FIX: botan_cipher_get_update_granularity() #4094
Conversation
Previously, the FFI wrapper had to take the final invocation into account. Now that botan_cipher_update() reports the required buffer size when invoked with BOTAN_CIPHER_UPDATE_FLAG_FINAL this is not a strict requirement anymore.
|
|
||
| /* | ||
| * Return the minimum possible granularity given the FFI API constraints that | ||
| * we require the returned size be > minimum final size. |
There was a problem hiding this comment.
Does this condition no longer hold? I would think this would break callers.
There was a problem hiding this comment.
To the best of my understanding it doesn't hold anymore (after the introduction of #3951). For instance: an AEAD that allows single-byte updates, could now be used via botan_cipher_update() with single-byte buffers. When trying to finalize the cipher with a single-byte bulffer, it will return a BOTAN_FFI_ERROR_INSUFFICIENT_BUFFER_SPACE and report the size of the required buffer via the out-variable. Repeating the finalize-call with a big-enough buffer will work.
Nevertheless, I totally agree that this could potentially break callers and force them to add similar handling as I explained above. See also the discussion here: #4090 (comment).
(I meant to open this as a draft-PR, sorry)
There was a problem hiding this comment.
FYI: #4122 is an alternative that keeps this condition alive. ... to the best of my understanding.
|
Closing as obsolete after #4122 got merged. We might bring this back with 4.0 as a new API. |
With #3951
botan_cipher_update()gained a documented way to communicate the required buffer size to finalize certain cipher modes if not enough bytes were provided by the caller. I feel that this actually obsoletes the internal helper functionffi_choose_update_size()altogether. Instead, I suggest to just pass through what theCipher_Modeobject reports.Note that this might harm performance for users that currently use
botan_cipher_get_update_granularity()(similarly to #3925). Such users should switch tobotan_cipher_get_ideal_update_granularity(), as explained in the Botan 3.0 migration guide.