From fafe56166ec6fef6be94795c9910de147caf0149 Mon Sep 17 00:00:00 2001
From: Maarten Billemont <lhunath@lyndir.com>
Date: Sun, 24 Sep 2017 13:14:16 -0400
Subject: [PATCH] bzero is nonstandard.  Replace with memset_s.

---
 core/c/aes.c                                  |  8 ++++----
 core/c/mpw-util.c                             | 10 +++++-----
 platform-independent/cli-c/cli/bcrypt.h       |  8 ++++----
 platform-independent/cli-c/cli/mpw-cli-util.c |  2 +-
 platform-independent/cli-c/cli/mpw-cli.c      |  3 ++-
 5 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/core/c/aes.c b/core/c/aes.c
index 560b7fe5..45b1632a 100644
--- a/core/c/aes.c
+++ b/core/c/aes.c
@@ -487,7 +487,7 @@ void AES_ECB_encrypt(uint8_t *output, const uint8_t *input, const uint32_t lengt
   // The next function call encrypts the PlainText with the Key using AES algorithm.
   Cipher();
 
-  bzero( RoundKey, keyExpSize );
+  memset_s( RoundKey, keyExpSize, 0, keyExpSize );
 }
 
 void AES_ECB_decrypt(uint8_t *output, const uint8_t *input, const uint32_t length, const uint8_t *key)
@@ -502,7 +502,7 @@ void AES_ECB_decrypt(uint8_t *output, const uint8_t *input, const uint32_t lengt
 
   InvCipher();
 
-  bzero( RoundKey, keyExpSize );
+  memset_s( RoundKey, keyExpSize, 0, keyExpSize );
 }
 
 
@@ -560,7 +560,7 @@ void AES_CBC_encrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co
     Cipher();
   }
 
-  bzero( RoundKey, keyExpSize );
+  memset_s( RoundKey, keyExpSize, 0, keyExpSize );
 }
 
 void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, const uint8_t* key, const uint8_t* iv)
@@ -599,7 +599,7 @@ void AES_CBC_decrypt_buffer(uint8_t* output, uint8_t* input, uint32_t length, co
     InvCipher();
   }
 
-  bzero( RoundKey, keyExpSize );
+  memset_s( RoundKey, keyExpSize, 0, keyExpSize );
 }
 
 #endif // #if defined(AES_CBC) && (AES_CBC == 1)
diff --git a/core/c/mpw-util.c b/core/c/mpw-util.c
index c07746d3..4b4688be 100644
--- a/core/c/mpw-util.c
+++ b/core/c/mpw-util.c
@@ -217,12 +217,12 @@ uint8_t const *mpw_kdf_blake2b(const size_t subkeySize, const uint8_t *key, cons
     }
 
     uint8_t saltBuf[crypto_generichash_blake2b_SALTBYTES];
-    bzero( saltBuf, sizeof saltBuf );
+    memset( saltBuf, 0, sizeof saltBuf );
     if (id)
         mpw_uint64( id, saltBuf );
 
     uint8_t personalBuf[crypto_generichash_blake2b_PERSONALBYTES];
-    bzero( personalBuf, sizeof saltBuf );
+    memset( personalBuf, 0, sizeof personalBuf );
     if (personal && strlen( personal ))
         memcpy( personalBuf, personal, strlen( personal ) );
 
@@ -274,7 +274,7 @@ static uint8_t const *mpw_aes(bool encrypt, const uint8_t *key, const size_t key
 
     // IV = zero
     uint8_t iv[16];
-    bzero( (void *)iv, sizeof( iv ) );
+    memset( iv, 0, sizeof iv );
 
     // Add PKCS#7 padding
     uint32_t aesSize = (uint32_t)*bufSize;
@@ -289,8 +289,8 @@ static uint8_t const *mpw_aes(bool encrypt, const uint8_t *key, const size_t key
         AES_CBC_encrypt_buffer( resultBuf, aesBuf, aesSize, key, iv );
     else
         AES_CBC_decrypt_buffer( resultBuf, aesBuf, aesSize, key, iv );
-    bzero( aesBuf, aesSize );
-    bzero( iv, 16 );
+    memset_s( aesBuf, aesSize, 0, aesSize );
+    memset_s( iv, 16, 0, 16 );
 
     // Truncate PKCS#7 padding
     if (encrypt)
diff --git a/platform-independent/cli-c/cli/bcrypt.h b/platform-independent/cli-c/cli/bcrypt.h
index e7f8c977..f9611d1b 100644
--- a/platform-independent/cli-c/cli/bcrypt.h
+++ b/platform-independent/cli-c/cli/bcrypt.h
@@ -186,10 +186,10 @@ bcrypt_hashpass(const char *key, const uint8_t *salt, char *encrypted,
     snprintf( encrypted, 8, "$2%c$%2.2u$", minor, logr );
     encode_base64( encrypted + 7, csalt, BCRYPT_MAXSALT );
     encode_base64( encrypted + 7 + 22, ciphertext, 4 * BCRYPT_WORDS - 1 );
-    bzero( &state, sizeof( state ) );
-    bzero( ciphertext, sizeof( ciphertext ) );
-    bzero( csalt, sizeof( csalt ) );
-    bzero( cdata, sizeof( cdata ) );
+    memset_s( &state, sizeof state, 0, sizeof state );
+    memset_s( ciphertext, sizeof ciphertext, 0, sizeof ciphertext );
+    memset_s( csalt, sizeof csalt, 0, sizeof csalt );
+    memset_s( cdata, sizeof cdata, 0, sizeof cdata );
     return 0;
 
     inval:
diff --git a/platform-independent/cli-c/cli/mpw-cli-util.c b/platform-independent/cli-c/cli/mpw-cli-util.c
index 8881d07d..4154aa0a 100644
--- a/platform-independent/cli-c/cli/mpw-cli-util.c
+++ b/platform-independent/cli-c/cli/mpw-cli-util.c
@@ -128,7 +128,7 @@ const char *mpw_getpass(const char *prompt) {
         return NULL;
 
     password = strdup( answer );
-    bzero( answer, strlen( answer ) );
+    memset_s( answer, strlen( answer ), 0, strlen( answer ) );
     return password;
 }
 
diff --git a/platform-independent/cli-c/cli/mpw-cli.c b/platform-independent/cli-c/cli/mpw-cli.c
index 2b9701b1..312ec21e 100644
--- a/platform-independent/cli-c/cli/mpw-cli.c
+++ b/platform-independent/cli-c/cli/mpw-cli.c
@@ -272,7 +272,8 @@ void cli_free(Arguments *args, Operation *operation) {
 
 void cli_args(Arguments *args, Operation *operation, const int argc, char *const argv[]) {
 
-    for (int opt; (opt = getopt( argc, argv, "u:U:m:M:t:P:c:a:p:C:f:F:R:vqh" )) != EOF; optarg? bzero( optarg, strlen( optarg ) ): NULL)
+    for (int opt; (opt = getopt( argc, argv, "u:U:m:M:t:P:c:a:p:C:f:F:R:vqh" )) != EOF;
+         optarg? memset_s( optarg, strlen( optarg ), 0, strlen( optarg ) ): 0)
         switch (opt) {
             case 'u':
                 args->fullName = optarg && strlen( optarg )? strdup( optarg ): NULL;