Chapter 4 Using Crypto-C 123
System Considerations In Crypto-C
Some applications may need to be completely autonomous; that is, they should have
no need to link in any external libraries. As far as possible, the Crypto-C library is
autonomous, but Crypto-C does need the functionality of certain standard C library
routines, such as
malloc. For Crypto-C to remain autonomous, the user must supply
these routines.
The routines in
tstdlib.c do call the standard C library routines, so to use tstdlib.c
you must still link in the standard C library. If your application does not need to be
autonomous, you can use these supplied versions of the
T_ routines. If, however, your
application will eventually require autonomy, you can supply versions of the
T_
routines that do not call the standard C library.
If a particular platform and compiler offers an optimized version or simply a
platform-specific version of one or more of the memory management routines,
Crypto-C can call that routine without requiring a change in the source code. You
only have to modify the module containing the memory management routines.
Memory Allocation
For security reasons, it is often important that space be allocated from core memory,
not a hard disk virtual memory. If an application makes a call to the standard
malloc
or
alloc, the operating system may decide to use virtual memory. The T_malloc call
can be made to guarantee core memory allocation and never virtual memory.
Binary Data
Remember that the C calls beginning with str, such as strlen and strcpy, operate on
strings. Length is not a necessary input argument; instead, the function acts on
everything from the beginning of the string to the
NULL-terminating character.
However, the output from a Crypto-C call is a block of memory, not a string. Even if
the data to encrypt is a string, the encrypted data is not. Similarly, data that has been
decrypted will not be a properly terminated string unless the
NULL-terminating
character was encrypted as well.
The
mem routines supplied with Crypto-C, such as T_memcpy and T_memset, address
this problem. They operate on blocks of memory and need to know how many bytes
to act on. Whether or not there is a
NULL-terminating character in the block of memory
does not matter.
BER/DER Encoding
Much of the data in cryptographic applications needs to be passed between two or
