use explicit_bzero

base58.c

@@ -26,7 +26,6 @@
 #include <sys/types.h>
 #include "base58.h"
 #include "sha2.h"
-#include "macros.h"
 #include "ripemd160.h"
 
 static const int8_t b58digits_map[] = {
@@ -200,7 +199,7 @@ int base58_encode_check(const uint8_t *data, int datalen, HasherType hasher_type
 	hasher_Raw(hasher_type, hash, 32, hash);
 	size_t res = strsize;
 	bool success = b58enc(str, &res, buf, datalen + 4);
-	MEMSET_BZERO(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 	return success ? res : 0;
 }
 
@@ -254,7 +253,7 @@ int base58gph_encode_check(const uint8_t *data, int datalen, char *str, int strs
 	ripemd160(data, datalen, hash);  // No double SHA256, but a single RIPEMD160
 	size_t res = strsize;
 	bool success = b58enc(str, &res, buf, datalen + 4);
-	MEMSET_BZERO(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 	return success ? res : 0;
 }
 

bignum.c

@@ -27,7 +27,6 @@
 #include <string.h>
 #include <assert.h>
 #include "bignum.h"
-#include "macros.h"
 
 /* big number library */
 
@@ -490,7 +489,7 @@ void bn_multiply(const bignum256 *k, bignum256 *x, const bignum256 *prime)
 	uint32_t res[18] = {0};
 	bn_multiply_long(k, x, res);
 	bn_multiply_reduce(x, res, prime); 
-	MEMSET_BZERO(res, sizeof(res));
+	explicit_bzero(res, sizeof(res));
 }
 
 // partly reduce x modulo prime
@@ -552,8 +551,8 @@ void bn_sqrt(bignum256 *x, const bignum256 *prime)
 	}
 	bn_mod(&res, prime);
 	memcpy(x, &res, sizeof(bignum256));
-	MEMSET_BZERO(&res, sizeof(res));
+	explicit_bzero(&res, sizeof(res));
-	MEMSET_BZERO(&p, sizeof(p));
+	explicit_bzero(&p, sizeof(p));
 }
 
 #if ! USE_INVERSE_FAST
@@ -861,9 +860,9 @@ void bn_inverse(bignum256 *x, const bignum256 *prime)
 	x->val[i] = temp32;
 
 	// let's wipe all temp buffers
-	MEMSET_BZERO(pp, sizeof(pp));
+	explicit_bzero(pp, sizeof(pp));
-	MEMSET_BZERO(&us, sizeof(us));
+	explicit_bzero(&us, sizeof(us));
-	MEMSET_BZERO(&vr, sizeof(vr));
+	explicit_bzero(&vr, sizeof(vr));
 }
 #endif
 

bip32.c

@@ -35,7 +35,6 @@
 #include "sha3.h"
 #include "ripemd160.h"
 #include "base58.h"
-#include "macros.h"
 #include "curves.h"
 #include "secp256k1.h"
 #include "nist256p1.h"
@@ -87,7 +86,7 @@ int hdnode_from_xpub(uint32_t depth, uint32_t child_num, const uint8_t *chain_co
 	out->depth = depth;
 	out->child_num = child_num;
 	memcpy(out->chain_code, chain_code, 32);
-	MEMSET_BZERO(out->private_key, 32);
+	explicit_bzero(out->private_key, 32);
 	memcpy(out->public_key, public_key, 33);
 	return 1;
 }
@@ -108,7 +107,7 @@ int hdnode_from_xprv(uint32_t depth, uint32_t child_num, const uint8_t *chain_co
 				failed = true;
 			}
 		}
-		MEMSET_BZERO(&a, sizeof(a));
+		explicit_bzero(&a, sizeof(a));
 	}
 
 	if (failed) {
@@ -120,7 +119,7 @@ int hdnode_from_xprv(uint32_t depth, uint32_t child_num, const uint8_t *chain_co
 	out->child_num = child_num;
 	memcpy(out->chain_code, chain_code, 32);
 	memcpy(out->private_key, private_key, 32);
-	MEMSET_BZERO(out->public_key, sizeof(out->public_key));
+	explicit_bzero(out->public_key, sizeof(out->public_key));
 	return 1;
 }
 
@@ -151,12 +150,12 @@ int hdnode_from_seed(const uint8_t *seed, int seed_len, const char* curve, HDNod
 			hmac_sha512_Update(&ctx, I, sizeof(I));
 			hmac_sha512_Final(&ctx, I);
 		}
-		MEMSET_BZERO(&a, sizeof(a));
+		explicit_bzero(&a, sizeof(a));
 	}
 	memcpy(out->private_key, I, 32);
 	memcpy(out->chain_code, I + 32, 32);
-	MEMSET_BZERO(out->public_key, sizeof(out->public_key));
+	explicit_bzero(out->public_key, sizeof(out->public_key));
-	MEMSET_BZERO(I, sizeof(I));
+	explicit_bzero(I, sizeof(I));
 	return 1;
 }
 
@@ -169,7 +168,7 @@ uint32_t hdnode_fingerprint(HDNode *node)
 	hasher_Raw(node->curve->hasher_type, node->public_key, 33, digest);
 	ripemd160(digest, 32, digest);
 	fingerprint = (digest[0] << 24) + (digest[1] << 16) + (digest[2] << 8) + digest[3];
-	MEMSET_BZERO(digest, sizeof(digest));
+	explicit_bzero(digest, sizeof(digest));
 	return fingerprint;
 }
 
@@ -230,13 +229,13 @@ int hdnode_private_ckd(HDNode *inout, uint32_t i)
 	memcpy(inout->chain_code, I + 32, 32);
 	inout->depth++;
 	inout->child_num = i;
-	MEMSET_BZERO(inout->public_key, sizeof(inout->public_key));
+	explicit_bzero(inout->public_key, sizeof(inout->public_key));
 
 	// making sure to wipe our memory
-	MEMSET_BZERO(&a, sizeof(a));
+	explicit_bzero(&a, sizeof(a));
-	MEMSET_BZERO(&b, sizeof(b));
+	explicit_bzero(&b, sizeof(b));
-	MEMSET_BZERO(I, sizeof(I));
+	explicit_bzero(I, sizeof(I));
-	MEMSET_BZERO(data, sizeof(data));
+	explicit_bzero(data, sizeof(data));
 	return 1;
 }
 
@@ -265,9 +264,9 @@ int hdnode_public_ckd_cp(const ecdsa_curve *curve, const curve_point *parent, co
 				}
 
 				// Wipe all stack data.
-				MEMSET_BZERO(data, sizeof(data));
+				explicit_bzero(data, sizeof(data));
-				MEMSET_BZERO(I, sizeof(I));
+				explicit_bzero(I, sizeof(I));
-				MEMSET_BZERO(&c, sizeof(c));
+				explicit_bzero(&c, sizeof(c));
 				return 1;
 			}
 		}
@@ -287,15 +286,15 @@ int hdnode_public_ckd(HDNode *inout, uint32_t i)
 	if (!hdnode_public_ckd_cp(inout->curve->params, &parent, inout->chain_code, i, &child, inout->chain_code)) {
 		return 0;
 	}
-	memset(inout->private_key, 0, 32);
+	explicit_bzero(inout->private_key, 32);
 	inout->depth++;
 	inout->child_num = i;
 	inout->public_key[0] = 0x02 | (child.y.val[0] & 0x01);
 	bn_write_be(&child.x, inout->public_key + 1);
 
 	// Wipe all stack data.
-	MEMSET_BZERO(&parent, sizeof(parent));
+	explicit_bzero(&parent, sizeof(parent));
-	MEMSET_BZERO(&child, sizeof(child));
+	explicit_bzero(&child, sizeof(child));
 
 	return 1;
 }
@@ -350,7 +349,7 @@ int hdnode_private_ckd_cached(HDNode *inout, const uint32_t *i, size_t i_count,
 	if (!private_ckd_cache_root_set || memcmp(&private_ckd_cache_root, inout, sizeof(HDNode)) != 0) {
 		// clear the cache
 		private_ckd_cache_index = 0;
-		memset(private_ckd_cache, 0, sizeof(private_ckd_cache));
+		explicit_bzero(private_ckd_cache, sizeof(private_ckd_cache));
 		// setup new root
 		memcpy(&private_ckd_cache_root, inout, sizeof(HDNode));
 		private_ckd_cache_root_set = true;
@@ -497,7 +496,7 @@ int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key,
 	aes_encrypt_ctx ctx;
 
 	int ret = aes_encrypt_key256(shared_key, &ctx);
-	MEMSET_BZERO(shared_key, sizeof(shared_key));
+	explicit_bzero(shared_key, sizeof(shared_key));
 
 	if (ret != EXIT_SUCCESS) {
 		return 0;
@@ -524,7 +523,7 @@ int hdnode_nem_decrypt(const HDNode *node, const ed25519_public_key public_key,
 	aes_decrypt_ctx ctx;
 
 	int ret = aes_decrypt_key256(shared_key, &ctx);
-	MEMSET_BZERO(shared_key, sizeof(shared_key));
+	explicit_bzero(shared_key, sizeof(shared_key));
 
 	if (ret != EXIT_SUCCESS) {
 		return 0;
@@ -610,7 +609,7 @@ static int hdnode_serialize(const HDNode *node, uint32_t fingerprint, uint32_t v
 		memcpy(node_data + 46, node->private_key, 32);
 	}
 	int ret = base58_encode_check(node_data, sizeof(node_data), node->curve->hasher_type, str, strsize);
-	MEMSET_BZERO(node_data, sizeof(node_data));
+	explicit_bzero(node_data, sizeof(node_data));
 	return ret;
 }
 
@@ -635,14 +634,14 @@ int hdnode_deserialize(const char *str, uint32_t version_public, uint32_t versio
 	}
 	uint32_t version = read_be(node_data);
 	if (version == version_public) {
-		MEMSET_BZERO(node->private_key, sizeof(node->private_key));
+		explicit_bzero(node->private_key, sizeof(node->private_key));
 		memcpy(node->public_key, node_data + 45, 33);
 	} else if (version == version_private) { // private node
 		if (node_data[45]) { // invalid data
 			return -2;
 		}
 		memcpy(node->private_key, node_data + 46, 32);
-		MEMSET_BZERO(node->public_key, sizeof(node->public_key));
+		explicit_bzero(node->public_key, sizeof(node->public_key));
 	} else {
 		return -3; // invalid version
 	}

bip39.c

@@ -31,7 +31,6 @@
 #include "pbkdf2.h"
 #include "bip39_english.h"
 #include "options.h"
-#include "macros.h"
 
 #if USE_BIP39_CACHE
 
@@ -54,7 +53,7 @@ const char *mnemonic_generate(int strength)
 	uint8_t data[32];
 	random_buffer(data, 32);
 	const char *r = mnemonic_from_data(data, strength / 8);
-	MEMSET_BZERO(data, sizeof(data));
+	explicit_bzero(data, sizeof(data));
 	return r;
 }
 
@@ -66,7 +65,7 @@ const uint16_t *mnemonic_generate_indexes(int strength)
 	uint8_t data[32];
 	random_buffer(data, 32);
 	const uint16_t *r = mnemonic_from_data_indexes(data, strength / 8);
-	MEMSET_BZERO(data, sizeof(data));
+	explicit_bzero(data, sizeof(data));
 	return r;
 }
 
@@ -100,7 +99,7 @@ const char *mnemonic_from_data(const uint8_t *data, int len)
 		*p = (i < mlen - 1) ? ' ' : 0;
 		p++;
 	}
-	MEMSET_BZERO(bits, sizeof(bits));
+	explicit_bzero(bits, sizeof(bits));
 
 	return mnemo;
 }
@@ -131,7 +130,7 @@ const uint16_t *mnemonic_from_data_indexes(const uint8_t *data, int len)
 		}
 		mnemo[i] = idx;
 	}
-	MEMSET_BZERO(bits, sizeof(bits));
+	explicit_bzero(bits, sizeof(bits));
 
 	return mnemo;
 }
@@ -161,7 +160,7 @@ int mnemonic_check(const char *mnemonic)
 	uint32_t j, k, ki, bi;
 	uint8_t bits[32 + 1];
 
-	MEMSET_BZERO(bits, sizeof(bits));
+	explicit_bzero(bits, sizeof(bits));
 	i = 0; bi = 0;
 	while (mnemonic[i]) {
 		j = 0;
@@ -241,7 +240,7 @@ void mnemonic_to_seed(const char *mnemonic, const char *passphrase, uint8_t seed
 		}
 	}
 	pbkdf2_hmac_sha512_Final(&pctx, seed);
-	MEMSET_BZERO(salt, sizeof(salt));
+	explicit_bzero(salt, sizeof(salt));
 #if USE_BIP39_CACHE
 	// store to cache
 	if (mnemoniclen < 256 && passphraselen < 64) {

blake2b.c

@@ -15,7 +15,6 @@
 
 #include <string.h>
 
-#include "macros.h"
 #include "blake2b.h"
 #include "blake2_common.h"
 
@@ -160,7 +159,7 @@ int blake2b_InitKey( blake2b_state *S, size_t outlen, const void *key, size_t ke
     memset( block, 0, BLAKE2B_BLOCKBYTES );
     memcpy( block, key, keylen );
     blake2b_Update( S, block, BLAKE2B_BLOCKBYTES );
-    MEMSET_BZERO( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
+    explicit_bzero( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
   }
   return 0;
 }
@@ -280,7 +279,7 @@ int blake2b_Final( blake2b_state *S, void *out, size_t outlen )
     store64( buffer + sizeof( S->h[i] ) * i, S->h[i] );
 
   memcpy( out, buffer, S->outlen );
-  MEMSET_BZERO(buffer, sizeof(buffer));
+  explicit_bzero(buffer, sizeof(buffer));
   return 0;
 }
 

blake2s.c

@@ -15,7 +15,6 @@
 
 #include <string.h>
 
-#include "macros.h"
 #include "blake2s.h"
 #include "blake2_common.h"
 
@@ -154,7 +153,7 @@ int blake2s_InitKey( blake2s_state *S, size_t outlen, const void *key, size_t ke
     memset( block, 0, BLAKE2S_BLOCKBYTES );
     memcpy( block, key, keylen );
     blake2s_Update( S, block, BLAKE2S_BLOCKBYTES );
-    MEMSET_BZERO( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
+    explicit_bzero( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
   }
   return 0;
 }
@@ -272,7 +271,7 @@ int blake2s_Final( blake2s_state *S, void *out, size_t outlen )
     store32( buffer + sizeof( S->h[i] ) * i, S->h[i] );
 
   memcpy( out, buffer, outlen );
-  MEMSET_BZERO(buffer, sizeof(buffer));
+  explicit_bzero(buffer, sizeof(buffer));
   return 0;
 }
 

ecdsa.c

@@ -35,7 +35,6 @@
 #include "hmac.h"
 #include "ecdsa.h"
 #include "base58.h"
-#include "macros.h"
 #include "secp256k1.h"
 #include "rfc6979.h"
 
@@ -542,8 +541,8 @@ void point_multiply(const ecdsa_curve *curve, const bignum256 *k, const curve_po
 	}
 	conditional_negate(sign, &jres.z, prime);
 	jacobian_to_curve(&jres, res, prime);
-	MEMSET_BZERO(&a, sizeof(a));
+	explicit_bzero(&a, sizeof(a));
-	MEMSET_BZERO(&jres, sizeof(jres));
+	explicit_bzero(&jres, sizeof(jres));
 }
 
 #if USE_PRECOMPUTED_CP
@@ -630,8 +629,8 @@ void scalar_multiply(const ecdsa_curve *curve, const bignum256 *k, curve_point *
 	}
 	conditional_negate(((a.val[0] >> 4) & 1) - 1, &jres.y, prime);
 	jacobian_to_curve(&jres, res, prime);
-	MEMSET_BZERO(&a, sizeof(a));
+	explicit_bzero(&a, sizeof(a));
-	MEMSET_BZERO(&jres, sizeof(jres));
+	explicit_bzero(&jres, sizeof(jres));
 }
 
 #else
@@ -653,12 +652,12 @@ int ecdh_multiply(const ecdsa_curve *curve, const uint8_t *priv_key, const uint8
 	bignum256 k;
 	bn_read_be(priv_key, &k);
 	point_multiply(curve, &k, &point, &point);
-	MEMSET_BZERO(&k, sizeof(k));
+	explicit_bzero(&k, sizeof(k));
 
 	session_key[0] = 0x04;
 	bn_write_be(&point.x, session_key + 1);
 	bn_write_be(&point.y, session_key + 33);
-	MEMSET_BZERO(&point, sizeof(point));
+	explicit_bzero(&point, sizeof(point));
 
 	return 0;
 }
@@ -685,8 +684,8 @@ void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash, rfc6979_state *s
 	hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
 	hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
 
-	MEMSET_BZERO(bx, sizeof(bx));
+	explicit_bzero(bx, sizeof(bx));
-	MEMSET_BZERO(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 }
 
 // generate next number from deterministic random number generator
@@ -700,7 +699,7 @@ void generate_rfc6979(uint8_t rnd[32], rfc6979_state *state)
 	hmac_sha256(state->k, sizeof(state->k), buf, sizeof(state->v) + 1, state->k);
 	hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
 	memcpy(rnd, buf, 32);
-	MEMSET_BZERO(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 }
 
 // generate K in a deterministic way, according to RFC6979
@@ -710,7 +709,7 @@ void generate_k_rfc6979(bignum256 *k, rfc6979_state *state)
 	uint8_t buf[32];
 	generate_rfc6979(buf, state);
 	bn_read_be(buf, k);
-	MEMSET_BZERO(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 }
 
 // msg is a data to be signed
@@ -720,7 +719,7 @@ int ecdsa_sign(const ecdsa_curve *curve, HasherType hasher_type, const uint8_t *
 	uint8_t hash[32];
 	hasher_Raw(hasher_type, msg, msg_len, hash);
 	int res = ecdsa_sign_digest(curve, priv_key, hash, sig, pby, is_canonical);
-	MEMSET_BZERO(hash, sizeof(hash));
+	explicit_bzero(hash, sizeof(hash));
 	return res;
 
 }
@@ -733,7 +732,7 @@ int ecdsa_sign_double(const ecdsa_curve *curve, HasherType hasher_type, const ui
 	hasher_Raw(hasher_type, msg, msg_len, hash);
 	hasher_Raw(hasher_type, hash, 32, hash);
 	int res = ecdsa_sign_digest(curve, priv_key, hash, sig, pby, is_canonical);
-	MEMSET_BZERO(hash, sizeof(hash));
+	explicit_bzero(hash, sizeof(hash));
 	return res;
 }
 
@@ -818,20 +817,20 @@ int ecdsa_sign_digest(const ecdsa_curve *curve, const uint8_t *priv_key, const u
 			*pby = by;
 		}
 
-		MEMSET_BZERO(&k, sizeof(k));
+		explicit_bzero(&k, sizeof(k));
-		MEMSET_BZERO(&randk, sizeof(randk));
+		explicit_bzero(&randk, sizeof(randk));
 #if USE_RFC6979
-		MEMSET_BZERO(&rng, sizeof(rng));
+		explicit_bzero(&rng, sizeof(rng));
 #endif
 		return 0;
 	}
 
 	// Too many retries without a valid signature
 	// -> fail with an error
-	MEMSET_BZERO(&k, sizeof(k));
+	explicit_bzero(&k, sizeof(k));
-	MEMSET_BZERO(&randk, sizeof(randk));
+	explicit_bzero(&randk, sizeof(randk));
 #if USE_RFC6979
-	MEMSET_BZERO(&rng, sizeof(rng));
+	explicit_bzero(&rng, sizeof(rng));
 #endif
 	return -1;
 }
@@ -846,8 +845,8 @@ void ecdsa_get_public_key33(const ecdsa_curve *curve, const uint8_t *priv_key, u
 	scalar_multiply(curve, &k, &R);
 	pub_key[0] = 0x02 | (R.y.val[0] & 0x01);
 	bn_write_be(&R.x, pub_key + 1);
-	MEMSET_BZERO(&R, sizeof(R));
+	explicit_bzero(&R, sizeof(R));
-	MEMSET_BZERO(&k, sizeof(k));
+	explicit_bzero(&k, sizeof(k));
 }
 
 void ecdsa_get_public_key65(const ecdsa_curve *curve, const uint8_t *priv_key, uint8_t *pub_key)
@@ -861,8 +860,8 @@ void ecdsa_get_public_key65(const ecdsa_curve *curve, const uint8_t *priv_key, u
 	pub_key[0] = 0x04;
 	bn_write_be(&R.x, pub_key + 1);
 	bn_write_be(&R.y, pub_key + 33);
-	MEMSET_BZERO(&R, sizeof(R));
+	explicit_bzero(&R, sizeof(R));
-	MEMSET_BZERO(&k, sizeof(k));
+	explicit_bzero(&k, sizeof(k));
 }
 
 int ecdsa_uncompress_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key, uint8_t *uncompressed)
@@ -891,7 +890,7 @@ void ecdsa_get_pubkeyhash(const uint8_t *pub_key, HasherType hasher_type, uint8_
 		hasher_Raw(hasher_type, pub_key, 33, h);
 	}
 	ripemd160(h, HASHER_DIGEST_LENGTH, pubkeyhash);
-	MEMSET_BZERO(h, sizeof(h));
+	explicit_bzero(h, sizeof(h));
 }
 
 void ecdsa_get_address_raw(const uint8_t *pub_key, uint32_t version, HasherType hasher_type, uint8_t *addr_raw)
@@ -908,7 +907,7 @@ void ecdsa_get_address(const uint8_t *pub_key, uint32_t version, HasherType hash
 	ecdsa_get_address_raw(pub_key, version, hasher_type, raw);
 	base58_encode_check(raw, 20 + prefix_len, hasher_type, addr, addrsize);
 	// not as important to clear this one, but we might as well
-	MEMSET_BZERO(raw, sizeof(raw));
+	explicit_bzero(raw, sizeof(raw));
 }
 
 void ecdsa_get_address_segwit_p2sh_raw(const uint8_t *pub_key, uint32_t version, HasherType hasher_type, uint8_t *addr_raw)
@@ -929,7 +928,7 @@ void ecdsa_get_address_segwit_p2sh(const uint8_t *pub_key, uint32_t version, Has
 	size_t prefix_len = address_prefix_bytes_len(version);
 	ecdsa_get_address_segwit_p2sh_raw(pub_key, version, hasher_type, raw);
 	base58_encode_check(raw, prefix_len + 20, hasher_type, addr, addrsize);
-	MEMSET_BZERO(raw, sizeof(raw));
+	explicit_bzero(raw, sizeof(raw));
 }
 
 void ecdsa_get_wif(const uint8_t *priv_key, uint32_t version, HasherType hasher_type, char *wif, int wifsize)
@@ -941,7 +940,7 @@ void ecdsa_get_wif(const uint8_t *priv_key, uint32_t version, HasherType hasher_
 	wif_raw[prefix_len + 32] = 0x01;
 	base58_encode_check(wif_raw, prefix_len + 32 + 1, hasher_type, wif, wifsize);
 	// private keys running around our stack can cause trouble
-	MEMSET_BZERO(wif_raw, sizeof(wif_raw));
+	explicit_bzero(wif_raw, sizeof(wif_raw));
 }
 
 int ecdsa_address_decode(const char *addr, uint32_t version, HasherType hasher_type, uint8_t *out)
@@ -1034,7 +1033,7 @@ int ecdsa_verify(const ecdsa_curve *curve, HasherType hasher_type, const uint8_t
 	uint8_t hash[32];
 	hasher_Raw(hasher_type, msg, msg_len, hash);
 	int res = ecdsa_verify_digest(curve, pub_key, sig, hash);
-	MEMSET_BZERO(hash, sizeof(hash));
+	explicit_bzero(hash, sizeof(hash));
 	return res;
 }
 
@@ -1044,7 +1043,7 @@ int ecdsa_verify_double(const ecdsa_curve *curve, HasherType hasher_type, const
 	hasher_Raw(hasher_type, msg, msg_len, hash);
 	hasher_Raw(hasher_type, hash, 32, hash);
 	int res = ecdsa_verify_digest(curve, pub_key, sig, hash);
-	MEMSET_BZERO(hash, sizeof(hash));
+	explicit_bzero(hash, sizeof(hash));
 	return res;
 }
 
@@ -1143,11 +1142,11 @@ int ecdsa_verify_digest(const ecdsa_curve *curve, const uint8_t *pub_key, const
 		}
 	}
 
-	MEMSET_BZERO(&pub, sizeof(pub));
+	explicit_bzero(&pub, sizeof(pub));
-	MEMSET_BZERO(&res, sizeof(res));
+	explicit_bzero(&res, sizeof(res));
-	MEMSET_BZERO(&r, sizeof(r));
+	explicit_bzero(&r, sizeof(r));
-	MEMSET_BZERO(&s, sizeof(s));
+	explicit_bzero(&s, sizeof(s));
-	MEMSET_BZERO(&z, sizeof(z));
+	explicit_bzero(&z, sizeof(z));
 
 	// all OK
 	return result;

hmac.c

@@ -25,7 +25,6 @@
 
 #include "hmac.h"
 #include "options.h"
-#include "macros.h"
 
 void hmac_sha256_Init(HMAC_SHA256_CTX *hctx, const uint8_t *key, const uint32_t keylen)
 {
@@ -42,7 +41,7 @@ void hmac_sha256_Init(HMAC_SHA256_CTX *hctx, const uint8_t *key, const uint32_t
 	}
 	sha256_Init(&(hctx->ctx));
 	sha256_Update(&(hctx->ctx), i_key_pad, SHA256_BLOCK_LENGTH);
-	MEMSET_BZERO(i_key_pad, sizeof(i_key_pad));
+	explicit_bzero(i_key_pad, sizeof(i_key_pad));
 }
 
 void hmac_sha256_Update(HMAC_SHA256_CTX *hctx, const uint8_t *msg, const uint32_t msglen)
@@ -57,7 +56,7 @@ void hmac_sha256_Final(HMAC_SHA256_CTX *hctx, uint8_t *hmac)
 	sha256_Update(&(hctx->ctx), hctx->o_key_pad, SHA256_BLOCK_LENGTH);
 	sha256_Update(&(hctx->ctx), hmac, SHA256_DIGEST_LENGTH);
 	sha256_Final(&(hctx->ctx), hmac);
-	MEMSET_BZERO(hctx, sizeof(HMAC_SHA256_CTX));
+	explicit_bzero(hctx, sizeof(HMAC_SHA256_CTX));
 }
 
 void hmac_sha256(const uint8_t *key, const uint32_t keylen, const uint8_t *msg, const uint32_t msglen, uint8_t *hmac)
@@ -72,7 +71,7 @@ void hmac_sha256_prepare(const uint8_t *key, const uint32_t keylen, uint32_t *op
 {
 	static CONFIDENTIAL uint32_t key_pad[SHA256_BLOCK_LENGTH/sizeof(uint32_t)];
 
-	MEMSET_BZERO(key_pad, sizeof(key_pad));
+	explicit_bzero(key_pad, sizeof(key_pad));
 	if (keylen > SHA256_BLOCK_LENGTH) {
 		static CONFIDENTIAL SHA256_CTX context;
 		sha256_Init(&context);
@@ -99,7 +98,7 @@ void hmac_sha256_prepare(const uint8_t *key, const uint32_t keylen, uint32_t *op
 		key_pad[i] = key_pad[i] ^ 0x5c5c5c5c ^ 0x36363636;
 	}
 	sha256_Transform(sha256_initial_hash_value, key_pad, ipad_digest);
-	MEMSET_BZERO(key_pad, sizeof(key_pad));
+	explicit_bzero(key_pad, sizeof(key_pad));
 }
 
 void hmac_sha512_Init(HMAC_SHA512_CTX *hctx, const uint8_t *key, const uint32_t keylen)
@@ -117,7 +116,7 @@ void hmac_sha512_Init(HMAC_SHA512_CTX *hctx, const uint8_t *key, const uint32_t
 	}
 	sha512_Init(&(hctx->ctx));
 	sha512_Update(&(hctx->ctx), i_key_pad, SHA512_BLOCK_LENGTH);
-	MEMSET_BZERO(i_key_pad, sizeof(i_key_pad));
+	explicit_bzero(i_key_pad, sizeof(i_key_pad));
 }
 
 void hmac_sha512_Update(HMAC_SHA512_CTX *hctx, const uint8_t *msg, const uint32_t msglen)
@@ -132,7 +131,7 @@ void hmac_sha512_Final(HMAC_SHA512_CTX *hctx, uint8_t *hmac)
 	sha512_Update(&(hctx->ctx), hctx->o_key_pad, SHA512_BLOCK_LENGTH);
 	sha512_Update(&(hctx->ctx), hmac, SHA512_DIGEST_LENGTH);
 	sha512_Final(&(hctx->ctx), hmac);
-	MEMSET_BZERO(hctx, sizeof(HMAC_SHA512_CTX));
+	explicit_bzero(hctx, sizeof(HMAC_SHA512_CTX));
 }
 
 void hmac_sha512(const uint8_t *key, const uint32_t keylen, const uint8_t *msg, const uint32_t msglen, uint8_t *hmac)
@@ -147,7 +146,7 @@ void hmac_sha512_prepare(const uint8_t *key, const uint32_t keylen, uint64_t *op
 {
 	static CONFIDENTIAL uint64_t key_pad[SHA512_BLOCK_LENGTH/sizeof(uint64_t)];
 
-	MEMSET_BZERO(key_pad, sizeof(key_pad));
+	explicit_bzero(key_pad, sizeof(key_pad));
 	if (keylen > SHA512_BLOCK_LENGTH) {
 		static CONFIDENTIAL SHA512_CTX context;
 		sha512_Init(&context);
@@ -174,5 +173,5 @@ void hmac_sha512_prepare(const uint8_t *key, const uint32_t keylen, uint64_t *op
 		key_pad[i] = key_pad[i] ^ 0x5c5c5c5c5c5c5c5c ^ 0x3636363636363636;
 	}
 	sha512_Transform(sha512_initial_hash_value, key_pad, ipad_digest);
-	MEMSET_BZERO(key_pad, sizeof(key_pad));
+	explicit_bzero(key_pad, sizeof(key_pad));
 }

macros.h

@@ -1,6 +0,0 @@
-#ifndef __MACROS_H__
-#define __MACROS_H__
-
-#define MEMSET_BZERO(p,l)	memset((p), 0, (l))
-
-#endif

nem.c

@@ -26,7 +26,6 @@
 
 #include "base32.h"
 #include "ed25519-donna/ed25519-keccak.h"
-#include "macros.h"
 #include "ripemd160.h"
 #include "sha3.h"
 
@@ -112,7 +111,7 @@ void nem_get_address_raw(const ed25519_public_key public_key, uint8_t version, u
 	/* 5.  Concatenate output of step 3 and the checksum from step 4 */
 	memcpy(&address[1 + RIPEMD160_DIGEST_LENGTH], hash, 4);
 
-	MEMSET_BZERO(hash, sizeof(hash));
+	explicit_bzero(hash, sizeof(hash));
 }
 
 bool nem_get_address(const ed25519_public_key public_key, uint8_t version, char *address) {
@@ -122,7 +121,7 @@ bool nem_get_address(const ed25519_public_key public_key, uint8_t version, char
 
 	char *ret = base32_encode(pubkeyhash, sizeof(pubkeyhash), address, NEM_ADDRESS_SIZE + 1, BASE32_ALPHABET_RFC4648);
 
-	MEMSET_BZERO(pubkeyhash, sizeof(pubkeyhash));
+	explicit_bzero(pubkeyhash, sizeof(pubkeyhash));
 	return (ret != NULL);
 }
 
@@ -136,7 +135,7 @@ bool nem_validate_address_raw(const uint8_t *address, uint8_t network) {
 	keccak_256(address, 1 + RIPEMD160_DIGEST_LENGTH, hash);
 	bool valid = (memcmp(&address[1 + RIPEMD160_DIGEST_LENGTH], hash, 4) == 0);
 
-	MEMSET_BZERO(hash, sizeof(hash));
+	explicit_bzero(hash, sizeof(hash));
 	return valid;
 }
 
@@ -150,7 +149,7 @@ bool nem_validate_address(const char *address, uint8_t network) {
 	uint8_t *ret = base32_decode(address, NEM_ADDRESS_SIZE, pubkeyhash, sizeof(pubkeyhash), BASE32_ALPHABET_RFC4648);
 	bool valid = (ret != NULL) && nem_validate_address_raw(pubkeyhash, network);
 
-	MEMSET_BZERO(pubkeyhash, sizeof(pubkeyhash));
+	explicit_bzero(pubkeyhash, sizeof(pubkeyhash));
 	return valid;
 }
 

pbkdf2.c

@@ -25,7 +25,6 @@
 #include "pbkdf2.h"
 #include "hmac.h"
 #include "sha2.h"
-#include "macros.h"
 
 void pbkdf2_hmac_sha256_Init(PBKDF2_HMAC_SHA256_CTX *pctx, const uint8_t *pass, int passlen, const uint8_t *salt, int saltlen)
 {
@@ -75,7 +74,7 @@ void pbkdf2_hmac_sha256_Final(PBKDF2_HMAC_SHA256_CTX *pctx, uint8_t *key)
 	}
 #endif
 	memcpy(key, pctx->f, SHA256_DIGEST_LENGTH);
-	MEMSET_BZERO(pctx, sizeof(PBKDF2_HMAC_SHA256_CTX));
+	explicit_bzero(pctx, sizeof(PBKDF2_HMAC_SHA256_CTX));
 }
 
 void pbkdf2_hmac_sha256(const uint8_t *pass, int passlen, const uint8_t *salt, int saltlen, uint32_t iterations, uint8_t *key)
@@ -135,7 +134,7 @@ void pbkdf2_hmac_sha512_Final(PBKDF2_HMAC_SHA512_CTX *pctx, uint8_t *key)
 	}
 #endif
 	memcpy(key, pctx->f, SHA512_DIGEST_LENGTH);
-	MEMSET_BZERO(pctx, sizeof(PBKDF2_HMAC_SHA512_CTX));
+	explicit_bzero(pctx, sizeof(PBKDF2_HMAC_SHA512_CTX));
 }
 
 void pbkdf2_hmac_sha512(const uint8_t *pass, int passlen, const uint8_t *salt, int saltlen, uint32_t iterations, uint8_t *key)

rfc6979.c

@@ -48,8 +48,8 @@ void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash, rfc6979_state *s
 	hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
 	hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
 
-	MEMSET_BZERO(bx, sizeof(bx));
+	explicit_bzero(bx, sizeof(bx));
-	MEMSET_BZERO(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 }
 
 // generate next number from deterministic random number generator
@@ -63,7 +63,7 @@ void generate_rfc6979(uint8_t rnd[32], rfc6979_state *state)
 	hmac_sha256(state->k, sizeof(state->k), buf, sizeof(state->v) + 1, state->k);
 	hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
 	memcpy(rnd, buf, 32);
-	MEMSET_BZERO(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 }
 
 // generate K in a deterministic way, according to RFC6979
@@ -73,5 +73,5 @@ void generate_k_rfc6979(bignum256 *k, rfc6979_state *state)
 	uint8_t buf[32];
 	generate_rfc6979(buf, state);
 	bn_read_be(buf, k);
-	MEMSET_BZERO(buf, sizeof(buf));
+	explicit_bzero(buf, sizeof(buf));
 }

ripemd160.c

@@ -28,7 +28,6 @@
 #include <string.h>
 
 #include "ripemd160.h"
-#include "macros.h"
 
 /*
  * 32-bit integer manipulation macros (little endian)
@@ -328,7 +327,7 @@ void ripemd160_Final( RIPEMD160_CTX *ctx, uint8_t output[RIPEMD160_DIGEST_LENGTH
     PUT_UINT32_LE( ctx->state[3], output, 12 );
     PUT_UINT32_LE( ctx->state[4], output, 16 );
 
-    MEMSET_BZERO(ctx, sizeof(RIPEMD160_CTX));
+    explicit_bzero(ctx, sizeof(RIPEMD160_CTX));
 }
 
 /*

sha2.c

@@ -108,7 +108,6 @@ typedef uint64_t sha2_word64;	/* Exactly 8 bytes */
 	} \
 }
 
-#define MEMSET_BZERO(p,l)	memset((p), 0, (l))
 #define MEMCPY_BCOPY(d,s,l)	memcpy((d), (s), (l))
 
 /*** THE SIX LOGICAL FUNCTIONS ****************************************/
@@ -282,7 +281,7 @@ static const char *sha2_hex_digits = "0123456789abcdef";
 /*** SHA-1: ***********************************************************/
 void sha1_Init(SHA1_CTX* context) {
 	MEMCPY_BCOPY(context->state, sha1_initial_hash_value, SHA1_DIGEST_LENGTH);
-	MEMSET_BZERO(context->buffer, SHA1_BLOCK_LENGTH);
+	explicit_bzero(context->buffer, SHA1_BLOCK_LENGTH);
 	context->bitcount = 0;
 }
 
@@ -592,14 +591,14 @@ void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) {
 		 * No digest buffer, so we can do nothing
 		 * except clean up and go home
 		 */
-		MEMSET_BZERO(context, sizeof(SHA1_CTX));
+		explicit_bzero(context, sizeof(SHA1_CTX));
 		return;
 	}
 
 	usedspace = (context->bitcount >> 3) % SHA1_BLOCK_LENGTH;
 	if (usedspace == 0) {
 		/* Set-up for the last transform: */
-		MEMSET_BZERO(context->buffer, SHA1_SHORT_BLOCK_LENGTH);
+		explicit_bzero(context->buffer, SHA1_SHORT_BLOCK_LENGTH);
 
 		/* Begin padding with a 1 bit: */
 		*context->buffer = 0x80;
@@ -609,16 +608,16 @@ void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) {
 
 		if (usedspace <= 56) {
 			/* Set-up for the last transform: */
-			MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, 56 - usedspace);
+			explicit_bzero(((uint8_t*)context->buffer) + usedspace, 56 - usedspace);
 		} else {
 			if (usedspace < 64) {
-				MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, 64 - usedspace);
+				explicit_bzero(((uint8_t*)context->buffer) + usedspace, 64 - usedspace);
 			}
 			/* Do second-to-last transform: */
 			sha1_Transform(context->state, context->buffer, context->state);
 
 			/* And set-up for the last transform: */
-			MEMSET_BZERO(context->buffer, 56);
+			explicit_bzero(context->buffer, 56);
 		}
 		/* Clean up: */
 		usedspace = 0;
@@ -649,7 +648,7 @@ void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) {
 #endif
 
 	/* Clean up: */
-	MEMSET_BZERO(context, sizeof(SHA1_CTX));
+	explicit_bzero(context, sizeof(SHA1_CTX));
 }
 
 char *sha1_End(SHA1_CTX* context, char buffer[]) {
@@ -666,9 +665,9 @@ char *sha1_End(SHA1_CTX* context, char buffer[]) {
 		}
 		*buffer = (char)0;
 	} else {
-		MEMSET_BZERO(context, sizeof(SHA1_CTX));
+		explicit_bzero(context, sizeof(SHA1_CTX));
 	}
-	MEMSET_BZERO(digest, SHA1_DIGEST_LENGTH);
+	explicit_bzero(digest, SHA1_DIGEST_LENGTH);
 	return buffer;
 }
 
@@ -693,7 +692,7 @@ void sha256_Init(SHA256_CTX* context) {
 		return;
 	}
 	MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
-	MEMSET_BZERO(context->buffer, SHA256_BLOCK_LENGTH);
+	explicit_bzero(context->buffer, SHA256_BLOCK_LENGTH);
 	context->bitcount = 0;
 }
 
@@ -930,7 +929,7 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
 		((uint8_t*)context->buffer)[usedspace++] = 0x80;
 		
 		if (usedspace > SHA256_SHORT_BLOCK_LENGTH) {
-			MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA256_BLOCK_LENGTH - usedspace);
+			explicit_bzero(((uint8_t*)context->buffer) + usedspace, SHA256_BLOCK_LENGTH - usedspace);
 
 #if BYTE_ORDER == LITTLE_ENDIAN
 			/* Convert TO host byte order */
@@ -945,7 +944,7 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
 			usedspace = 0;
 		}
 		/* Set-up for the last transform: */
-		MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA256_SHORT_BLOCK_LENGTH - usedspace);
+		explicit_bzero(((uint8_t*)context->buffer) + usedspace, SHA256_SHORT_BLOCK_LENGTH - usedspace);
 
 #if BYTE_ORDER == LITTLE_ENDIAN
 		/* Convert TO host byte order */
@@ -970,7 +969,7 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
 	}
 
 	/* Clean up state data: */
-	MEMSET_BZERO(context, sizeof(SHA256_CTX));
+	explicit_bzero(context, sizeof(SHA256_CTX));
 	usedspace = 0;
 }
 
@@ -988,9 +987,9 @@ char *sha256_End(SHA256_CTX* context, char buffer[]) {
 		}
 		*buffer = (char)0;
 	} else {
-		MEMSET_BZERO(context, sizeof(SHA256_CTX));
+		explicit_bzero(context, sizeof(SHA256_CTX));
 	}
-	MEMSET_BZERO(digest, SHA256_DIGEST_LENGTH);
+	explicit_bzero(digest, SHA256_DIGEST_LENGTH);
 	return buffer;
 }
 
@@ -1016,7 +1015,7 @@ void sha512_Init(SHA512_CTX* context) {
 		return;
 	}
 	MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
-	MEMSET_BZERO(context->buffer, SHA512_BLOCK_LENGTH);
+	explicit_bzero(context->buffer, SHA512_BLOCK_LENGTH);
 	context->bitcount[0] = context->bitcount[1] =  0;
 }
 
@@ -1233,7 +1232,7 @@ static void sha512_Last(SHA512_CTX* context) {
 	((uint8_t*)context->buffer)[usedspace++] = 0x80;
 	
 	if (usedspace > SHA512_SHORT_BLOCK_LENGTH) {
-		MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA512_BLOCK_LENGTH - usedspace);
+		explicit_bzero(((uint8_t*)context->buffer) + usedspace, SHA512_BLOCK_LENGTH - usedspace);
 
 #if BYTE_ORDER == LITTLE_ENDIAN
 		/* Convert TO host byte order */
@@ -1248,7 +1247,7 @@ static void sha512_Last(SHA512_CTX* context) {
 		usedspace = 0;
 	}
 	/* Set-up for the last transform: */
-	MEMSET_BZERO(((uint8_t*)context->buffer) + usedspace, SHA512_SHORT_BLOCK_LENGTH - usedspace);
+	explicit_bzero(((uint8_t*)context->buffer) + usedspace, SHA512_SHORT_BLOCK_LENGTH - usedspace);
 
 #if BYTE_ORDER == LITTLE_ENDIAN
 	/* Convert TO host byte order */
@@ -1280,7 +1279,7 @@ void sha512_Final(SHA512_CTX* context, sha2_byte digest[]) {
 	}
 
 	/* Zero out state data */
-	MEMSET_BZERO(context, sizeof(SHA512_CTX));
+	explicit_bzero(context, sizeof(SHA512_CTX));
 }
 
 char *sha512_End(SHA512_CTX* context, char buffer[]) {
@@ -1297,9 +1296,9 @@ char *sha512_End(SHA512_CTX* context, char buffer[]) {
 		}
 		*buffer = (char)0;
 	} else {
-		MEMSET_BZERO(context, sizeof(SHA512_CTX));
+		explicit_bzero(context, sizeof(SHA512_CTX));
 	}
-	MEMSET_BZERO(digest, SHA512_DIGEST_LENGTH);
+	explicit_bzero(digest, SHA512_DIGEST_LENGTH);
 	return buffer;
 }
 

sha3.c

@@ -21,7 +21,6 @@
 #include <string.h>
 
 #include "sha3.h"
-#include "macros.h"
 
 #define I64(x) x##LL
 #define ROTL64(qword, n) ((qword) << (n) ^ ((qword) >> (64 - (n))))
@@ -331,7 +330,7 @@ void sha3_Final(SHA3_CTX *ctx, unsigned char* result)
 
 	assert(block_size > digest_length);
 	if (result) me64_to_le_str(result, ctx->hash, digest_length);
-	MEMSET_BZERO(ctx, sizeof(SHA3_CTX));
+	explicit_bzero(ctx, sizeof(SHA3_CTX));
 }
 
 #if USE_KECCAK
@@ -360,7 +359,7 @@ void keccak_Final(SHA3_CTX *ctx, unsigned char* result)
 
 	assert(block_size > digest_length);
 	if (result) me64_to_le_str(result, ctx->hash, digest_length);
-	MEMSET_BZERO(ctx, sizeof(SHA3_CTX));
+	explicit_bzero(ctx, sizeof(SHA3_CTX));
 }
 
 void keccak_256(const unsigned char* data, size_t len, unsigned char* digest)