- (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()

using memset_s() where possible; improve fallback to indirect bzero
   via a volatile pointer to give it more of a chance to avoid being
   optimised away.

ChangeLog

@@ -8,6 +8,10 @@
    on !ECC OpenSSL systems
  - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
    monitor, not preauth; bz#2263
+ - (djm) [openbsd-compat/explicit_bzero.c] implement explicit_bzero()
+   using memset_s() where possible; improve fallback to indirect bzero
+   via a volatile pointer to give it more of a chance to avoid being
+   optimised away.
 
 20140825
  - (djm) [bufec.c] Skip this file on !ECC OpenSSL

configure.ac

@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.582 2014/08/23 07:06:49 djm Exp $
+# $Id: configure.ac,v 1.583 2014/08/26 20:32:01 djm Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
-AC_REVISION($Revision: 1.582 $)
+AC_REVISION($Revision: 1.583 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_LANG([C])
 
@@ -1618,6 +1618,7 @@ AC_CHECK_FUNCS([ \
 	mblen \
 	md5_crypt \
 	memmove \
+	memset_s \
 	mkdtemp \
 	mmap \
 	ngetaddrinfo \

openbsd-compat/explicit_bzero.c

@@ -7,14 +7,34 @@
 
 #include "includes.h"
 
-#ifndef HAVE_EXPLICIT_BZERO
-
 /*
  * explicit_bzero - don't let the compiler optimize away bzero
  */
+
+#ifndef HAVE_EXPLICIT_BZERO
+
+#ifdef HAVE_MEMSET_S
+
 void
 explicit_bzero(void *p, size_t n)
 {
-	bzero(p, n);
+	(void)memset_s(p, n, 0, n);
 }
-#endif
+
+#else /* HAVE_MEMSET_S */
+
+/*
+ * Indirect bzero through a volatile pointer to hopefully avoid
+ * dead-store optimisation eliminating the call.
+ */
+static void (* volatile ssh_bzero)(void *, size_t) = bzero;
+
+void
+explicit_bzero(void *p, size_t n)
+{
+	ssh_bzero(p, n);
+}
+
+#endif /* HAVE_MEMSET_S */
+
+#endif /* HAVE_EXPLICIT_BZERO */