NOTE: This section could possibly be changed into a reference
to something else, such as another rfc.
Correct implementation of a cryptographic algorithm is a
necessary but not a sufficient condition for the coding of
cryptographic applications. Coding of cryptographic libraries
requires close attention to security considerations that are
unique to cryptographic applications.
In addition to the usual security coding considerations, such
as avoiding buffer or integer overflow and underflow,
implementers should pay close attention to management of
cryptographic private keys and session keys, ensuring that
these are correctly initialized and disposed of.
Operating system mechanisms that permit the confidentiality of
private keys to be protected against other processes should be
used when available. In particular, great care must be taken
when releasing memory pages to the operating system to ensure
that private key information is not disclosed to other
processes.
Certain implementations of public key algorithms such as RSA
may be vulnerable to a timing analysis attack.
Support for cryptographic hardware providing key management
capabilities is strongly encouraged. In addition to offering
performance benefits, many cryptographic hardware devices
provide robust and verifiable management of private keys.
Fortunately appropriately designed and coded cryptographic
libraries are available for most operating system platforms
under license terms compatible with commercial, open source
and free software license terms. Use of standard cryptographic
libraries is strongly encouraged. These have been extensively
tested, reduce development time and support a wide range of
cryptographic hardware.