Clean up StreamCipher::Key::globalKey in crashHandler

flow/Platform.actor.cpp

@@ -29,6 +29,7 @@
 #include "flow/Platform.actor.h"
 #include "flow/Arena.h"
 
+#include "flow/StreamCipher.h"
 #include "flow/Trace.h"
 #include "flow/Error.h"
 
@@ -3237,6 +3238,8 @@ void crashHandler(int sig) {
 
 	bool error = (sig != SIGUSR2);
 
+	StreamCipher::Key::cleanup();
+
 	fflush(stdout);
 	TraceEvent(error ? SevError : SevInfo, error ? "Crash" : "ProcessTerminated")
 		.detail("Signal", sig)

flow/StreamCipher.cpp

@@ -91,6 +91,14 @@ const StreamCipher::Key& StreamCipher::Key::getKey() {
 	return *globalKey;
 }
 
+StreamCipher::Key::~Key() {
+	memset(arr.data(), 0, arr.size());
+}
+
+void StreamCipher::Key::cleanup() {
+	globalKey.reset();
+}
+
 void forceLinkStreamCipherTests() {}
 
 TEST_CASE("flow/StreamCipher") {

flow/StreamCipher.h

@@ -35,12 +35,13 @@ class Key : NonCopyable {
 	std::array<unsigned char, 16> arr;
 	static std::unique_ptr<Key> globalKey;
 	struct ConstructorTag {};
-
 public:
 	Key(ConstructorTag) {}
-	const unsigned char* data() const { return arr.data(); }
+	~Key();
+	unsigned char const* data() const { return arr.data(); }
 	static void initializeRandomKey();
 	static const Key& getKey();
+	static void cleanup();
 };
 using IV = std::array<unsigned char, 16>;
 void registerCipherForCleanup(EVP_CIPHER_CTX*) noexcept;