clear private keys in static locations on exit

diff --git a/src/gns/gnunet-gns-proxy.c b/src/gns/gnunet-gns-proxy.c
index 7076c7080c8a993f8f62c4bf701551c314fb6c51..140deaafde498e4d2499fd2ad1f15bd31f7a0612 100644 (file)
--- a/src/gns/gnunet-gns-proxy.c
+++ b/src/gns/gnunet-gns-proxy.c
@@ -2855,6 +2855,7 @@ main (int argc, char *const *argv)
                            &run, NULL)) ? 0 : 1;
   MHD_destroy_response (curl_failure_response);
   GNUNET_free_non_null ((char *) argv);
+  GNUNET_CRYPTO_ecc_key_clear (&local_shorten_zone);
   return ret;
 }
 

diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h
index 637a3000ee08d2d241cc70f88b58c720d411f9ac..9b065e74750dcab1297e25ffa25047bd944f8236 100644 (file)
--- a/src/include/gnunet_crypto_lib.h
+++ b/src/include/gnunet_crypto_lib.h
@@ -899,6 +899,16 @@ struct GNUNET_CRYPTO_EccPrivateKey *
 GNUNET_CRYPTO_ecc_key_create (void);
 
 
+/**
+ * @ingroup crypto
+ * Clear memory that was used to store a private key. 
+ *
+ * @param pk location of the key
+ */
+void
+GNUNET_CRYPTO_ecc_key_clear (struct GNUNET_CRYPTO_EccPrivateKey *pk);
+
+
 /**
  * @ingroup crypto
  * Get the shared private key we use for anonymous users.

diff --git a/src/namestore/gnunet-namestore-fcfsd.c b/src/namestore/gnunet-namestore-fcfsd.c
index 7149a520669ea2b7b11854a4ad71fbe4402967ea..4b110a548493024d22a31084049c9b536bdbf41f 100644 (file)
--- a/src/namestore/gnunet-namestore-fcfsd.c
+++ b/src/namestore/gnunet-namestore-fcfsd.c
@@ -1030,6 +1030,7 @@ main (int argc, char *const *argv)
                           options,
                            &run, NULL)) ? 0 : 1;
   GNUNET_free ((void*) argv);
+  GNUNET_CRYPTO_ecc_key_clear (&fcfs_zone_pkey);
   return ret;
 }
 

diff --git a/src/namestore/gnunet-namestore.c b/src/namestore/gnunet-namestore.c
index fb9b017b159d3785fd161ec2c1e57b414f904ced..136fec3b8089d4e5fda1c40ee07a893b85d28802 100644 (file)
--- a/src/namestore/gnunet-namestore.c
+++ b/src/namestore/gnunet-namestore.c
@@ -748,9 +748,11 @@ main (int argc, char *const *argv)
                          &run, NULL))
   {
     GNUNET_free ((void*) argv);
+    GNUNET_CRYPTO_ecc_key_clear (&zone_pkey);
     return 1;
   }
   GNUNET_free ((void*) argv);
+  GNUNET_CRYPTO_ecc_key_clear (&zone_pkey);
   return ret;
 }
 

diff --git a/src/util/crypto_ecc.c b/src/util/crypto_ecc.c
index c17da46e9777355e70bd5f11521f4d4b5fc06866..defde904bad4be6afc4263ccba36a623bfb88602 100644 (file)
--- a/src/util/crypto_ecc.c
+++ b/src/util/crypto_ecc.c
@@ -425,6 +425,19 @@ decode_public_sign_key (const struct GNUNET_CRYPTO_EccPublicSignKey *pub)
 }
 
 
+/**
+ * @ingroup crypto
+ * Clear memory that was used to store a private key. 
+ *
+ * @param pk location of the key
+ */
+void
+GNUNET_CRYPTO_ecc_key_clear (struct GNUNET_CRYPTO_EccPrivateKey *pk)
+{
+  memset (pk, 0, sizeof (struct GNUNET_CRYPTO_EccPrivateKey);
+}
+
+
 /**
  * Create a new private key. Caller must free return value.
  *