From 9c8b9e4951f90f922eb7b96f296a6e8a7c0031e7 Mon Sep 17 00:00:00 2001 From: Thomas Klausner Date: Tue, 10 Oct 2023 13:21:16 +0200 Subject: [PATCH] Remove memset()s that were added for the memory sanitizer It does not support third party libraries correctly (openssl, zlib) and has been disabled. --- lib/zip_crypto_openssl.c | 6 ------ lib/zip_source_winzip_aes_encode.c | 6 ------ 2 files changed, 12 deletions(-) diff --git a/lib/zip_crypto_openssl.c b/lib/zip_crypto_openssl.c index d075ee13e..f7b910a60 100644 --- a/lib/zip_crypto_openssl.c +++ b/lib/zip_crypto_openssl.c @@ -127,9 +127,6 @@ _zip_crypto_aes_free(_zip_crypto_aes_t *aes) { bool _zip_crypto_aes_encrypt_block(_zip_crypto_aes_t *aes, const zip_uint8_t *in, zip_uint8_t *out) { int len = 0; - /* TODO: The memset() is just for testing the memory sanitizer, - _zip_winzip_aes_new() will overwrite the same bytes */ - memset(out, 0xff, ZIP_CRYPTO_AES_BLOCK_LENGTH); if (EVP_EncryptUpdate(aes, out, &len, in, ZIP_CRYPTO_AES_BLOCK_LENGTH) != 1 || len != ZIP_CRYPTO_AES_BLOCK_LENGTH) { return false; @@ -217,9 +214,6 @@ _zip_crypto_hmac_free(_zip_crypto_hmac_t *hmac) { bool _zip_crypto_hmac_output(_zip_crypto_hmac_t *hmac, zip_uint8_t *data) { - /* TODO: The memset() is just for testing the memory sanitizer, - _zip_winzip_aes_new() will overwrite the same bytes */ - memset(data, 0xff, ZIP_CRYPTO_SHA1_LENGTH); #ifdef USE_OPENSSL_3_API size_t length = 0; return EVP_MAC_final(hmac->ctx, data, &length, ZIP_CRYPTO_SHA1_LENGTH) == 1 && length == ZIP_CRYPTO_SHA1_LENGTH; diff --git a/lib/zip_source_winzip_aes_encode.c b/lib/zip_source_winzip_aes_encode.c index f86d04496..87e2865a0 100644 --- a/lib/zip_source_winzip_aes_encode.c +++ b/lib/zip_source_winzip_aes_encode.c @@ -83,17 +83,11 @@ zip_source_winzip_aes_encode(zip_t *za, zip_source_t *src, zip_uint16_t encrypti static int encrypt_header(zip_source_t *src, struct winzip_aes *ctx) { zip_uint16_t salt_length = SALT_LENGTH(ctx->encryption_method); - /* TODO: The memset() is just for testing the memory sanitizer, - zip_secure_random() will overwrite the same bytes */ - memset(ctx->data, 0xff, salt_length); if (!zip_secure_random(ctx->data, salt_length)) { zip_error_set(&ctx->error, ZIP_ER_INTERNAL, 0); return -1; } - /* TODO: The memset() is just for testing the memory sanitizer, - _zip_winzip_aes_new() will overwrite the same bytes */ - memset(ctx->data + salt_length, 0xff, WINZIP_AES_PASSWORD_VERIFY_LENGTH); if ((ctx->aes_ctx = _zip_winzip_aes_new((zip_uint8_t *)ctx->password, strlen(ctx->password), ctx->data, ctx->encryption_method, ctx->data + salt_length, &ctx->error)) == NULL) { return -1; }