--- pgp/src/passwd.c	2018/04/24 16:39:25	1.1.1.3
+++ pgp/src/passwd.c	2018/04/24 16:40:16	1.1.1.4
@@ -29,9 +29,7 @@ void hashpass (char *keystring, int keyl
 	/* Calculate the hash */
 	MD5Init(&mdContext);
 	MD5Update(&mdContext, (unsigned char *) keystring, keylen);
-	MD5Final(&mdContext);
-	/* Copy it to return variable */
-	memcpy(hash, mdContext.digest, 16);
+	MD5Final(hash, &mdContext);
 }	/* hashpass */
 
 
@@ -48,31 +46,34 @@ void hashpass (char *keystring, int keyl
 	Return 0 if no characters are input, else return 1.
 	If we return 0, the hashed key will not be useful.
 */
-int GetHashedPassPhrase(char *keystring, char *hash, boolean noecho)
-{	char keystr2[MAXKEYLEN+2];
+int GetHashedPassPhrase(char *hash, boolean noecho)
+{	char keystr1[MAXKEYLEN+2], keystr2[MAXKEYLEN+2];
 	int len;
 
 	if (showpass)
 		noecho = 0;
 	while (TRUE) {
 		fprintf(pgpout,PSTR("\nEnter pass phrase: "));
-		getstring(keystring,MAXKEYLEN-1,!noecho);
+		getstring(keystr1,MAXKEYLEN-1,!noecho);
 		if (noecho<2)	/* no need to ask again if user can see it */
 			break;
 		fprintf(pgpout,PSTR("\nEnter same pass phrase again: "));
 		getstring(keystr2,MAXKEYLEN-1,!noecho);
-		if (strcmp(keystring,keystr2)==0)
+		if (strcmp(keystr1,keystr2)==0)
 			break;
 		fprintf(pgpout,PSTR("\n\007Error: Pass phrases were different.  Try again."));
+		memset(keystr2, 0, sizeof(keystr2));
 	}
 	if (noecho && (filter_mode || quietmode))
 		putc('\n', pgpout);
 
-	len = strlen(keystring);
+	len = strlen(keystr1);
 	if (len == 0)
 		return 0;
 	/* We assume ASCII pass phrases, with no charset conversions. */
-	hashpass (keystring, strlen(keystring), (byte *) hash);
+	/* This will have to change for EBCDIC */
+	hashpass (keystr1, strlen(keystr1), (byte *) hash);
+	memset(keystr1, 0, sizeof(keystr1));
 	return 1;
 }	/* GetHashedPassPhrase */