src: eliminate ManagedEVPPkey #54751

jasnell · 2024-09-04T02:19:56Z

Simplify key handling a bit by eliminating the additional indirection through ManagedEVPPKey

Prior to this change we had:

KeyObjectHandle -> std::shared_ptr<KeyObjectData> -> ManagedEVPPKey -> EVPKeyPointer

The ManagedEVPPKey really didn't add much value in the mix. After this change we have:

KeyObjectHandle -> KeyObjectData -> EVPKeyPointer

The KeyObjectData class now handles the std::shared_ptr bits internally and assumes what little responsibility the ManagedEVPPKey class had.

Overall it ends up simplifying the codebase quite a bit even if the changes are scattered across a wide area.

This is being done as part of the larger effort to move crypto logic out to the ncrypto dep.

nodejs-github-bot · 2024-09-04T02:20:01Z

Review requested:

@nodejs/crypto

src/crypto/crypto_dsa.cc

src/crypto/crypto_ec.cc

src/crypto/crypto_keygen.h

src/crypto/crypto_keys.h

src/crypto/crypto_sig.cc

tniessen · 2024-09-04T19:41:49Z

Thanks for working on simplifying this @jasnell! I just want to make sure my understanding is correct.

IIRC, I added these types some years ago. From what I remember, ManagedEVPPKey was supposed to be a more efficient alternative to a std::shared_ptr by relying on OpenSSL's internal reference counting. Much later, I think, I added the KeyObjectData type to allow sharing KeyObject instances across threads. I suspect this pretty much eliminated the need for ManagedEVPPKey, because all instances are either uniquely owned or wrapped in a std::shared_ptr<KeyObjectData>.

Does that seem accurate to you?

jasnell · 2024-09-04T19:45:01Z

Well, further simplification can be made here. The KeyObjectData holds a shared_ptr internally just for the ease of things since it also has to deal with symmetric key data. I think the slightly more inefficient shared_ptr usage is worth the e reduction in complexity but I can be swayed to make further changes here.

tniessen · 2024-09-04T19:57:06Z

I am not asking for further simplification -- I am just trying to understand my own original motivation behind ManagedEVPPKey, which I guess predates the use of shared_ptr here. It's been too long for me to be certain :)

jasnell · 2024-09-04T20:02:53Z

Yeah I've been having to refresh my memory on a lot of this also lol. It's been a good exercise. There's really tons of opportunity to simplify things in here. Moving things out to ncrypto is a great motivator to go through in detail.

Prior to this change, the ManagedEVPPkey class added an additional layer of abstraction to the EVP_PKEY class that wasn't strictly necessary. Previously we had: KeyObjectHandle -> std::shared_ptr<KeyObjectData> -> ManagedEVPPkey -> EVPKeyPointer After this change we have: KeyObjectHandle -> KeyObjectData -> EVPKeyPointer The `KeyObjectData` class no longer needs to be wrapped in std::shared_ptr but it will hold the underlying EVPKeyPointer in a std::shared_ptr. This greatly simplifies the abstraction and provides an overall reduction in code and complexity, although the changeset in this PR is fairly extensive to get there. This refactor is being done to simplify the codebase as part of the process of extracting crypto functionality to the separate ncrypto dep.

nodejs-github-bot · 2024-09-09T23:01:40Z

CI: https://ci.nodejs.org/job/node-test-pull-request/62211/ 💛 FINALLY!

Prior to this change, the ManagedEVPPkey class added an additional layer of abstraction to the EVP_PKEY class that wasn't strictly necessary. Previously we had: KeyObjectHandle -> std::shared_ptr<KeyObjectData> -> ManagedEVPPkey -> EVPKeyPointer After this change we have: KeyObjectHandle -> KeyObjectData -> EVPKeyPointer The `KeyObjectData` class no longer needs to be wrapped in std::shared_ptr but it will hold the underlying EVPKeyPointer in a std::shared_ptr. This greatly simplifies the abstraction and provides an overall reduction in code and complexity, although the changeset in this PR is fairly extensive to get there. This refactor is being done to simplify the codebase as part of the process of extracting crypto functionality to the separate ncrypto dep. PR-URL: #54751 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>

Prior to this change, the ManagedEVPPkey class added an additional layer of abstraction to the EVP_PKEY class that wasn't strictly necessary. Previously we had: KeyObjectHandle -> std::shared_ptr<KeyObjectData> -> ManagedEVPPkey -> EVPKeyPointer After this change we have: KeyObjectHandle -> KeyObjectData -> EVPKeyPointer The `KeyObjectData` class no longer needs to be wrapped in std::shared_ptr but it will hold the underlying EVPKeyPointer in a std::shared_ptr. This greatly simplifies the abstraction and provides an overall reduction in code and complexity, although the changeset in this PR is fairly extensive to get there. This refactor is being done to simplify the codebase as part of the process of extracting crypto functionality to the separate ncrypto dep. PR-URL: nodejs#54751 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels Sep 4, 2024

jasnell force-pushed the eliminate-managedevppkey branch from 2ab5842 to 5e64139 Compare September 4, 2024 17:06

jasnell requested review from mcollina, anonrig and tniessen September 4, 2024 17:08

jasnell marked this pull request as ready for review September 4, 2024 17:10

anonrig reviewed Sep 4, 2024

View reviewed changes

jasnell requested a review from anonrig September 4, 2024 18:46