crypto: use clear built-in

Replace for loops with clear built-in, available since Go 1.21.

Change-Id: I16a2691a68042e9c5cd9bc4197690fa541a081eb
Reviewed-on: https://go-review.googlesource.com/c/go/+/704877
Reviewed-by: Michael Knyszek <mknyszek@google.com>
Reviewed-by: Mark Freeman <markfreeman@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Sean Liao <sean@liao.dev>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

5 files changed, 6 insertions, 18 deletions

diff --git a/src/crypto/internal/fips140/mlkem/field.go b/src/crypto/internal/fips140/mlkem/field.go
index 1a42818247..577062526c 100644
--- a/src/crypto/internal/fips140/mlkem/field.go
+++ b/src/crypto/internal/fips140/mlkem/field.go
@@ -203,9 +203,7 @@ func sliceForAppend(in []byte, n int) (head, tail []byte) {
 // followed by ByteEncode₁, according to FIPS 203, Algorithm 5.
 func ringCompressAndEncode1(s []byte, f ringElement) []byte {
 	s, b := sliceForAppend(s, encodingSize1)
-	for i := range b {
-		b[i] = 0
-	}
+	clear(b)
 	for i := range f {
 		b[i/8] |= uint8(compress(f[i], 1) << (i % 8))
 	}
diff --git a/src/crypto/internal/fips140/sha3/sha3.go b/src/crypto/internal/fips140/sha3/sha3.go
index 7513f8ef5d..5c77fae4e7 100644
--- a/src/crypto/internal/fips140/sha3/sha3.go
+++ b/src/crypto/internal/fips140/sha3/sha3.go
@@ -61,9 +61,7 @@ func (d *Digest) Size() int { return d.outputLen }
 // Reset resets the Digest to its initial state.
 func (d *Digest) Reset() {
 	// Zero the permutation's state.
-	for i := range d.a {
-		d.a[i] = 0
-	}
+	clear(d.a[:])
 	d.state = spongeAbsorbing
 	d.n = 0
 }
diff --git a/src/crypto/rc4/rc4.go b/src/crypto/rc4/rc4.go
index 90943a0935..eebc1c04cb 100644
--- a/src/crypto/rc4/rc4.go
+++ b/src/crypto/rc4/rc4.go
@@ -55,9 +55,7 @@ func NewCipher(key []byte) (*Cipher, error) {
 // Deprecated: Reset can't guarantee that the key will be entirely removed from
 // the process's memory.
 func (c *Cipher) Reset() {
-	for i := range c.s {
-		c.s[i] = 0
-	}
+	clear(c.s[:])
 	c.i, c.j = 0, 0
 }
 
diff --git a/src/crypto/tls/conn.go b/src/crypto/tls/conn.go
index d4d68c0744..09dc9ea94c 100644
--- a/src/crypto/tls/conn.go
+++ b/src/crypto/tls/conn.go
@@ -220,9 +220,7 @@ func (hc *halfConn) changeCipherSpec() error {
 	hc.mac = hc.nextMac
 	hc.nextCipher = nil
 	hc.nextMac = nil
-	for i := range hc.seq {
-		hc.seq[i] = 0
-	}
+	clear(hc.seq[:])
 	return nil
 }
 
@@ -231,9 +229,7 @@ func (hc *halfConn) setTrafficSecret(suite *cipherSuiteTLS13, level QUICEncrypti
 	hc.level = level
 	key, iv := suite.trafficKey(secret)
 	hc.cipher = suite.aead(key, iv)
-	for i := range hc.seq {
-		hc.seq[i] = 0
-	}
+	clear(hc.seq[:])
 }
 
 // incSeq increments the sequence number.
diff --git a/src/crypto/tls/handshake_server_test.go b/src/crypto/tls/handshake_server_test.go
index 4df3f5a737..941f2a3373 100644
--- a/src/crypto/tls/handshake_server_test.go
+++ b/src/crypto/tls/handshake_server_test.go
@@ -1590,9 +1590,7 @@ var getConfigForClientTests = []struct {
 		},
 		func(clientHello *ClientHelloInfo) (*Config, error) {
 			config := testConfig.Clone()
-			for i := range config.SessionTicketKey {
-				config.SessionTicketKey[i] = 0
-			}
+			clear(config.SessionTicketKey[:])
 			config.sessionTicketKeys = nil
 			return config, nil
 		},