Index

NAME

cl_clear_secret - Overwrite secret data in memory

SYNOPSIS

#include <libcanlock-3/canlock.h>

int cl_clear_secret(void *sec, size_t sec_size,
                    size_t buf_size);

DESCRIPTION

The cl_clear_secret() function tries to overwrite sec_size bytes of memory starting at the address specified by the sec parameter.

The size buf_size must be set to the size of the whole buffer.

The C standard provides memset_explicit() since C23. It is preferred, if available.
The C standard provides memset_s() since C11 in the optional Annex K. It is called with both length values, if available.
Otherwise nonportable functions like NetBSD explicit_memset() are used, if available.
If nothing better is available, a call to memset() is used instead. Note that the compiler may translate this attempt to NOP. A positive value is returned as warning in this case.

RETURN VALUE

Upon successful completion zero is returned.
Negative values indicate an error.
Positive values indicate a warning.

The value -1 is returned if the parameter sec is NULL or if sec_size is greater than buf_size.

The value 1 indicates missing support for explicit memory access from the operating system.

AUTHORS

Michael Bäuerle

REPORTING BUGS

Report bugs to <mailto:michael.baeuerle@gmx.net>.

STANDARDS

libcanlock tries to comply with the following standards:

RFC 5537, RFC 6234, RFC 8315

SEE ALSO

cl_get_key(3), cl_get_lock(3), cl_split(3), cl_verify(3), cl_verify_multi(3), canlock(1), memset(3), memset_explicit(3), memset_s(3)