From 5ef6a844d6fd3d58d1eb85dcd188ac6b6baa3fbe Mon Sep 17 00:00:00 2001
From: Hubert Chathi <hubert@uhoreg.ca>
Date: Tue, 16 Oct 2018 00:31:56 -0400
Subject: overwrite buffers that may contain sensitive data

also reduce the amount of memory copying that we do
---
 python/olm/utility.py | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

(limited to 'python/olm/utility.py')

diff --git a/python/olm/utility.py b/python/olm/utility.py
index 1c5c41d..0a64128 100644
--- a/python/olm/utility.py
+++ b/python/olm/utility.py
@@ -36,7 +36,7 @@ from typing import AnyStr, Type
 # pylint: disable=no-name-in-module
 from _libolm import ffi, lib  # type: ignore
 
-from ._compat import to_bytes
+from ._compat import to_bytearray, to_bytes
 from ._finalize import track_for_finalization
 
 
@@ -80,13 +80,20 @@ class _Utility(object):
             cls._allocate()
 
         byte_key = to_bytes(key)
-        byte_message = to_bytes(message)
+        byte_message = to_bytearray(message)
         byte_signature = to_bytes(signature)
 
-        cls._check_error(
-            lib.olm_ed25519_verify(cls._utility, byte_key, len(byte_key),
-                                   byte_message, len(byte_message),
-                                   byte_signature, len(byte_signature)))
+        try:
+            cls._check_error(
+                lib.olm_ed25519_verify(cls._utility, byte_key, len(byte_key),
+                                       ffi.from_buffer(byte_message),
+                                       len(byte_message),
+                                       byte_signature, len(byte_signature)))
+        finally:
+            # clear out copies of the message, which may be a plaintext
+            if byte_message is not message:
+                for i in range(0, len(byte_message)):
+                    byte_message[i] = 0
 
 
 def ed25519_verify(key, message, signature):
-- 
cgit v1.2.3