From 688415e3747d6f198bcd217001836cf220e310a6 Mon Sep 17 00:00:00 2001
From: qmuntal <qmuntaldiaz@microsoft.com>
Date: Sun, 29 Sep 2024 10:17:48 +0200
Subject: [PATCH] use bytes.Clone instead of manual cloning

---
 cng/aes.go  | 4 ++--
 cng/des.go  | 7 +++----
 cng/hash.go | 7 +++----
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/cng/aes.go b/cng/aes.go
index caac632..097a0fc 100644
--- a/cng/aes.go
+++ b/cng/aes.go
@@ -7,6 +7,7 @@
 package cng
 
 import (
+	"bytes"
 	"crypto/cipher"
 	"errors"
 	"runtime"
@@ -28,8 +29,7 @@ func NewAESCipher(key []byte) (cipher.Block, error) {
 	if err != nil {
 		return nil, err
 	}
-	c := &aesCipher{kh: kh, key: make([]byte, len(key))}
-	copy(c.key, key)
+	c := &aesCipher{kh: kh, key: bytes.Clone(key)}
 	runtime.SetFinalizer(c, (*aesCipher).finalize)
 	return c, nil
 }
diff --git a/cng/des.go b/cng/des.go
index b0784af..de3f05b 100644
--- a/cng/des.go
+++ b/cng/des.go
@@ -7,6 +7,7 @@
 package cng
 
 import (
+	"bytes"
 	"crypto/cipher"
 	"runtime"
 
@@ -27,8 +28,7 @@ func NewDESCipher(key []byte) (cipher.Block, error) {
 	if err != nil {
 		return nil, err
 	}
-	c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: make([]byte, len(key))}
-	copy(c.key, key)
+	c := &desCipher{kh: kh, alg: bcrypt.DES_ALGORITHM, key: bytes.Clone(key)}
 	runtime.SetFinalizer(c, (*desCipher).finalize)
 	return c, nil
 }
@@ -38,8 +38,7 @@ func NewTripleDESCipher(key []byte) (cipher.Block, error) {
 	if err != nil {
 		return nil, err
 	}
-	c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: make([]byte, len(key))}
-	copy(c.key, key)
+	c := &desCipher{kh: kh, alg: bcrypt.DES3_ALGORITHM, key: bytes.Clone(key)}
 	runtime.SetFinalizer(c, (*desCipher).finalize)
 	return c, nil
 }
diff --git a/cng/hash.go b/cng/hash.go
index c4f01e1..88af082 100644
--- a/cng/hash.go
+++ b/cng/hash.go
@@ -7,6 +7,7 @@
 package cng
 
 import (
+	"bytes"
 	"crypto"
 	"hash"
 	"runtime"
@@ -197,8 +198,7 @@ func newHashX(id string, flag bcrypt.AlgorithmProviderFlags, key []byte) *hashX
 	h := new(hashX)
 	h.alg = alg
 	if len(key) > 0 {
-		h.key = make([]byte, len(key))
-		copy(h.key, key)
+		h.key = bytes.Clone(key)
 	}
 	// Don't allocate hx.buf nor call bcrypt.CreateHash yet,
 	// which would be wasteful if the caller only wants to know
@@ -231,8 +231,7 @@ func (h *hashX) Clone() (hash.Hash, error) {
 		alg: h.alg,
 	}
 	if h.key != nil {
-		h2.key = make([]byte, len(h.key))
-		copy(h2.key, h.key)
+		h2.key = bytes.Clone(h.key)
 	}
 	err := h.withCtx(func(ctx bcrypt.HASH_HANDLE) error {
 		return bcrypt.DuplicateHash(ctx, &h2._ctx, nil, 0)