===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.78
retrieving revision 1.85
diff -u -r1.78 -r1.85
--- src/usr.bin/ssh/ssh-keygen.c	2001/08/02 15:43:57	1.78
+++ src/usr.bin/ssh/ssh-keygen.c	2001/12/05 10:06:12	1.85
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.78 2001/08/02 15:43:57 jakob Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.85 2001/12/05 10:06:12 deraadt Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -32,7 +32,7 @@
 #include <sectok.h>
 #include <openssl/engine.h>
 #include "scard.h"
-#endif /* SMARTCARD */
+#endif
 
 /* Number of bits in the RSA/DSA key.  This value can be changed on the command line. */
 int bits = 1024;
@@ -159,7 +159,10 @@
 			exit(1);
 		}
 	}
-	key_to_blob(k, &blob, &len);
+	if (key_to_blob(k, &blob, &len) <= 0) {
+		fprintf(stderr, "key_to_blob failed\n");
+		exit(1);
+	}
 	fprintf(stdout, "%s\n", SSH_COM_PUBLIC_BEGIN);
 	fprintf(stdout,
 	    "Comment: \"%d-bit %s, converted from OpenSSH by %s@%s\"\n",
@@ -186,7 +189,7 @@
 }
 
 static Key *
-do_convert_private_ssh2_from_blob(char *blob, int blen)
+do_convert_private_ssh2_from_blob(u_char *blob, int blen)
 {
 	Buffer b;
 	Key *key = NULL;
@@ -265,7 +268,7 @@
 		break;
 	}
 	rlen = buffer_len(&b);
-	if(rlen != 0)
+	if (rlen != 0)
 		error("do_convert_private_ssh2_from_blob: "
 		    "remaining bytes in key blob %d", rlen);
 	buffer_free(&b);
@@ -283,7 +286,7 @@
 	Key *k;
 	int blen;
 	char line[1024], *p;
-	char blob[8096];
+	u_char blob[8096];
 	char encoded[8096];
 	struct stat st;
 	int escaped = 0, private = 0, ok;
@@ -386,7 +389,7 @@
 		debug("#bytes %d", len); \
 		if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
 			goto done; \
-	} while(0)
+	} while (0)
 
 static int
 get_AUT0(char *aut0)
@@ -488,6 +491,14 @@
 	status = 0;
 	log("loading key done");
 done:
+
+	memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
+	memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
+	memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
+	memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
+	memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
+	memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
+
 	if (prv)
 		key_free(prv);
 	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
@@ -519,7 +530,9 @@
 	FILE *f;
 	Key *public;
 	char *comment = NULL, *cp, *ep, line[16*1024], *fp;
-	int i, skip = 0, num = 1, invalid = 1, rep, fptype;
+	int i, skip = 0, num = 1, invalid = 1;
+	enum fp_rep rep;
+	enum fp_type fptype;
 	struct stat st;
 
 	fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
@@ -600,7 +613,7 @@
 		fclose(f);
 	}
 	if (invalid) {
-		printf("%s is not a valid key file.\n", identity_file);
+		printf("%s is not a public key file.\n", identity_file);
 		exit(1);
 	}
 	exit(0);