Prefer OPENSSL_cleanse to memset in OpenSSL code path (#2020)

`memset` can be optimized away. `OPENSSL_cleanse` is implemented in a
way that usually survives optimizations.

diff --git a/libarchive/archive_cryptor.c b/libarchive/archive_cryptor.c
index 112baf1613482afc2ff716fa362a6c9f1d9022f9..437dba06be62ba66718a268249b2c8caa6ac2597 100644 (file)
--- a/libarchive/archive_cryptor.c
+++ b/libarchive/archive_cryptor.c
@@ -424,8 +424,8 @@ static int
 aes_ctr_release(archive_crypto_ctx *ctx)
 {
        EVP_CIPHER_CTX_free(ctx->ctx);
-       memset(ctx->key, 0, ctx->key_len);
-       memset(ctx->nonce, 0, sizeof(ctx->nonce));
+       OPENSSL_cleanse(ctx->key, ctx->key_len);
+       OPENSSL_cleanse(ctx->nonce, sizeof(ctx->nonce));
        return 0;
 }