NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

virCryptoEncryptDataAESgnutls: Use virSecureErase instead of memset

Browse Source 
Clear the key and IV structs using virSecureErase.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Peter Krempa 2021-02-02 15:44:55 +01:00
parent 288d051494
commit 91858434b4
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/util/vircrypto.c
View File

@ -193,8 +193,8 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
/* Encrypt the data and free the memory for cipher operations */ /* Encrypt the data and free the memory for cipher operations */
rc = gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen); rc = gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen);
gnutls_cipher_deinit(handle); gnutls_cipher_deinit(handle);
memset(&enc_key, 0, sizeof(gnutls_datum_t)); virSecureErase(&enc_key, sizeof(gnutls_datum_t));
memset(&iv_buf, 0, sizeof(gnutls_datum_t)); virSecureErase(&iv_buf, sizeof(gnutls_datum_t));
if (rc < 0) { if (rc < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR, virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to encrypt the data: '%s'"), _("failed to encrypt the data: '%s'"),
@ -209,8 +209,8 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
error: error:
virSecureErase(ciphertext, ciphertextlen); virSecureErase(ciphertext, ciphertextlen);
g_free(ciphertext); g_free(ciphertext);
memset(&enc_key, 0, sizeof(gnutls_datum_t)); virSecureErase(&enc_key, sizeof(gnutls_datum_t));
memset(&iv_buf, 0, sizeof(gnutls_datum_t)); virSecureErase(&iv_buf, sizeof(gnutls_datum_t));
return -1; return -1;
} }