From nobody Sun Feb  8 21:29:02 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1670603355; cv=none;
	d=zohomail.com; s=zohoarc;
	b=nDSKY7xS2gyKvVzjjeFvQZQ0HVpA5yO+RHjOHPNrN3KHYWNb7ritYlmaxH9Aqe5Yl8oWwxFvPtT33fdsi64i7CM3ww8IONCJHR/T1FT5PPaKMIosYGTjMjG9Ns1NytdYJCOCeUKkXntyc/VA4PyqRBrjiSZ+7oVHWC9ugkTGd+s=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1670603355;
 h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=96W/Qbjih+xwvUBrtbBvXMfIVjALVerUhI3wMY+NvGg=;
	b=Y0d969fR89NzaDMvdF9izMFuvdWfcUKHYu8cD9vIPK2RSvt+FlHI2wkLhaCB+IeiO9hHeqrZYsxfV8t/iDaaevb3vEIyAUjUIozrB4rupwVAIAf95UwktOK7dkxAGBZQQBhH9F4tVAf9xdNU50RwZNT0gsnO2YgSYubeRJBZ+2k=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<pkrempa@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 1670603355799993.1941806864941;
 Fri, 9 Dec 2022 08:29:15 -0800 (PST)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-374-W8vPR3X7NoeTjYzQ8wd5Og-1; Fri, 09 Dec 2022 11:29:11 -0500
Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com
 [10.11.54.9])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 062DE857F8F;
	Fri,  9 Dec 2022 16:29:09 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id E5DA84A9254;
	Fri,  9 Dec 2022 16:29:08 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id D59EE1947057;
	Fri,  9 Dec 2022 16:29:08 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com
 [10.11.54.5])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 78F28194704F for <libvir-list@listman.corp.redhat.com>;
 Fri,  9 Dec 2022 16:29:08 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id 2E148422A9; Fri,  9 Dec 2022 16:29:08 +0000 (UTC)
Received: from speedmetal.redhat.com (ovpn-208-20.brq.redhat.com
 [10.40.208.20])
 by smtp.corp.redhat.com (Postfix) with ESMTP id 687E942222
 for <libvir-list@redhat.com>; Fri,  9 Dec 2022 16:29:07 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1670603354;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=96W/Qbjih+xwvUBrtbBvXMfIVjALVerUhI3wMY+NvGg=;
	b=hr2v8kPRCzOeN71GFD6wAXLvZfXQuI2WPGr9tG6FxMeTzeYtewveaVxJmiW6aQlrk/tKfQ
	2DVnAr0mAUXna0NIQzCzeC3P7xnS28BYHD9NlA2+1gmjumT0HRIcdYsLHm8kFTg25/HDUE
	KsIGUpyAAGpIwXU/Ud4aFD38VNsL1Dc=
X-MC-Unique: W8vPR3X7NoeTjYzQ8wd5Og-1
X-Original-To: libvir-list@listman.corp.redhat.com
From: Peter Krempa <pkrempa@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH 03/11] virCryptoEncryptDataAESgnutls: Restructure control flow
Date: Fri,  9 Dec 2022 17:28:55 +0100
Message-Id: 
 <ebf310885f8a767c8829f9f1136b0d9d9d229bca.1670603205.git.pkrempa@redhat.com>
In-Reply-To: <cover.1670603205.git.pkrempa@redhat.com>
References: <cover.1670603205.git.pkrempa@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1670603356677100004
Content-Type: text/plain; charset="utf-8"

Prepare the buffer for encryption only after initializing the cipher, so
that there's just one failure point. This allows to remove the 'error'
label.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
---
 src/util/vircrypto.c | 28 ++++++++++++----------------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c
index b28d3fc23d..12d051a55a 100644
--- a/src/util/vircrypto.c
+++ b/src/util/vircrypto.c
@@ -127,9 +127,17 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm_=
t gnutls_enc_alg,
     gnutls_cipher_hd_t handle =3D NULL;
     gnutls_datum_t enc_key =3D { .data =3D enckey, .size =3D enckeylen };
     gnutls_datum_t iv_buf =3D { .data =3D iv, .size =3D ivlen };
-    uint8_t *ciphertext;
+    g_autofree uint8_t *ciphertext =3D NULL;
     size_t ciphertextlen;

+    if ((rc =3D gnutls_cipher_init(&handle, gnutls_enc_alg,
+                                 &enc_key, &iv_buf)) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR,
+                       _("failed to initialize cipher: '%s'"),
+                       gnutls_strerror(rc));
+        return -1;
+    }
+
     /* Allocate a padded buffer, copy in the data.
      *
      * NB, we must *always* have at least 1 byte of
@@ -146,32 +154,20 @@ virCryptoEncryptDataAESgnutls(gnutls_cipher_algorithm=
_t gnutls_enc_alg,
     for (i =3D datalen; i < ciphertextlen; i++)
         ciphertext[i] =3D ciphertextlen - datalen;

-    if ((rc =3D gnutls_cipher_init(&handle, gnutls_enc_alg,
-                                 &enc_key, &iv_buf)) < 0) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("failed to initialize cipher: '%s'"),
-                       gnutls_strerror(rc));
-        goto error;
-    }
-
     /* Encrypt the data and free the memory for cipher operations */
     rc =3D gnutls_cipher_encrypt(handle, ciphertext, ciphertextlen);
     gnutls_cipher_deinit(handle);
     if (rc < 0) {
+        virSecureErase(ciphertext, ciphertextlen);
         virReportError(VIR_ERR_INTERNAL_ERROR,
                        _("failed to encrypt the data: '%s'"),
                        gnutls_strerror(rc));
-        goto error;
+        return -1;
     }

-    *ciphertextret =3D ciphertext;
+    *ciphertextret =3D g_steal_pointer(&ciphertext);
     *ciphertextlenret =3D ciphertextlen;
     return 0;
-
- error:
-    virSecureErase(ciphertext, ciphertextlen);
-    g_free(ciphertext);
-    return -1;
 }


--=20
2.38.1