summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-10-03 17:18:37 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-10-03 17:18:37 +0000
commit1af4d3bb709453b0b206106adaba7c94548fa6f2 (patch)
tree1c49e155e7d893d117d39e430fc6558a1dfd12b1
parent6149a6c57fe24a4afc4a11be7f2061d4d079966a (diff)
- djm@cvs.openbsd.org 2001/09/28 12:07:09
[ssh-keygen.c] bzero private key after loading to smartcard; ok markus@
-rw-r--r--ChangeLog5
-rw-r--r--ssh-keygen.c10
2 files changed, 13 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index fe6d47977..c459b82c6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,9 @@
14 [sshd.8] 14 [sshd.8]
15 don't talk about compile-time options 15 don't talk about compile-time options
16 ok markus@ 16 ok markus@
17 - djm@cvs.openbsd.org 2001/09/28 12:07:09
18 [ssh-keygen.c]
19 bzero private key after loading to smartcard; ok markus@
17 20
1820011001 2120011001
19 - (stevesk) loginrec.c: fix type conversion problems exposed when using 22 - (stevesk) loginrec.c: fix type conversion problems exposed when using
@@ -6606,4 +6609,4 @@
6606 - Wrote replacements for strlcpy and mkdtemp 6609 - Wrote replacements for strlcpy and mkdtemp
6607 - Released 1.0pre1 6610 - Released 1.0pre1
6608 6611
6609$Id: ChangeLog,v 1.1573 2001/10/03 17:15:32 mouring Exp $ 6612$Id: ChangeLog,v 1.1574 2001/10/03 17:18:37 mouring Exp $
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 299ba79c8..727b876de 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: ssh-keygen.c,v 1.81 2001/09/17 20:50:22 markus Exp $"); 15RCSID("$OpenBSD: ssh-keygen.c,v 1.82 2001/09/28 12:07:09 djm Exp $");
16 16
17#include <openssl/evp.h> 17#include <openssl/evp.h>
18#include <openssl/pem.h> 18#include <openssl/pem.h>
@@ -495,6 +495,14 @@ do_upload(struct passwd *pw, const char *sc_reader_id)
495 status = 0; 495 status = 0;
496 log("loading key done"); 496 log("loading key done");
497done: 497done:
498
499 memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
500 memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
501 memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
502 memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
503 memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
504 memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
505
498 if (prv) 506 if (prv)
499 key_free(prv); 507 key_free(prv);
500 for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++) 508 for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)