crypto/rc4: remove false guarantees from Reset docs and deprecate it

Nothing in Go can truly guarantee a key will be gone from memory (see
#21865), so remove that claim. That makes Reset useless, because
unlike most Reset methods it doesn't restore the original value state,
so deprecate it.

Change-Id: I6bb0f7f94c7e6dd4c5ac19761bc8e5df1f9ec618
Reviewed-on: https://go-review.googlesource.com/c/162297
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>

diff --git a/src/crypto/rc4/rc4.go b/src/crypto/rc4/rc4.go
index d5e6ebcd712ae170ac284f05054b5c676987a087..c2df0db2dc8984711cd301adb2e2e77fafabbcfa 100644 (file)
--- a/src/crypto/rc4/rc4.go
+++ b/src/crypto/rc4/rc4.go
@@ -45,8 +45,10 @@ func NewCipher(key []byte) (*Cipher, error) {
        return &c, nil
 }
 
-// Reset zeros the key data so that it will no longer appear in the
-// process's memory.
+// Reset zeros the key data and makes the Cipher unusable.
+//
+// Deprecated: Reset can't guarantee that the key will be entirely removed from
+// the process's memory.
 func (c *Cipher) Reset() {
        for i := range c.s {
                c.s[i] = 0