Add no-std support #100
Add no-std support #100
Conversation
|
Ok, I don't like the |
|
So this might influence your thoughts on types.rs vs libc feature, |
|
|
|
Ok, so about 1, I see a few possibilities.
|
|
It's really surprising to me that there aren't different types for different architectures. Regarding accepting an Regarding the |
|
It's in runtime. Maybe adding a new serliaze_mut or serialize_no_vec or something similiar and the regular one won't be available without std |
|
Wait. Not on compilation, it's in runtime. Sorry my mistake. |
|
Yeah, good idea naming the alternate And if there are runtime issues this is fine; during context creation we can use the FFI functions |
|
@apoelstra Thanks for the feedback. BTW how does this work? https://github.com/rust-bitcoin/rust-secp256k1/blob/master/src/lib.rs#L338 |
|
No, the C code does not do allocations. My understanding was that |
|
@apoelstra It's stored in the RawVec struct: https://doc.rust-lang.org/1.26.0/src/alloc/raw_vec.rs.html#52 You can also see the docs about |
|
@elichai The |
|
If you're using "allocate" to refer to setting the vector's length, we do this manually after the FFI call by calling the unsafe |
|
@apoelstra Ok, I were wrong and you were right. I'm really Sorry for the confusion |
|
So my problems appears neither in compilation nor in runtime. |
|
@apoelstra how do you want to proceed with this? |
|
@elichai I'll create a simple PR to secp256k1 tomorrow that should make it possible to build it without stdio.h (I'm runing into similar problems with a different project). |
|
@real-or-random Thanks! tag me in it so i'll follow when it gets merged :) |
|
So I think it's best to put this on hold until these two are figured out: |
|
I just thought of another interesting way to make the |
|
Oh! Yeah, I like this idea. We could call it a |
|
Should that be as part of |
|
I think we should go ahead and break the API and change |
|
BTW, is it using this: https://github.com/rust-bitcoin/rust-secp256k1/blob/master/src/ffi.rs#L419 or the one from the bindings? (https://github.com/rust-bitcoin/rust-secp256k1/blob/master/src/ffi.rs#L198) If the rust one, what do you think about a re-implementation in safe rust? |
|
We are using the FFI one. The other is something Matt wrote for fuzzing; I doubt that it actually serializes a signature (though it might); these implementations are there to provide low-complexity mock implementations of the crypto, to prevent the fuzzer getting lost trying to break cryptography. I like the idea of a safe reimplementation, though it does create a layer violation: the types exposed by the underlying |
|
Cool. I'm happy with the result. Can you rebase/squash so that we don't go through the |
|
Done. (the changes from before the rebasing to after are here if you're interested: https://github.com/rust-bitcoin/rust-secp256k1/compare/0e0d8df84b001da2ba42c07205ad39e739c532ad..41af612ae277962b4b1747c5b58704bd40e1819d ) |
src/types.rs
Outdated
| pub type c_int = i32; | ||
| pub type c_uchar = u8; | ||
| pub type c_uint = u32; | ||
| pub type c_void = c_uchar; |
There was a problem hiding this comment.
Is it really correct to just use u8 for c_void? That comment makes me think otherwise https://doc.rust-lang.org/src/core/ffi.rs.html#21 (though I don't understand it).
There was a problem hiding this comment.
In one of the comments here I think @apoelstra pointed out that *void is almost equivalent to *char, it's hard to look for resolved comments on the phone.
There was a problem hiding this comment.
But wouldn't it be cleaner to copy the enum implementation with the two variants? It's just three lines of code, so it wouldn't hurt I guess.
There was a problem hiding this comment.
Agree with real-or-random. I don't mind type-punning *c_void for *c_uchar but the base types c_void and c_uchar are very different.
There was a problem hiding this comment.
So I see two options.
one is to remove the c_void type and replace the pointers to *c_uchar, another is what @real-or-random suggested and copy the enum implementation.
I'm really no expert in C and don't know the implications if someone later on misuse c_void with c_uchar so I don't have any opinion on this, I think it should be as foolproof as possible.
There was a problem hiding this comment.
I think we should copy the enum implementation and link to the libc code, and mention that in Rust 1.30 we will be able to just use core::ffi.
There was a problem hiding this comment.
Ok, FYI c_void != void.
but *const c_void == const void* and *mut c_void == void*
elichai
force-pushed
the
master
branch
2 times, most recently
from
5f04fcb
to
f42cfcb
Compare
There was a problem hiding this comment.
ACK. Thank you for your patience!!
cc @real-or-random @jonasnick can you also approve since you've been guiding this PR?
See rust-bitcoin/rust-secp256k1#100 to review commit that caused failure
e49f799 Add missing #(un)defines to base-config.h (Tim Ruffing) 77defd2 Add secp256k1_ prefix to default callback functions (Tim Ruffing) 908bdce Include stdio.h and stdlib.h explicitly in secp256k1.c (Tim Ruffing) 5db782e Allow usage of external default callbacks (Tim Ruffing) 6095a86 Replace CHECKs for no_precomp ctx by ARG_CHECKs without a return (Tim Ruffing) Pull request description: This is intended for environments without implementations for `abort()`, `fprintf()`, and `stderr`. e.g., embedded systems. Those can provide their own implementations of `default_illegal_callback_fn` and `default_error_callback_fn` at compile time. If you want to use your own default callback, things will be somewhat inconsistent unfortunately: We cannot make the callback data `extern` too, because then the initialization lists for `default_illegal_callback` won't contain only constants. (`const` variables are not compile-time constants). So you cannot take callback data in your own default callback function. As a more drastic/breaking alternative I suggest to remove the callback data entirely. I don't think it's a big loss and I would be surprised if anyone uses it. Additionally, we could even remove the possibility to set the callback function at runtime after this PR. This will simplify things a lot, and again I don't think it's a big loss. Note that `abort()`, `fprintf()`, and `stderr` are also used in `CHECK`, which is still used in production code if we rely on gmp for scalar and field inversions (e.g., https://github.com/bitcoin-core/secp256k1/blob/master/src/scalar_impl.h#L240). This is not an issue for embedded system which probably don't want to use gmp anyway, but it is probably an issue for the reasons explained in #566 (comment). (related downstream: rust-bitcoin/rust-secp256k1#100 @elichai) ACKs for commit e49f79: Tree-SHA512: 4dec0821eef4156cbe162bd8cdf0531c1fae8c98cd9db8438170ff1aa0e59b199739eeab293695bb582246812bea5309959f02f1fb74bb57872da54ebc52313f
Hi,
This make this library support
no-std.first I replaced everything from std to get it from core.
then I had 2 things that I had to change and would love you input:
the C types from
std::os::raw, I see few options. one which I did is just declare it manually which I don't really love, another is to make a feature if it will be received from std or libc.Replacing the Vec in the DER serialization. I talked with Maxwell and he told me that the signature can be anywhere between 8 and 72 bytes, so the only way I thought I can achieve this without breaking the API is using the ArrayVec crate which initializes the Vector on the stack,
A different approach will be accepting
&mut [u8; 72]and returning a slice to the correct signature that will be a part of that mutable.