Clear random buf in olm_init_outbound_group_session

All the other methods clear their random inputs. This one needs to do the same,
to reduce the risk of the randomness being used elsewhere and leaking key info.

2 files changed, 9 insertions, 6 deletions

diff --git a/include/olm/outbound_group_session.h b/include/olm/outbound_group_session.h
index 90ccca3..663f1d2 100644
--- a/include/olm/outbound_group_session.h
+++ b/include/olm/outbound_group_session.h
@@ -96,7 +96,7 @@ size_t olm_init_outbound_group_session_random_length(
  */
 size_t olm_init_outbound_group_session(
     OlmOutboundGroupSession *session,
-    uint8_t const * random, size_t random_length
+    uint8_t *random, size_t random_length
 );
 
 /**
diff --git a/src/outbound_group_session.c b/src/outbound_group_session.c
index 4e4561a..ae45694 100644
--- a/src/outbound_group_session.c
+++ b/src/outbound_group_session.c
@@ -154,20 +154,23 @@ size_t olm_init_outbound_group_session_random_length(
 
 size_t olm_init_outbound_group_session(
     OlmOutboundGroupSession *session,
-    uint8_t const * random, size_t random_length
+    uint8_t *random, size_t random_length
 ) {
+    const uint8_t *random_ptr = random;
+
     if (random_length < olm_init_outbound_group_session_random_length(session)) {
         /* Insufficient random data for new session */
         session->last_error = OLM_NOT_ENOUGH_RANDOM;
         return (size_t)-1;
     }
 
-    megolm_init(&(session->ratchet), random, 0);
-    random += MEGOLM_RATCHET_LENGTH;
+    megolm_init(&(session->ratchet), random_ptr, 0);
+    random_ptr += MEGOLM_RATCHET_LENGTH;
 
-    _olm_crypto_ed25519_generate_key(random, &(session->signing_key));
-    random += ED25519_RANDOM_LENGTH;
+    _olm_crypto_ed25519_generate_key(random_ptr, &(session->signing_key));
+    random_ptr += ED25519_RANDOM_LENGTH;
 
+    _olm_unset(random, random_length);
     return 0;
 }