Document Number: N2485
Submitter: Aaron Peter Bachmann
Submission Date: 2020-02-19
Add explicit_memset() as non-optional part of <string.h> to C2X
explicit_memset() or something equivalent is useful to securely set or erase memory. In Annex K there is memset_s() but Annex K is optional. Since most C-libraries chose not to implement Annex K the option is less useful than desirable.
memset_s() and it is currently part of Annex K.explicit_memset()explicit_bzero() memzero_explicit(), SecureZeroMemory()
explicit_memset() shall behave like memset(), with the added stipulation that the call to explicit_memset() is guaranteed not to be optimized away.
We prefer
...memset...()
over
...zero...()
since it allows to set an arbitrary value not just
(unsigned char)0
.
The name explicit_memset() is used more often than memset_explicit()
Given the standard uses '
_explicit
' as suffix already i. e. -
atomic_..._explicit()
- introducing
void *memset_explicit(void *s, int c, size_t len)
instead of
void *explicit_memset(void *s, int c, size_t len)
seems a reasonable alternative.
In order to make explicit_memset() even more useful, a compiler may choose to erase local (partial) copies of *s as well. That is an issue of the quality of the implementation.
http://www.open-std.org/jtc1/sc22/wg14/www/docs/n1969.htm states: "Therefore, we propose that Annex K be either removed from the next revision of the C standard, or deprecated and then removed."
Proposed wording
After
7.24.6.1 The memset function
...
add
7.24.6.2 The explicit_memset function
Synopsis
#include <string.h> void *explicit_memset(void *s, int c, size_t n);
Returns
The explicit_memset function returns the value of s.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4