From ffde1e9b9e9aa763e18f009e0d54345f509134db Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Thu, 20 Jul 2017 16:21:57 -0700
Subject: [PATCH] Simplify recent gnutls.c changes
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

* src/gnutls.c (clear_storage) [HAVE_GNUTLS3_AEAD]: Remove.
All uses replaced by calls to explicit_bzero; thatâs clear enough.
(gnutls_symmetric_aead) [HAVE_GNUTLS3_AEAD]: Simplify by
coalescing duplicate actions.  There is no need to invoke
SAFE_FREE before calling âerrorâ.
---
 src/gnutls.c | 45 ++++++++++-----------------------------------
 1 file changed, 10 insertions(+), 35 deletions(-)

diff --git a/src/gnutls.c b/src/gnutls.c
index 7c988408528..59694074e16 100644
--- a/src/gnutls.c
+++ b/src/gnutls.c
@@ -1891,26 +1891,6 @@ The alist key is the cipher name. */)
   return ciphers;
 }
 
-#ifdef HAVE_GNUTLS3_AEAD
-
-/* Zero out STORAGE (even if it will become inaccessible.  It has
-   STORAGE_LENGTH bytes.  The goal is to improve security a bit, in
-   case an Emacs module or some buggy part of Emacs attempts to
-   inspect STORAGE later to retrieve a secret.
-
-   Calls to this function document when storage containing a secret is
-   known to go out of scope.  This function is not guaranteed to erase
-   the secret, as copies of STORAGE may well be accessible elsewhere
-   on the machine.  */
-
-static void
-clear_storage (void *storage, ptrdiff_t storage_length)
-{
-  explicit_bzero (storage, storage_length);
-}
-
-#endif  /* HAVE_GNUTLS3_AEAD */
-
 static Lisp_Object
 gnutls_symmetric_aead (bool encrypting, gnutls_cipher_algorithm_t gca,
                        Lisp_Object cipher,
@@ -1975,23 +1955,18 @@ gnutls_symmetric_aead (bool encrypting, gnutls_cipher_algorithm_t gca,
 	 (acipher, vdata, vsize, aead_auth_data, aead_auth_size,
 	  cipher_tag_size, idata, isize, storage, &storage_length));
 
-  if (ret < GNUTLS_E_SUCCESS)
-    {
-      clear_storage (storage, storage_length);
-      SAFE_FREE ();
-      gnutls_aead_cipher_deinit (acipher);
-      if (encrypting)
-	error ("GnuTLS AEAD cipher %s encryption failed: %s",
-	       gnutls_cipher_get_name (gca), emacs_gnutls_strerror (ret));
-      else
-	error ("GnuTLS AEAD cipher %s decryption failed: %s",
-	       gnutls_cipher_get_name (gca), emacs_gnutls_strerror (ret));
-    }
-
+  Lisp_Object output;
+  if (GNUTLS_E_SUCCESS <= ret)
+    output = make_unibyte_string (storage, storage_length);
+  explicit_bzero (storage, storage_length);
   gnutls_aead_cipher_deinit (acipher);
 
-  Lisp_Object output = make_unibyte_string (storage, storage_length);
-  clear_storage (storage, storage_length);
+  if (ret < GNUTLS_E_SUCCESS)
+    error ((encrypting
+	    ? "GnuTLS AEAD cipher %s encryption failed: %s"
+	    : "GnuTLS AEAD cipher %s decryption failed: %s"),
+	   gnutls_cipher_get_name (gca), emacs_gnutls_strerror (ret));
+
   SAFE_FREE ();
   return list2 (output, actual_iv);
 #else
-- 
2.39.2