Chapter 2 Quick Start 31
Multiple Updates
In the preceeding code example, we took
dataToEncryptLen
bytes of data to encrypt
and passed them to B_EncryptUpdate. The number of bytes of output may or may not
be
dataToEncryptLen
; check
outputLenUpdate
to see. If fewer than
dataToEncryptLen
bytes were output, the as-yet-unencrypted input waits in a buffer.
Notice that we did not allocate memory but used the stack; we did this by declaring
our buffers to be arrays of unsigned char. This means that the operating system will
do the allocating and freeing.
Also notice the call to T_memset, another memory management routine from
tstdlib.c. The T_memset routine sets all the bytes of a buffer to a particular value; in
this case, it wrote a 0 to every byte in
dataToEncrypt
. T_memset is described in Chapter
4 of the Reference Manual. When memory is freed, whether by a call to T_free or
automatically by the operating system, the data still exists at that location; the
operating system has simply marked that area as available for use. For security,
overwrite any memory that held sensitive data when you are done with it. This
prevents attackers from reconstructing secrets by examining your computer’s
memory.
/* If there was an error in the above while loop, break out of the
do-while construct. */
if (status != 0)
break;
/* Call B_EncryptFinal once after all Updates. */
if ((status = B_EncryptFinal
(encryptionObject, blockOfEncryptedData, &outputLenFinal,
UPDATE_OUTPUT_SIZE, (B_ALGORITHM_OBJ)NULL_PTR,
(A_SURRENDER_CTX *)NULL_PTR)) != 0)
break;
/* Save the encrypted data. */
if ((status = AppendDataToFile
(outputFile, blockOfEncryptedData,
outputLenFinal)) != 0)
break;
totalBytesSoFar += outputLenFinal;
} while (0);
/* Free up any memory allocated, save it to a file or print it out first
if you need to save it. */
T_memset (dataToEncrypt, 0, sizeof (dataToEncrypt));