Reconsider the default mode for LTC_ARGCHK

[karel-m]

Currently by default the LTC_ARGCK calls abort() when the check in question fails.

Isn't it too strict to literally die (core-dump) when you for example "only" pass an IV of invalid length?

You can probably imagine what does it mean for example when LTC_ARGCHK fails somewhere deep inside my perl bindings (it will cause the whole perl interpreter to crash).

I would prefer to only return CRYPT_INVALID_ARG by default (which means using current ARGTYPE == 4 as a default).

[sjaeckel]

IIUC you're not using a system-provided ltc, right? why don't you then simply define -DARGTYPE=4 while compiling ltc?
I wouldn't want to change this per default TBH

[karel-m]

Yes, the trick with -DARGTYPE=4 is exactly what I did. But for example Fedora/RedHat guys for some reason insist on linking with system's libtomcrypt.

The thing is that the ARGTYPE==0 decision is basically hardcoded in library binaries. We use LTC_ARGCHK pretty everywhere not only in really severe situations where there is no other way than to core dump.

It might happen that you have for example a nonce of invalid length (in a really mean scenario it may be a user input) which you pass to some libtomcrypt function ... and ... it will abort the whole program due to LTC_ARGCHK fail.

[sjaeckel]

Then these cases shouldn't use the macro anymore!?