Commit Graph

135 Commits

Author SHA1 Message Date
Andrew Poelstra 2ae7ca9cf2
secp-sys: update README for new vendoring script
Also a couple minor tweaks to the vendoring script itself.
2023-03-30 12:40:18 +00:00
Andrew Poelstra 4b02e9c405
run new vendor-libsecp.sh; fix upstream CHANGELOG. 2023-03-29 23:48:15 +00:00
Andrew Poelstra b58a60fd6c
rewrite ./vendor-libsecp.sh
This rewrite:
   * Fixes some shellcheck issues (bad quoting, use of | instead of ||
     near the beginning of the file)
   * Automatically computes the version prefix, depend directory, etc.,
     and provides instructions to override this with env vars if the
     user really wants to do this.
   * Detects when it would be destructive and refuses to run unless
     passed the -f flag, rather than prompting the user for a yes/no
   * Adds the capability to use cp rather than git clone, which I need
     to run this from within Nix.
   * Whitelists CHANGELOG.md which shouldn't get substituted.
2023-03-29 23:48:09 +00:00
Tobin C. Harding 5ae136d7bd
Bump secp256k1-sys version to 0.8.1
We are ready to release a new minor version of `secp256k1-sys`, in order
to do so we must make change the symbol names to reflect the new version
as well as the usual changelog and version bump.

In preparation for releasing `secp256k1-sys` v0.8.1 do:

- Rename symbols to from `0_8_0` -> `0_8_1`, done mechanically (search
  and replace)
- Add changes log notes (includes changelog entry for 0.8.0)
- Bump `secp256k1-sys` crate version 0.8.0 -> 0.8.1, justified because
  we have added a new public function.
2023-03-17 16:22:01 +11:00
kwantam 8fffbeab13
implement "non_secure_erase" methods
This PR implements a `non_secure_erase()` method on SecretKey,
KeyPair, SharedSecret, Scalar, and DisplaySecret. The purpose
of this method is to (attempt to) overwrite secret data with
valid default values. This method can be used by libraries
to implement Zeroize on structs containing secret values.

`non_secure_erase()` attempts to avoid being optimized away or
reordered using the same mechanism as the zeroize crate: first,
using `std::ptr::write_volatile` (which will not be optimized
away) to overwrite the memory, then using a memory fence to
prevent subtle issues due to load or store reordering.

Note, however, that this method is *very unlikely* to do anything
useful on its own. Effective use involves carefully placing these
values inside non-Copy structs and pinning those structs in place.
See the [`zeroize`](https://docs.rs/zeroize) documentation for tips
and tricks, and for further discussion.

[this commit includes a squashed-in commit from tcharding to fix docs
and helpful suggestions from apoelstra and Kixunil]
2023-02-21 08:56:03 -05:00
Tibo-lg 43370d8128 Add secp256k1_schnorrsig_sign_custom in fuzzing config 2022-12-22 16:59:59 +09:00
Tobin C. Harding 2dad589394 Upgrade the vendored libsecp256k1 code
`libsecp256k1` v0.2.0 was just released.

Update the vendored code using

 `./vendor-libsecp.sh depend 0_8_0 21ffe4b`

```
git show 21ffe4b
commit 21ffe4b22a9683cf24ae0763359e401d1284cc7a (tag: v0.2.0)
Merge: 8c949f5 e025ccd
Author: Pieter Wuille <pieter@wuille.net>
Date:   Mon Dec 12 17:00:52 2022 -0500

    Merge bitcoin-core/secp256k1#1055: Prepare initial release

    e025ccdf7473702a76bb13d763dc096548ffefba release: prepare for initial release 0.2.0 (Jonas Nick)
    6d1784a2e2c1c5a8d89ffb08a7f76fa15e84fff5 build: add missing files to EXTRA_DIST (Jonas Nick)
    13bf1b6b324f2ed1c1fb4c8d17a4febd3556839e changelog: make order of change types match keepachangelog.com (Jonas Nick)
    b1f992a552785395d2e60b10862626fd11f66f84 doc: improve release process (Jonas Nick)
    ad39e2dc417f85c1577a6a6a9c519f5c60453def build: change package version to 0.1.0-dev (Jonas Nick)
    90618e9263ebc2a0d73d487d6d94fd3af96b973c doc: move CHANGELOG from doc/ to root directory (Jonas Nick)

    Pull request description:

      Based on #964

    ACKs for top commit:
      sipa:
        ACK e025ccdf7473702a76bb13d763dc096548ffefba

    Tree-SHA512: b9ab71d7362537d383a32b5e321ef44069f00e3e92340375bcd662267bc5a60c2bad60222998e6602cfac24ad65efb23d772eac37c86065036b90ef090b54c49
    ```

Requires a new version of `secp256k1-sys`, use v0.8.0

- Update the `secp256k1-sys` manifest (including links field)
- Update symbols to use 0_8_0
- Add a changelog entry
- depend on the new version in `secp256k1`

Which in turn requires a new version of `secp256k1`, use v0.26.0
2022-12-21 08:11:14 +11:00
Tobin C. Harding 2d4aacc4ad Update scratch_impl.h patch file
To mirror recent changes to the `scratch_impl.h` file update the patch
file.
2022-12-19 15:12:23 +11:00
Tobin C. Harding 3fa2436272 Bump secp256k1-sys version to 0.7.0
We are ready to release a new minor version of `secp256k1-sys`, in order
to do so we must make change the symbol names to reflect the new version
as well as the usual changelog and version bump.

In preparation for releasing `secp256k1-sys` v0.7.0 do:

- Rename symbols to from `0_6_1` -> `0_7_0`, done mechanically (search
  and replace)
- Add changes log notes
- Bump `secp256k1-sys` crate version 0.6.1 -> 0.7.0, justified because
  we have added new public methods to various types (e.g.,
  `PublicKey::cmp_fast_unstable`)
2022-12-12 09:13:00 +11:00
Tobin C. Harding 9b07e8e8c5 secp-sys: Use NonNull in API instead of *mut T
Currently we expect non-null pointers when we take `*mut T` parameters,
however we do not check that the pointers are non-null because we never
set VERIFY in our C build. We can use the `NonNull` type to enforce
no-null-ness as long as we use `NonNull::new`. In a couple of instances
we manually check that a buffer is not empty and therefore that the
pointer to it is non-null so we can safely use `NonNull::new_unchecked`.

Replace mutable pointer parameters `*mut T` (e.g. `*mut c_void`) and
return types with `NonNull<T>`.

Fix #546
2022-12-01 15:45:32 +11:00
Andrew Poelstra 8ab0bbccbc
Merge rust-bitcoin/rust-secp256k1#535: call the alloc error handle if we get NULL from the allocator
8b17fc016d call the alloc error handle if we get NULL from the allocator (Elichai Turkel)

Pull request description:

  Found that this was missing in this discussion: https://github.com/rust-bitcoin/rust-secp256k1/issues/529#issuecomment-1324832163

  It is documented here that it returns a NULL on memory exhaustion: https://doc.rust-lang.org/alloc/alloc/trait.GlobalAlloc.html#tymethod.alloc
  And you can see that this is called in this example: https://doc.rust-lang.org/alloc/alloc/fn.alloc.html
  Docs for the handle itself: https://doc.rust-lang.org/alloc/alloc/fn.handle_alloc_error.html

ACKs for top commit:
  apoelstra:
    ACK 8b17fc016d
  Kixunil:
    Good argument, ACK 8b17fc016d

Tree-SHA512: 4b8f79ab5f691cb92621a314ceb8556c26fa7e159de359697b766043a0269e1ecf9746e6d4bfd5b45f18bccaff435c1fff491168b8bb77459ae849c38664d563
2022-11-24 15:38:26 +00:00
Andrew Poelstra e4baf79deb
Merge rust-bitcoin/rust-secp256k1#536: secp256k1-sys: Remove unused flags in build.rs
7d3dc354d7 secp256k1-sys: Remove unused flags in build.rs (Elichai Turkel)

Pull request description:

  These are no longer used in upstream, so there's no reason for us to set them

ACKs for top commit:
  apoelstra:
    ACK 7d3dc354d7

Tree-SHA512: 79ecbed19ba9eb61640306bc5413b139e902ee84b7e122e8ae57e451f2b132371440554f21ed075ed34d9d702c4316e4b170ca638c774532ecf5a11456b4e2ad
2022-11-24 14:49:38 +00:00
Elichai Turkel 7d3dc354d7
secp256k1-sys: Remove unused flags in build.rs 2022-11-24 13:38:40 +02:00
Elichai Turkel 8b17fc016d
call the alloc error handle if we get NULL from the allocator 2022-11-24 13:14:23 +02:00
Tobin C. Harding 85681cece7 secp256k1-sys: Document safety constraints
Functions that are `unsafe` should include a `# Safety` section. Because
we have wrapper functions to handle symbol renaming we essentially have
duplicate functions i.e., they require the same docs, instead of
duplicating the docs put the symbol renamed function below the
non-renamed function and add a docs linking to the non-renamed function.
Also add attribute to stop the linter warning about the missing safety
docs section.

Remove the clippy attribute for `missing_safety_doc`.
2022-11-24 09:17:15 +11:00
Tobin C. Harding 9850550734 Move AsRef impl block next to Index
These two traits are related, in as much as they both give access to the
inner byte array. Put them next to each other to assist clarity.
2022-11-18 10:57:32 +11:00
Tobin C. Harding 4d42e8e906 Derive Copy and Clone
There is no obvious reason why not to derive `Copy` and `Clone` for
types that use the `impl_newtype_macro`. Derives are less surprising so
deriving makes the code marginally easier to read.
2022-11-18 10:56:24 +11:00
Tobin C. Harding b38ae97eaf Implement stable comparison functionality
Currently we rely on the inner bytes with types that are passed across
the FFI boundry when implementing comparison functions (e.g. `Ord`,
`PartialEq`), this is incorrect because the bytes are opaque, meaning
the byte layout is not guaranteed across versions of `libsecp26k1`.

Implement stable comparison functionality by doing:

- Implement `core::cmp` traits by first coercing the data into a stable
  form e.g., by serializing it.
- Add fast comparison methods to `secp256k1-sys` types that wrap types
  from libsecp, add similar methods to types in `secp256k1` that wrap
  `secp256k1-sys` types (just call through to inner type).
- In `secp256k1-sys` feature gate the new `core::cmp` impls on
  `not(fuzzing)`, when fuzzing just derive the impls instead.

Any additional methods added to `secp256k1-sys` types are private,
justified by the fact the -sys is meant to be just a thin wrapper around
libsecp256k1, we don't want to commit to supporting additional API
functions.

Please note, the solution presented in this patch is already present for
`secp256k1::PublicKey`, this PR removes that code in favour of deriving
traits that then call down to the same logic in `secp256k1-sys`.
2022-11-18 10:24:46 +11:00
Tobin C. Harding 630fc1fcb6 Remove len and is_empty from impl_array_newtype macros
An array in Rust has no concept of length, it is a fixed size data type.
Equally an array cannot be "empty", again since it is a fixed size data
type. These are methods/concepts seen in slices and vectors.

Remove the `len` and `is_empty` methods.
2022-11-18 07:57:39 +11:00
Tobin C. Harding 9788b6df88 Remove leading colons from impl_array_newtype methods
The leading colons are an artifact of Rust 1.29, remove them.
2022-11-18 07:57:39 +11:00
Tobin C. Harding 2bb08c21e5 Remove as_[mut_]ptr from impl_array_newtype macros
For interfacing with the FFI layer we implement `ffi::CPtr`, there is
not need to provide methods `as_ptr` and `as_mut_ptr` as well.
2022-11-18 07:57:39 +11:00
Tobin C. Harding 635890322a Add newline to end of file
Inline with UNIX convention add a trailing newline to file.
2022-11-18 07:57:39 +11:00
Andrew Poelstra 5a546945ad
Merge rust-bitcoin/rust-secp256k1#488: Support non-WASM platforms that are missing `string.h`
92b733386f Support non-WASM platforms that are missing `string.h` (Matt Corallo)

Pull request description:

  Dunno why we haven't seen this elsewhere, but when trying to build locally for an ARM embedded target `secp256k1-sys` failed to compile as it was missing `string.h`, just like WASM.

  This patch adds a trivial fallback - if we fail to compile initially we unconditionally retry with the wasm-sysroot, giving us a valid `string.h`.

ACKs for top commit:
  tcharding:
    ACK 92b733386f
  apoelstra:
    ACK 92b733386f

Tree-SHA512: 81cbc5023f349681a3bef138506d9314be948b8b7b78bb2b2ffacf43b0c97d92ea67238105009a94b05a0a3adbd4113ed68f79a0a303708d95c6a7f520d5170e
2022-11-14 14:40:56 +00:00
Andrew Poelstra 432f2939c6
Merge rust-bitcoin/rust-secp256k1#507: Minimise FFI in the public API
68c73850d8 Minimise FFI in the public API (Tobin C. Harding)

Pull request description:

  Normal users should never need to directly interact with the FFI layer.

  Audit and reduce the use of `ffi` types in the public API of various types. Leave only the implementation of `CPtr`, and document this clearly as not required by normal users. Done for:

  - PublicKey
  - XOnlyPublicKey
  - KeyPair
  - ecdsa::Signature
  - ecdsa::RecoverableSignature

ACKs for top commit:
  apoelstra:
    ACK 68c73850d8

Tree-SHA512: 8242527837872f9aba2aab19b02c2280ca1eb1dfd33c8ca619726d981811d72de3e5a57cbde2fbe621eb8e50e43f488804cd51d27949459da1c0ceb03fca35e3
2022-11-14 14:13:22 +00:00
Tobin C. Harding eedbd0b7e4 secp256k1-sys: Remove deprecated code
We are currently on release 0.6.1, code deprecated since v0.2.0 can
comfortably be removed.
2022-11-10 11:14:24 +11:00
Tobin C. Harding 68c73850d8 Minimise FFI in the public API
Normal users should never need to directly interact with the FFI layer.

Audit and reduce the use of `ffi` types in the public API of various
types. Leave only the implementation of `CPtr`, and document this
clearly as not required by normal users. Done for:

- PublicKey
- XOnlyPublicKey
- KeyPair
- ecdsa::Signature
- ecdsa::RecoverableSignature
2022-11-08 15:03:20 +11:00
Tobin C. Harding 1c17d0f215 Improve docs on impl_array_newtype
Improve the rustdocs on the `impl_array_newtype` macro by adding full
stops and re-writing the outer comment.
2022-11-03 14:56:23 +11:00
Tobin C. Harding 91ac518d17 Use generic implementation of Index
We can use a generic implementation of `core::ops::Index` which gives us
all the range impls for free.
2022-11-03 14:55:41 +11:00
Andrew Poelstra 91f10965b3
secp-sys: change symbol names to `0_6_1` from `0_5_0`
Needed to build secp-sys 0.5 and secp-sys 0.6 in the same tree. Fixes #489.

This PR can be reproduced by running

    ./vendor-libsecp.sh depend/ 0_6_1 a1102b12196ea27f44d6201de4d25926a2ae9640

in the secp256k1-sys directory.
2022-10-08 15:43:43 +00:00
Matt Corallo 92b733386f Support non-WASM platforms that are missing `string.h`
Dunno why we haven't seen this elsewhere, but when trying to build
locally for an ARM embedded target `secp256k1-sys` failed to
compile as it was missing `string.h`, just like WASM.

This patch adds a trivial fallback - if we fail to compile
initially we unconditionally retry with the wasm-sysroot, giving us
a valid `string.h`.
2022-10-06 16:23:27 +00:00
Tobin C. Harding 5b86e38aea Put compiler attributes below rustdocs
It is conventional, at least within the `rust-bitcoin` organisation to
put compiler attributes _below_ the associated rustdocs.
2022-06-28 13:07:08 +10:00
Andrew Poelstra 79a4ee333b secp256k1-sys: bump version to 0.6.0
Needed for release of secp256k1 0.23.0
2022-06-21 20:37:45 +00:00
Andrew Poelstra a1ac3fb311
Merge rust-bitcoin/rust-secp256k1#448: Add clippy to CI
65186e732a Add githooks (Tobin C. Harding)
6d76bd4a89 Add clippy to CI (Tobin C. Harding)
9f1ebb93cb Allow nonminimal_bool in unit test (Tobin C. Harding)
685444c342 Use "a".repeats() instead of manual implementation (Tobin C. Harding)
42de876e01 Allow let_and_return for feature guarded code (Tobin C. Harding)
d64132cd4b Allow missing_safety_doc (Tobin C. Harding)
2cb687fc69 Use to_le_bytes instead of mem::transmute (Tobin C. Harding)
c15b9d2699 Remove unneeded explicit reference (Tobin C. Harding)
35d59e7cc6 Remove explicit 'static lifetime (Tobin C. Harding)
1a582db160 Remove redundant import (Tobin C. Harding)

Pull request description:

  The first 8 patches clear clippy warnings. Next we add a CI job to run clippy. Finally we add a `githooks` directory that includes running clippy, also adds a section to the README on how to use the githooks. This is identical to the text in the [open PR](https://github.com/rust-bitcoin/rust-bitcoin/pull/1044) on `rust-bitcoin` that adds githooks _without_ yet adding clippy.

  **Note**: The new clippy CI job runs and is green :)

ACKs for top commit:
  Kixunil:
    ACK 65186e732a
  apoelstra:
    ACK 65186e732a

Tree-SHA512: f70a157896ce2a83af8cfc10f2fbacc8f68256ac96ef7dec4d190aa72324b568d2267418eb4fe99099aeda5486957c31070943d7c209973859b7b9290676ccd7
2022-06-17 17:12:12 +00:00
Tobin C. Harding d64132cd4b Allow missing_safety_doc
We have a whole bunch of unsafe code that calls down to the FFI layer.
It would be nice to have clippy running on CI, these safety docs
warnings are prohibiting that. Until we can add the docs add a compiler
attribute to allow the lint.
2022-06-17 10:17:21 +10:00
Tim Ruffing f419fe884b Fix getting parity from keypair in fuzzing
This also enables a test that was failung due to the parity bug.
2022-06-15 22:41:36 +02:00
Dr Maxim Orlovsky 13af51926a Make key comparison non-fuzzable
Feature guard the custom implementations of `Ord` and `PartialOrd` on
`cfg(not(fuzzing))`. When fuzzing, auto-derive implementations.

Co-authored-by: Tobin C. Harding <me@tobin.cc>
2022-06-15 08:35:50 +10:00
Dr Maxim Orlovsky 999d165c68 FFI for pubkey comparison ops 2022-06-14 11:18:11 +10:00
Andrew Poelstra 4f7f138797
Merge rust-bitcoin/rust-secp256k1#331: Update the code to edition 2018, and update dependencies
5d2f1ceb64 Fix WASM build (Elichai Turkel)
39aaac6834 Use new trait TryFrom and do small refactoring (Elichai Turkel)
7d3a149ca5 Move more things from the std feature to the alloc feature (Elichai Turkel)
bc8c713631 Replace c_void with core::ffi::c_void (Elichai Turkel)
26a52bc8c8 Update secp256k1-sys to edition 2018 and fix imports (Elichai Turkel)
ebe46a4d4e Update rand to 0.8 and replace CounterRng with mock::StepRng (Elichai Turkel)
626835f540 Update secp256k1 to edition 2018 and fix imports (Elichai Turkel)
67c0922a46 Update MSRV in CI and Readme from 1.29 to 1.41 (Elichai Turkel)

Pull request description:

  As proposed in https://github.com/rust-bitcoin/rust-bitcoin/issues/510#issuecomment-881686342 this PR raises the MSRV to 1.41.1 it also changes the code to be Edition 2018.

  The PR contains a few things:
  * Moving to edition 2018 and fixing the imports
  * Sorting and combining imports to make them more concise
  * Replacing our c_void with `core::ffi::c_void`
  * Bumping the `rand` version to latest and modifying our `RngCore` implementations accordingly
  * Doing some small refactoring and using the new `TryInto` trait where it makes the code nicer

  If people prefer I can split this PR into multiple and/or drop some commits

ACKs for top commit:
  tcharding:
    ACK 5d2f1ceb64
  apoelstra:
    ACK 5d2f1ceb64

Tree-SHA512: 5bf84e7ebb6286d59f8cada0bb712c46336f0dd6c35b67e6f4ba323b5484ad925b99b73e778ae4608f123938e7ee8705a0aec576cd9c065072c4ecf1248e3470
2022-06-08 20:53:41 +00:00
Elichai Turkel 7d3a149ca5
Move more things from the std feature to the alloc feature 2022-06-07 23:59:42 +03:00
Elichai Turkel bc8c713631
Replace c_void with core::ffi::c_void 2022-06-07 23:59:41 +03:00
Elichai Turkel 26a52bc8c8
Update secp256k1-sys to edition 2018 and fix imports 2022-06-07 23:59:40 +03:00
Tibo-lg 0b27bde60b Bump secp256k1-sys minor version 2022-05-07 20:32:08 +09:00
Tibo-lg 4beebd168e Add secp256k1_schnorrsig_sign_custom to sys crate 2022-05-06 12:16:53 +09:00
Andrew Poelstra 3ed7fb044c release minor version of secp-sys with WASM fix 2022-04-30 16:14:52 +00:00
Tobin C. Harding dc1e377d4e Improve docs on rustsecp256k1_v0_4_1_context_create
In preparation for [someone] adding a `# Safety` section to this
function, clean up the docs.
2022-04-27 10:23:42 +10:00
Tobin C. Harding ad153d82f7 Add safety rustdoc headings
Clippy warns about unsafe code without a `# Safety` section. A bunch of
these warnings are for functions that do actually have safety docs.

Follow rustdoc convention and add a `# Safety` section for the already
existing explanations.
2022-04-27 10:23:42 +10:00
Tobin Harding bfd88dbd6c Move WASM const definitions to a source file
Currently we are defining the WASM integer size and alignments in the
`stdio.h` header file, this is wrong because this file is included in
the build by way of `build.rs` as well as by upstream `libsecp256k1`.

Move WASM integer definitions to a `C` source file and build the file
into the binary if target is WASM.
2022-03-30 10:22:37 +11:00
Andrew Poelstra d06dd2023b update fuzzdummy API to match normal API 2022-03-08 19:45:43 +00:00
Andrew Poelstra 8294ea3f50 secp256k1-sys: update upstream library
Two API changes needed to be reflected: schnorrsig_sign and schnorrsig_verify.

Also bump both Cargo.toml files
2022-03-08 19:45:41 +00:00
Andrew Poelstra 2932179bd6 secp256k1-sys: update secp256k1.h.patch 2022-03-08 19:44:57 +00:00