How to return a pointer of unknown size in an sgx ecall?

Question

How can I return a pointer of an unknown size in an ecall using [out]? The current method I know requires that the size of the pointer is set when calling the ecall, eg:

[out, size=len] int *p, size_t len

Is there another way, where I don't have to specify the size of the pointer when calling the ecall function?

Answer 1

You seem to need the EDL generated code to get the data of unknown length (at the time of the call) from the enclave.

Option 1 is to provide a buffer which is large enough to receive the data:

public int ecall_test(
                              uint32_t  data_capacity,
    [out, size=data_capacity] uint8_t*  data,
    [out]                     uint32_t* data_size
);

The trusted implementation can fill the buffer with up to data_capacity bytes of data and return the actual length in data_size . Edge-function code will still copy data_capacity bytes from the trusted output buffer, but you should be fine because your data_size < data_capacity bytes will be taken care of.

Option 2 is two step process: the first ecall requests the actual data length the trusted method is going to return, then it is followed with another call that provides the actual data.

public int ecall_test_1(
    [out]                 uint32_t* data_size
);

public int ecall_test_2(
                          uint32_t  data_size,
    [out, size=data_size] uint8_t*  data,
);

The edge code needs to be aware of buffer sizes in advance and it is unable to accept the length of the data just from trusted function (in which case there is no way to allocate respective buffer to carry the copy of the data on the untrusted side).