1. Ye shall use C11 memset_s().
2. Ye shall (as you note) use a reallocarray() with OpenBSD-like (ANSI C) wrap checking.
3. Ye shall use /dev/urandom on Linux (I know you guys love him, see https://news.ycombinator.com/item?id=7361868 by tptacek)
4. Also, timingsafe_bcmp() is 3 lines of ANSI C99 code (minus variable and function declarations), include it with the code (as you note).
1. Ye shall use C11 memset_s().
2. Ye shall (as you note) use a reallocarray() with OpenBSD-like (ANSI C) wrap checking.
3. Ye shall use /dev/urandom on Linux (I know you guys love him, see https://news.ycombinator.com/item?id=7361868 by tptacek)
4. Also, timingsafe_bcmp() is 3 lines of ANSI C99 code (minus variable and function declarations), include it with the code (as you note).