From: Jeffrey Walton <noloader@gmail.com>
Date: Fri, 24 Nov 2023 23:08:59 +0000 (-0500)
Subject: Prefer OPENSSL_cleanse to memset in OpenSSL code path (#2020)
X-Git-Tag: v3.7.3~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bee411c773eb377a0343e8f4d859aaa86589ddbd;p=thirdparty%2Flibarchive.git

Prefer OPENSSL_cleanse to memset in OpenSSL code path (#2020)

`memset` can be optimized away. `OPENSSL_cleanse` is implemented in a
way that usually survives optimizations.
---

diff --git a/libarchive/archive_cryptor.c b/libarchive/archive_cryptor.c
index 112baf161..437dba06b 100644
--- a/libarchive/archive_cryptor.c
+++ b/libarchive/archive_cryptor.c
@@ -424,8 +424,8 @@ static int
 aes_ctr_release(archive_crypto_ctx *ctx)
 {
 	EVP_CIPHER_CTX_free(ctx->ctx);
-	memset(ctx->key, 0, ctx->key_len);
-	memset(ctx->nonce, 0, sizeof(ctx->nonce));
+	OPENSSL_cleanse(ctx->key, ctx->key_len);
+	OPENSSL_cleanse(ctx->nonce, sizeof(ctx->nonce));
 	return 0;
 }