Clear the key and IV structs using virSecureErase.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/util/vircrypto.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index d2a42d83e2..78689721c3 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -193,8 +193,8 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
     /* Encrypt the data and free the memory for cipher operations */
     rc = gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen);
     gnutls_cipher_deinit(handle);
-    memset(&enc_key, 0, sizeof(gnutls_datum_t));
-    memset(&iv_buf, 0, sizeof(gnutls_datum_t));
+    virSecureErase(&enc_key, sizeof(gnutls_datum_t));
+    virSecureErase(&iv_buf, sizeof(gnutls_datum_t));
     if (rc < 0) {
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("failed to encrypt the data: '%s'"),
@@ -209,8 +209,8 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_enc_alg,
  error:
     virSecureErase(ciphertext, ciphertextlen);
     g_free(ciphertext);
-    memset(&enc_key, 0, sizeof(gnutls_datum_t));
-    memset(&iv_buf, 0, sizeof(gnutls_datum_t));
+    virSecureErase(&enc_key, sizeof(gnutls_datum_t));
+    virSecureErase(&iv_buf, sizeof(gnutls_datum_t));
     return -1;
 }

-- 
2.29.2

On Tue, Feb 02, 2021 at 05:55:52PM +0100, Peter Krempa wrote:
> Clear the key and IV structs using virSecureErase.
> 
> Signed-off-by: Peter Krempa <pkrempa@redhat.com>
> ---
>  src/util/vircrypto.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)

Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|