NAME¶

libcanlock - Overwrite secret data in memory

SYNOPSIS¶

#include <libcanlock-3/canlock.h>

int cl_clear_secret(void *sec, size_t sec_size,
                    size_t buf_size);

DESCRIPTION¶

The cl_clear_secret() function tries to overwrite sec_size bytes of memory starting at the address specified by the sec parameter.

The size buf_size must be set to the size of the whole buffer.

If the operating system provides memset_s(), it is called with both length values. Otherwise nonportable functions like explicit_memset() are used if available.
If neither memset_s() nor a nonportable replacement is available, a call to memset() is used instead, but the compiler maybe optimized this attempt to NOP. A positive value is returned as warning.

RETURN VALUE¶

Upon successful completion zero is returned.
Negative values indicate an error.
Positive values indicate a warning.

The value -1 is returned if the parameter sec is NULL or if sec_size is greater than buf_size.

The value 1 indicates missing support for explicit memory access from the operating system.

AUTHORS¶

Michael Baeuerle

REPORTING BUGS¶

Report bugs to <mailto:michael.baeuerle@gmx.net>.

STANDARDS¶

libcanlock tries to comply with the following standards:

RFC5537, RFC6234, RFC8315

SEE ALSO¶

cl_get_key(3), cl_get_lock(3), cl_split(3), cl_verify(3), canlock(1) memset(3) memset_s(3)