From 9c8b9e4951f90f922eb7b96f296a6e8a7c0031e7 Mon Sep 17 00:00:00 2001
From: Thomas Klausner <wiz@gatalith.at>
Date: Tue, 10 Oct 2023 13:21:16 +0200
Subject: [PATCH] Remove memset()s that were added for the memory sanitizer

It does not support third party libraries correctly (openssl, zlib)
and has been disabled.
---
 lib/zip_crypto_openssl.c           | 6 ------
 lib/zip_source_winzip_aes_encode.c | 6 ------
 2 files changed, 12 deletions(-)

diff --git a/lib/zip_crypto_openssl.c b/lib/zip_crypto_openssl.c
index d075ee13..f7b910a6 100644
--- a/lib/zip_crypto_openssl.c
+++ b/lib/zip_crypto_openssl.c
@@ -127,9 +127,6 @@ _zip_crypto_aes_free(_zip_crypto_aes_t *aes) {
 bool
 _zip_crypto_aes_encrypt_block(_zip_crypto_aes_t *aes, const zip_uint8_t *in, zip_uint8_t *out) {
     int len = 0;
-    /* TODO: The memset() is just for testing the memory sanitizer,
-       _zip_winzip_aes_new() will overwrite the same bytes */
-    memset(out, 0xff, ZIP_CRYPTO_AES_BLOCK_LENGTH);
     if (EVP_EncryptUpdate(aes, out, &len, in, ZIP_CRYPTO_AES_BLOCK_LENGTH) != 1
         || len != ZIP_CRYPTO_AES_BLOCK_LENGTH) {
         return false;
@@ -217,9 +214,6 @@ _zip_crypto_hmac_free(_zip_crypto_hmac_t *hmac) {
 
 bool
 _zip_crypto_hmac_output(_zip_crypto_hmac_t *hmac, zip_uint8_t *data) {
-    /* TODO: The memset() is just for testing the memory sanitizer,
-       _zip_winzip_aes_new() will overwrite the same bytes */
-    memset(data, 0xff, ZIP_CRYPTO_SHA1_LENGTH);
 #ifdef USE_OPENSSL_3_API
     size_t length = 0;
     return EVP_MAC_final(hmac->ctx, data, &length, ZIP_CRYPTO_SHA1_LENGTH) == 1 && length == ZIP_CRYPTO_SHA1_LENGTH;
diff --git a/lib/zip_source_winzip_aes_encode.c b/lib/zip_source_winzip_aes_encode.c
index f86d0449..87e2865a 100644
--- a/lib/zip_source_winzip_aes_encode.c
+++ b/lib/zip_source_winzip_aes_encode.c
@@ -83,17 +83,11 @@ zip_source_winzip_aes_encode(zip_t *za, zip_source_t *src, zip_uint16_t encrypti
 static int
 encrypt_header(zip_source_t *src, struct winzip_aes *ctx) {
     zip_uint16_t salt_length = SALT_LENGTH(ctx->encryption_method);
-    /* TODO: The memset() is just for testing the memory sanitizer,
-       zip_secure_random() will overwrite the same bytes */
-    memset(ctx->data, 0xff, salt_length);
     if (!zip_secure_random(ctx->data, salt_length)) {
         zip_error_set(&ctx->error, ZIP_ER_INTERNAL, 0);
         return -1;
     }
 
-    /* TODO: The memset() is just for testing the memory sanitizer,
-       _zip_winzip_aes_new() will overwrite the same bytes */
-    memset(ctx->data + salt_length, 0xff, WINZIP_AES_PASSWORD_VERIFY_LENGTH);
     if ((ctx->aes_ctx = _zip_winzip_aes_new((zip_uint8_t *)ctx->password, strlen(ctx->password), ctx->data, ctx->encryption_method, ctx->data + salt_length, &ctx->error)) == NULL) {
         return -1;
     }