virCryptoEncryptDataAESgnutls: Restructure control flow

Prepare the buffer for encryption only after initializing the cipher, so that there's just one failure point. This allows to remove the 'error' label. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
2025-02-22 11:22:23 +00:00 · 2022-12-08 12:44:27 +01:00 · 2022-12-08 12:44:27 +01:00 · 880cd081de
commit 880cd081de
parent dd8a2cffd6
1 changed files with 12 additions and 16 deletions
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@ -127,9 +127,17 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
    gnutls_cipher_hd_t handle = NULL;
    gnutls_datum_t enc_key = { .data = enckey, .size = enckeylen };
    gnutls_datum_t iv_buf = { .data = iv, .size = ivlen };
-    uint8_t *ciphertext;
+    g_autofree uint8_t *ciphertext = NULL;
    size_t ciphertextlen;

+    if ((rc = gnutls_cipher_init(&handle, gnutls_enc_alg,
+                                 &enc_key, &iv_buf)) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("failed to initialize cipher: '%s'"),
+                       gnutls_strerror(rc));
+        return -1;
+    }
+
    /* Allocate a padded buffer, copy in the data.
     *
     * NB, we must *always* have at least 1 byte of
@ -146,32 +154,20 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
    for (i = datalen; i < ciphertextlen; i++)
        ciphertext[i] = ciphertextlen - datalen;

-    if ((rc = gnutls_cipher_init(&handle, gnutls_enc_alg,
-                                 &enc_key, &iv_buf)) < 0) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("failed to initialize cipher: '%s'"),
-                       gnutls_strerror(rc));
-        goto error;
-    }
-
    /* Encrypt the data and free the memory for cipher operations */
    rc = gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen);
    gnutls_cipher_deinit(handle);
    if (rc < 0) {
+        virSecureErase(ciphertext, ciphertextlen);
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       _("failed to encrypt the data: '%s'"),
                       gnutls_strerror(rc));
-        goto error;
+        return -1;
    }

-    *ciphertextret = ciphertext;
+    *ciphertextret = g_steal_pointer(&ciphertext);
    *ciphertextlenret = ciphertextlen;
    return 0;
-
- error:
-    virSecureErase(ciphertext, ciphertextlen);
-    g_free(ciphertext);
-    return -1;
 }