context: introduce unsafe `PreallocatedContext` trait
Fixes unsoundness in `preallocated_gen_new` which previously did not properly constrain the lifetime of the buffer used to back the context object. We introduce an unsafe marker trait, and impl it for our existing preallocated-context markers. Annoyingly the trait has to be public even though it should never be used directly, and is only used alongside the sealed `Context` trait, so it is de-facto sealed itself. Fixes #543
This commit is contained in:
parent
525613902c
commit
f961497e69
|
@ -318,7 +318,15 @@ unsafe impl<'buf> Context for AllPreallocated<'buf> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl<'buf, C: Context + 'buf> Secp256k1<C> {
|
/// Trait marking that a particular context object internally points to
|
||||||
|
/// memory that must outlive `'a`
|
||||||
|
pub unsafe trait PreallocatedContext<'a> {}
|
||||||
|
|
||||||
|
unsafe impl<'buf> PreallocatedContext<'buf> for AllPreallocated<'buf> {}
|
||||||
|
unsafe impl<'buf> PreallocatedContext<'buf> for SignOnlyPreallocated<'buf> {}
|
||||||
|
unsafe impl<'buf> PreallocatedContext<'buf> for VerifyOnlyPreallocated<'buf> {}
|
||||||
|
|
||||||
|
impl<'buf, C: Context + PreallocatedContext<'buf>> Secp256k1<C> {
|
||||||
/// Lets you create a context with a preallocated buffer in a generic manner (sign/verify/all).
|
/// Lets you create a context with a preallocated buffer in a generic manner (sign/verify/all).
|
||||||
pub fn preallocated_gen_new(buf: &'buf mut [AlignedType]) -> Result<Secp256k1<C>, Error> {
|
pub fn preallocated_gen_new(buf: &'buf mut [AlignedType]) -> Result<Secp256k1<C>, Error> {
|
||||||
#[cfg(target_arch = "wasm32")]
|
#[cfg(target_arch = "wasm32")]
|
||||||
|
|
Loading…
Reference in New Issue