System Considerations In Crypto-C

Some applications may need to be completely autonomous; that is, they should have no need to link in any external libraries. As far as possible, the Crypto-C library is autonomous, but Crypto-C does need the functionality of certain standard C library routines, such as malloc. For Crypto-C to remain autonomous, the user must supply these routines.

The routines in tstdlib.c do call the standard C library routines, so to use tstdlib.c you must still link in the standard C library. If your application does not need to be autonomous, you can use these supplied versions of the T_ routines. If, however, your application will eventually require autonomy, you can supply versions of the T_ routines that do not call the standard C library.

If a particular platform and compiler offers an optimized version or simply a platform-specific version of one or more of the memory management routines, Crypto-C can call that routine without requiring a change in the source code. You only have to modify the module containing the memory management routines.

Memory Allocation

For security reasons, it is often important that space be allocated from core memory, not a hard disk virtual memory. If an application makes a call to the standard malloc or alloc, the operating system may decide to use virtual memory. The T_malloc call can be made to guarantee core memory allocation and never virtual memory.

Binary Data

Remember that the C calls beginning with str, such as strlen and strcpy, operate on strings. Length is not a necessary input argument; instead, the function acts on everything from the beginning of the string to the NULL-terminating character. However, the output from a Crypto-C call is a block of memory, not a string. Even if the data to encrypt is a string, the encrypted data is not. Similarly, data that has been decrypted will not be a properly terminated string unless the NULL-terminating character was encrypted as well.

The mem routines supplied with Crypto-C, such as T_memcpy and T_memset, address this problem. They operate on blocks of memory and need to know how many bytes to act on. Whether or not there is a NULL-terminating character in the block of memory does not matter.

BER/DER Encoding

Much of the data in cryptographic applications needs to be passed between two or

C h a p t e r 4 U s i n g C r y p t o - C

1 2 3

Page 145
Image 145
RSA Security 5.2.2 manual BER/DER Encoding, Memory Allocation, Binary Data