000026111 - How to build a shared library that uses RSA BSAFE Crypto-C functions

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000026111
Applies ToOn a related note, licensing issues do not allow developers of DLLs or shared objects to directly export the RSA BSAFE Crypto-C API. If more than one application wants to rely on shared BSAFE code exposed as a DLL or shared object, provisions for this must be made in the license agreement.
Related to DLLs in general, if a bsafe.dll with a publicly known API were available and used by all customers, statically linking RSA BSAFE Crypto-C into an application or a separate DLL prevents the sort of attack where an adversary replaces bsafe.dll (perhaps using some type of virus) that does something like transmit all private keys or some other rouge operation.
IssueHow to build a shared library that uses RSA BSAFE Crypto-C functions
To see this in action, try creating an executable that differs only in the chooser used. In other words, create one executable that only does MD5 digests and include only AM_MD5. Then modify that program to include all of the AMs. You will notice that the executable size of the second program is much larger than the first.
CauseWhen you link in a static library to create your own executable or DLL, you allow the linker to do the work of trimming out unneeded portions of the RSA BSAFE Crypto-C object library. Crypto-C was designed so that all functions dealing with RC2, for example, were in files separate from other algorithms so that when the linker resolves the symbols for the methods in a particular AM, no unneeded code is linked in.  Had we distributed Crypto-C as a DLL, which is fully linked like an executable, the DLL would be huge, applications using Crypto-C would be forced to potentially redistribute the entire DLL even if only a small portion is used.
ResolutionRSA BSAFE Crypto-C does not come shipped in a shared object or .DLL format. If you need to dynamically load your cryptography routines, it is necessary for you to make your own shared object that statically links in the Crypto-C library. This shared object should include wrapper functions that properly wrap the Crypto-C calls you would like to make.
Legacy Article ID6.0.3318162.2914371