X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fgcrypt%2Frsagen.c;h=85765557e509e74998e5049b92aa6a38d8bfb9d3;hb=a5c6c6ea1ab657d83a4d8b064ac9bfa9c16adf63;hp=acf96acf5224aabc7ce6e4d707f90b2642e74d00;hpb=77cd819058de43a5fcea54300dde50e03088c318;p=tinc

diff --git a/src/gcrypt/rsagen.c b/src/gcrypt/rsagen.c
index acf96acf..85765557 100644
--- a/src/gcrypt/rsagen.c
+++ b/src/gcrypt/rsagen.c
@@ -1,6 +1,6 @@
 /*
     rsagen.c -- RSA key generation and export
-    Copyright (C) 2008-2012 Guus Sliepen <guus@tinc-vpn.org>
+    Copyright (C) 2008-2022 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -17,15 +17,16 @@
     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 */
 
-#include "system.h"
+#include "../system.h"
 
 #include <gcrypt.h>
 #include <assert.h>
 
-#include "../rsagen.h"
-#include "xalloc.h"
 #include "rsa.h"
 #include "pem.h"
+#include "../rsagen.h"
+#include "../xalloc.h"
+#include "../utils.h"
 
 // ASN.1 tags.
 typedef enum {
@@ -106,7 +107,7 @@ static size_t der_fill(uint8_t *derbuf, bool is_private, const gcry_mpi_t mpi[],
 		der += len;
 	}
 
-	assert(der - derbuf == derlen);
+	assert((size_t)(der - derbuf) == derlen);
 	return derlen;
 }
 
@@ -240,7 +241,9 @@ bool rsa_write_pem_private_key(rsa_t *rsa, FILE *fp) {
 	gcry_mpi_release(params[dq]);
 	gcry_mpi_release(params[u]);
 
-	return pem_encode(fp, "RSA PRIVATE KEY", derbuf, derlen);
+	bool success = pem_encode(fp, "RSA PRIVATE KEY", derbuf, derlen);
+	memzero(derbuf, sizeof(derbuf));
+	return success;
 }
 
 static gcry_mpi_t find_mpi(const gcry_sexp_t rsa, const char *token) {