Be more careful about destroying sensitive data after private key

[u/mdw/putty] / sshaes.c

diff --git a/sshaes.c b/sshaes.c
index f227c56..01dd04c 100644 (file)
--- a/sshaes.c
+++ b/sshaes.c
@@ -1154,6 +1154,7 @@ void aes256_encrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
     aes_setup(&ctx, 16, key, 32);
     memset(ctx.iv, 0, sizeof(ctx.iv));
     aes_encrypt_cbc(blk, len, &ctx);
+    memset(&ctx, 0, sizeof(ctx));
 }
 
 void aes256_decrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
@@ -1162,6 +1163,7 @@ void aes256_decrypt_pubkey(unsigned char *key, unsigned char *blk, int len)
     aes_setup(&ctx, 16, key, 32);
     memset(ctx.iv, 0, sizeof(ctx.iv));
     aes_decrypt_cbc(blk, len, &ctx);
+    memset(&ctx, 0, sizeof(ctx));
 }
 
 static const struct ssh2_cipher ssh_aes128 = {