From 1d2c4564265ee827147af246a16f3777741411ed Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 4 Feb 2014 11:18:20 +1100
Subject:    - tedu@cvs.openbsd.org 2014/01/31 16:39:19      [auth2-chall.c
 authfd.c authfile.c bufaux.c bufec.c canohost.c]      [channels.c
 cipher-chachapoly.c clientloop.c configure.ac hostfile.c]      [kexc25519.c
 krl.c monitor.c sandbox-systrace.c session.c]      [sftp-client.c
 ssh-keygen.c ssh.c sshconnect2.c sshd.c sshlogin.c]     
 [openbsd-compat/explicit_bzero.c openbsd-compat/openbsd-compat.h]     
 replace most bzero with explicit_bzero, except a few that cna be memset     
 ok djm dtucker

---
 openbsd-compat/explicit_bzero.c | 20 ++++++++++++++++++++
 openbsd-compat/openbsd-compat.h |  6 +++++-
 2 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 openbsd-compat/explicit_bzero.c

(limited to 'openbsd-compat')

diff --git a/openbsd-compat/explicit_bzero.c b/openbsd-compat/explicit_bzero.c
new file mode 100644
index 000000000..b106741e5
--- /dev/null
+++ b/openbsd-compat/explicit_bzero.c
@@ -0,0 +1,20 @@
+/* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */
+/*	$OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */
+/*
+ * Public domain.
+ * Written by Ted Unangst
+ */
+
+#include "includes.h"
+
+#ifndef HAVE_EXPLICIT_BZERO
+
+/*
+ * explicit_bzero - don't let the compiler optimize away bzero
+ */
+void
+explicit_bzero(void *p, size_t n)
+{
+	bzero(p, n);
+}
+#endif
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index f34619e4a..bc9888e31 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.60 2013/12/07 00:51:54 djm Exp $ */
+/* $Id: openbsd-compat.h,v 1.61 2014/02/04 00:18:23 djm Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -246,6 +246,10 @@ int	bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t,
     u_int8_t *, size_t, unsigned int);
 #endif
 
+#ifndef HAVE_EXPLICIT_BZERO
+void explicit_bzero(void *p, size_t n);
+#endif
+
 void *xmmap(size_t size);
 char *xcrypt(const char *password, const char *salt);
 char *shadow_pw(struct passwd *pw);
-- 
cgit v1.2.3


From bf7e0f03be661b6f5b3bfe325135ce19391f9c4d Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Tue, 4 Feb 2014 11:37:50 +1100
Subject:  - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o

---
 ChangeLog                  | 1 +
 openbsd-compat/Makefile.in | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

(limited to 'openbsd-compat')

diff --git a/ChangeLog b/ChangeLog
index 4c2fc319c..40e347e43 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -65,6 +65,7 @@
      delay lowercasing of hostname until right before hostname
      canonicalisation to unbreak case-sensitive matching of ssh_config;
      reported by Ike Devolder; ok markus@
+ - (djm) [openbsd-compat/Makefile.in] Add missing explicit_bzero.o
 
 20140131
  - (djm) [sandbox-seccomp-filter.c sandbox-systrace.c] Allow shutdown(2)
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 276646fa6..6ecfb93d5 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.54 2013/12/07 01:37:54 djm Exp $
+# $Id: Makefile.in,v 1.55 2014/02/04 00:37:50 djm Exp $
 
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@
 INSTALL=@INSTALL@
 LDFLAGS=-L. @LDFLAGS@
 
-OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o
+OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o
 
 COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
 
-- 
cgit v1.2.3


From 8d36f9ac71eff2e9f5770c0518b73d875f270647 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Thu, 6 Feb 2014 10:44:13 +1100
Subject:  - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for
 non-NULL    before freeing since free(NULL) is a no-op.  ok djm.

---
 ChangeLog                 |  4 ++++
 openbsd-compat/bsd-poll.c | 11 ++++-------
 2 files changed, 8 insertions(+), 7 deletions(-)

(limited to 'openbsd-compat')

diff --git a/ChangeLog b/ChangeLog
index df7312df8..3867fd37e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20140206
+ - (dtucker) [openbsd-compat/bsd-poll.c] Don't bother checking for non-NULL
+   before freeing since free(NULL) is a no-op.  ok djm.
+
 20140205
  - (djm) [sandbox-capsicum.c] Don't fatal if Capsicum is offered by
    headers/libc but not supported by the kernel. Patch from Loganaden
diff --git a/openbsd-compat/bsd-poll.c b/openbsd-compat/bsd-poll.c
index c7ef82776..73a852480 100644
--- a/openbsd-compat/bsd-poll.c
+++ b/openbsd-compat/bsd-poll.c
@@ -1,4 +1,4 @@
-/* $Id: bsd-poll.c,v 1.5 2013/11/08 10:12:58 dtucker Exp $ */
+/* $Id: bsd-poll.c,v 1.6 2014/02/05 23:44:13 dtucker Exp $ */
 
 /*
  * Copyright (c) 2004, 2005, 2007 Darren Tucker (dtucker at zip com au).
@@ -109,12 +109,9 @@ poll(struct pollfd *fds, nfds_t nfds, int timeout)
 	}
 
 out:
-	if (readfds != NULL)
-		free(readfds);
-	if (writefds != NULL)
-		free(writefds);
-	if (exceptfds != NULL)
-		free(exceptfds);
+	free(readfds);
+	free(writefds);
+	free(exceptfds);
 	if (ret == -1)
 		errno = saved_errno;
 	return ret;
-- 
cgit v1.2.3


From 4a20959d2e3c90e9d66897c0b4032c785672d815 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Thu, 13 Feb 2014 16:38:32 +1100
Subject:  - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]  Add
 compat    code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.

---
 ChangeLog                       |  4 ++++
 configure.ac                    |  5 +++--
 openbsd-compat/openssl-compat.c | 10 +++++++++-
 openbsd-compat/openssl-compat.h |  6 +++++-
 4 files changed, 21 insertions(+), 4 deletions(-)

(limited to 'openbsd-compat')

diff --git a/ChangeLog b/ChangeLog
index e3b5fd28a..2542215ca 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+20140213
+ - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}]  Add compat
+   code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
+
 20140207
  - OpenBSD CVS Sync
    - naddy@cvs.openbsd.org 2014/02/05 20:13:25
diff --git a/configure.ac b/configure.ac
index a350a2a55..0dd3f4541 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.569 2014/02/04 00:18:21 djm Exp $
+# $Id: configure.ac,v 1.570 2014/02/13 05:38:33 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.569 $)
+AC_REVISION($Revision: 1.570 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
 
@@ -2430,6 +2430,7 @@ AC_CHECK_FUNCS([ \
 	EVP_DigestFinal_ex \
 	EVP_MD_CTX_init \
 	EVP_MD_CTX_cleanup \
+	EVP_MD_CTX_copy_ex \
 	HMAC_CTX_init \
 	RSA_generate_key_ex \
 	RSA_get_default_method \
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 60eac4b17..885c121f2 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.16 2014/01/17 07:00:41 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.17 2014/02/13 05:38:33 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -96,6 +96,14 @@ ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
 }
 #endif
 
+#ifndef HAVE_EVP_MD_CTX_COPY_EX
+int
+EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
+{
+	return EVP_MD_CTX_copy(out, in);
+}
+#endif
+
 #ifndef HAVE_BN_IS_PRIME_EX
 int
 BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb)
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 021ea98f5..276b9706d 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.25 2014/01/17 06:32:31 dtucker Exp $ */
+/* $Id: openssl-compat.h,v 1.26 2014/02/13 05:38:33 dtucker Exp $ */
 
 /*
  * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -156,6 +156,10 @@ int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, void *);
 int EVP_DigestFinal_ex(EVP_MD_CTX *, unsigned char *, unsigned int *);
 # endif
 
+# ifndef EVP_MD_CTX_COPY_EX
+int EVP_MD_CTX_copy_ex(EVP_MD_CTX *, const EVP_MD_CTX *);
+# endif
+
 int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
     unsigned char *, int);
 int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
-- 
cgit v1.2.3