Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Take some steps toward eliminating the last unsafe in ring::polyfill #1732

Merged
merged 3 commits into from
Oct 13, 2023
Merged

Take some steps toward eliminating the last unsafe in ring::polyfill #1732

merged 3 commits into from
Oct 13, 2023

Conversation

briansmith
Copy link
Owner

Replace a few uses of ChunksFixed with a new ArraySplitMap. ArraySplitMap avoids the need to construct an intermediate array; we would hope the optimizer would handle that, but at least in the past it did not always do so.

The approach here isn't very scalable since the source code of each implementation of ArraySplitMap grows twice as fast as the size of the input array. Maybe we can find a cleverer solution, at least for the larger ones.

@briansmith briansmith self-assigned this Oct 12, 2023
@codecov
Copy link

codecov bot commented Oct 12, 2023
edited
Loading

Codecov Report

Merging #1732 (6e6b118) into main (75c620a) will increase coverage by 0.01%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main    #1732      +/-   ##
==========================================
+ Coverage   96.11%   96.12%   +0.01%     
==========================================
  Files         136      137       +1     
  Lines       20521    20548      +27     
  Branches      217      217              
==========================================
+ Hits        19723    19752      +29     
  Misses        760      760              
+ Partials       38       36       -2
Files Coverage Δ
src/aead/aes.rs 98.66% <100.00%> (ø)
src/aead/chacha.rs 100.00% <100.00%> (ø)
src/aead/gcm.rs 98.00% <100.00%> (-0.01%) ⬇️
src/aead/gcm/gcm_nohw.rs 76.58% <100.00%> (-0.34%) ⬇️
src/polyfill.rs 100.00% <ø> (ø)
src/polyfill/array_split_map.rs 100.00% <100.00%> (ø)
src/polyfill/chunks_fixed.rs 100.00% <ø> (ø)

... and 2 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@briansmith
Copy link
Owner Author

@joshlf PTAL. This is mostly to start a discussion. Definitely I am curious about whether there's a simpler way of doing this. I was hoping the array_* standard library facilities would be available by now, but it seems unlikely that they will become stable soon.

@joshlf
Copy link
Contributor

joshlf commented Oct 12, 2023

@joshlf PTAL. This is mostly to start a discussion. Definitely I am curious about whether there's a simpler way of doing this. I was hoping the array_* standard library facilities would be available by now, but it seems unlikely that they will become stable soon.

I don't have any strong opinions here, but the approach seems reasonable. Anything that removes unsafes is good in my book 🙂

@briansmith briansmith force-pushed the b/array_split_map branch 2 times, most recently from f38f1e1 to 424b516 Compare October 13, 2023 16:50
@briansmith
AEAD/Polyfill: Implement ArraySplitMap and construct nonces with it.
603a314 
This is a step towards eliminating the `unsafe` code in `ChunksFixed`.

chacha nonce
@briansmith
ChaCha20: Use ArraySplitMap to construct Iv.
8c2aa7c 
This is a step towards eliminating the `unsafe` in `chunks_fixed()`.
@briansmith
AEAD/Polyfill: Use ArraySplitMap instead of ChunksFixed.
6e6b118 
This is a step towards eliminating the `unsafe` code in `ChunksFixed`.
briansmith
briansmith commented Oct 13, 2023
View reviewed changes
src/polyfill/chunks_fixed.rs
define_chunks_fixed!(12, 4);
define_chunks_fixed!(16, 4);
define_chunks_fixed!(16, 8);
define_chunks_fixed!(32, 4);
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the small arrays that are converted here (the ones for which lines are removed above) this approach seems to optimize well. For the other two larger array sizes (mentioned below), I will post a separate PR that uses different techniques.

@briansmith
Copy link
Owner Author

This change ends up being +91 −33 (+58 net) LoC. The future changes to eliminate ChunksFixed comletely are +13 -48 (-35 net) LoC. So it looks like the project to eliminate ChunksFixed, for the purpose of eliminating the one unsafe line, costs about +23 net LoC.

I believe all the changes here don't worsen the code, and slightly improve the callers. The remaining changes to remove ChunksFixed are more debatable. So I'm going to merge this for now and we'll discuss the issues in that PR.

@briansmith briansmith merged commit 83719c4 into main Oct 13, 2023
134 checks passed
@briansmith briansmith deleted the b/array_split_map branch October 13, 2023 18:29
@briansmith briansmith mentioned this pull request Oct 13, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@briansmith briansmith

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@briansmith @joshlf