===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.32.2.5
retrieving revision 1.87
diff -u -r1.32.2.5 -r1.87
--- src/usr.bin/ssh/ssh-keygen.c	2001/09/27 00:15:42	1.32.2.5
+++ src/usr.bin/ssh/ssh-keygen.c	2001/12/21 08:52:22	1.87
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh-keygen.c,v 1.32.2.5 2001/09/27 00:15:42 miod Exp $");
+RCSID("$OpenBSD: ssh-keygen.c,v 1.87 2001/12/21 08:52:22 djm Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -73,8 +73,7 @@
 int convert_from_ssh2 = 0;
 int print_public = 0;
 
-/* default to RSA for SSH-1 */
-char *key_type_name = "rsa1";
+char *key_type_name = NULL;
 
 /* argv0 */
 extern char *__progname;
@@ -268,7 +267,7 @@
 		break;
 	}
 	rlen = buffer_len(&b);
-	if(rlen != 0)
+	if (rlen != 0)
 		error("do_convert_private_ssh2_from_blob: "
 		    "remaining bytes in key blob %d", rlen);
 	buffer_free(&b);
@@ -389,7 +388,7 @@
 		debug("#bytes %d", len); \
 		if (BN_bn2bin(prv->rsa->x, elements[i]) < 0) \
 			goto done; \
-	} while(0)
+	} while (0)
 
 static int
 get_AUT0(char *aut0)
@@ -491,6 +490,14 @@
 	status = 0;
 	log("loading key done");
 done:
+
+	memset(elements[0], '\0', BN_num_bytes(prv->rsa->q));
+	memset(elements[1], '\0', BN_num_bytes(prv->rsa->p));
+	memset(elements[2], '\0', BN_num_bytes(prv->rsa->iqmp));
+	memset(elements[3], '\0', BN_num_bytes(prv->rsa->dmq1));
+	memset(elements[4], '\0', BN_num_bytes(prv->rsa->dmp1));
+	memset(elements[5], '\0', BN_num_bytes(prv->rsa->n));
+
 	if (prv)
 		key_free(prv);
 	for (i = 0; i < NUM_RSA_KEY_ELEMENTS; i++)
@@ -522,7 +529,9 @@
 	FILE *f;
 	Key *public;
 	char *comment = NULL, *cp, *ep, line[16*1024], *fp;
-	int i, skip = 0, num = 1, invalid = 1, rep, fptype;
+	int i, skip = 0, num = 1, invalid = 1;
+	enum fp_rep rep;
+	enum fp_type fptype;
 	struct stat st;
 
 	fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5;
@@ -603,7 +612,7 @@
 		fclose(f);
 	}
 	if (invalid) {
-		printf("%s is not a valid key file.\n", identity_file);
+		printf("%s is not a public key file.\n", identity_file);
 		exit(1);
 	}
 	exit(0);
@@ -656,7 +665,7 @@
 			read_passphrase("Enter new passphrase (empty for no "
 			    "passphrase): ", RP_ALLOW_STDIN);
 		passphrase2 = read_passphrase("Enter same passphrase again: ",
-		     RP_ALLOW_STDIN);
+		    RP_ALLOW_STDIN);
 
 		/* Verify that they are the same. */
 		if (strcmp(passphrase1, passphrase2) != 0) {
@@ -734,7 +743,7 @@
 		fprintf(stderr, "Comments are only supported for RSA1 keys.\n");
 		key_free(private);
 		exit(1);
-	}	
+	}
 	printf("Key now has comment '%s'\n", comment);
 
 	if (identity_comment) {
@@ -821,7 +830,7 @@
 int
 main(int ac, char **av)
 {
-	char dotsshdir[16 * 1024], comment[1024], *passphrase1, *passphrase2;
+	char dotsshdir[MAXPATHLEN], comment[1024], *passphrase1, *passphrase2;
 	char *reader_id = NULL;
 	Key *private, *public;
 	struct passwd *pw;
@@ -917,6 +926,10 @@
 	}
 	if (optind < ac) {
 		printf("Too many arguments.\n");
+		usage();
+	}
+	if (key_type_name == NULL) {
+		printf("You must specify a key type (-t).\n");
 		usage();
 	}
 	if (change_passphrase && change_comment) {