-
Notifications
You must be signed in to change notification settings - Fork 270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce new error handling convention #635
base: master
Are you sure you want to change the base?
Changes from all commits
c5b6226
ebfb3e2
ec02f3f
08c330f
7bd28e1
4e72db6
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
// SPDX-License-Identifier: CC0-1.0 | ||
|
||
use core::fmt; | ||
use core::marker::PhantomData; | ||
use core::mem::ManuallyDrop; | ||
use core::ptr::NonNull; | ||
|
@@ -8,7 +9,7 @@ use core::ptr::NonNull; | |
pub use self::alloc_only::*; | ||
use crate::ffi::types::{c_uint, c_void, AlignedType}; | ||
use crate::ffi::{self, CPtr}; | ||
use crate::{Error, Secp256k1}; | ||
use crate::Secp256k1; | ||
|
||
#[cfg(all(feature = "global-context", feature = "std"))] | ||
/// Module implementing a singleton pattern for a global `Secp256k1` context. | ||
|
@@ -320,30 +321,51 @@ unsafe impl<'buf> PreallocatedContext<'buf> for AllPreallocated<'buf> {} | |
unsafe impl<'buf> PreallocatedContext<'buf> for SignOnlyPreallocated<'buf> {} | ||
unsafe impl<'buf> PreallocatedContext<'buf> for VerifyOnlyPreallocated<'buf> {} | ||
|
||
/// A preallocated buffer, enforces the invariant that the buffer is big enough. | ||
#[allow(missing_debug_implementations)] | ||
pub struct PreallocatedBuffer<'buf>(&'buf [AlignedType]); | ||
|
||
impl<'buf> ffi::CPtr for PreallocatedBuffer<'buf> { | ||
type Target = AlignedType; | ||
fn as_c_ptr(&self) -> *const Self::Target { self.0.as_c_ptr() } | ||
fn as_mut_c_ptr(&mut self) -> *mut Self::Target { self.0.as_mut_c_ptr() } | ||
} | ||
|
||
impl<'buf, C: Context + PreallocatedContext<'buf>> Secp256k1<C> { | ||
/// Wraps `buf` in a `PreallocatedBuffer`. | ||
/// | ||
/// # Errors | ||
/// | ||
/// Returns `NotEnoughMemoryError` if the buffer is too small. | ||
pub fn buffer( | ||
buf: &'buf mut [AlignedType], | ||
) -> Result<PreallocatedBuffer, NotEnoughMemoryError> { | ||
if buf.len() < Self::preallocate_size_gen() { | ||
return Err(NotEnoughMemoryError); | ||
} | ||
Ok(PreallocatedBuffer(buf)) | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This also should have an See also #665 |
||
|
||
/// Lets you create a context with a preallocated buffer in a generic manner (sign/verify/all). | ||
pub fn preallocated_gen_new(buf: &'buf mut [AlignedType]) -> Result<Secp256k1<C>, Error> { | ||
pub fn preallocated_gen_new(buf: &'buf mut PreallocatedBuffer) -> Secp256k1<C> { | ||
#[cfg(target_arch = "wasm32")] | ||
ffi::types::sanity_checks_for_wasm(); | ||
|
||
if buf.len() < Self::preallocate_size_gen() { | ||
return Err(Error::NotEnoughMemory); | ||
} | ||
// Safe because buf is not null since it is not empty. | ||
let buf = unsafe { NonNull::new_unchecked(buf.as_mut_c_ptr() as *mut c_void) }; | ||
|
||
Ok(Secp256k1 { | ||
Secp256k1 { | ||
ctx: unsafe { ffi::secp256k1_context_preallocated_create(buf, AllPreallocated::FLAGS) }, | ||
phantom: PhantomData, | ||
}) | ||
} | ||
} | ||
} | ||
|
||
impl<'buf> Secp256k1<AllPreallocated<'buf>> { | ||
/// Creates a new Secp256k1 context with all capabilities. | ||
pub fn preallocated_new( | ||
buf: &'buf mut [AlignedType], | ||
) -> Result<Secp256k1<AllPreallocated<'buf>>, Error> { | ||
buf: &'buf mut PreallocatedBuffer<'buf>, | ||
) -> Secp256k1<AllPreallocated<'buf>> { | ||
Secp256k1::preallocated_gen_new(buf) | ||
} | ||
/// Uses the ffi `secp256k1_context_preallocated_size` to check the memory size needed for a context. | ||
|
@@ -377,8 +399,8 @@ impl<'buf> Secp256k1<AllPreallocated<'buf>> { | |
impl<'buf> Secp256k1<SignOnlyPreallocated<'buf>> { | ||
/// Creates a new Secp256k1 context that can only be used for signing. | ||
pub fn preallocated_signing_only( | ||
buf: &'buf mut [AlignedType], | ||
) -> Result<Secp256k1<SignOnlyPreallocated<'buf>>, Error> { | ||
buf: &'buf mut PreallocatedBuffer<'buf>, | ||
) -> Secp256k1<SignOnlyPreallocated<'buf>> { | ||
Secp256k1::preallocated_gen_new(buf) | ||
} | ||
|
||
|
@@ -401,8 +423,8 @@ impl<'buf> Secp256k1<SignOnlyPreallocated<'buf>> { | |
impl<'buf> Secp256k1<VerifyOnlyPreallocated<'buf>> { | ||
/// Creates a new Secp256k1 context that can only be used for verification | ||
pub fn preallocated_verification_only( | ||
buf: &'buf mut [AlignedType], | ||
) -> Result<Secp256k1<VerifyOnlyPreallocated<'buf>>, Error> { | ||
buf: &'buf mut PreallocatedBuffer<'buf>, | ||
) -> Secp256k1<VerifyOnlyPreallocated<'buf>> { | ||
Secp256k1::preallocated_gen_new(buf) | ||
} | ||
|
||
|
@@ -421,3 +443,20 @@ impl<'buf> Secp256k1<VerifyOnlyPreallocated<'buf>> { | |
ManuallyDrop::new(Secp256k1 { ctx: raw_ctx, phantom: PhantomData }) | ||
} | ||
} | ||
|
||
/// Not enough memory for a preallocated buffer. | ||
#[derive(Debug, Clone, PartialEq, Eq)] | ||
#[non_exhaustive] | ||
#[allow(missing_copy_implementations)] // Don't implement Copy when we use non_exhaustive. | ||
pub struct NotEnoughMemoryError; | ||
|
||
impl fmt::Display for NotEnoughMemoryError { | ||
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { | ||
f.write_str("not enough memory to use as a preallocated buffer") | ||
} | ||
} | ||
|
||
#[cfg(feature = "std")] | ||
impl std::error::Error for NotEnoughMemoryError { | ||
fn source(&self) -> Option<&(dyn std::error::Error + 'static)> { None } | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -4,13 +4,20 @@ | |
//! | ||
|
||
use core::borrow::Borrow; | ||
use core::convert::TryFrom; | ||
use core::{ptr, str}; | ||
|
||
use secp256k1_sys::types::{c_int, c_uchar, c_void}; | ||
|
||
use crate::ffi::{self, CPtr}; | ||
use crate::key::{PublicKey, SecretKey}; | ||
use crate::{constants, Error}; | ||
use crate::{constants, hex}; | ||
|
||
#[rustfmt::skip] // Keep public re-exports separate. | ||
pub use crate::{ | ||
error::InvalidSliceLengthError, | ||
hex::FromHexError, | ||
}; | ||
|
||
// The logic for displaying shared secrets relies on this (see `secret.rs`). | ||
const SHARED_SECRET_SIZE: usize = constants::SECRET_KEY_SIZE; | ||
|
@@ -65,26 +72,20 @@ impl SharedSecret { | |
|
||
/// Creates a shared secret from `bytes` slice. | ||
#[inline] | ||
pub fn from_slice(bytes: &[u8]) -> Result<SharedSecret, Error> { | ||
match bytes.len() { | ||
SHARED_SECRET_SIZE => { | ||
let mut ret = [0u8; SHARED_SECRET_SIZE]; | ||
ret[..].copy_from_slice(bytes); | ||
Ok(SharedSecret(ret)) | ||
} | ||
_ => Err(Error::InvalidSharedSecret), | ||
pub fn from_slice(bytes: &[u8]) -> Result<SharedSecret, InvalidSliceLengthError> { | ||
match <[u8; SHARED_SECRET_SIZE]>::try_from(bytes) { | ||
Ok(bytes) => Ok(SharedSecret(bytes)), | ||
Err(_) => | ||
Err(InvalidSliceLengthError { got: bytes.len(), expected: SHARED_SECRET_SIZE }), | ||
} | ||
} | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This effectively duplicates the functionality of There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I did a refactor patch to use |
||
|
||
impl str::FromStr for SharedSecret { | ||
type Err = Error; | ||
fn from_str(s: &str) -> Result<SharedSecret, Error> { | ||
type Err = FromHexError; | ||
fn from_str(s: &str) -> Result<Self, Self::Err> { | ||
let mut res = [0u8; SHARED_SECRET_SIZE]; | ||
match crate::from_hex(s, &mut res) { | ||
Ok(SHARED_SECRET_SIZE) => Ok(SharedSecret::from_bytes(res)), | ||
_ => Err(Error::InvalidSharedSecret), | ||
} | ||
hex::from_hex(s, &mut res).map(|_| SharedSecret::from_bytes(res)) | ||
} | ||
} | ||
|
||
|
@@ -160,7 +161,7 @@ impl ::serde::Serialize for SharedSecret { | |
fn serialize<S: ::serde::Serializer>(&self, s: S) -> Result<S::Ok, S::Error> { | ||
if s.is_human_readable() { | ||
let mut buf = [0u8; SHARED_SECRET_SIZE * 2]; | ||
s.serialize_str(crate::to_hex(&self.0, &mut buf).expect("fixed-size hex serialization")) | ||
s.serialize_str(hex::to_hex(&self.0, &mut buf).expect("fixed-size hex serialization")) | ||
} else { | ||
s.serialize_bytes(self.as_ref()) | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to be
mut
as it's unsound otherwise.Also FYI I probably meant something else but can't remember what it was. I guess I meant
&mut AlignedType
which is unsound. We could also just use unsized typepub struct PreallocatedBuffer([AligneType]);
which is more idiomatic.In ideal world we would use an extern type but those aren't even stable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should also probably make
AlignedType
containMaybeUninit
or something like that, as the C code might write padding bytes to it.I think it wasn't stable (enough) back when I implemented this logic
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, it wasn't stable back then. Definitely should. I promoted this to #707 because I expect this old PR to get closed.