From 57537e281a44394a9247f474af61b97b717c3a55 Mon Sep 17 00:00:00 2001 From: Chris Duncan Date: Fri, 26 Jun 2026 13:54:53 -0700 Subject: [PATCH] Clear WASM buffers prior to returning from each call. --- src/lib/nano25519.ts | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/src/lib/nano25519.ts b/src/lib/nano25519.ts index 30ab33b..b9c9790 100644 --- a/src/lib/nano25519.ts +++ b/src/lib/nano25519.ts @@ -80,10 +80,8 @@ const nano25519_init = (bytes: number[]): { derive: typeof derive, sign: typeof buffer = new DataView(exports.memory.buffer) for (let i = 0; i < 32; i++) { sk[i] = buffer.getUint8(outPtr + i + 32) - buffer.setUint8(outPtr + i, 0) - buffer.setUint8(outPtr + i + 32, 0) } - buffer = undefined + clear(buffer) return typeof k === 'string' ? [...sk].map(b => b.toString(16).padStart(2, '0')).join('') : sk @@ -107,9 +105,8 @@ const nano25519_init = (bytes: number[]): { derive: typeof derive, sign: typeof buffer = new DataView(exports.memory.buffer) for (let i = 0; i < 64; i++) { s[i] = buffer.getUint8(outPtr + i) - buffer.setUint8(outPtr + i, 0) } - buffer = undefined + clear(buffer) return typeof k === 'string' ? [...s].map(b => b.toString(16).padStart(2, '0')).join('') : s @@ -137,11 +134,17 @@ const nano25519_init = (bytes: number[]): { derive: typeof derive, sign: typeof const v = new Uint8Array(1) buffer = new DataView(exports.memory.buffer) v[0] = buffer.getUint8(outPtr) + clear(buffer) + return v[0] === 0 + } + + function clear (buffer: DataView): void { + let inPtr = exports.getInputPointer() + let outPtr = exports.getOutputPointer() for (let i = 0; i < 64; i++) { + buffer.setUint16(inPtr + i, 0) buffer.setUint8(outPtr + i, 0) } - buffer = undefined - return v[0] === 0 } function normalize (name: string, byteLengthMin: number, byteLengthMax: number, value: unknown): Uint8Array { @@ -250,11 +253,6 @@ const nano25519_worker_init = ({ derive, sign, verify }: typeof nano25519) => { } } } catch (err: unknown) { - let buffer: DataView | undefined = new DataView(exports.memory.buffer) - let inPtr = exports.getInputPointer() - for (let i = 0; i < 128; i++) { - buffer.setUint8(inPtr + i, 0) - } if (typeof err === 'object' && err != null) { const { message } = err as { [k: string]: unknown } if (typeof message === 'string' && message !== 'divide by zero') { -- 2.52.0