Nikos Mavrogiannopoulos nmav@gnutls.org writes:
That is pretty dangerous with the changes of parameters in functions in nettle 3. The issue is the compiler will not warn for serious errors such as different function type. An example macro is GCM_ENCRYPT.
#define GCM_ENCRYPT(ctx, encrypt, length, dst, src) \ (0 ? (encrypt)(&(ctx)->cipher, 0, (void *)0, (void *)0) \ : gcm_encrypt(&(ctx)->gcm, &(ctx)->key, &(ctx)->cipher, \ (nettle_cipher_func *) (encrypt), \ (length), (dst), (src)))
The idea of this macro is that
1. It should be possible to pass a context with the cipher element typed as a struct aes128_ctx, and encrypt as the function aes128_encrypt, without errors or warnings. To have the cast in one place, instead of sprinkled throughout application code.
2. The expression after the 0 ? should give some additional typechecking, so that, e.g, having a ctx->cipher of type aes128_ctx and encrypt as the function camellia128_crypt, you will get a warning from the compiler about bad first argument to camellia128_crypt.
If you pass an encrypt function of type nettle_cipher_func (with a const void *) first argument, you get less type checking, but at least you should get a check on number of arguments, and integers vs pointers.
Can you give an example usage where you'd want to get a compiler warning, but you don't get one?
BTW, a minor improvement to type checking would be to change the (void*) 0 expressions above to (uint8_t *) 0 and (const uint8_t *) 0.
Regards, /Niels