[PATCH 1/7] virCryptoEncryptDataAESgnutls: Restructure control flow
Prepare the buffer for encryption only after initializing the cipher, so
that there's just one failure point. This allows to remove the 'error'
label.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
src/util/vircrypto.c | 28 ++++++++++++----------------
1 file changed, 12 insertions(+), 16 deletions(-)
diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index b28d3fc23d..12d051a55a 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -127,9 +127,17 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t
gnutls_enc_alg,
gnutls_cipher_hd_t handle = NULL;
gnutls_datum_t enc_key = { .data = enckey, .size = enckeylen };
gnutls_datum_t iv_buf = { .data = iv, .size = ivlen };
- uint8_t *ciphertext;
+ g_autofree uint8_t *ciphertext = NULL;
size_t ciphertextlen;
+ if ((rc = gnutls_cipher_init(&handle, gnutls_enc_alg,
+ &enc_key, &iv_buf)) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("failed to initialize cipher: '%s'"),
+ gnutls_strerror(rc));
+ return -1;
+ }
+
/* Allocate a padded buffer, copy in the data.
*
* NB, we must *always* have at least 1 byte of
@@ -146,32 +154,20 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t
gnutls_enc_alg,
for (i = datalen; i < ciphertextlen; i++)
ciphertext[i] = ciphertextlen - datalen;
- if ((rc = gnutls_cipher_init(&handle, gnutls_enc_alg,
- &enc_key, &iv_buf)) < 0) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("failed to initialize cipher: '%s'"),
- gnutls_strerror(rc));
- goto error;
- }
-
/* Encrypt the data and free the memory for cipher operations */
rc = gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen);
gnutls_cipher_deinit(handle);
if (rc < 0) {
+ virSecureErase(ciphertext, ciphertextlen);
virReportError(VIR_ERR_INTERNAL_ERROR,
_("failed to encrypt the data: '%s'"),
gnutls_strerror(rc));
- goto error;
+ return -1;
}
- *ciphertextret = ciphertext;
+ *ciphertextret = g_steal_pointer(&ciphertext);
*ciphertextlenret = ciphertextlen;
return 0;
-
- error:
- virSecureErase(ciphertext, ciphertextlen);
- g_free(ciphertext);
- return -1;
}
--
2.39.1