From de96e675e5ab063e1492e9ee609ff97892c95c4d Mon Sep 17 00:00:00 2001
From: Andrew Kozlik <andrew.kozlik@gmail.com>
Date: Mon, 2 Dec 2019 16:06:36 +0100
Subject: [PATCH] fixup! storage: Implement storage_change_wipe_code().

---
 storage/storage.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/storage/storage.c b/storage/storage.c
index a65c2372e..2e9845835 100644
--- a/storage/storage.c
+++ b/storage/storage.c
@@ -958,6 +958,7 @@ static secbool unlock(uint32_t pin, const uint8_t *ext_salt) {
   // Get the pin failure counter
   uint32_t ctr = 0;
   if (sectrue != pin_get_fails(&ctr)) {
+    memzero(&pin, sizeof(pin));
     return secfalse;
   }
 
@@ -997,6 +998,7 @@ static secbool unlock(uint32_t pin, const uint8_t *ext_salt) {
   if (sectrue != initialized ||
       sectrue != norcow_get(EDEK_PVC_KEY, &rand_salt, &len) ||
       len != RANDOM_SALT_SIZE + KEYS_SIZE + PVC_SIZE) {
+    memzero(&pin, sizeof(pin));
     handle_fault("no EDEK");
     return secfalse;
   }