* findkey.c (agent_key_from_file): Extra paranoid wipe.

* protect.c (agent_unprotect): Ditto.
(merge_lists): Ditto. Add arg RESULTLEN.
* pkdecrypt.c (agent_pkdecrypt): Don't show the secret key even in
debug mode.

* protect.c: Add DSA and Elgamal description.

1 files changed, 4 insertions, 4 deletions

diff --git a/agent/findkey.c b/agent/findkey.c
index a9566a2c7..f145daef1 100644
--- a/agent/findkey.c
+++ b/agent/findkey.c
@@ -154,7 +154,7 @@ unprotect (CTRL ctrl,
     sprintf (hexgrip+2*i, "%02X", grip[i]);
   hexgrip[40] = 0;
 
-  /* first try to get it from the cache - if there is none or we can't
+  /* First try to get it from the cache - if there is none or we can't
      unprotect it, we fall back to ask the user */
   if (!ignore_cache)
     {
@@ -329,9 +329,9 @@ agent_key_from_file (CTRL ctrl,
       return rc;
     }
 
-  /* Arggg FIXME: does scan support secure memory? */
-  rc = gcry_sexp_sscan (&s_skey, &erroff,
-                        buf, gcry_sexp_canon_len (buf, 0, NULL, NULL));
+  buflen = gcry_sexp_canon_len (buf, 0, NULL, NULL);
+  rc = gcry_sexp_sscan (&s_skey, &erroff, buf, buflen);
+  wipememory (buf, buflen);
   xfree (buf);
   if (rc)
     {