From f7a4a7ef577d52422571bef8dbc862c573077f09 Mon Sep 17 00:00:00 2001 From: Elichai Turkel Date: Tue, 28 May 2019 16:31:01 +0300 Subject: [PATCH] Added manual external callbacks that panics --- build.rs | 1 + src/ffi.rs | 46 ++++++++++++++++++++++++++++++++++++++++++++++ src/types.rs | 1 + 3 files changed, 48 insertions(+) diff --git a/build.rs b/build.rs index 18fe385..86d8125 100644 --- a/build.rs +++ b/build.rs @@ -53,6 +53,7 @@ fn main() { .define("USE_FIELD_INV_BUILTIN", Some("1")) .define("USE_SCALAR_INV_BUILTIN", Some("1")) .define("ENABLE_MODULE_ECDH", Some("1")) + .define("USE_EXTERNAL_DEFAULT_CALLBACKS", Some("1")) .define("ECMULT_WINDOW_SIZE", Some("15")); // This is the default in the configure file (`auto`) #[cfg(feature = "endomorphism")] diff --git a/src/ffi.rs b/src/ffi.rs index e84ad6c..b660f4e 100644 --- a/src/ffi.rs +++ b/src/ffi.rs @@ -255,6 +255,52 @@ extern "C" { ) -> c_int; } + +#[no_mangle] +/// **This function is an override for the C function, this is the an edited version of the original description:** +/// +/// A callback function to be called when an illegal argument is passed to +/// an API call. It will only trigger for violations that are mentioned +/// explicitly in the header. **This will cause a panic**. +/// +/// The philosophy is that these shouldn't be dealt with through a +/// specific return value, as calling code should not have branches to deal with +/// the case that this code itself is broken. +/// +/// On the other hand, during debug stage, one would want to be informed about +/// such mistakes, and the default (crashing) may be inadvisable. +/// When this callback is triggered, the API function called is guaranteed not +/// to cause a crash, though its return value and output arguments are +/// undefined. +/// +/// See also secp256k1_default_error_callback_fn. +/// +pub extern "C" fn secp256k1_default_illegal_callback_fn(_message: *const c_char, _data: *mut c_void) { + // Do we need to deref the message and print it? if so without std we'll need to use `strlen` + panic!("[libsecp256k1] illegal argument."); +} + +#[no_mangle] +/// **This function is an override for the C function, this is the an edited version of the original description:** +/// +/// A callback function to be called when an internal consistency check +/// fails. **This will cause a panic**. +/// +/// This can only trigger in case of a hardware failure, miscompilation, +/// memory corruption, serious bug in the library, or other error would can +/// otherwise result in undefined behaviour. It will not trigger due to mere +/// incorrect usage of the API (see secp256k1_default_illegal_callback_fn +/// for that). After this callback returns, anything may happen, including +/// crashing. +/// +/// See also secp256k1_default_illegal_callback_fn. +/// +pub extern "C" fn secp256k1_default_error_callback_fn(_message: *const c_char, _data: *mut c_void) { + // Do we need to deref the message and print it? if so without std we'll need to use `strlen` + panic!("[libsecp256k1] internal consistency check failed."); +} + + #[cfg(feature = "fuzztarget")] mod fuzz_dummy { extern crate std; diff --git a/src/types.rs b/src/types.rs index 4e12c90..560303a 100644 --- a/src/types.rs +++ b/src/types.rs @@ -4,6 +4,7 @@ use core::fmt; pub type c_int = i32; pub type c_uchar = u8; pub type c_uint = u32; +pub type c_char = i8; /// This is an exact copy of https://doc.rust-lang.org/core/ffi/enum.c_void.html /// It should be Equivalent to C's void type when used as a pointer.