From: Peter Krempa <pkrempa@redhat.com>
Date: Thu, 8 Dec 2022 09:56:28 +0000 (+0100)
Subject: virCryptoEncryptDataAESgnutls: Don't secure erase gnutls_datum_t structs
X-Git-Tag: v9.0.0-rc1~145
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53e46e4cd67835c9dfcf1a20df74ae42e1450155;p=thirdparty%2Flibvirt.git

virCryptoEncryptDataAESgnutls: Don't secure erase gnutls_datum_t structs

'gnutls_datum_t' simply holds pointers to the encryption key and its
length. There's absolutely no point in securely erasing that.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---

diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index 828e822d8e..1bddb333dc 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -164,8 +164,6 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
     /* Encrypt the data and free the memory for cipher operations */
     rc = gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen);
     gnutls_cipher_deinit(handle);
-    virSecureErase(&enc_key, sizeof(gnutls_datum_t));
-    virSecureErase(&iv_buf, sizeof(gnutls_datum_t));
     if (rc < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("failed to encrypt the data: '%s'"),
@@ -180,8 +178,6 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
  error:
     virSecureErase(ciphertext, ciphertextlen);
     g_free(ciphertext);
-    virSecureErase(&enc_key, sizeof(gnutls_datum_t));
-    virSecureErase(&iv_buf, sizeof(gnutls_datum_t));
     return -1;
 }