From: Filippo Valsorda <filippo@golang.org>
Date: Wed, 13 Feb 2019 08:37:57 +0000 (-0500)
Subject: [release-branch.go1.12] crypto/rc4: remove false guarantees from Reset docs and depre... 
X-Git-Tag: go1.12~6
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=da1f5d376a74dc75b641ae0beb4b98519d57c59a;p=gostls13.git

[release-branch.go1.12] crypto/rc4: remove false guarantees from Reset docs and deprecate it

Nothing in Go can truly guarantee a key will be gone from memory (see
#21865), so remove that claim. That makes Reset useless, because
unlike most Reset methods it doesn't restore the original value state,
so deprecate it.

Change-Id: I6bb0f7f94c7e6dd4c5ac19761bc8e5df1f9ec618
Reviewed-on: https://go-review.googlesource.com/c/162297
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
(cherry picked from commit b35dacaac57b039205d9b07ea24098e2c3fcb12e)
Reviewed-on: https://go-review.googlesource.com/c/163438
---

diff --git a/src/crypto/rc4/rc4.go b/src/crypto/rc4/rc4.go
index d5e6ebcd71..c2df0db2dc 100644
--- a/src/crypto/rc4/rc4.go
+++ b/src/crypto/rc4/rc4.go
@@ -45,8 +45,10 @@ func NewCipher(key []byte) (*Cipher, error) {
 	return &c, nil
 }
 
-// Reset zeros the key data so that it will no longer appear in the
-// process's memory.
+// Reset zeros the key data and makes the Cipher unusable.
+//
+// Deprecated: Reset can't guarantee that the key will be entirely removed from
+// the process's memory.
 func (c *Cipher) Reset() {
 	for i := range c.s {
 		c.s[i] = 0