Re: weird crypt-sha* in DragonFly BSD

[Solar Designer <solar () openwall com>]

On Tue, Nov 15, 2011 at 06:35:02AM +0400, Solar Designer wrote:
> There's also minor weirdness in the code - such as two local pointer
> variables being declared static seemingly for no reason, and only
> "final" but not "ctx" being zeroized in the end.  But even this lack of
> proper cleanup is very minor compared to the lack of stretching.

It turns out that these other minor issues were inherited from phk's
md5crypt.c from FreeBSD.

Currently in FreeBSD, crypt-md5.c: crypt_md5() has extra static
declarations (not only the output buffer, but also three pointers), and
it forgets to zeroize ctx and ctx1 (even though it does zeroize final).

md5crypt.c: __md5crypt() in NetBSD no longer has the extra statics, but
it does forget to zeroize ctx and ctx1.

md5crypt.c: md5crypt() in OpenBSD has the weird static pointers and
forgets to zeroize ctx and ctx1.

Not a big deal, but worth fixing, I think.

Alexander