[lplplplplp]

Most is invalid in principle, perhaps not in practice (stupid as that is):

1. Ye shall use C11 memset_s().

2. Ye shall (as you note) use a reallocarray() with OpenBSD-like (ANSI C) wrap checking.

3. Ye shall use /dev/urandom on Linux (I know you guys love him, see https://news.ycombinator.com/item?id=7361868 by tptacek)

4. Also, timingsafe_bcmp() is 3 lines of ANSI C99 code (minus variable and function declarations), include it with the code (as you note).