From 21ce3491dd39485eac35ad850257a20fc99f330d Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Fri, 21 Oct 2016 17:19:59 +0100 Subject: Clear random buf in olm_init_outbound_group_session All the other methods clear their random inputs. This one needs to do the same, to reduce the risk of the randomness being used elsewhere and leaking key info. --- src/outbound_group_session.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'src/outbound_group_session.c') diff --git a/src/outbound_group_session.c b/src/outbound_group_session.c index 4e4561a..ae45694 100644 --- a/src/outbound_group_session.c +++ b/src/outbound_group_session.c @@ -154,20 +154,23 @@ size_t olm_init_outbound_group_session_random_length( size_t olm_init_outbound_group_session( OlmOutboundGroupSession *session, - uint8_t const * random, size_t random_length + uint8_t *random, size_t random_length ) { + const uint8_t *random_ptr = random; + if (random_length < olm_init_outbound_group_session_random_length(session)) { /* Insufficient random data for new session */ session->last_error = OLM_NOT_ENOUGH_RANDOM; return (size_t)-1; } - megolm_init(&(session->ratchet), random, 0); - random += MEGOLM_RATCHET_LENGTH; + megolm_init(&(session->ratchet), random_ptr, 0); + random_ptr += MEGOLM_RATCHET_LENGTH; - _olm_crypto_ed25519_generate_key(random, &(session->signing_key)); - random += ED25519_RANDOM_LENGTH; + _olm_crypto_ed25519_generate_key(random_ptr, &(session->signing_key)); + random_ptr += ED25519_RANDOM_LENGTH; + _olm_unset(random, random_length); return 0; } -- cgit v1.2.3