Skip to content

Param API#8320

Closed
paulidale wants to merge 3 commits intoopenssl:masterfrom
paulidale:param-api
Closed

Param API#8320
paulidale wants to merge 3 commits intoopenssl:masterfrom
paulidale:param-api

Conversation

@paulidale
Copy link
Contributor

@paulidale paulidale commented Feb 25, 2019

This builds on the work by @levitte in #8286

The aim is to provide extra utility routines that make dealing the OSSL_PARAMS easier, more type safe and (at least somewhat) resilient to changes in the future.

This PR deals with the numeric types only.

  • documentation is added or updated
  • tests are added or updated

@paulidale paulidale changed the title WIP: Param api WIP: Param API Feb 25, 2019
@levitte
Copy link
Member

levitte commented Feb 25, 2019

May I suggest a make update?

@paulidale
Copy link
Contributor Author

A make update once this has settled a bit is definitely in order.

crypto/params.c Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this cleverness should be avoided, just use portable shift and or.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was actually cleverer than what I had in mind, which was something like this:

    const union {
        char digits[4];
        uint32_t number;
    } byteorder = { { 0x00, 0x01, 0x02, 0x03 } };

And then compare with 0x00010203, 0x03020100, 0x01000302 and whatever else to figure out the byte order (one of them is PDP-11, can you see which one?).

I actually think @paulidale's cleverness is much more to the point than most variants I've seen. Of course, it demands that you know C...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The union trick has been used by @dot-asm for crypto code. I think it is needless tricky and premature optimization to use it for parameter-passing, especially when you can do things like always promote and then cast down:

case TYPE_SHORT: {
int itemp;
memcpy(item, param->value, sizeof (int));
*val = (short)itemp;
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So this is not really about the clever union trick, but rather about widening and narrowing being a bit over the top... is that what you're trying to say?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The union trick is needed only for the widening/narrowing optimization here. This code as currently proposed is a poster-child for needless optimization in my view.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The union trick is from elsewhere in the OpenSSL code base, it isn't my creation. Yes I remember the joy of Dec's own endian scheme.

crypto/params.c Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think quietly ignoring NULL parameters is a bad idea.

crypto/params.c Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same thing; this is too clever for needless efficiency.

crypto/params.c Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd prefer macros that cast things up to the largest integral size; why not?

crypto/params.c Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This assumes that little-endian uses the lebin encoding. Are you sure that's true? If so, why?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's actually what is specified if you read the manual on OSSL_PARAM. "Native byte order"

crypto/params.c Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After all, the whole point of this stuff was to just use the native encoding, no? BN's are strange and things become simpler if you just use canonical, IMO.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you mean with "canonical"?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Canonical means pick one format and use it, such as always using BN_lebin2bin. As it stands right now, you have to document the format of both BN2bin functions, right?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or simpler, just encode it as a byte array, LSB first, and document that.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So basically, you're suggesting that we have two types of integers, one that fits in a long and is native byte order and one that fits in a BIGNUM and always LSB first no matter what?

How does that make anything easier? 'cause then you must suddenly check the size and choose the type depending on size...

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where do you want the public community to discuss this, if not in the PR?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR?

This PR is about wrappers around OSSL_PARAM. OSSL_PARAM itself comes from #8286 (and even further back, from the design document)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the first PR that presents the real developer-facing API. The design document was not public during almost all of its writing. If you don't like comments here, again I ask where you want them?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

... If it's about OSSL_PARAM itself...

crypto/params.c Outdated
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Be like classic C and just coerce float to double, and scalers to int/long.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OMG. Gee that is a lot of functions. Dozens of them. Just do int/long and double.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this the interface we want?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is part of #8286 too.
I'm intending to provide a wrapper for this as well.

@paulidale
Copy link
Contributor Author

I'm not sure how to resolve the conflicts before #8286 is merged. I need both things from #8286 and from trunk.

@levitte
Copy link
Member

levitte commented Feb 27, 2019

Well, until someone makes a final review of #8286, it's effectively stalled. So the answer is, someone has to take action.

@levitte
Copy link
Member

levitte commented Feb 27, 2019

Or hold on a minute and I will simply rebase #8286

@levitte
Copy link
Member

levitte commented Feb 27, 2019

Done, please rebase this on top of a fresher 300-coredef

@paulidale
Copy link
Contributor Author

Rebased with build errors.
Deferred until tomorrow.

This PR is stalled until #8286 and beyond. The BIGNUM, octet and string types will other PRs I expect.

@paulidale paulidale added branch: master Applies to master branch Core labels Feb 27, 2019
@paulidale paulidale changed the title WIP: Param API Param API Feb 27, 2019
@paulidale
Copy link
Contributor Author

paulidale commented Feb 27, 2019

One Travis failure is relevant (ppc little endian), the other two are too don't.

@paulidale paulidale force-pushed the param-api branch 17 times, most recently from 2fd1e94 to 8552366 Compare February 28, 2019 04:04
Provide a number of functions to allow parameters to be set and retrieved
in a type safe manner.  Functions are provided for many integral types
plus float and double.

All of the integer functions will widen and narrow the parameter data as
required.  This permits a degree of malleability in the parameter definition.
For example a type can be changed from a thirty two bit integer to a sixty
four bit one without changing application code.  The fast path case where
the types match is dealt with directly, so it is only when the types don't
match that there is a performance impact.

The two pairs of real functions accept all real and integer types and
automaticly convert as required.  There could be some loss of precision
when converting wide integral types to reals, but the magnitude will
remain correct.  Unlike the integer functions which accept any width input,
the real functions require standard integer widths.

A pair of functions is available for BIGNUMs.  These accept any unsigned
integer input and convert to/from a BIGNUM.

Finally, some utility macros are defined to allow OSSL_PARAM definition
arrays to be more simplify specified.  There is one macro for each native
integer type and both floating point types.
@paulidale
Copy link
Contributor Author

Finally got the tests passing.
There is something odd going on in 32 bit Windows land.

@paulidale paulidale mentioned this pull request Mar 1, 2019
2 tasks
@paulidale
Copy link
Contributor Author

Leaner version in #8379

@paulidale paulidale closed this Mar 4, 2019
@paulidale
Copy link
Contributor Author

Closed in favour of the other two options.

@paulidale paulidale deleted the param-api branch March 4, 2019 21:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

branch: master Applies to master branch

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants