Avoid leaking storage in one function.

Set USE_FORT to yes, and fix the fallout.

crypto/external/bsd/openpgpsdk/dist/src/lib/fingerprint.c

@@ -29,13 +29,6 @@
 #include <string.h>
 
 #include <openpgpsdk/configure.h>
-#ifdef HAVE_ALLOCA_H
-# include <alloca.h>
-#endif
-
-#ifdef WIN32
-#define alloca _alloca
-#endif
 
 #include <openpgpsdk/final.h>
 #include <openpgpsdk/util.h>
@@ -63,14 +56,16 @@ void ops_fingerprint(ops_fingerprint_t *fp,const ops_public_key_t *key)
 	md5.init(&md5);
 
 	n=BN_num_bytes(key->key.rsa.n);
-	bn=alloca(n);
+	bn=ops_mallocz(n);
 	BN_bn2bin(key->key.rsa.n,bn);
 	md5.add(&md5,bn,n);
+	(void) free(bn);
 
 	n=BN_num_bytes(key->key.rsa.e);
-	bn=alloca(n);
+	bn=ops_mallocz(n);
 	BN_bn2bin(key->key.rsa.e,bn);
 	md5.add(&md5,bn,n);
+	(void) free(bn);
 
 	md5.finish(&md5,fp->fingerprint);
 	fp->length=16;

crypto/external/bsd/openpgpsdk/dist/src/lib/packet-parse.c

@@ -2498,8 +2498,7 @@ static int parse_pk_session_key(ops_region_t *region,
     // Can't rely on it being CAST5
     // \todo FIXME RW
     //    const size_t sz_unencoded_m_buf=CAST_KEY_LENGTH+1+2;
-    const size_t sz_unencoded_m_buf=1024;
-    unsigned char unencoded_m_buf[sz_unencoded_m_buf];
+    unsigned char unencoded_m_buf[1024];
     
     if(!limited_read(c,1,region,pinfo))
 	return 0;
@@ -2637,6 +2636,7 @@ static int parse_pk_session_key(ops_region_t *region,
     pinfo->decrypt.set_iv(&pinfo->decrypt, iv);
     pinfo->decrypt.set_key(&pinfo->decrypt,C.pk_session_key.key);
     ops_encrypt_init(&pinfo->decrypt);
+    (void)free(iv);
     return 1;
     }
 

crypto/external/bsd/openpgpsdk/lib/Makefile

@@ -1,9 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2009/01/21 07:08:10 agc Exp $
+# $NetBSD: Makefile,v 1.6 2009/01/21 15:35:01 agc Exp $
 
 .include <bsd.own.mk>
 
-#USE_FORT?= yes	# network protocol library
-USE_FORT?= no	# network protocol library
+USE_FORT?= yes	# network protocol library
 
 LIB= openpgpsdk
 SRCS+= accumulate.c compress.c create.c crypto.c errors.c fingerprint.c