crypto: use clear built-in

Replace for loops with clear built-in, available since Go 1.21. Change-Id: I16a2691a68042e9c5cd9bc4197690fa541a081eb Reviewed-on: https://go-review.googlesource.com/c/go/+/704877 Reviewed-by: Michael Knyszek <mknyszek@google.com> Reviewed-by: Mark Freeman <markfreeman@google.com> Reviewed-by: Roland Shoemaker <roland@golang.org> Reviewed-by: Sean Liao <sean@liao.dev> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
2025-12-08 06:10:04 +00:00 · 2025-09-17 17:57:27 -07:00 · 2025-09-17 17:57:27 -07:00 · f9701d21d2
commit f9701d21d2
parent a58afe44fa
5 changed files with 6 additions and 18 deletions
--- a/src/crypto/internal/fips140/mlkem/field.go
+++ b/src/crypto/internal/fips140/mlkem/field.go
@ -203,9 +203,7 @@ func sliceForAppend(in []byte, n int) (head, tail []byte) {
 // followed by ByteEncode₁, according to FIPS 203, Algorithm 5.
 func ringCompressAndEncode1(s []byte, f ringElement) []byte {
 	s, b := sliceForAppend(s, encodingSize1)
-	for i := range b {
-		b[i] = 0
-	}
+	clear(b)
 	for i := range f {
 		b[i/8] |= uint8(compress(f[i], 1) << (i % 8))
 	}
--- a/src/crypto/internal/fips140/sha3/sha3.go
+++ b/src/crypto/internal/fips140/sha3/sha3.go
@ -61,9 +61,7 @@ func (d *Digest) Size() int { return d.outputLen }
 // Reset resets the Digest to its initial state.
 func (d *Digest) Reset() {
 	// Zero the permutation's state.
-	for i := range d.a {
-		d.a[i] = 0
-	}
+	clear(d.a[:])
 	d.state = spongeAbsorbing
 	d.n = 0
 }
--- a/src/crypto/rc4/rc4.go
+++ b/src/crypto/rc4/rc4.go
@ -55,9 +55,7 @@ func NewCipher(key []byte) (*Cipher, error) {
 // Deprecated: Reset can't guarantee that the key will be entirely removed from
 // the process's memory.
 func (c *Cipher) Reset() {
-	for i := range c.s {
-		c.s[i] = 0
-	}
+	clear(c.s[:])
 	c.i, c.j = 0, 0
 }

--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@ -220,9 +220,7 @@ func (hc *halfConn) changeCipherSpec() error {
 	hc.mac = hc.nextMac
 	hc.nextCipher = nil
 	hc.nextMac = nil
-	for i := range hc.seq {
-		hc.seq[i] = 0
-	}
+	clear(hc.seq[:])
 	return nil
 }

@ -231,9 +229,7 @@ func (hc *halfConn) setTrafficSecret(suite *cipherSuiteTLS13, level QUICEncrypti
 	hc.level = level
 	key, iv := suite.trafficKey(secret)
 	hc.cipher = suite.aead(key, iv)
-	for i := range hc.seq {
-		hc.seq[i] = 0
-	}
+	clear(hc.seq[:])
 }

 // incSeq increments the sequence number.
--- a/src/crypto/tls/handshake_server_test.go
+++ b/src/crypto/tls/handshake_server_test.go
@ -1590,9 +1590,7 @@ var getConfigForClientTests = []struct {
 		},
 		func(clientHello *ClientHelloInfo) (*Config, error) {
 			config := testConfig.Clone()
-			for i := range config.SessionTicketKey {
-				config.SessionTicketKey[i] = 0
-			}
+			clear(config.SessionTicketKey[:])
 			config.sessionTicketKeys = nil
 			return config, nil
 		},