return ciphers;
}
-#ifdef HAVE_GNUTLS3_AEAD
-
-/* Zero out STORAGE (even if it will become inaccessible. It has
- STORAGE_LENGTH bytes. The goal is to improve security a bit, in
- case an Emacs module or some buggy part of Emacs attempts to
- inspect STORAGE later to retrieve a secret.
-
- Calls to this function document when storage containing a secret is
- known to go out of scope. This function is not guaranteed to erase
- the secret, as copies of STORAGE may well be accessible elsewhere
- on the machine. */
-
-static void
-clear_storage (void *storage, ptrdiff_t storage_length)
-{
- explicit_bzero (storage, storage_length);
-}
-
-#endif /* HAVE_GNUTLS3_AEAD */
-
static Lisp_Object
gnutls_symmetric_aead (bool encrypting, gnutls_cipher_algorithm_t gca,
Lisp_Object cipher,
(acipher, vdata, vsize, aead_auth_data, aead_auth_size,
cipher_tag_size, idata, isize, storage, &storage_length));
- if (ret < GNUTLS_E_SUCCESS)
- {
- clear_storage (storage, storage_length);
- SAFE_FREE ();
- gnutls_aead_cipher_deinit (acipher);
- if (encrypting)
- error ("GnuTLS AEAD cipher %s encryption failed: %s",
- gnutls_cipher_get_name (gca), emacs_gnutls_strerror (ret));
- else
- error ("GnuTLS AEAD cipher %s decryption failed: %s",
- gnutls_cipher_get_name (gca), emacs_gnutls_strerror (ret));
- }
-
+ Lisp_Object output;
+ if (GNUTLS_E_SUCCESS <= ret)
+ output = make_unibyte_string (storage, storage_length);
+ explicit_bzero (storage, storage_length);
gnutls_aead_cipher_deinit (acipher);
- Lisp_Object output = make_unibyte_string (storage, storage_length);
- clear_storage (storage, storage_length);
+ if (ret < GNUTLS_E_SUCCESS)
+ error ((encrypting
+ ? "GnuTLS AEAD cipher %s encryption failed: %s"
+ : "GnuTLS AEAD cipher %s decryption failed: %s"),
+ gnutls_cipher_get_name (gca), emacs_gnutls_strerror (ret));
+
SAFE_FREE ();
return list2 (output, actual_iv);
#else
projects / emacs.git / commitdiff