• 04/09/2016
  • Public Content

Earlier we mentioned that the enclave code must perform a thorough parameter checking for all the ISV interface functions; in other words, the enclave interface functions exposed to the untrusted domain. Such a recommendation also applies when working with a third party library. If a trusted library contains any function that is exposed, the ISV must confirm that the library provider also have this interface function check its input parameters exhaustively. However, if the top-level functions of a trusted library are meant to be called from inside the enclave only, or the trusted library is an enclavized version of an open-source implementation, the parameter checking might not be as strict. When a third party library does not sanitize its input parameters, and it is unpractical to change the third party code, then the enclave writer could add a wrapper that performs parameter checking to the API. This addition will not change the behavior or implementation of the third party library API, but removes the burden of validating the library again and simplifies future library updates.

Product and Performance Information


Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.