From 2a25e5eae8f6f7d817364d8269c67fd7d08ba922 Mon Sep 17 00:00:00 2001
From: Andrew Poelstra <apoelstra@wpsoftware.net>
Date: Wed, 16 Feb 2022 23:46:52 +0000
Subject: [PATCH] restore `global-context-less-secure` feature

---
 Cargo.toml     | 7 +++++++
 src/context.rs | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/Cargo.toml b/Cargo.toml
index 586c8fb..8d55c18 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -27,6 +27,13 @@ rand-std = ["rand/std"]
 recovery = ["secp256k1-sys/recovery"]
 lowmemory = ["secp256k1-sys/lowmemory"]
 global-context = ["std"]
+# disable re-randomization of the global context, which provides some
+# defense-in-depth against sidechannel attacks. You should only use
+# this feature if you expect the `rand` crate's thread_rng to panic.
+# (If you are sure the `rand-std` feature will not be enabled, e.g.
+# if you are doing a no-std build, then this feature does nothing
+# and is not necessary.)
+global-context-less-secure = []
 
 [dependencies]
 secp256k1-sys = { version = "0.4.2", default-features = false, path = "./secp256k1-sys" }
diff --git a/src/context.rs b/src/context.rs
index 30f6401..b756877 100644
--- a/src/context.rs
+++ b/src/context.rs
@@ -48,7 +48,7 @@ pub mod global {
             static mut CONTEXT: Option<Secp256k1<All>> = None;
             ONCE.call_once(|| unsafe {
                 let mut ctx = Secp256k1::new();
-                #[cfg(feature = "rand-std")]
+                #[cfg(all(feature = "rand-std", not(feature = "global-context-less-secure")))]
                 {
                     ctx.randomize(&mut rand::thread_rng());
                 }