Commit da1f5d37 authored by Filippo Valsorda's avatar Filippo Valsorda

[release-branch.go1.12] crypto/rc4: remove false guarantees from Reset docs and deprecate it

Nothing in Go can truly guarantee a key will be gone from memory (see
#21865), so remove that claim. That makes Reset useless, because
unlike most Reset methods it doesn't restore the original value state,
so deprecate it.

Change-Id: I6bb0f7f94c7e6dd4c5ac19761bc8e5df1f9ec618
Reviewed-on: https://go-review.googlesource.com/c/162297Reviewed-by: default avatarBrad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit b35dacaa)
Reviewed-on: https://go-review.googlesource.com/c/163438
parent 35e6a10c
...@@ -45,8 +45,10 @@ func NewCipher(key []byte) (*Cipher, error) { ...@@ -45,8 +45,10 @@ func NewCipher(key []byte) (*Cipher, error) {
return &c, nil return &c, nil
} }
// Reset zeros the key data so that it will no longer appear in the // Reset zeros the key data and makes the Cipher unusable.
// process's memory. //
// Deprecated: Reset can't guarantee that the key will be entirely removed from
// the process's memory.
func (c *Cipher) Reset() { func (c *Cipher) Reset() {
for i := range c.s { for i := range c.s {
c.s[i] = 0 c.s[i] = 0
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment