<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p><br>
</p>
<div class="moz-cite-prefix">Am 24.10.23 um 08:25 schrieb NIIBE
Yutaka:<br>
</div>
<blockquote type="cite" cite="mid:875y2wwn7x.fsf@akagi.fsij.org">
<pre class="moz-quote-pre" wrap="">Werner Koch <a class="moz-txt-link-rfc2396E" href="mailto:wk@gnupg.org"><wk@gnupg.org></a> wrote:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">On Thu, 19 Oct 2023 16:37, NIIBE Yutaka said:
</pre>
<blockquote type="cite">
<pre class="moz-quote-pre" wrap="">gcry_error_t gcry_kem_decap (int algo,
const void *seckey,
const void *ciphertext,
void *shared_secret);
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
I still don't feel comfortable without a size argument.
</pre>
</blockquote>
<pre class="moz-quote-pre" wrap="">
Assumption here (for lower level API) is:
It's caller side (user of libgcrypt) which does static
compile-time check against ALGO and the length of each
byte-array.
If not static, caller side can do run-time check, if needed,
before the call.</pre>
</blockquote>
But the point is, that what you refer to as static or run-time check
is still error prone. As far as I can see, you did not yet specify
what it is that the caller has to check the length against. But in
any case this is another call to a macro or function which can
contain an error, and thus, as Werner pointed out, incurs the risk
of memory access errors.<br>
<blockquote type="cite" cite="mid:875y2wwn7x.fsf@akagi.fsij.org">
<pre class="moz-quote-pre" wrap="">
Having a size argument would mean,
libgcrypt does run-time check of the length (for each call)
I wonder if this kind of run-time check in libgcrypt is useful in lower
level API.</pre>
</blockquote>
<p>What exactly do you mean by "lower level" API? If this what we
are currently discussing is a lower level API, then does this mean</p>
<p>- that it is not intended to be used by client applications but
just internally by Libgcrypt? In that case I would refer to it as
an internal API for clarity.<br>
- that there will be another "higher level" API that is intended
for client applications?<br>
<br>
Turning the whole question around: what in your point of view
speaks against including length parameters for each input/output
byte array (on whatever level of API)?<br>
</p>
<p><br>
- Falko<br>
</p>
<blockquote type="cite" cite="mid:875y2wwn7x.fsf@akagi.fsij.org">
<pre class="moz-quote-pre" wrap="">
I could imagine having an API offering static compile-time check. In
this case, it would provide a macro something like gcry_kem_decap_check
which has length arguments. The ABI is gcry_kem_decap.
</pre>
</blockquote>
<div class="moz-signature">-- <br>
<!-- MTG AG HTML signature v.1.0 - Messen 2022, 2022-03-14 - Author: Andreas Cholet -->
<p style="line-height: 1.1;"><font face="Arial"><span
style="font-size: small; color: rgb(93, 93, 95);">
<strong>MTG AG</strong><br>
Dr. Falko Strenzke<br>
Executive System Architect<br>
<!--up to here--> </span></font></p>
<font face="Arial">
<p>
<span style="font-size: small; color: rgb(93, 93, 95);">
<span style="display:inline-block;width:4em">Phone: </span>+49
6151 8000 24<br>
<span style="display:inline-block;width:4em">E-Mail: </span><a class="moz-txt-link-abbreviated" href="mailto:falko.strenzke@mtg.de">falko.strenzke@mtg.de</a><br>
<span style="display:inline-block;width:4em">Web: </span><a
href="https://www.mtg.de" title="MTG AG Internet"
target="_blank">mtg.de</a><br>
<br>
<br>
</span></p>
<font face="Arial">
<hr
style="width:320px; text-align:left;margin-left:0; height: 0,1px">
</font>
<p style="line-height: 1.2;"><font face="Arial">
<span style="font-size: x-small; color: rgb(93, 93, 95);">
MTG AG - Dolivostr. 11 - 64293 Darmstadt, Germany<br>
Commercial register: HRB 8901<br>
Register Court: Amtsgericht Darmstadt<br>
Management Board: Jürgen Ruf (CEO), Tamer Kemeröz<br>
Chairman of the Supervisory Board: Dr. Thomas Milde<br>
<br>
This email may contain confidential and/or privileged
information. If you are not the correct recipient or have
received this email in error,
<br>
please inform the sender immediately and delete this
email. Unauthorised copying or distribution of this email
is not permitted.<br>
<br>
Data protection information: <a
href="https://www.mtg.de/en/privacy-policy"
title="MTG Privacy policy" target="_blank">Privacy
policy</a>
</span></font></p>
</font></div>
</body>
</html>