Simplify callback logic to returning raw coordinates #201
Conversation
You can run it yourself by doing: and then you can cherry-pick this commit and fix merge problems or apply this diff: https://gist.github.com/elichai/8414db8f410801d14b6479255e0f098f |
There was a problem hiding this comment.
ACK. This is a million times easier to understand.
cc @real-or-random what do you think?
| @@ -137,35 +109,17 @@ impl SharedSecret { | |||
| ptr::null_mut(), | |||
| ) | |||
| }; | |||
| debug_assert_eq!(res, 1); // The default `secp256k1_ecdh_hash_function_default` should always return 1. | |||
| // The default `secp256k1_ecdh_hash_function_default` should always return 1. | |||
| // and the scalar was verified to be valid(0 > scalar > group_order) via the type system | |||
There was a problem hiding this comment.
"via the type system" confused me for a minute. Yes, it's a valid scalar, otherwise it wouldn't have type SecretKey. But our code ensures this, not the type system. (Totally okay to merge like this, just wanted to note this.)
There was a problem hiding this comment.
I think it's fair to say the "type system" is in charge of ensuring validity of data, if there is a type that the API prevents you from constructing in an invalid way.
|
Travis passed, except emscripten. |
|
I did not realize this was merged :) we should remember this is a breaking change |
As requested by @real-or-random in #196 (comment)
this replaces the current logic where the callback is run by the C code to using a callback that just returns the raw coordinates and then the user's callback is executed in the rust side where panics are "fine" and no need to catch them or return an error.
Upsides:
Resultanymore.Downsides:
FWIW, I tested both before and after this change with Miri on my
c2rustbranch(https://github.com/elichai/rust-secp256k1/tree/c2rust)and they both pass.