clear private keys in static locations on exit

author: Christian Grothoff <christian@grothoff.org> 2013-09-21 20:14:00 +0000
committer: Christian Grothoff <christian@grothoff.org> 2013-09-21 20:14:00 +0000
commit: 21f542e9ab8c812534485e70a290991208d8b787 (patch)
tree: 5f64d49294ac56cc8a471819f1d208107bd9766f
parent: 59c2e2ae2391c2678ce54af52b19862b9d01a3fc (diff)
download: gnunet-21f542e9ab8c812534485e70a290991208d8b787.tar.gz
gnunet-21f542e9ab8c812534485e70a290991208d8b787.zip
5 files changed, 27 insertions, 0 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index 7076c7080..140deaafd 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -2855,6 +2855,7 @@ main (int argc, char *const *argv)
                           &run, NULL)) ? 0 : 1;
  MHD_destroy_response (curl_failure_response);
  GNUNET_free_non_null ((char *) argv);
+  GNUNET_CRYPTO_ecc_key_clear (&local_shorten_zone);
  return ret;
 }
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 637a3000e..9b065e747 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -901,6 +901,16 @@ GNUNET_CRYPTO_ecc_key_create (void);
 /**
 * @ingroup crypto
+ * Clear memory that was used to store a private key. 
+ *
+ * @param pk location of the key
+ */
+void
+GNUNET_CRYPTO_ecc_key_clear (struct GNUNET_CRYPTO_EccPrivateKey *pk);
+/**
+ * @ingroup crypto
 * Get the shared private key we use for anonymous users.
 *
 * @return "anonymous" private key; do not free
diff --git a/src/namestore/gnunet-namestore-fcfsd.c b/src/namestore/gnunet-namestore-fcfsd.c
index 7149a5206..4b110a548 100644
--- a/src/namestore/gnunet-namestore-fcfsd.c
+++ b/src/namestore/gnunet-namestore-fcfsd.c
@@ -1030,6 +1030,7 @@ main (int argc, char *const *argv)
                           options,
                           &run, NULL)) ? 0 : 1;
  GNUNET_free ((void*) argv);
+  GNUNET_CRYPTO_ecc_key_clear (&fcfs_zone_pkey);
  return ret;
 }
diff --git a/src/namestore/gnunet-namestore.c b/src/namestore/gnunet-namestore.c
index fb9b017b1..136fec3b8 100644
--- a/src/namestore/gnunet-namestore.c
+++ b/src/namestore/gnunet-namestore.c
@@ -748,9 +748,11 @@ main (int argc, char *const *argv)
                          &run, NULL))
  {
    GNUNET_free ((void*) argv);
+    GNUNET_CRYPTO_ecc_key_clear (&zone_pkey);
    return 1;
  }
  GNUNET_free ((void*) argv);
+  GNUNET_CRYPTO_ecc_key_clear (&zone_pkey);
  return ret;
 }
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index c17da46e9..defde904b 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -426,6 +426,19 @@ decode_public_sign_key (const struct GNUNET_CRYPTO_EccPublicSignKey *pub)
 /**
+ * @ingroup crypto
+ * Clear memory that was used to store a private key. 
+ *
+ * @param pk location of the key
+ */
+void
+GNUNET_CRYPTO_ecc_key_clear (struct GNUNET_CRYPTO_EccPrivateKey *pk)
+{
+  memset (pk, 0, sizeof (struct GNUNET_CRYPTO_EccPrivateKey);
+}
+/**
 * Create a new private key. Caller must free return value.
 *
 * @return fresh private key
author	Christian Grothoff <christian@grothoff.org>	2013-09-21 20:14:00 +0000
committer	Christian Grothoff <christian@grothoff.org>	2013-09-21 20:14:00 +0000
commit	21f542e9ab8c812534485e70a290991208d8b787 (patch)
tree	5f64d49294ac56cc8a471819f1d208107bd9766f
parent	59c2e2ae2391c2678ce54af52b19862b9d01a3fc (diff)
download	gnunet-21f542e9ab8c812534485e70a290991208d8b787.tar.gz gnunet-21f542e9ab8c812534485e70a290991208d8b787.zip