[PATCH v2 15/27] virCryptoEncryptDataAESgnutls: Use virSecureErase instead of memset
Peter Krempa
pkrempa at redhat.com
Tue Feb 2 16:55:52 UTC 2021
Clear the key and IV structs using virSecureErase.
Signed-off-by: Peter Krempa <pkrempa at redhat.com>
---
src/util/vircrypto.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index d2a42d83e2..78689721c3 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -193,8 +193,8 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
/* Encrypt the data and free the memory for cipher operations */
rc = gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen);
gnutls_cipher_deinit(handle);
- memset(&enc_key, 0, sizeof(gnutls_datum_t));
- memset(&iv_buf, 0, sizeof(gnutls_datum_t));
+ virSecureErase(&enc_key, sizeof(gnutls_datum_t));
+ virSecureErase(&iv_buf, sizeof(gnutls_datum_t));
if (rc < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to encrypt the data: '%s'"),
@@ -209,8 +209,8 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
error:
virSecureErase(ciphertext, ciphertextlen);
g_free(ciphertext);
- memset(&enc_key, 0, sizeof(gnutls_datum_t));
- memset(&iv_buf, 0, sizeof(gnutls_datum_t));
+ virSecureErase(&enc_key, sizeof(gnutls_datum_t));
+ virSecureErase(&iv_buf, sizeof(gnutls_datum_t));
return -1;
}
--
2.29.2
More information about the libvir-list
mailing list