Stowage/go
2
0
Fork 0
mirror of https://github.com/golang/go.git synced 2025-12-08 06:10:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

crypto: use clear built-in

Browse source 
Replace for loops with clear built-in, available since Go 1.21.

Change-Id: I16a2691a68042e9c5cd9bc4197690fa541a081eb
Reviewed-on: https://go-review.googlesource.com/c/go/+/704877
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
This commit is contained in:
Kir Kolyshkin 2025-09-17 17:57:27 -07:00 committed by Sean Liao
parent a58afe44fa
commit f9701d21d2
5 changed files with 6 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/crypto/internal/fips140/mlkem/field.go
View file

@ -203,9 +203,7 @@ func sliceForAppend(in []byte, n int) (head, tail []byte) {
// followed by ByteEncode₁, according to FIPS 203, Algorithm 5. // followed by ByteEncode₁, according to FIPS 203, Algorithm 5.
func ringCompressAndEncode1(s []byte, f ringElement) []byte { func ringCompressAndEncode1(s []byte, f ringElement) []byte {
s, b := sliceForAppend(s, encodingSize1) s, b := sliceForAppend(s, encodingSize1)
for i := range b { clear(b)
b[i] = 0
}
for i := range f { for i := range f {
b[i/8] |= uint8(compress(f[i], 1) << (i % 8)) b[i/8] |= uint8(compress(f[i], 1) << (i % 8))
} }

4
src/crypto/internal/fips140/sha3/sha3.go
View file

@ -61,9 +61,7 @@ func (d *Digest) Size() int { return d.outputLen }
// Reset resets the Digest to its initial state. // Reset resets the Digest to its initial state.
func (d *Digest) Reset() { func (d *Digest) Reset() {
// Zero the permutation's state. // Zero the permutation's state.
for i := range d.a { clear(d.a[:])
d.a[i] = 0
}
d.state = spongeAbsorbing d.state = spongeAbsorbing
d.n = 0 d.n = 0
} }

4
src/crypto/rc4/rc4.go
View file

@ -55,9 +55,7 @@ func NewCipher(key []byte) (*Cipher, error) {
// Deprecated: Reset can't guarantee that the key will be entirely removed from // Deprecated: Reset can't guarantee that the key will be entirely removed from
// the process's memory. // the process's memory.
func (c *Cipher) Reset() { func (c *Cipher) Reset() {
for i := range c.s { clear(c.s[:])
c.s[i] = 0
}
c.i, c.j = 0, 0 c.i, c.j = 0, 0
} }

8
src/crypto/tls/conn.go
View file

@ -220,9 +220,7 @@ func (hc *halfConn) changeCipherSpec() error {
hc.mac = hc.nextMac hc.mac = hc.nextMac
hc.nextCipher = nil hc.nextCipher = nil
hc.nextMac = nil hc.nextMac = nil
for i := range hc.seq { clear(hc.seq[:])
hc.seq[i] = 0
}
return nil return nil
} }
@ -231,9 +229,7 @@ func (hc *halfConn) setTrafficSecret(suite *cipherSuiteTLS13, level QUICEncrypti
hc.level = level hc.level = level
key, iv := suite.trafficKey(secret) key, iv := suite.trafficKey(secret)
hc.cipher = suite.aead(key, iv) hc.cipher = suite.aead(key, iv)
for i := range hc.seq { clear(hc.seq[:])
hc.seq[i] = 0
}
} }
// incSeq increments the sequence number. // incSeq increments the sequence number.

4
src/crypto/tls/handshake_server_test.go
View file

@ -1590,9 +1590,7 @@ var getConfigForClientTests = []struct {
}, },
func(clientHello *ClientHelloInfo) (*Config, error) { func(clientHello *ClientHelloInfo) (*Config, error) {
config := testConfig.Clone() config := testConfig.Clone()
for i := range config.SessionTicketKey { clear(config.SessionTicketKey[:])
config.SessionTicketKey[i] = 0
}
config.sessionTicketKeys = nil config.sessionTicketKeys = nil
return config, nil return config, nil
}, },