From 21f542e9ab8c812534485e70a290991208d8b787 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sat, 21 Sep 2013 20:14:00 +0000
Subject: clear private keys in static locations on exit

---
 src/gns/gnunet-gns-proxy.c             |  1 +
 src/include/gnunet_crypto_lib.h        | 10 ++++++++++
 src/namestore/gnunet-namestore-fcfsd.c |  1 +
 src/namestore/gnunet-namestore.c       |  2 ++
 src/util/crypto_ecc.c                  | 13 +++++++++++++
 5 files changed, 27 insertions(+)

(limited to 'src')

diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index 7076c7080..140deaafd 100644
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -2855,6 +2855,7 @@ main (int argc, char *const *argv)
                            &run, NULL)) ? 0 : 1;
   MHD_destroy_response (curl_failure_response);
   GNUNET_free_non_null ((char *) argv);
+  GNUNET_CRYPTO_ecc_key_clear (&local_shorten_zone);
   return ret;
 }
 
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 637a3000e..9b065e747 100644
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -899,6 +899,16 @@ struct GNUNET_CRYPTO_EccPrivateKey *
 GNUNET_CRYPTO_ecc_key_create (void);
 
 
+/**
+ * @ingroup crypto
+ * Clear memory that was used to store a private key. 
+ *
+ * @param pk location of the key
+ */
+void
+GNUNET_CRYPTO_ecc_key_clear (struct GNUNET_CRYPTO_EccPrivateKey *pk);
+
+
 /**
  * @ingroup crypto
  * Get the shared private key we use for anonymous users.
diff --git a/src/namestore/gnunet-namestore-fcfsd.c b/src/namestore/gnunet-namestore-fcfsd.c
index 7149a5206..4b110a548 100644
--- a/src/namestore/gnunet-namestore-fcfsd.c
+++ b/src/namestore/gnunet-namestore-fcfsd.c
@@ -1030,6 +1030,7 @@ main (int argc, char *const *argv)
 			   options,
                            &run, NULL)) ? 0 : 1;
   GNUNET_free ((void*) argv);
+  GNUNET_CRYPTO_ecc_key_clear (&fcfs_zone_pkey);
   return ret;
 }
 
diff --git a/src/namestore/gnunet-namestore.c b/src/namestore/gnunet-namestore.c
index fb9b017b1..136fec3b8 100644
--- a/src/namestore/gnunet-namestore.c
+++ b/src/namestore/gnunet-namestore.c
@@ -748,9 +748,11 @@ main (int argc, char *const *argv)
 			  &run, NULL))
   {
     GNUNET_free ((void*) argv);
+    GNUNET_CRYPTO_ecc_key_clear (&zone_pkey);
     return 1;
   }
   GNUNET_free ((void*) argv);
+  GNUNET_CRYPTO_ecc_key_clear (&zone_pkey);
   return ret;
 }
 
diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index c17da46e9..defde904b 100644
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -425,6 +425,19 @@ decode_public_sign_key (const struct GNUNET_CRYPTO_EccPublicSignKey *pub)
 }
 
 
+/**
+ * @ingroup crypto
+ * Clear memory that was used to store a private key. 
+ *
+ * @param pk location of the key
+ */
+void
+GNUNET_CRYPTO_ecc_key_clear (struct GNUNET_CRYPTO_EccPrivateKey *pk)
+{
+  memset (pk, 0, sizeof (struct GNUNET_CRYPTO_EccPrivateKey);
+}
+
+
 /**
  * Create a new private key. Caller must free return value.
  *
-- 
cgit v1.2.3