bzero private key after loading to smartcard; ok markus@

author: djm <djm@openbsd.org> 2001-09-28 12:07:09 +0000
committer: djm <djm@openbsd.org> 2001-09-28 12:07:09 +0000
commit: 72a6047cf02290a18f664a35304fdc044b6415f0 (patch)
tree: dfe38508b1f3dec632ad8d50996e200726f519eb /usr.bin/ssh/ssh-keygen.c
parent: Remove debugging scaffolding (diff)
download: wireguard-openbsd-72a6047cf02290a18f664a35304fdc044b6415f0.tar.xz
wireguard-openbsd-72a6047cf02290a18f664a35304fdc044b6415f0.zip
1 files changed, 9 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c
index 2358111bcfd..780cad328f5 100644
--- a/usr.bin/ssh/ssh-keygen.c
+++ b/usr.bin/ssh/ssh-keygen.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.81 2001/09/17 20:50:22 markus Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.82 2001/09/28 12:07:09 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -491,6 +491,14 @@ do_upload(struct passwd *pw, const char *sc_reader_id)
 	status = 0;
 	log("loading key done");
 done:
+
+	memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
+	memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
+	memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
+	memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
+	memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
+	memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
+
 	if (prv)
 		key_free(prv);
 	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
author	djm <djm@openbsd.org>	2001-09-28 12:07:09 +0000
committer	djm <djm@openbsd.org>	2001-09-28 12:07:09 +0000
commit	72a6047cf02290a18f664a35304fdc044b6415f0 (patch)
tree	dfe38508b1f3dec632ad8d50996e200726f519eb /usr.bin/ssh/ssh-keygen.c
parent	Remove debugging scaffolding (diff)
download	wireguard-openbsd-72a6047cf02290a18f664a35304fdc044b6415f0.tar.xz wireguard-openbsd-72a6047cf02290a18f664a35304fdc044b6415f0.zip