Wipe out the key from "user.key".
--f.
Index: login_yubikey.c
===================================================================
RCS file: /cvs/src/libexec/login_yubikey/login_yubikey.c,v
retrieving revision 1.10
diff -u -p -u -r1.10 login_yubikey.c
--- login_yubikey.c 16 Jan 2015 06:39:50 -0000 1.10
+++ login_yubikey.c 31 Mar 2016 09:38:01 -0000
@@ -224,6 +224,8 @@ yubikey_login(const char *username, cons
yubikey_hex_decode(uid, hexuid, YUBIKEY_UID_SIZE);
yubikey_hex_decode(key, hexkey, YUBIKEY_KEY_SIZE);
+ explicit_bzero(hexkey, sizeof(hexkey));
+
/*
* Cycle through the key mapping table.
* XXX brute force, unoptimized; a lookup table for valid mappings may
@@ -268,6 +270,8 @@ yubikey_login(const char *username, cons
}
break; /* only reached through the bottom of case 0 */
}
+
+ explicit_bzero(key, sizeof(key));
syslog(LOG_INFO, "user %s uid %s: %d matching keymaps (%d checked), "
"%d crc ok", username, hexuid, mapok, i, crcok);
