External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-23 04:55:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

virCryptoEncryptDataAESgnutls: Don't secure erase gnutls_datum_t structs

Browse Source 
'gnutls_datum_t' simply holds pointers to the encryption key and its
length. There's absolutely no point in securely erasing that.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2022-12-08 10:56:28 +01:00
parent ac3614b5ad
commit 53e46e4cd6
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/util/vircrypto.c
View File

@ -164,8 +164,6 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
/* Encrypt the data and free the memory for cipher operations */
rc = gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen);
gnutls_cipher_deinit(handle);
virSecureErase(&enc_key, sizeof(gnutls_datum_t));
virSecureErase(&iv_buf, sizeof(gnutls_datum_t));
if (rc < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to encrypt the data: '%s'"),
@ -180,8 +178,6 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
error:
virSecureErase(ciphertext, ciphertextlen);
g_free(ciphertext);
virSecureErase(&enc_key, sizeof(gnutls_datum_t));
virSecureErase(&iv_buf, sizeof(gnutls_datum_t));
return -1;
}