[src/trunk]: src/lib/libcrypt zero out hash context after use, to avoid trace...

[drochner <drochner%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/d16590a638a3
branches:  trunk
changeset: 771702:d16590a638a3
user:      drochner <drochner%NetBSD.org@localhost>
date:      Tue Nov 29 13:18:52 2011 +0000

description:
zero out hash context after use, to avoid traces in RAM
(hint from "Solar Designer")

diffstat:

 lib/libcrypt/md5crypt.c |  10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diffs (38 lines):

diff -r 819bf5a263be -r d16590a638a3 lib/libcrypt/md5crypt.c
--- a/lib/libcrypt/md5crypt.c   Tue Nov 29 13:17:04 2011 +0000
+++ b/lib/libcrypt/md5crypt.c   Tue Nov 29 13:18:52 2011 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: md5crypt.c,v 1.9 2007/01/17 23:24:22 hubertf Exp $     */
+/*     $NetBSD: md5crypt.c,v 1.10 2011/11/29 13:18:52 drochner Exp $   */
 
 /*
  * ----------------------------------------------------------------------------
@@ -15,7 +15,7 @@
 
 #include <sys/cdefs.h>
 #if !defined(lint)
-__RCSID("$NetBSD: md5crypt.c,v 1.9 2007/01/17 23:24:22 hubertf Exp $");
+__RCSID("$NetBSD: md5crypt.c,v 1.10 2011/11/29 13:18:52 drochner Exp $");
 #endif /* not lint */
 
 /*
@@ -117,6 +117,9 @@
 
        FINAL(final, &ctx);
 
+       /* Don't leave anything around in vm they could use. */
+       memset(&ctx, 0, sizeof(ctx));
+
        /*
         * And now, just to make sure things don't run too fast. On a 60 MHz
         * Pentium this takes 34 msec, so you would need 30 seconds to build
@@ -144,6 +147,9 @@
                FINAL(final, &ctx1);
        }
 
+       /* Don't leave anything around in vm they could use. */
+       memset(&ctx1, 0, sizeof(ctx1));
+
        p = passwd + sl + MD5_MAGIC_LEN + 1;
 
        l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; __crypt_to64(p,l,4); p += 4;