDIR) {
+                        errno = 0;
+                        *pathend++ = SEP;
+                        *pathend = EOS;
+                        return(GLOB_NOSPACE);
+                }
+
                 /* Initial DOT must be matched literally. */
                 if (dp->d_name[0] == DOT && *pattern != DOT)
                         continue;
@@ -670,25 +746,44 @@ glob3(Char *pathbuf, Char *pathbuf_last, Char *pathend, Char *pathend_last,
  *      gl_pathv points to (gl_offs + gl_pathc + 1) items.
  */
 static int
-globextend(const Char *path, glob_t *pglob, size_t *limitp)
+globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp,
+    struct stat *sb)
 {
         char **pathv;
-        int i;
-        u_int newsize, len;
-        char *copy;
+        ssize_t i;
+        size_t newn, len;
+        char *copy = NULL;
         const Char *p;
-
-        newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
-        pathv = pglob->gl_pathv ? realloc((char *)pglob->gl_pathv, newsize) :
-            malloc(newsize);
-        if (pathv == NULL) {
+        struct stat **statv;
+
+        newn = 2 + pglob->gl_pathc + pglob->gl_offs;
+        if (pglob->gl_offs >= INT_MAX ||
+            pglob->gl_pathc >= INT_MAX ||
+            newn >= INT_MAX ||
+            SIZE_MAX / sizeof(*pathv) <= newn ||
+            SIZE_MAX / sizeof(*statv) <= newn) {
+ nospace:
+                for (i = pglob->gl_offs; i < (ssize_t)(newn - 2); i++) {
+                        if (pglob->gl_pathv && pglob->gl_pathv[i])
+                                free(pglob->gl_pathv[i]);
+                        if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0 &&
+                            pglob->gl_pathv && pglob->gl_pathv[i])
+                                free(pglob->gl_statv[i]);
+                }
                 if (pglob->gl_pathv) {
                         free(pglob->gl_pathv);
                         pglob->gl_pathv = NULL;
                 }
+                if (pglob->gl_statv) {
+                        free(pglob->gl_statv);
+                        pglob->gl_statv = NULL;
+                }
                 return(GLOB_NOSPACE);
         }
 
+        pathv = realloc(pglob->gl_pathv, newn * sizeof(*pathv));
+        if (pathv == NULL)
+                goto nospace;
         if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
                 /* first time around -- clear initial gl_offs items */
                 pathv += pglob->gl_offs;
@@ -697,10 +792,39 @@ globextend(const Char *path, glob_t *pglob, size_t *limitp)
         }
         pglob->gl_pathv = pathv;
 
+        if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0) {
+                statv = realloc(pglob->gl_statv, newn * sizeof(*statv));
+                if (statv == NULL)
+                        goto nospace;
+                if (pglob->gl_statv == NULL && pglob->gl_offs > 0) {
+                        /* first time around -- clear initial gl_offs items */
+                        statv += pglob->gl_offs;
+                        for (i = pglob->gl_offs; --i >= 0; )
+                                *--statv = NULL;
+                }
+                pglob->gl_statv = statv;
+                if (sb == NULL)
+                        statv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+                else {
+                        limitp->glim_malloc += sizeof(**statv);
+                        if ((pglob->gl_flags & GLOB_LIMIT) &&
+                            limitp->glim_malloc >= GLOB_LIMIT_MALLOC) {
+                                errno = 0;
+                                return(GLOB_NOSPACE);
+                        }
+                        if ((statv[pglob->gl_offs + pglob->gl_pathc] =
+                            malloc(sizeof(**statv))) == NULL)
+                                goto copy_error;
+                        memcpy(statv[pglob->gl_offs + pglob->gl_pathc], sb,
+                            sizeof(*sb));
+                }
+                statv[pglob->gl_offs + pglob->gl_pathc + 1] = NULL;
+        }
+
         for (p = path; *p++;)
                 ;
         len = (size_t)(p - path);
-        *limitp += len;
+        limitp->glim_malloc += len;
         if ((copy = malloc(len)) != NULL) {
                 if (g_Ctoc(path, copy, len)) {
                         free(copy);
@@ -711,11 +835,12 @@ globextend(const Char *path, glob_t *pglob, size_t *limitp)
         pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
 
         if ((pglob->gl_flags & GLOB_LIMIT) &&
-            newsize + *limitp >= (u_int) get_arg_max()) {
+            (newn * sizeof(*pathv)) + limitp->glim_malloc >
+            GLOB_LIMIT_MALLOC) {
                 errno = 0;
                 return(GLOB_NOSPACE);
         }
-
+ copy_error:
         return(copy == NULL ? GLOB_NOSPACE : 0);
 }
 
@@ -751,13 +876,21 @@ match(Char *name, Char *pat, Char *patend)
                                 return(0);
                         if ((negate_range = ((*pat & M_MASK) == M_NOT)) != EOS)
                                 ++pat;
-                        while (((c = *pat++) & M_MASK) != M_END)
+                        while (((c = *pat++) & M_MASK) != M_END) {
+                                if ((c & M_MASK) == M_CLASS) {
+                                        Char idx = *pat & M_MASK;
+                                        if (idx < NCCLASSES &&
+                                            cclasses[idx].isctype(k))
+                                                ok = 1;
+                                        ++pat;
+                                }
                                 if ((*pat & M_MASK) == M_RNG) {
                                         if (c <= k && k <= pat[1])
                                                 ok = 1;
                                         pat += 2;
                                 } else if (c == k)
                                         ok = 1;
+                        }
                         if (ok == negate_range)
                                 return(0);
                         break;
@@ -785,6 +918,14 @@ globfree(glob_t *pglob)
                 free(pglob->gl_pathv);
                 pglob->gl_pathv = NULL;
         }
+        if (pglob->gl_statv != NULL) {
+                for (i = 0; i < pglob->gl_pathc; i++) {
+                        if (pglob->gl_statv[i] != NULL)
+                                free(pglob->gl_statv[i]);
+                }
+                free(pglob->gl_statv);
+                pglob->gl_statv = NULL;
+        }
 }
 
 static DIR *
@@ -830,11 +971,11 @@ g_stat(Char *fn, struct stat *sb, glob_t *pglob)
 }
 
 static Char *
-g_strchr(Char *str, int ch)
+g_strchr(const Char *str, int ch)
 {
         do {
                 if (*str == ch)
-                        return (str);
+                        return ((Char *)str);
         } while (*str++);
         return (NULL);
 }
@@ -870,5 +1011,4 @@ qprintf(const char *str, Char *s)
 #endif
 
 #endif /* !defined(HAVE_GLOB) || !defined(GLOB_HAS_ALTDIRFUNC) ||
-          !defined(GLOB_HAS_GL_MATCHC) */
-
+          !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) */
diff --git a/openbsd-compat/glob.h b/openbsd-compat/glob.h
index a2b36f974..f8a7fa5ff 100644
--- a/openbsd-compat/glob.h
+++ b/openbsd-compat/glob.h
@@ -1,4 +1,4 @@
-/*      $OpenBSD: glob.h,v 1.10 2005/12/13 00:35:22 millert Exp $       */
+/*      $OpenBSD: glob.h,v 1.11 2010/09/24 13:32:55 djm Exp $   */
 /*      $NetBSD: glob.h,v 1.5 1994/10/26 00:55:56 cgd Exp $     */
 
 /*
@@ -38,13 +38,15 @@
 /* OPENBSD ORIGINAL: include/glob.h */
 
 #if !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC) || \
-    !defined(GLOB_HAS_GL_MATCHC) || \
+    !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOB_HAS_GL_STATV) || \
     !defined(HAVE_DECL_GLOB_NOMATCH) || HAVE_DECL_GLOB_NOMATCH == 0 || \
     defined(BROKEN_GLOB)
 
 #ifndef _GLOB_H_
 #define _GLOB_H_
 
+#include <sys/stat.h>
+
 struct stat;
 typedef struct {
         int gl_pathc;           /* Count of total paths so far. */
@@ -52,6 +54,7 @@ typedef struct {
         int gl_offs;            /* Reserved at beginning of gl_pathv. */
         int gl_flags;           /* Copy of flags parameter to glob. */
         char **gl_pathv;        /* List of paths matching pattern. */
+        struct stat **gl_statv; /* Stat entries corresponding to gl_pathv */
                                 /* Copy of errfunc parameter to glob. */
         int (*gl_errfunc)(const char *, int);
 
@@ -75,12 +78,10 @@ typedef struct {
 #define GLOB_NOSORT     0x0020  /* Don't sort. */
 #define GLOB_NOESCAPE   0x1000  /* Disable backslash escaping. */
 
-/* Error values returned by glob(3) */
 #define GLOB_NOSPACE    (-1)    /* Malloc call failed. */
 #define GLOB_ABORTED    (-2)    /* Unignored error. */
 #define GLOB_NOMATCH    (-3)    /* No match and GLOB_NOCHECK not set. */
 #define GLOB_NOSYS      (-4)    /* Function not supported. */
-#define GLOB_ABEND      GLOB_ABORTED
 
 #define GLOB_ALTDIRFUNC 0x0040  /* Use alternately specified directory funcs. */
 #define GLOB_BRACE      0x0080  /* Expand braces ala csh. */
@@ -89,6 +90,8 @@ typedef struct {
 #define GLOB_QUOTE      0x0400  /* Quote special chars with \. */
 #define GLOB_TILDE      0x0800  /* Expand tilde names from the passwd file. */
 #define GLOB_LIMIT      0x2000  /* Limit pattern match output to ARG_MAX */
+#define GLOB_KEEPSTAT   0x4000  /* Retain stat data for paths in gl_statv. */
+#define GLOB_ABEND      GLOB_ABORTED /* backward compatibility */
 
 int     glob(const char *, int, int (*)(const char *, int), glob_t *);
 void    globfree(glob_t *);
@@ -96,5 +99,5 @@ void	globfree(glob_t *);
 #endif /* !_GLOB_H_ */
 
 #endif /* !defined(HAVE_GLOB_H) || !defined(GLOB_HAS_ALTDIRFUNC)  ||
-          !defined(GLOB_HAS_GL_MATCHC */
+          !defined(GLOB_HAS_GL_MATCHC) || !defined(GLOH_HAS_GL_STATV) */
 
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index e15d2bd96..77c5ed2b1 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.50 2010/08/16 03:15:23 dtucker Exp $ */
+/* $Id: openbsd-compat.h,v 1.51 2010/10/07 10:25:29 djm Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -213,6 +213,10 @@ char *user_from_uid(uid_t, int);
 char *group_from_gid(gid_t, int);
 #endif
 
+#ifndef HAVE_TIMINGSAFE_BCMP
+int timingsafe_bcmp(const void *, const void *, size_t);
+#endif
+
 void *xmmap(size_t size);
 char *xcrypt(const char *password, const char *salt);
 char *shadow_pw(struct passwd *pw);
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 420496caa..b617fdf19 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.9 2010/01/28 23:54:11 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.13 2011/01/21 22:37:06 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -18,10 +18,20 @@
 
 #include "includes.h"
 
+#include <stdarg.h>
+#include <string.h>
+
 #ifdef USE_OPENSSL_ENGINE
 # include <openssl/engine.h>
+# include <openssl/conf.h>
+#endif
+
+#ifndef HAVE_RSA_GET_DEFAULT_METHOD
+# include <openssl/rsa.h>
 #endif
 
+#include "log.h"
+
 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
 #include "openssl-compat.h"
 
@@ -58,6 +68,70 @@ ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
 }
 #endif
 
+#ifndef HAVE_BN_IS_PRIME_EX
+int
+BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb)
+{
+        if (cb != NULL)
+                fatal("%s: callback args not supported", __func__);
+        return BN_is_prime(p, nchecks, NULL, ctx, NULL);
+}
+#endif
+
+#ifndef HAVE_RSA_GENERATE_KEY_EX
+int
+RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb)
+{
+        RSA *new_rsa, tmp_rsa;
+        unsigned long e;
+
+        if (cb != NULL)
+                fatal("%s: callback args not supported", __func__);
+        e = BN_get_word(bn_e);
+        if (e == 0xffffffffL)
+                fatal("%s: value of e too large", __func__);
+        new_rsa = RSA_generate_key(bits, e, NULL, NULL);
+        if (new_rsa == NULL)
+                return 0;
+        /* swap rsa/new_rsa then free new_rsa */
+        tmp_rsa = *rsa;
+        *rsa = *new_rsa;
+        *new_rsa = tmp_rsa;
+        RSA_free(new_rsa);
+        return 1;
+}
+#endif
+
+#ifndef HAVE_DSA_GENERATE_PARAMETERS_EX
+int
+DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed,
+    int seed_len, int *counter_ret, unsigned long *h_ret, void *cb)
+{
+        DSA *new_dsa, tmp_dsa;
+
+        if (cb != NULL)
+                fatal("%s: callback args not supported", __func__);
+        new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len,
+            counter_ret, h_ret, NULL, NULL);
+        if (new_dsa == NULL)
+                return 0;
+        /* swap dsa/new_dsa then free new_dsa */
+        tmp_dsa = *dsa;
+        *dsa = *new_dsa;
+        *new_dsa = tmp_dsa;
+        DSA_free(new_dsa);
+        return 1;
+}
+#endif
+
+#ifndef HAVE_RSA_GET_DEFAULT_METHOD
+RSA_METHOD *
+RSA_get_default_method(void)
+{
+        return RSA_PKCS1_SSLeay();
+}
+#endif
+
 #ifdef  USE_OPENSSL_ENGINE
 void
 ssh_SSLeay_add_all_algorithms(void)
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index b7caa650c..6d4f3f215 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.15 2010/05/12 07:50:02 djm Exp $ */
+/* $Id: openssl-compat.h,v 1.18 2011/01/21 22:37:06 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -17,6 +17,7 @@
  */
 
 #include "includes.h"
+#include <openssl/opensslv.h>
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@@ -39,6 +40,12 @@
 # define EVP_CIPHER_CTX_get_app_data(e)         ((e)->app_data)
 #endif
 
+#if OPENSSL_VERSION_NUMBER < 0x1000000fL
+# define LIBCRYPTO_EVP_INL_TYPE unsigned int
+#else
+# define LIBCRYPTO_EVP_INL_TYPE size_t
+#endif
+
 #if (OPENSSL_VERSION_NUMBER < 0x00907000L) || defined(OPENSSL_LOBOTOMISED_AES)
 # define USE_BUILTIN_RIJNDAEL
 #endif
@@ -71,6 +78,10 @@ extern const EVP_CIPHER *evp_acss(void);
 # define EVP_CIPHER_CTX_key_length(c) ((c)->key_len)
 #endif
 
+#ifndef HAVE_RSA_GET_DEFAULT_METHOD
+RSA_METHOD *RSA_get_default_method(void);
+#endif
+
 /*
  * We overload some of the OpenSSL crypto functions with ssh_* equivalents
  * which cater for older and/or less featureful OpenSSL version.
@@ -101,6 +112,19 @@ extern const EVP_CIPHER *evp_acss(void);
 #  define SSLeay_add_all_algorithms()  ssh_SSLeay_add_all_algorithms()
 # endif
 
+# ifndef HAVE_BN_IS_PRIME_EX
+int BN_is_prime_ex(const BIGNUM *, int, BN_CTX *, void *);
+# endif
+
+# ifndef HAVE_DSA_GENERATE_PARAMETERS_EX
+int DSA_generate_parameters_ex(DSA *, int, const unsigned char *, int, int *,
+    unsigned long *, void *);
+# endif
+
+# ifndef HAVE_RSA_GENERATE_KEY_EX
+int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *);
+# endif
+
 int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
     unsigned char *, int);
 int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 89b9a7340..5b1cf402c 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.8 2010/03/01 04:52:50 dtucker Exp $ */
+/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -45,7 +45,7 @@ ssh_selinux_enabled(void)
         static int enabled = -1;
 
         if (enabled == -1) {
-                enabled = is_selinux_enabled();
+                enabled = (is_selinux_enabled() == 1);
                 debug("SELinux support %s", enabled ? "enabled" : "disabled");
         }
 
@@ -208,14 +208,22 @@ ssh_selinux_change_context(const char *newname)
 #endif /* WITH_SELINUX */
 
 #ifdef LINUX_OOM_ADJUST
-#define OOM_ADJ_PATH    "/proc/self/oom_adj"
 /*
- * The magic "don't kill me", as documented in eg:
+ * The magic "don't kill me" values, old and new, as documented in eg:
  * http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt
+ * http://lxr.linux.no/#linux+v2.6.36/Documentation/filesystems/proc.txt
  */
-#define OOM_ADJ_NOKILL  -17
 
 static int oom_adj_save = INT_MIN;
+static char *oom_adj_path = NULL;
+struct {
+        char *path;
+        int value;
+} oom_adjust[] = {
+        {"/proc/self/oom_score_adj", -1000},    /* kernels >= 2.6.36 */
+        {"/proc/self/oom_adj", -17},            /* kernels <= 2.6.35 */
+        {NULL, 0},
+};
 
 /*
  * Tell the kernel's out-of-memory killer to avoid sshd.
@@ -224,23 +232,31 @@ static int oom_adj_save = INT_MIN;
 void
 oom_adjust_setup(void)
 {
+        int i, value;
         FILE *fp;
 
         debug3("%s", __func__);
-        if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) {
-                if (fscanf(fp, "%d", &oom_adj_save) != 1)
-                        verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno));
-                else {
-                        rewind(fp);
-                        if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0)
-                                verbose("error writing %s: %s",
-                                    OOM_ADJ_PATH, strerror(errno));
-                        else
-                                verbose("Set %s from %d to %d",
-                                    OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL);
+         for (i = 0; oom_adjust[i].path != NULL; i++) {
+                oom_adj_path = oom_adjust[i].path;
+                value = oom_adjust[i].value;
+                if ((fp = fopen(oom_adj_path, "r+")) != NULL) {
+                        if (fscanf(fp, "%d", &oom_adj_save) != 1)
+                                verbose("error reading %s: %s", oom_adj_path,
+                                    strerror(errno));
+                        else {
+                                rewind(fp);
+                                if (fprintf(fp, "%d\n", value) <= 0)
+                                        verbose("error writing %s: %s",
+                                           oom_adj_path, strerror(errno));
+                                else
+                                        verbose("Set %s from %d to %d",
+                                           oom_adj_path, oom_adj_save, value);
+                        }
+                        fclose(fp);
+                        return;
                 }
-                fclose(fp);
         }
+        oom_adj_path = NULL;
 }
 
 /* Restore the saved OOM adjustment */
@@ -250,13 +266,14 @@ oom_adjust_restore(void)
         FILE *fp;
 
         debug3("%s", __func__);
-        if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL)
+        if (oom_adj_save == INT_MIN || oom_adj_path == NULL ||
+            (fp = fopen(oom_adj_path, "w")) == NULL)
                 return;
 
         if (fprintf(fp, "%d\n", oom_adj_save) <= 0)
-                verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno));
+                verbose("error writing %s: %s", oom_adj_path, strerror(errno));
         else
-                verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save);
+                verbose("Set %s to %d", oom_adj_path, oom_adj_save);
 
         fclose(fp);
         return;
diff --git a/openbsd-compat/port-solaris.c b/openbsd-compat/port-solaris.c
index 2ab64d487..25382f1c9 100644
--- a/openbsd-compat/port-solaris.c
+++ b/openbsd-compat/port-solaris.c
@@ -1,4 +1,4 @@
-/* $Id: port-solaris.c,v 1.3 2006/10/31 23:28:49 dtucker Exp $ */
+/* $Id: port-solaris.c,v 1.4 2010/11/05 01:03:05 dtucker Exp $ */
 
 /*
  * Copyright (c) 2006 Chad Mynhier.
@@ -197,3 +197,33 @@ solaris_contract_post_fork_parent(pid_t pid)
                 close(ctl_fd);
 }
 #endif
+
+#ifdef USE_SOLARIS_PROJECTS
+#include <sys/task.h>
+#include <project.h>
+
+/*
+ * Get/set solaris default project.
+ * If we fail, just run along gracefully.
+ */
+void
+solaris_set_default_project(struct passwd *pw)
+{
+        struct project  *defaultproject;
+        struct project   tempproject;
+        char buf[1024];
+
+        /* get default project, if we fail just return gracefully  */
+        if ((defaultproject = getdefaultproj(pw->pw_name, &tempproject, &buf,
+            sizeof(buf))) > 0) {
+                /* set default project */
+                if (setproject(defaultproject->pj_name, pw->pw_name,
+                    TASK_NORMAL) != 0)
+                        debug("setproject(%s): %s", defaultproject->pj_name,
+                            strerror(errno));
+        } else {
+                /* debug on getdefaultproj() error */
+                debug("getdefaultproj(%s): %s", pw->pw_name, strerror(errno));
+        }
+}
+#endif /* USE_SOLARIS_PROJECTS */
diff --git a/openbsd-compat/port-solaris.h b/openbsd-compat/port-solaris.h
index 4c324871e..cd442e78b 100644
--- a/openbsd-compat/port-solaris.h
+++ b/openbsd-compat/port-solaris.h
@@ -1,4 +1,4 @@
-/* $Id: port-solaris.h,v 1.1 2006/08/30 17:24:42 djm Exp $ */
+/* $Id: port-solaris.h,v 1.2 2010/11/05 01:03:05 dtucker Exp $ */
 
 /*
  * Copyright (c) 2006 Chad Mynhier.
@@ -20,8 +20,11 @@
 
 #include <sys/types.h>
 
+#include <pwd.h>
+
 void solaris_contract_pre_fork(void);
 void solaris_contract_post_fork_child(void);
 void solaris_contract_post_fork_parent(pid_t pid);
+void solaris_set_default_project(struct passwd *);
 
 #endif
diff --git a/openbsd-compat/timingsafe_bcmp.c b/openbsd-compat/timingsafe_bcmp.c
new file mode 100644
index 000000000..7e28c0e2a
--- /dev/null
+++ b/openbsd-compat/timingsafe_bcmp.c
@@ -0,0 +1,34 @@
+/*      $OpenBSD: timingsafe_bcmp.c,v 1.1 2010/09/24 13:33:00 matthew Exp $     */
+/*
+ * Copyright (c) 2010 Damien Miller.  All rights reserved.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* OPENBSD ORIGINAL: lib/libc/string/timingsafe_bcmp.c */
+
+#include "includes.h"
+#ifndef HAVE_TIMINGSAFE_BCMP
+
+int
+timingsafe_bcmp(const void *b1, const void *b2, size_t n)
+{
+        const unsigned char *p1 = b1, *p2 = b2;
+        int ret = 0;
+
+        for (; n > 0; n--)
+                ret |= *p1++ ^ *p2++;
+        return (ret != 0);
+}
+
+#endif /* TIMINGSAFE_BCMP */