Merge branch 'PHP-7.1' into PHP-7.2

* PHP-7.1:
  Always use ZEND_SECURE_ZERO() when cleaning up data
  bump versions after release

3 files changed, 4 insertions, 4 deletions

diff --git a/ext/hash/hash_sha3.c b/ext/hash/hash_sha3.c
index 86cfabe934..cde7a43e3f 100644
--- a/ext/hash/hash_sha3.c
+++ b/ext/hash/hash_sha3.c
@@ -194,7 +194,7 @@ static void PHP_SHA3_Final(unsigned char* digest,
 	}
 
 	// Zero out context
-	memset(ctx, 0, sizeof(PHP_SHA3_CTX));
+	ZEND_SECURE_ZERO(ctx, sizeof(PHP_SHA3_CTX));
 }
 
 // ==========================================================================
diff --git a/ext/hash/hash_snefru.c b/ext/hash/hash_snefru.c
index f4bd77771d..8a16715553 100644
--- a/ext/hash/hash_snefru.c
+++ b/ext/hash/hash_snefru.c
@@ -129,7 +129,7 @@ static inline void SnefruTransform(PHP_SNEFRU_CTX *context, const unsigned char
 								((input[i+2] & 0xff) << 8) | (input[i+3] & 0xff);
 	}
 	Snefru(context->state);
-	memset(&context->state[8], 0, sizeof(uint32_t) * 8);
+	ZEND_SECURE_ZERO(&context->state[8], sizeof(uint32_t) * 8);
 }
 
 PHP_HASH_API void PHP_SNEFRUInit(PHP_SNEFRU_CTX *context)
diff --git a/ext/standard/sha1.c b/ext/standard/sha1.c
index 5c20db9c5d..76ea713b8f 100644
--- a/ext/standard/sha1.c
+++ b/ext/standard/sha1.c
@@ -249,7 +249,7 @@ PHPAPI void PHP_SHA1Final(unsigned char digest[20], PHP_SHA1_CTX * context)
 
 	/* Zeroize sensitive information.
 	 */
-	memset((unsigned char*) context, 0, sizeof(*context));
+	ZEND_SECURE_ZERO((unsigned char*) context, sizeof(*context));
 }
 /* }}} */
 
@@ -360,7 +360,7 @@ const unsigned char block[64];
 	state[4] += e;
 
 	/* Zeroize sensitive information. */
-	memset((unsigned char*) x, 0, sizeof(x));
+	ZEND_SECURE_ZERO((unsigned char*) x, sizeof(x));
 }
 /* }}} */