From bee411c773eb377a0343e8f4d859aaa86589ddbd Mon Sep 17 00:00:00 2001
From: Jeffrey Walton <noloader@gmail.com>
Date: Fri, 24 Nov 2023 18:08:59 -0500
Subject: [PATCH] Prefer OPENSSL_cleanse to memset in OpenSSL code path (#2020)

`memset` can be optimized away. `OPENSSL_cleanse` is implemented in a
way that usually survives optimizations.
---
 libarchive/archive_cryptor.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libarchive/archive_cryptor.c b/libarchive/archive_cryptor.c
index 112baf161..437dba06b 100644
--- a/libarchive/archive_cryptor.c
+++ b/libarchive/archive_cryptor.c
@@ -424,8 +424,8 @@ static int
 aes_ctr_release(archive_crypto_ctx *ctx)
 {
 	EVP_CIPHER_CTX_free(ctx->ctx);
-	memset(ctx->key, 0, ctx->key_len);
-	memset(ctx->nonce, 0, sizeof(ctx->nonce));
+	OPENSSL_cleanse(ctx->key, ctx->key_len);
+	OPENSSL_cleanse(ctx->nonce, sizeof(ctx->nonce));
 	return 0;
 }
 
-- 
2.47.2