From 609277d957a02ff4d10efefe976e307e4e985adb Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Sat, 23 Nov 2024 18:23:40 +0100
Subject: [PATCH] Add a comment about wiping derived key in benchmark.

Fixes: #916
---
 lib/crypto_backend/pbkdf_check.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/crypto_backend/pbkdf_check.c b/lib/crypto_backend/pbkdf_check.c
index d5e12572..87de6f56 100644
--- a/lib/crypto_backend/pbkdf_check.c
+++ b/lib/crypto_backend/pbkdf_check.c
@@ -300,6 +300,7 @@ static int crypt_argon2_check(const char *kdf, const char *password,
 	} while (ms < ms_atleast || ms > ms_atmost);
 out:
 	if (key) {
+		/* Key can be derived from a real provided password */
 		crypt_backend_memzero(key, key_length);
 		free(key);
 	}
@@ -381,6 +382,7 @@ static int crypt_pbkdf_check(const char *kdf, const char *hash,
 	}
 out:
 	if (key) {
+		/* Key can be derived from a real provided password */
 		crypt_backend_memzero(key, key_length);
 		free(key);
 	}