aboutsummaryrefslogtreecommitdiff
path: root/python/olm/utility.py
diff options
context:
space:
mode:
authorHubert Chathi <hubert@uhoreg.ca>2018-10-16 00:31:56 -0400
committerHubert Chathi <hubert@uhoreg.ca>2018-10-16 00:31:56 -0400
commit5ef6a844d6fd3d58d1eb85dcd188ac6b6baa3fbe (patch)
tree267b23b74f57cc1d017dea8b844e318201fb5db9 /python/olm/utility.py
parent357d4ff4795d89d623663b3996ddd2dfd4990971 (diff)
overwrite buffers that may contain sensitive data
also reduce the amount of memory copying that we do
Diffstat (limited to 'python/olm/utility.py')
-rw-r--r--python/olm/utility.py19
1 files changed, 13 insertions, 6 deletions
diff --git a/python/olm/utility.py b/python/olm/utility.py
index 1c5c41d..0a64128 100644
--- a/python/olm/utility.py
+++ b/python/olm/utility.py
@@ -36,7 +36,7 @@ from typing import AnyStr, Type
# pylint: disable=no-name-in-module
from _libolm import ffi, lib # type: ignore
-from ._compat import to_bytes
+from ._compat import to_bytearray, to_bytes
from ._finalize import track_for_finalization
@@ -80,13 +80,20 @@ class _Utility(object):
cls._allocate()
byte_key = to_bytes(key)
- byte_message = to_bytes(message)
+ byte_message = to_bytearray(message)
byte_signature = to_bytes(signature)
- cls._check_error(
- lib.olm_ed25519_verify(cls._utility, byte_key, len(byte_key),
- byte_message, len(byte_message),
- byte_signature, len(byte_signature)))
+ try:
+ cls._check_error(
+ lib.olm_ed25519_verify(cls._utility, byte_key, len(byte_key),
+ ffi.from_buffer(byte_message),
+ len(byte_message),
+ byte_signature, len(byte_signature)))
+ finally:
+ # clear out copies of the message, which may be a plaintext
+ if byte_message is not message:
+ for i in range(0, len(byte_message)):
+ byte_message[i] = 0
def ed25519_verify(key, message, signature):