Remove the XCRYPT_SECURE_MEMSET and insecure_memzero macros.

All callers changed to either explicit_bzero, if an unremovable erase
is actually required in that context, or to ordinary memset, if not.

explicit_bzero is only required when the compiler could (in principle)
prove that no correct C program could depend on the erasure actually
happening.  The two most common situations where this is the case are:
First, when the buffer being erased is a local variable that’s about
to go out of scope (here we’re worried about malicious code with the
ability to inspect raw memory near the stack pointer).  Second, when
the buffer being erased is about to be used in an operation that
overwrites it _without_ reading it first (here we’re worried about the
operation either failing or not overwriting the _entire_ buffer).

explicit_bzero is _not_ required when the buffer being erased is about
to be passed to a function that _reads_ it.  Use ordinary memset for that.

1 files changed, 2 insertions, 2 deletions

diff --git a/test/gensalt.c b/test/gensalt.c
index 52ca242..834ccf5 100644
--- a/test/gensalt.c
+++ b/test/gensalt.c
@@ -409,10 +409,10 @@ main (void)
 
   for (tcase = testcases; tcase->prefix; tcase++)
     {
-      XCRYPT_SECURE_MEMSET (prev_output, CRYPT_GENSALT_OUTPUT_SIZE);
+      memset (prev_output, 0, CRYPT_GENSALT_OUTPUT_SIZE);
       for (ent = 0; ent < ARRAY_SIZE (entropy); ent++)
         {
-          XCRYPT_SECURE_MEMSET (output, CRYPT_GENSALT_OUTPUT_SIZE);
+          memset (output, 0, CRYPT_GENSALT_OUTPUT_SIZE);
           char *salt = crypt_gensalt_rn (tcase->prefix, tcase->rounds,
                                          entropy[ent], 16,
                                          output, CRYPT_GENSALT_OUTPUT_SIZE);