man.bsd.lv manual page server

Manual Page Search Parameters
EXPLICIT_MEMSET(3) Library Functions Manual EXPLICIT_MEMSET(3)

explicit_memsetguarantee writing a byte to a byte string

library “libc”

#include <string.h>

void *
explicit_memset(void *b, int c, size_t len);

The () function writes len bytes of value c (converted to an unsigned char) to the string b. It is guaranteed not to be optimized away by the compiler even if b is no longer used and is about to be freed or go out of scope.

The explicit_memset() function returns the original value of b.

Create a buffer on the stack for a secret key, use it, and then zero it in memory before throwing it away.

void
f(void)
{
	uint8_t key[32];

	crypto_random(key, sizeof(key));
	do_crypto_stuff(key, sizeof(key));
	...

	explicit_memset(key, 0, sizeof(key));
}

consttime_memequal(3), memset(3)

The explicit_memset() function appeared in NetBSD 7.0.

August 28, 2013 NetBSD-9.2