diff options
author | Christian Grothoff <christian@grothoff.org> | 2013-09-21 20:14:00 +0000 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2013-09-21 20:14:00 +0000 |
commit | 21f542e9ab8c812534485e70a290991208d8b787 (patch) | |
tree | 5f64d49294ac56cc8a471819f1d208107bd9766f | |
parent | 59c2e2ae2391c2678ce54af52b19862b9d01a3fc (diff) | |
download | gnunet-21f542e9ab8c812534485e70a290991208d8b787.tar.gz gnunet-21f542e9ab8c812534485e70a290991208d8b787.zip |
clear private keys in static locations on exit
-rw-r--r-- | src/gns/gnunet-gns-proxy.c | 1 | ||||
-rw-r--r-- | src/include/gnunet_crypto_lib.h | 10 | ||||
-rw-r--r-- | src/namestore/gnunet-namestore-fcfsd.c | 1 | ||||
-rw-r--r-- | src/namestore/gnunet-namestore.c | 2 | ||||
-rw-r--r-- | src/util/crypto_ecc.c | 13 |
5 files changed, 27 insertions, 0 deletions
diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c index 7076c7080..140deaafd 100644 --- a/src/gns/gnunet-gns-proxy.c +++ b/src/gns/gnunet-gns-proxy.c | |||
@@ -2855,6 +2855,7 @@ main (int argc, char *const *argv) | |||
2855 | &run, NULL)) ? 0 : 1; | 2855 | &run, NULL)) ? 0 : 1; |
2856 | MHD_destroy_response (curl_failure_response); | 2856 | MHD_destroy_response (curl_failure_response); |
2857 | GNUNET_free_non_null ((char *) argv); | 2857 | GNUNET_free_non_null ((char *) argv); |
2858 | GNUNET_CRYPTO_ecc_key_clear (&local_shorten_zone); | ||
2858 | return ret; | 2859 | return ret; |
2859 | } | 2860 | } |
2860 | 2861 | ||
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 637a3000e..9b065e747 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
@@ -901,6 +901,16 @@ GNUNET_CRYPTO_ecc_key_create (void); | |||
901 | 901 | ||
902 | /** | 902 | /** |
903 | * @ingroup crypto | 903 | * @ingroup crypto |
904 | * Clear memory that was used to store a private key. | ||
905 | * | ||
906 | * @param pk location of the key | ||
907 | */ | ||
908 | void | ||
909 | GNUNET_CRYPTO_ecc_key_clear (struct GNUNET_CRYPTO_EccPrivateKey *pk); | ||
910 | |||
911 | |||
912 | /** | ||
913 | * @ingroup crypto | ||
904 | * Get the shared private key we use for anonymous users. | 914 | * Get the shared private key we use for anonymous users. |
905 | * | 915 | * |
906 | * @return "anonymous" private key; do not free | 916 | * @return "anonymous" private key; do not free |
diff --git a/src/namestore/gnunet-namestore-fcfsd.c b/src/namestore/gnunet-namestore-fcfsd.c index 7149a5206..4b110a548 100644 --- a/src/namestore/gnunet-namestore-fcfsd.c +++ b/src/namestore/gnunet-namestore-fcfsd.c | |||
@@ -1030,6 +1030,7 @@ main (int argc, char *const *argv) | |||
1030 | options, | 1030 | options, |
1031 | &run, NULL)) ? 0 : 1; | 1031 | &run, NULL)) ? 0 : 1; |
1032 | GNUNET_free ((void*) argv); | 1032 | GNUNET_free ((void*) argv); |
1033 | GNUNET_CRYPTO_ecc_key_clear (&fcfs_zone_pkey); | ||
1033 | return ret; | 1034 | return ret; |
1034 | } | 1035 | } |
1035 | 1036 | ||
diff --git a/src/namestore/gnunet-namestore.c b/src/namestore/gnunet-namestore.c index fb9b017b1..136fec3b8 100644 --- a/src/namestore/gnunet-namestore.c +++ b/src/namestore/gnunet-namestore.c | |||
@@ -748,9 +748,11 @@ main (int argc, char *const *argv) | |||
748 | &run, NULL)) | 748 | &run, NULL)) |
749 | { | 749 | { |
750 | GNUNET_free ((void*) argv); | 750 | GNUNET_free ((void*) argv); |
751 | GNUNET_CRYPTO_ecc_key_clear (&zone_pkey); | ||
751 | return 1; | 752 | return 1; |
752 | } | 753 | } |
753 | GNUNET_free ((void*) argv); | 754 | GNUNET_free ((void*) argv); |
755 | GNUNET_CRYPTO_ecc_key_clear (&zone_pkey); | ||
754 | return ret; | 756 | return ret; |
755 | } | 757 | } |
756 | 758 | ||
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c index c17da46e9..defde904b 100644 --- a/src/util/crypto_ecc.c +++ b/src/util/crypto_ecc.c | |||
@@ -426,6 +426,19 @@ decode_public_sign_key (const struct GNUNET_CRYPTO_EccPublicSignKey *pub) | |||
426 | 426 | ||
427 | 427 | ||
428 | /** | 428 | /** |
429 | * @ingroup crypto | ||
430 | * Clear memory that was used to store a private key. | ||
431 | * | ||
432 | * @param pk location of the key | ||
433 | */ | ||
434 | void | ||
435 | GNUNET_CRYPTO_ecc_key_clear (struct GNUNET_CRYPTO_EccPrivateKey *pk) | ||
436 | { | ||
437 | memset (pk, 0, sizeof (struct GNUNET_CRYPTO_EccPrivateKey); | ||
438 | } | ||
439 | |||
440 | |||
441 | /** | ||
429 | * Create a new private key. Caller must free return value. | 442 | * Create a new private key. Caller must free return value. |
430 | * | 443 | * |
431 | * @return fresh private key | 444 | * @return fresh private key |