diff options
author | Hubert Chathi <hubert@uhoreg.ca> | 2018-10-16 00:31:56 -0400 |
---|---|---|
committer | Hubert Chathi <hubert@uhoreg.ca> | 2018-10-16 00:31:56 -0400 |
commit | 5ef6a844d6fd3d58d1eb85dcd188ac6b6baa3fbe (patch) | |
tree | 267b23b74f57cc1d017dea8b844e318201fb5db9 /python/olm/utility.py | |
parent | 357d4ff4795d89d623663b3996ddd2dfd4990971 (diff) |
overwrite buffers that may contain sensitive data
also reduce the amount of memory copying that we do
Diffstat (limited to 'python/olm/utility.py')
-rw-r--r-- | python/olm/utility.py | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/python/olm/utility.py b/python/olm/utility.py index 1c5c41d..0a64128 100644 --- a/python/olm/utility.py +++ b/python/olm/utility.py @@ -36,7 +36,7 @@ from typing import AnyStr, Type # pylint: disable=no-name-in-module from _libolm import ffi, lib # type: ignore -from ._compat import to_bytes +from ._compat import to_bytearray, to_bytes from ._finalize import track_for_finalization @@ -80,13 +80,20 @@ class _Utility(object): cls._allocate() byte_key = to_bytes(key) - byte_message = to_bytes(message) + byte_message = to_bytearray(message) byte_signature = to_bytes(signature) - cls._check_error( - lib.olm_ed25519_verify(cls._utility, byte_key, len(byte_key), - byte_message, len(byte_message), - byte_signature, len(byte_signature))) + try: + cls._check_error( + lib.olm_ed25519_verify(cls._utility, byte_key, len(byte_key), + ffi.from_buffer(byte_message), + len(byte_message), + byte_signature, len(byte_signature))) + finally: + # clear out copies of the message, which may be a plaintext + if byte_message is not message: + for i in range(0, len(byte_message)): + byte_message[i] = 0 def ed25519_verify(key, message, signature): |