System Considerations In Crypto-C

object. When you call B_GetAlgorithmState, you receive a buffer that contains all of the data necessary to reconstruct the object, using the call B_SetAlgorithmState, to the state it was in at the time of calling the Get routine (B_GetAlogorithmState).

This is useful in SSL, for example. The SSL protocol at one point requires the user to finish digesting data (B_DigestFinal), yet retain the digest state so that it is possible to continue as if the final digesting had never taken place. With these two new function calls, you can get the state, call the Final routine, and then create a new object with the saved value and continue on as if the Final routine never took place. You can use this feature when performing message digests, RC4, or in Diffie-Hellman key agreement.

The state value for Diffie-Hellman is actually the BER encoding following this ASN.1 definition.

SEQUENCE {

OBJECT IDENTIFIER dhOID,

INTEGER

prime,

INTEGER

base,

INTEGER

maxExponentBits,

INTEGER

publicValue,

INTEGER

privateValue }

When to Allocate Memory

Whenever you use Crypto-C, you will produce output. The output might be encrypted or decrypted data, or information you are retrieving concerning keys or algorithms. This output must go somewhere; there must be memory that is allocated to hold it. If memory is not allocated for a particular output, the computer will still try to put the output somewhere, possibly in a location that already contains other data or programs. When is it the application’s responsibility to allocate memory and when will Crypto-C do the allocating?

The application must allocate memory whenever a Crypto-C function produces output and the prototype indicates that the output argument is a pointer (for instance, POINTER or unsigned char *). In this situation, Crypto-C asks for a pointer and places the output at the address indicated by the pointer. It is the application’s responsibility to make sure that the pointer points to allocated memory.

Crypto-C allocates memory whenever a function produces output and the prototype indicates the output argument is a pointer to a pointer (for instance, POINTER *). Here, Crypto-C asks for the address of a pointer. Crypto-C goes to that address and deposits a pointer there. If the application goes to where the pointer points, it will find the

C h a p t e r 4 U s i n g C r y p t o - C

1 2 1

Page 143
Image 143
RSA Security 5.2.2 manual When to Allocate Memory