From 05b7aa13d9cc57ac6d303937e630e92d94825ee5 Mon Sep 17 00:00:00 2001
From: Christian Göttsche <cgzones@googlemail.com>
Date: Mon, 7 Aug 2023 12:57:38 +0200
Subject: pam_timestamp: use secure memory erasure

Closes: #575
---
 modules/pam_timestamp/sha1.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'modules/pam_timestamp')

diff --git a/modules/pam_timestamp/sha1.c b/modules/pam_timestamp/sha1.c
index 2adb5a3b..dff454cf 100644
--- a/modules/pam_timestamp/sha1.c
+++ b/modules/pam_timestamp/sha1.c
@@ -47,6 +47,7 @@
 #include <endian.h>
 #include <unistd.h>
 #include "sha1.h"
+#include "pam_inline.h"
 
 static const unsigned char
 padding[SHA1_BLOCK_SIZE] = {
@@ -142,8 +143,8 @@ sha1_process(struct sha1_context *ctx, uint32_t buffer[SHA1_BLOCK_SIZE / 4])
 	ctx->d += d;
 	ctx->e += e;
 
-	memset(buffer, 0, sizeof(buffer[0]) * SHA1_BLOCK_SIZE / 4);
-	memset(data, 0, sizeof(data));
+	pam_overwrite_n(buffer, sizeof(buffer[0]) * SHA1_BLOCK_SIZE / 4);
+	pam_overwrite_array(data);
 }
 
 void
-- 
cgit v1.2.3