From 09616c4834228519deedd825d67ecb08dfe4b778 Mon Sep 17 00:00:00 2001
From: David Solin <solind@Gallifrey.local>
Date: Fri, 12 Aug 2016 20:03:08 -0500
Subject: [PATCH] Tweaks

---
 GNUmakefile                                                | 4 ++--
 .../schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java    | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/GNUmakefile b/GNUmakefile
index 08bcf97f..d149b460 100755
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -34,8 +34,8 @@ classes: classdirs $(CLASS_FILES)
 
 install: all
 	cp sshj.jar $(TOP)/../jOVAL-Commercial/components/wsmv/winrs/rsrc/lib
-#	cp sshj.jar $(TOP)/../jOVAL-Commercial/components/provider/remote/rsrc/lib
-#	cp sshj.jar $(TOP)/../jOVAL-Commercial/components/sdk/dist/3rd-party
+	cp sshj.jar $(TOP)/../jOVAL-Commercial/components/provider/remote/rsrc/lib
+	cp sshj.jar $(TOP)/../jOVAL-Commercial/components/sdk/dist/3rd-party
 
 classdirs: $(foreach pkg, $(PACKAGEDIRS), $(BUILD)/$(pkg)/)
 
diff --git a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
index ac05eb35..ff47780e 100644
--- a/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
+++ b/src/main/java/net/schmizz/sshj/userauth/keyprovider/PKCS8KeyFile.java
@@ -198,6 +198,8 @@ public class PKCS8KeyFile
 		    CharBuffer cb = CharBuffer.wrap(pwdf.reqPassword(resource));
 		    ByteBuffer bb = IOUtils.UTF8.encode(cb);
 		    byte[] passphrase = Arrays.copyOfRange(bb.array(), bb.position(), bb.limit());
+		    Arrays.fill(cb.array(), '\u0000');
+		    Arrays.fill(bb.array(), (byte)0);
 		    byte[] key = new byte[cipher.getBlockSize()];
 		    iv = Arrays.copyOfRange(iv, 0, cipher.getIVSize());
 		    Digest md5 = new MD5();
@@ -215,13 +217,12 @@ public class PKCS8KeyFile
                         System.arraycopy(tmp, 0, hn, i, tmp.length);
                         i += tmp.length;
                     }
+		    Arrays.fill(passphrase, (byte)0);
                     System.arraycopy(hn, 0, key, 0, key.length);
 		    cipher.init(Cipher.Mode.Decrypt, key, iv);
+		    Arrays.fill(key, (byte)0);
 		    cipher.update(data, 0, data.length);
 		    decrypted = 0x30 == data[0];
-		    Arrays.fill(cb.array(), '\u0000');
-		    Arrays.fill(bb.array(), (byte) 0);
-		    Arrays.fill(key, (byte) 0);
 		} while (!decrypted && pwdf.shouldRetry(resource));
 	    }
 	    if (0x30 != data[0]) {