From 6b554c67eddfeccd86701f2d851b4312f276bbd2 Mon Sep 17 00:00:00 2001
From: Maarten Billemont <lhunath@lyndir.com>
Date: Mon, 25 Sep 2017 02:53:34 -0400
Subject: [PATCH] More standard memset_s

---
 core/c/aes.c                                  |  9 +++---
 core/c/mpw-util.c                             | 31 ++++++++++++-------
 core/c/mpw-util.h                             | 10 +++---
 platform-independent/cli-c/build              |  2 +-
 platform-independent/cli-c/cli/bcrypt.h       |  9 +++---
 platform-independent/cli-c/cli/mpw-cli-util.c |  2 +-
 platform-independent/cli-c/cli/mpw-cli.c      |  2 +-
 7 files changed, 38 insertions(+), 27 deletions(-)

diff --git a/core/c/aes.c b/core/c/aes.c
index 45b1632a..7148ad5e 100644
--- a/core/c/aes.c
+++ b/core/c/aes.c
@@ -39,6 +39,7 @@ NOTE:   String length must be evenly divisible by 16byte (str_len % 16 == 0)
 /*****************************************************************************/
 #include <string.h>
 #include "aes.h"
+#include "mpw-util.h"
 
 /*****************************************************************************/
 /* Defines:                                                                  */
@@ -487,7 +488,7 @@ void AES_ECB_encrypt(uint8_t *output, const uint8_t *input, const uint32_t lengt
   // The next function call encrypts the PlainText with the Key using AES algorithm.
   Cipher();
 
-  memset_s( RoundKey, keyExpSize, 0, keyExpSize );
+  mpw_zero( RoundKey, keyExpSize );
 }
 
 void AES_ECB_decrypt(uint8_t *output, const uint8_t *input, const uint32_t length, const uint8_t *key)
@@ -502,7 +503,7 @@ void AES_ECB_decrypt(uint8_t *output, const uint8_t *input, const uint32_t lengt
 
   InvCipher();
 
-  memset_s( RoundKey, keyExpSize, 0, keyExpSize );
+  mpw_zero( RoundKey, keyExpSize );
 }
 
 
@@ -560,7 +561,7 @@ void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co
     Cipher();
   }
 
-  memset_s( RoundKey, keyExpSize, 0, keyExpSize );
+  mpw_zero( RoundKey, keyExpSize );
 }
 
 void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv)
@@ -599,7 +600,7 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co
     InvCipher();
   }
 
-  memset_s( RoundKey, keyExpSize, 0, keyExpSize );
+  mpw_zero( RoundKey, keyExpSize );
 }
 
 #endif // #if defined(AES_CBC) && (AES_CBC == 1)
diff --git a/core/c/mpw-util.c b/core/c/mpw-util.c
index 4b4688be..b51b92da 100644
--- a/core/c/mpw-util.c
+++ b/core/c/mpw-util.c
@@ -137,31 +137,38 @@ bool __mpw_realloc(const void **buffer, size_t *bufferSize, const size_t deltaSi
     return true;
 }
 
-bool __mpw_free(const void **buffer, const size_t bufferSize) {
+void mpw_zero(void *buffer, size_t bufferSize) {
+
+    uint8_t *b = buffer;
+    for (; bufferSize > 0; --bufferSize)
+            *b++ = 0;
+}
+
+bool __mpw_free(void **buffer, const size_t bufferSize) {
 
     if (!buffer || !*buffer)
         return false;
 
-    memset( (void *)*buffer, 0, bufferSize );
-    free( (void *)*buffer );
+    mpw_zero( *buffer, bufferSize );
+    free( *buffer );
     *buffer = NULL;
 
     return true;
 }
 
-bool __mpw_free_string(const char **string) {
+bool __mpw_free_string(char **string) {
 
-    return *string && __mpw_free( (const void **)string, strlen( *string ) );
+    return *string && __mpw_free( (void **)string, strlen( *string ) );
 }
 
-bool __mpw_free_strings(const char **strings, ...) {
+bool __mpw_free_strings(char **strings, ...) {
 
     bool success = true;
 
     va_list args;
     va_start( args, strings );
     success &= mpw_free_string( strings );
-    for (const char **string; (string = va_arg( args, const char ** ));)
+    for (char **string; (string = va_arg( args, char ** ));)
         success &= mpw_free_string( string );
     va_end( args );
 
@@ -217,12 +224,12 @@ uint8_t const *mpw_kdf_blake2b(const size_t subkeySize, const uint8_t *key, cons
     }
 
     uint8_t saltBuf[crypto_generichash_blake2b_SALTBYTES];
-    memset( saltBuf, 0, sizeof saltBuf );
+    mpw_zero( saltBuf, sizeof saltBuf );
     if (id)
         mpw_uint64( id, saltBuf );
 
     uint8_t personalBuf[crypto_generichash_blake2b_PERSONALBYTES];
-    memset( personalBuf, 0, sizeof personalBuf );
+    mpw_zero( personalBuf, sizeof personalBuf );
     if (personal && strlen( personal ))
         memcpy( personalBuf, personal, strlen( personal ) );
 
@@ -274,7 +281,7 @@ static uint8_t const *mpw_aes(bool encrypt, const uint8_t *key, const size_t key
 
     // IV = zero
     uint8_t iv[16];
-    memset( iv, 0, sizeof iv );
+    mpw_zero( iv, sizeof iv );
 
     // Add PKCS#7 padding
     uint32_t aesSize = (uint32_t)*bufSize;
@@ -289,8 +296,8 @@ static uint8_t const *mpw_aes(bool encrypt, const uint8_t *key, const size_t key
         AES_CBC_encrypt_buffer( resultBuf, aesBuf, aesSize, key, iv );
     else
         AES_CBC_decrypt_buffer( resultBuf, aesBuf, aesSize, key, iv );
-    memset_s( aesBuf, aesSize, 0, aesSize );
-    memset_s( iv, 16, 0, 16 );
+    mpw_zero( aesBuf, aesSize );
+    mpw_zero( iv, 16 );
 
     // Truncate PKCS#7 padding
     if (encrypt)
diff --git a/core/c/mpw-util.h b/core/c/mpw-util.h
index 2187ad78..08124866 100644
--- a/core/c/mpw-util.h
+++ b/core/c/mpw-util.h
@@ -136,21 +136,23 @@ bool mpw_push_int(
   * @return true if successful, false if reallocation failed.
   */
 #define mpw_realloc(buffer, bufferSize, deltaSize) \
-        ({ typeof(buffer) _b = buffer; const void *__b = *_b; (void)__b; __mpw_realloc( (const void **)_b, bufferSize, deltaSize ); })
+        ({ __typeof__(buffer) _b = buffer; const void *__b = *_b; (void)__b; __mpw_realloc( (const void **)_b, bufferSize, deltaSize ); })
 bool __mpw_realloc(const void **buffer, size_t *bufferSize, const size_t deltaSize);
+void mpw_zero(
+        void *buffer, size_t bufferSize);
 /** Free a buffer after zero'ing its contents, then set the reference to NULL. */
 #define mpw_free(buffer, bufferSize) \
-        ({ typeof(buffer) _b = buffer; const void *__b = *_b; (void)__b; __mpw_free( (const void **)_b, bufferSize ); })
+        ({ __typeof__(buffer) _b = buffer; const void *__b = *_b; (void)__b; __mpw_free( (const void **)_b, bufferSize ); })
 bool __mpw_free(
         const void **buffer, const size_t bufferSize);
 /** Free a string after zero'ing its contents, then set the reference to NULL. */
 #define mpw_free_string(string) \
-        ({ typeof(string) _s = string; const char *__s = *_s; (void)__s; __mpw_free_string( (const char **)_s ); })
+        ({ __typeof__(string) _s = string; const char *__s = *_s; (void)__s; __mpw_free_string( (const char **)_s ); })
 bool __mpw_free_string(
         const char **string);
 /** Free strings after zero'ing their contents, then set the references to NULL.  Terminate the va_list with NULL. */
 #define mpw_free_strings(strings, ...) \
-        ({ typeof(strings) _s = strings; const char *__s = *_s; (void)__s; __mpw_free_strings( (const char **)_s, __VA_ARGS__ ); })
+        ({ __typeof__(strings) _s = strings; const char *__s = *_s; (void)__s; __mpw_free_strings( (const char **)_s, __VA_ARGS__ ); })
 bool __mpw_free_strings(
         const char **strings, ...);
 
diff --git a/platform-independent/cli-c/build b/platform-independent/cli-c/build
index 4cb0b46c..cb6c7ee4 100755
--- a/platform-independent/cli-c/build
+++ b/platform-independent/cli-c/build
@@ -138,7 +138,7 @@ cc() {
     if hash llvm-gcc 2>/dev/null; then
         llvm-gcc "$@"
     elif hash gcc 2>/dev/null; then
-        gcc -std=gnu99 "$@"
+        gcc -std=c11 "$@"
     elif hash clang 2>/dev/null; then
         clang "$@"
     else
diff --git a/platform-independent/cli-c/cli/bcrypt.h b/platform-independent/cli-c/cli/bcrypt.h
index f9611d1b..093d60ac 100644
--- a/platform-independent/cli-c/cli/bcrypt.h
+++ b/platform-independent/cli-c/cli/bcrypt.h
@@ -41,6 +41,7 @@
 
 #include "blf.h"
 #include "blowfish.h"
+#include "mpw-util.h"
 
 /* This implementation is adaptable to current computing power.
  * You can have up to 2^31 rounds which should be enough for some
@@ -186,10 +187,10 @@ bcrypt_hashpass(const char *key, const uint8_t *salt, char *encrypted,
     snprintf( encrypted, 8, "$2%c$%2.2u$", minor, logr );
     encode_base64( encrypted + 7, csalt, BCRYPT_MAXSALT );
     encode_base64( encrypted + 7 + 22, ciphertext, 4 * BCRYPT_WORDS - 1 );
-    memset_s( &state, sizeof state, 0, sizeof state );
-    memset_s( ciphertext, sizeof ciphertext, 0, sizeof ciphertext );
-    memset_s( csalt, sizeof csalt, 0, sizeof csalt );
-    memset_s( cdata, sizeof cdata, 0, sizeof cdata );
+    mpw_zero( &state, sizeof state );
+    mpw_zero( ciphertext, sizeof ciphertext );
+    mpw_zero( csalt, sizeof csalt );
+    mpw_zero( cdata, sizeof cdata );
     return 0;
 
     inval:
diff --git a/platform-independent/cli-c/cli/mpw-cli-util.c b/platform-independent/cli-c/cli/mpw-cli-util.c
index 4154aa0a..ca889ba0 100644
--- a/platform-independent/cli-c/cli/mpw-cli-util.c
+++ b/platform-independent/cli-c/cli/mpw-cli-util.c
@@ -128,7 +128,7 @@ const char *mpw_getpass(const char *prompt) {
         return NULL;
 
     password = strdup( answer );
-    memset_s( answer, strlen( answer ), 0, strlen( answer ) );
+    mpw_zero( answer, strlen( answer ) );
     return password;
 }
 
diff --git a/platform-independent/cli-c/cli/mpw-cli.c b/platform-independent/cli-c/cli/mpw-cli.c
index 25799590..3554d3cb 100644
--- a/platform-independent/cli-c/cli/mpw-cli.c
+++ b/platform-independent/cli-c/cli/mpw-cli.c
@@ -273,7 +273,7 @@ void cli_free(Arguments *args, Operation *operation) {
 void cli_args(Arguments *args, Operation *operation, const int argc, char *const argv[]) {
 
     for (int opt; (opt = getopt( argc, argv, "u:U:m:M:t:P:c:a:p:C:f:F:R:vqh" )) != EOF;
-         optarg? memset_s( optarg, strlen( optarg ), 0, strlen( optarg ) ): 0)
+         optarg? mpw_zero( optarg, strlen( optarg ) ): NULL)
         switch (opt) {
             case 'u':
                 args->fullName = optarg && strlen( optarg )? strdup( optarg ): NULL;