From 53e46e4cd67835c9dfcf1a20df74ae42e1450155 Mon Sep 17 00:00:00 2001 From: Peter Krempa Date: Thu, 8 Dec 2022 10:56:28 +0100 Subject: [PATCH] virCryptoEncryptDataAESgnutls: Don't secure erase gnutls_datum_t structs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 'gnutls_datum_t' simply holds pointers to the encryption key and its length. There's absolutely no point in securely erasing that. Signed-off-by: Peter Krempa Reviewed-by: Ján Tomko --- src/util/vircrypto.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 828e822d8e..1bddb333dc 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -164,8 +164,6 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg, /* Encrypt the data and free the memory for cipher operations */ rc = gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen); gnutls_cipher_deinit(handle); - virSecureErase(&enc_key, sizeof(gnutls_datum_t)); - virSecureErase(&iv_buf, sizeof(gnutls_datum_t)); if (rc < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("failed to encrypt the data: '%s'"), @@ -180,8 +178,6 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg, error: virSecureErase(ciphertext, ciphertextlen); g_free(ciphertext); - virSecureErase(&enc_key, sizeof(gnutls_datum_t)); - virSecureErase(&iv_buf, sizeof(gnutls_datum_t)); return -1; }