 @@ -1,18 +1,21 @@
-/* $NetBSD: explicit_memset.c,v 1.2 2013/08/28 15:46:23 riastradh Exp $ */
+/* $NetBSD: explicit_memset.c,v 1.3 2013/08/28 17:47:07 riastradh Exp $ */
 #if !defined(_KERNEL) && !defined(_STANDALONE)
 #include "namespace.h"
 #include <string.h>
-#define explicit_memset __explicit_memset
+#ifdef __weak_alias
 __weak_alias(explicit_memset,_explicit_memset)
 #endif
 #define explicit_memset_impl __explicit_memset_impl
 #else
 #include <lib/libkern/libkern.h>
 #endif
 /*
  * The use of a volatile pointer guarantees that the compiler
  * will not optimise the call away.
  */
 void *(* volatile explicit_memset_impl)(void *, int, size_t) = memset;
 void *
 explicit_memset(void *b, int c, size_t len)

 @@ -1,14 +1,14 @@
-/* $NetBSD: dict.c,v 1.8 2013/06/24 04:21:19 riastradh Exp $ */
+/* $NetBSD: dict.c,v 1.9 2013/08/28 17:47:07 riastradh Exp $ */
 /* Copyright (c) 2010 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * This code is derived from software contributed to The NetBSD Foundation
  * by Mateusz Kocielski.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
 @@ -25,27 +25,27 @@
  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED.	IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  * POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: dict.c,v 1.8 2013/06/24 04:21:19 riastradh Exp $");
+__RCSID("$NetBSD: dict.c,v 1.9 2013/08/28 17:47:07 riastradh Exp $");
 #include <sys/queue.h>
 #include <ctype.h>
 #include <errno.h>
 #include <stdbool.h>
 #include <stdlib.h>
 #include <string.h>
 #include "dict.h"
 #include "msg.h"
 /** dictionary */
 @@ -126,27 +126,27 @@ saslc__dict_valid_key(const char *key)
 	return *key == '\0';
+}
 /**
  * @brief destroys and deallocates list node
  * @param node list node
  */
 static void
 saslc__dict_list_node_destroy(saslc__dict_node_t *node)
+{
 	free(node->key);
 	/* zero value, it may contain sensitive data */
-	__explicit_memset(node->value, 0, node->value_len);
+	explicit_memset(node->value, 0, node->value_len);
 	free(node->value);
 	LIST_REMOVE(node, nodes);
 	free(node);
+}
 /**
  * @brief gets node from the dictionary using key
  * @param dict dictionary
  * @param key node key
  * @return pointer to node if key is in the dictionary, NULL otherwise
  */
 static saslc__dict_node_t *
 saslc__dict_get_node_by_key(saslc__dict_t *dict, const char *key)

 @@ -1,14 +1,14 @@
-/*	$NetBSD: dns.c,v 1.7 2013/08/28 15:24:41 riastradh Exp $	*/
+/*	$NetBSD: dns.c,v 1.8 2013/08/28 17:47:07 riastradh Exp $	*/
 /* $OpenBSD: dns.c,v 1.28 2012/05/23 03:28:28 djm Exp $ */
 /*
  * Copyright (c) 2003 Wesley Griffin. All rights reserved.
  * Copyright (c) 2003 Jakob Schlyter. All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
 @@ -17,27 +17,27 @@
  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include "includes.h"
-__RCSID("$NetBSD: dns.c,v 1.7 2013/08/28 15:24:41 riastradh Exp $");
+__RCSID("$NetBSD: dns.c,v 1.8 2013/08/28 17:47:07 riastradh Exp $");
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netdb.h>
 #include <stdio.h>
 #include <string.h>
 #include "xmalloc.h"
 #include "key.h"
 #include "dns.h"
 #include "log.h"
 #include "getrrsetbyname.h"
 @@ -268,27 +268,27 @@ verify_host_key_dns(const char *hostname
 			if (!dns_read_key(&hostkey_algorithm,
 			    &hostkey_digest_type, &hostkey_digest,
 			    &hostkey_digest_len, hostkey)) {
 				error("Error calculating key fingerprint.");
 				freerrset(fingerprints);
 				return -1;
+			}
+		}
 		/* Check if the current key is the same as the given key */
 		if (hostkey_algorithm == dnskey_algorithm &&
 		    hostkey_digest_type == dnskey_digest_type) {
 			if (hostkey_digest_len == dnskey_digest_len &&
-			    __consttime_memequal(hostkey_digest, dnskey_digest,
+			    consttime_memequal(hostkey_digest, dnskey_digest,
 			    hostkey_digest_len))
 				*flags |= DNS_VERIFY_MATCH;
+		}
 		xfree(dnskey_digest);
+	}
 	xfree(hostkey_digest); /* from key_fingerprint_raw() */
 	freerrset(fingerprints);
 	if (*flags & DNS_VERIFY_FOUND)
 		if (*flags & DNS_VERIFY_MATCH)
 			debug("matching host key fingerprint found in DNS");
 		else

 @@ -1,14 +1,14 @@
-/*	$NetBSD: string.h,v 1.47 2013/08/28 15:46:23 riastradh Exp $	*/
+/*	$NetBSD: string.h,v 1.48 2013/08/28 17:47:07 riastradh Exp $	*/
 /*-
  * Copyright (c) 1990, 1993
  *	The Regents of the University of California.  All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -93,28 +93,28 @@ __aconst char *strsignal(int);
 __END_DECLS
 #if defined(_NETBSD_SOURCE)
 #include <strings.h>		/* for backwards-compatibilty */
 __BEGIN_DECLS
 void	*memmem(const void *, size_t, const void *, size_t);
 char	*strcasestr(const char *, const char *);
 size_t	 strlcat(char *, const char *, size_t);
 size_t	 strlcpy(char *, const char *, size_t);
 char	*strsep(char **, const char *);
 char	*stresep(char **, const char *, int);
 char	*strndup(const char *, size_t);
 void	*memrchr(const void *, int, size_t);
-void	*__explicit_memset(void *, int, size_t);
+void	*explicit_memset(void *, int, size_t);
-int	__consttime_memequal(const void *, const void *, size_t);
+int	consttime_memequal(const void *, const void *, size_t);
 __END_DECLS
 #endif
 #if (_POSIX_C_SOURCE - 0) >= 200809L || defined(_NETBSD_SOURCE)
 #  ifndef __LOCALE_T_DECLARED
 typedef struct _locale		*locale_t;
 #  define __LOCALE_T_DECLARED
 #  endif
 __BEGIN_DECLS
 int	 strcoll_l(const char *, const char *, locale_t);
 size_t	 strxfrm_l(char * __restrict, const char * __restrict, size_t, locale_t);
 __aconst char *strerror_l(int, locale_t);
 __END_DECLS

 @@ -1,14 +1,14 @@
-/*	$NetBSD: namespace.h,v 1.168 2013/08/19 13:03:12 joerg Exp $	*/
+/*	$NetBSD: namespace.h,v 1.169 2013/08/28 17:47:07 riastradh Exp $	*/
 /*-
  * Copyright (c) 1997-2004 The NetBSD Foundation, Inc.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -223,26 +223,27 @@
 #define clnt_sperror		_clnt_sperror
 #define clnt_vc_create		_clnt_vc_create
 #define clntraw_create		_clntraw_create
 #define clnttcp_create		_clnttcp_create
 #define clntudp_bufcreate	_clntudp_bufcreate
 #define clntudp_create		_clntudp_create
 #define clock_gettime		_clock_gettime
 #define clock_getres		_clock_getres
 #define clock_settime		_clock_settime
 #define closedir		_closedir
 #define closelog		_closelog
 #define closelog_r		_closelog_r
 #define confstr			_confstr
 #define consttime_memequal	_consttime_memequal
 #define csetexpandtc		_csetexpandtc
 #define ctermid			_ctermid
 #define ctime_r			_ctime_r
 #define ctime_rz		_ctime_rz
 #define daemon			_daemon
 #define dbopen			_dbopen
 #define devname			_devname
 #define difftime		_difftime
 #define dirname			_dirname
 #define dn_expand		_dn_expand
 #define dprintf_l		_dprintf_l
 #define drand48			_drand48
 #define duplocale		_duplocale
 @@ -262,26 +263,27 @@
 #define endttyent		_endttyent
 #define endusershell		_endusershell
 #define erand48			_erand48
 #define ether_aton		_ether_aton
 #define ether_hostton		_ether_hostton
 #define ether_line		_ether_line
 #define ether_ntoa		_ether_ntoa
 #define ether_ntohost		_ether_ntohost
 #define execl			_execl
 #define execle			_execle
 #define execlp			_execlp
 #define execv			_execv
 #define execvp			_execvp
 #define explicit_memset		_explicit_memset
 #define fdopen			_fdopen
 #define fgetln			_fgetln
 #define fgetwln			_fgetwln
 #define fhstatvfs		_fhstatvfs
 #define flockfile		_flockfile
 #define ftrylockfile		_ftrylockfile
 #define funlockfile		_funlockfile
 #define fnmatch			_fnmatch
 #define fparseln		_fparseln
 #define fprintf_l		_fprintf_l
 #define fpgetmask		_fpgetmask
 #define fpgetprec		_fpgetprec
 #define fpgetround		_fpgetround

 @@ -1,14 +1,14 @@
-/*	$NetBSD: bcrypt.c,v 1.18 2013/06/24 04:21:20 riastradh Exp $	*/
+/*	$NetBSD: bcrypt.c,v 1.19 2013/08/28 17:47:07 riastradh Exp $	*/
 /*	$OpenBSD: bcrypt.c,v 1.16 2002/02/19 19:39:36 millert Exp $	*/
 /*
  * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
 @@ -36,27 +36,27 @@
+ *
  * 1. state := InitState ()
  * 2. state := ExpandKey (state, salt, password) 3.
  * REPEAT rounds:
  *	state := ExpandKey (state, 0, salt)
  *      state := ExpandKey(state, 0, password)
  * 4. ctext := "OrpheanBeholderScryDoubt"
  * 5. REPEAT 64:
  * 	ctext := Encrypt_ECB (state, ctext);
  * 6. RETURN Concatenate (salt, ctext);
+ *
  */
 #include <sys/cdefs.h>
-__RCSID("$NetBSD: bcrypt.c,v 1.18 2013/06/24 04:21:20 riastradh Exp $");
+__RCSID("$NetBSD: bcrypt.c,v 1.19 2013/08/28 17:47:07 riastradh Exp $");
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/types.h>
 #include <string.h>
 #include <pwd.h>
 #include <errno.h>
 #include <limits.h>
 #include "crypt.h"
 #include "blowfish.c"
 /* This implementation is adaptable to current computing power.
 @@ -304,27 +304,27 @@ __bcrypt(const char *key, const char *sa
 	i = 0;
 	encrypted[i++] = '$';
 	encrypted[i++] = BCRYPT_VERSION;
 	if (minor)
 		encrypted[i++] = minor;
 	encrypted[i++] = '$';
 	snprintf(encrypted + i, 4, "%2.2u$", logr);
 	encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
 	encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
 * BCRYPT_BLOCKS - 1);
-	__explicit_memset(&state, 0, sizeof(state));
+	explicit_memset(&state, 0, sizeof(state));
 	return encrypted;
+}
 static void
 encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len)
+{
 	u_int8_t *bp = buffer;
 	u_int8_t *p = data;
 	u_int8_t c1, c2;
 	while (p < data + len) {
 		c1 = *p++;
 		*bp++ = Base64Code[((u_int32_t)c1 >> 2)];
 		c1 = (c1 & 0x03) << 4;

 @@ -1,14 +1,14 @@
-/* $NetBSD: crypt-sha1.c,v 1.7 2013/08/10 18:42:29 dholland Exp $ */
+/* $NetBSD: crypt-sha1.c,v 1.8 2013/08/28 17:47:07 riastradh Exp $ */
 /*
  * Copyright (c) 2004, Juniper Networks, Inc.
  * All rights reserved.
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
 @@ -21,27 +21,27 @@
  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #include <sys/cdefs.h>
 #if !defined(lint)
-__RCSID("$NetBSD: crypt-sha1.c,v 1.7 2013/08/10 18:42:29 dholland Exp $");
+__RCSID("$NetBSD: crypt-sha1.c,v 1.8 2013/08/28 17:47:07 riastradh Exp $");
 #endif /* not lint */
 #include <stdlib.h>
 #include <unistd.h>
 #include <stdio.h>
 #include <string.h>
 #include <time.h>
 #include <err.h>
 #include "crypt.h"
 /*
  * The default iterations - should take >0s on a fast CPU
 @@ -182,17 +182,17 @@ __crypt_sha1 (const char *pw, const char
 	ul = (hmac_buf[i+0] << 16) |
 	    (hmac_buf[i+1] << 8) |
 	    hmac_buf[i+2];
 	__crypt_to64(ep, ul, 4); ep += 4;
+    }
     /* Only 2 bytes left, so we pad with byte0 */
     ul = (hmac_buf[SHA1_SIZE - 2] << 16) |
 	(hmac_buf[SHA1_SIZE - 1] << 8) |
 	hmac_buf[0];
     __crypt_to64(ep, ul, 4); ep += 4;
     *ep = '\0';
     /* Don't leave anything around in vm they could use. */
-    __explicit_memset(hmac_buf, 0, sizeof hmac_buf);
+    explicit_memset(hmac_buf, 0, sizeof hmac_buf);
     return passwd;
+}

 @@ -1,31 +1,31 @@
-/*	$NetBSD: md5crypt.c,v 1.13 2013/06/24 04:21:20 riastradh Exp $	*/
+/*	$NetBSD: md5crypt.c,v 1.14 2013/08/28 17:47:07 riastradh Exp $	*/
 /*
  * ----------------------------------------------------------------------------
  * "THE BEER-WARE LICENSE" (Revision 42):
  * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
  * can do whatever you want with this stuff. If we meet some day, and you think
  * this stuff is worth it, you can buy me a beer in return.   Poul-Henning Kamp
  * ----------------------------------------------------------------------------
+ *
  * from FreeBSD: crypt.c,v 1.5 1996/10/14 08:34:02 phk Exp
  * via OpenBSD: md5crypt.c,v 1.9 1997/07/23 20:58:27 kstailey Exp
+ *
  */
 #include <sys/cdefs.h>
 #if !defined(lint)
-__RCSID("$NetBSD: md5crypt.c,v 1.13 2013/06/24 04:21:20 riastradh Exp $");
+__RCSID("$NetBSD: md5crypt.c,v 1.14 2013/08/28 17:47:07 riastradh Exp $");
 #endif /* not lint */
 #include <unistd.h>
 #include <stdio.h>
 #include <string.h>
 #include <md5.h>
 #include "crypt.h"
 #define MD5_MAGIC	"$1$"
 #define MD5_MAGIC_LEN	3
 #define	INIT(x)			MD5Init((x))
 @@ -133,16 +133,16 @@ __md5crypt(const char *pw, const char *s
 	/* memset(&ctx1, 0, sizeof(ctx1)); done by MD5Final() */
 	p = passwd + sl + MD5_MAGIC_LEN + 1;
 	l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; __crypt_to64(p,l,4); p += 4;
 	l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; __crypt_to64(p,l,4); p += 4;
 	l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; __crypt_to64(p,l,4); p += 4;
 	l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; __crypt_to64(p,l,4); p += 4;
 	l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; __crypt_to64(p,l,4); p += 4;
 	l =		       final[11]		; __crypt_to64(p,l,2); p += 2;
 	*p = '\0';
 	/* Don't leave anything around in vm they could use. */
-	__explicit_memset(final, 0, sizeof(final));
+	explicit_memset(final, 0, sizeof(final));
 	return (passwd);
+}

 @@ -1,18 +1,21 @@
-/* $NetBSD: consttime_memequal.c,v 1.2 2013/08/28 15:24:41 riastradh Exp $ */
+/* $NetBSD: consttime_memequal.c,v 1.3 2013/08/28 17:47:07 riastradh Exp $ */
 #if !defined(_KERNEL) && !defined(_STANDALONE)
 #include "namespace.h"
 #include <string.h>
-#define consttime_memequal __consttime_memequal
+#ifdef __weak_alias
 __weak_alias(consttime_memequal,_consttime_memequal)
 #endif
 #else
 #include <lib/libkern/libkern.h>
 #endif
 int
 consttime_memequal(const void *b1, const void *b2, size_t len)
+{
 	const char *c1 = b1, *c2 = b2;
 	int res = 0;
 	while (len --)
 		res |= *c1++ ^ *c2++;
 	return !res;